Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! I think I have a rootkit virus problem


  • This topic is locked This topic is locked
6 replies to this topic

#1 Mr Sign

Mr Sign

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 05 June 2013 - 09:41 PM

I am running windows 7 ultimate 32 bit OS and use IE 10. My anti virus software is AVG free version.

I have noticed two issues so far. Any file I try to download is deleted by windows. I get the little red shield icon with the message "whateverfile.exe contained a virus and was deleted".  I have also noticed my windows firewall settings are not correct and I can make no changes to them. From what I have read in other forums I believe I have a rootkit virus. My computer is networked through a AT&T DSL router to 3 other computers. I have noticed no problems with any of them.

Can someone guide me through fixing this? I'm not sure what other details would be helpful. Let me know what other information you would need to help.

Thanks Mr Sign.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:25 AM

Posted 05 June 2013 - 10:04 PM

Hello and welcome.. lets try these.
If needed before saving to the desktop rename the tools winlogon.exe,usually fools the malware.


Hello meltin, Did MSE give that virus a name?

Can you run these next.

If needed to complete the scans use Safe Mode with Networking as a boot option.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Mr Sign

Mr Sign
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 05 June 2013 - 11:06 PM

MiniToolBox by Farbar  Version:21-04-2013
Ran by Mr Sign (administrator) on 05-06-2013 at 22:51:04
Running from "C:\Users\Mr Sign\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SignServer
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F4-6D-04-93-0C-A3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:304:5950:ee59:d1ea:28ff:a713:faa9(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:304:5950:ee59:758c:c449:7bb8:6d06(Preferred)
   Link-local IPv6 Address . . . . . : fe80::d1ea:28ff:a713:faa9%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.141(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, June 05, 2013 7:30:19 PM
   Lease Expires . . . . . . . . . . : Thursday, June 06, 2013 7:30:19 PM
   Default Gateway . . . . . . . . . : fe80::22e5:2aff:fe84:faa%10
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 250899716
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D6-73-88-F4-6D-04-93-0C-A3
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{73298612-E0BF-4152-9D2A-91C4F32A752B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dslrouter
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4007:800::1006
   74.125.224.196
   74.125.224.197
   74.125.224.198
   74.125.224.199
   74.125.224.200
   74.125.224.201
   74.125.224.206
   74.125.224.192
   74.125.224.193
   74.125.224.194
   74.125.224.195

Pinging google.com [2607:f8b0:4007:800::1006] with 32 bytes of data:
Reply from 2607:f8b0:4007:800::1006: time=94ms
Reply from 2607:f8b0:4007:800::1006: time=85ms

Ping statistics for 2607:f8b0:4007:800::1006:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 85ms, Maximum = 94ms, Average = 89ms
Server:  dslrouter
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=141ms TTL=47
Reply from 206.190.36.45: bytes=32 time=142ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 141ms, Maximum = 142ms, Average = 141ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...f4 6d 04 93 0c a3 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.141     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.141    276
    192.168.1.141  255.255.255.255         On-link     192.168.1.141    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.141    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.141    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.141    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::22e5:2aff:fe84:faa
  1    306 ::1/128                  On-link
 10     28 2602:304:5950:ee59::/64  On-link
 10    276 2602:304:5950:ee59:758c:c449:7bb8:6d06/128
                                    On-link
 10    276 2602:304:5950:ee59:d1ea:28ff:a713:faa9/128
                                    On-link
 10    276 fe80::/64                On-link
 10    276 fe80::d1ea:28ff:a713:faa9/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/05/2013 07:34:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16576, time stamp: 0x515e30fe
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0xfc4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/05/2013 07:31:35 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/05/2013 07:31:35 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/05/2013 07:31:35 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/04/2013 03:28:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: SignWiz6.exe, version: 6.5.34.0, time stamp: 0x50fa558e
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x1648
Faulting application start time: 0xSignWiz6.exe0
Faulting application path: SignWiz6.exe1
Faulting module path: SignWiz6.exe2
Report Id: SignWiz6.exe3

Error: (06/04/2013 00:31:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 00:31:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 00:31:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 00:31:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/04/2013 00:31:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (06/05/2013 07:31:17 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/05/2013 07:31:17 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/05/2013 07:30:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/05/2013 07:28:08 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/05/2013 07:04:24 PM) (Source: srv) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/05/2013 06:32:24 PM) (Source: srv) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/05/2013 06:00:24 PM) (Source: srv) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/05/2013 05:28:24 PM) (Source: srv) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/05/2013 04:56:24 PM) (Source: srv) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/05/2013 04:24:24 PM) (Source: srv) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-04-15 19:03:11.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 6.1.2)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709a (Version: 140.0.000.000)
7-Zip 9.20
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 10 Plugin (Version: 10.1.52.14)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Help Manager (Version: 4.0.244)
Adobe Illustrator 10.0.3 (Version: 10.0.3)
Adobe Illustrator CS6 (Version: 16.0)
Adobe Media Player (Version: 1.8)
Adobe Photoshop Elements 10 (Version: 10.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Premiere Elements 10 (Version: 10.0)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe SVG Viewer 3.0 (Version:  3.0)
ATI Catalyst Install Manager (Version: 3.0.765.0)
AVG 2013 (Version: 13.0.3184)
AVG 2013 (Version: 13.0.3343)
AVG 2013 (Version: 2013.0.3343)
AVG Security Toolbar (Version: 15.2.0.5)
Bing Bar (Version: 7.1.361.0)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Light (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2206.39615)
Catalyst Control Center InstallProxy (Version: 2010.0210.2206.39615)
Catalyst Control Center Localization All (Version: 2010.0210.2206.39615)
CCC Help Chinese Standard (Version: 2010.0210.2205.39615)
CCC Help Chinese Traditional (Version: 2010.0210.2205.39615)
CCC Help Czech (Version: 2010.0210.2205.39615)
CCC Help Danish (Version: 2010.0210.2205.39615)
CCC Help Dutch (Version: 2010.0210.2205.39615)
CCC Help English (Version: 2010.0210.2205.39615)
CCC Help Finnish (Version: 2010.0210.2205.39615)
CCC Help French (Version: 2010.0210.2205.39615)
CCC Help German (Version: 2010.0210.2205.39615)
CCC Help Greek (Version: 2010.0210.2205.39615)
CCC Help Hungarian (Version: 2010.0210.2205.39615)
CCC Help Italian (Version: 2010.0210.2205.39615)
CCC Help Japanese (Version: 2010.0210.2205.39615)
CCC Help Korean (Version: 2010.0210.2205.39615)
CCC Help Norwegian (Version: 2010.0210.2205.39615)
CCC Help Polish (Version: 2010.0210.2205.39615)
CCC Help Portuguese (Version: 2010.0210.2205.39615)
CCC Help Russian (Version: 2010.0210.2205.39615)
CCC Help Spanish (Version: 2010.0210.2205.39615)
CCC Help Swedish (Version: 2010.0210.2205.39615)
CCC Help Thai (Version: 2010.0210.2205.39615)
CCC Help Turkish (Version: 2010.0210.2205.39615)
ccc-core-static (Version: 2010.0210.2206.39615)
ccc-utility (Version: 2010.0210.2206.39615)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 140.0.213.000)
DocMgr (Version: 140.0.65.000)
DocProc (Version: 140.0.100.000)
Elements 10 Organizer (Version: 10.0)
Fax (Version: 140.0.213.000)
Google Chrome (Version: 27.0.1453.94)
Google Drive (Version: 1.9.4536.8202)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GPBaseService2 (Version: 140.0.212.000)
HL-2270DW (Version: 1.0.7.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.000.004)
HPProductAssistant (Version: 140.0.213.000)
HPSSupply (Version: 140.0.212.000)
I.R.I.S. OCR (Version: 12.3.4.0)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
MarketResearch (Version: 140.0.214.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network (Version: 140.0.215.000)
No-IP DUC (Version: 3.0.4)
Notepad++ (Version: 6.1.3)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
PDF Settings CS6 (Version: 11.0)
PRE10STIInstaller (Version: 1.0)
ProductContext (Version: 140.0.000.000)
PSE10 STI Installer (Version: 10.0)
PxMergeModule (Version: 1.00.0000)
QB Connection Diagnostic Tool (Version: 3.0.0.0)
QuickBooks (Version: 22.0.4012.2206)
QuickBooks Connection Diagnostic Tool (Version: 4.0.0)
QuickBooks Pro 2012 (Version: 22.0.4012.2206)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6151)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
Roland CAMM-1 DRIVER [CX-300] (Version: 1.00.0000)
Scan (Version: 140.0.167.000)
Sentinel System Driver Installer 7.5.1 (Version: 7.5.1)
Shop for HP Supplies (Version: 14.0)
Sign Wizard 6
Sign Wizard 6.5
SmartSound Common Data (Version: 1.1.0)
SmartSound Premiere Elements 10 Plugin (Version: 5.70.0001)
SmartSound Sonicfire Pro 5 (Version: 5.7.1)
SmartWebPrinting (Version: 140.0.213.000)
SolutionCenter (Version: 140.0.214.000)
Status (Version: 140.0.256.000)
SupportSoft Assisted Service (Version: 15)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.213.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Visual Studio 2005 Tools for Office Second Edition Runtime
WebReg (Version: 140.0.213.017)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3319.75 MB
Available physical RAM: 1998.18 MB
Total Pagefile: 6637.78 MB
Available Pagefile: 5098.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.94 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.22 GB) (Free:858.28 GB) NTFS
2 Drive d: (StorageDrive) (Fixed) (Total:465.66 GB) (Free:363.53 GB) NTFS

========================= Users: ========================================

User accounts for \\SIGNSERVER

Administrator            Guest                    Mr Sign                 
QBDataServiceUser22     

**** End of log ****



22:52:48.0493 6556  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:52:49.0086 6556  ============================================================
22:52:49.0086 6556  Current date / time: 2013/06/05 22:52:49.0086
22:52:49.0086 6556  SystemInfo:
22:52:49.0086 6556 
22:52:49.0086 6556  OS Version: 6.1.7601 ServicePack: 1.0
22:52:49.0086 6556  Product type: Workstation
22:52:49.0086 6556  ComputerName: SIGNSERVER
22:52:49.0086 6556  UserName: Mr Sign
22:52:49.0086 6556  Windows directory: C:\Windows
22:52:49.0086 6556  System windows directory: C:\Windows
22:52:49.0086 6556  Processor architecture: Intel x86
22:52:49.0086 6556  Number of processors: 6
22:52:49.0086 6556  Page size: 0x1000
22:52:49.0086 6556  Boot type: Normal boot
22:52:49.0086 6556  ============================================================
22:52:49.0819 6556  Drive \Device\Harddisk0\DR0 - Size: 0xE8D4A40000 (931.32 Gb), SectorSize: 0x200, Cylinders: 0x1DAE8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:52:49.0835 6556  Drive \Device\Harddisk1\DR1 - Size: 0x746A520000 (465.66 Gb), SectorSize: 0x200, Cylinders: 0xED74, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:52:49.0835 6556  ============================================================
22:52:49.0835 6556  \Device\Harddisk0\DR0:
22:52:49.0835 6556  MBR partitions:
22:52:49.0835 6556  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:52:49.0835 6556  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x74672000
22:52:49.0835 6556  \Device\Harddisk1\DR1:
22:52:49.0835 6556  MBR partitions:
22:52:49.0835 6556  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A351800
22:52:49.0835 6556  ============================================================
22:52:49.0882 6556  C: <-> \Device\Harddisk0\DR0\Partition2
22:52:49.0897 6556  D: <-> \Device\Harddisk1\DR1\Partition1
22:52:49.0897 6556  ============================================================
22:52:49.0897 6556  Initialize success
22:52:49.0897 6556  ============================================================
22:54:24.0355 2692  ============================================================
22:54:24.0355 2692  Scan started
22:54:24.0355 2692  Mode: Manual; TDLFS;
22:54:24.0355 2692  ============================================================
22:54:25.0213 2692  ================ Scan system memory ========================
22:54:25.0213 2692  System memory - ok
22:54:25.0213 2692  ================ Scan services =============================
22:54:25.0353 2692  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:54:25.0353 2692  1394ohci - ok
22:54:25.0384 2692  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:54:25.0384 2692  ACPI - ok
22:54:25.0400 2692  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:54:25.0431 2692  AcpiPmi - ok
22:54:25.0509 2692  [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
22:54:25.0509 2692  AdobeActiveFileMonitor10.0 - ok
22:54:25.0603 2692  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:54:25.0603 2692  AdobeARMservice - ok
22:54:25.0634 2692  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:54:25.0649 2692  adp94xx - ok
22:54:25.0681 2692  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:54:25.0681 2692  adpahci - ok
22:54:25.0696 2692  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:54:25.0696 2692  adpu320 - ok
22:54:25.0727 2692  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:54:25.0727 2692  AeLookupSvc - ok
22:54:25.0774 2692  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
22:54:25.0821 2692  AFD - ok
22:54:25.0852 2692  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:54:25.0852 2692  agp440 - ok
22:54:25.0883 2692  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
22:54:25.0883 2692  aic78xx - ok
22:54:25.0915 2692  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
22:54:25.0930 2692  ALG - ok
22:54:25.0946 2692  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:54:25.0946 2692  aliide - ok
22:54:25.0993 2692  [ F1635C21B484713BCA63182BCD5DC498 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:54:25.0993 2692  AMD External Events Utility - ok
22:54:26.0024 2692  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:54:26.0024 2692  amdagp - ok
22:54:26.0055 2692  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:54:26.0055 2692  amdide - ok
22:54:26.0086 2692  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:54:26.0102 2692  AmdK8 - ok
22:54:26.0180 2692  [ 8331BF867EFEA8067026394B26A045BA ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
22:54:26.0305 2692  amdkmdag - ok
22:54:26.0336 2692  [ 5F9D49DF02E2DDE0A962A0DD8FF2B405 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:54:26.0336 2692  amdkmdap - ok
22:54:26.0351 2692  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:54:26.0351 2692  AmdPPM - ok
22:54:26.0383 2692  [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:54:26.0383 2692  amdsata - ok
22:54:26.0398 2692  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:54:26.0398 2692  amdsbs - ok
22:54:26.0414 2692  [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:54:26.0414 2692  amdxata - ok
22:54:26.0445 2692  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
22:54:26.0461 2692  AppID - ok
22:54:26.0492 2692  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:54:26.0507 2692  AppIDSvc - ok
22:54:26.0539 2692  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
22:54:26.0539 2692  Appinfo - ok
22:54:26.0570 2692  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:54:26.0585 2692  AppMgmt - ok
22:54:26.0601 2692  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:54:26.0601 2692  arc - ok
22:54:26.0617 2692  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:54:26.0632 2692  arcsas - ok
22:54:26.0710 2692  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:54:26.0726 2692  aspnet_state - ok
22:54:26.0741 2692  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:54:26.0741 2692  AsyncMac - ok
22:54:26.0773 2692  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
22:54:26.0773 2692  atapi - ok
22:54:26.0819 2692  [ 36A49B49E982450AC117EDA6AB35BDF5 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
22:54:26.0851 2692  AtiHdmiService - ok
22:54:26.0897 2692  [ ACA01C43D065E546C6DC88EA669CECA6 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
22:54:26.0897 2692  AtiPcie - ok
22:54:26.0944 2692  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:54:26.0944 2692  AudioEndpointBuilder - ok
22:54:26.0975 2692  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:54:26.0975 2692  Audiosrv - ok
22:54:26.0991 2692  AVG Security Toolbar Service - ok
22:54:27.0131 2692  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
22:54:27.0178 2692  AVGIDSAgent - ok
22:54:27.0209 2692  [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:54:27.0209 2692  AVGIDSDriver - ok
22:54:27.0241 2692  [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
22:54:27.0241 2692  AVGIDSHX - ok
22:54:27.0256 2692  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:54:27.0256 2692  AVGIDSShim - ok
22:54:27.0272 2692  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
22:54:27.0272 2692  Avgldx86 - ok
22:54:27.0319 2692  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
22:54:27.0319 2692  Avglogx - ok
22:54:27.0350 2692  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
22:54:27.0350 2692  Avgmfx86 - ok
22:54:27.0365 2692  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
22:54:27.0365 2692  Avgrkx86 - ok
22:54:27.0381 2692  [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
22:54:27.0381 2692  Avgtdix - ok
22:54:27.0412 2692  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
22:54:27.0412 2692  avgtp - ok
22:54:27.0443 2692  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
22:54:27.0459 2692  avgwd - ok
22:54:27.0506 2692  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:54:27.0537 2692  AxInstSV - ok
22:54:27.0584 2692  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
22:54:27.0615 2692  b06bdrv - ok
22:54:27.0631 2692  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:54:27.0662 2692  b57nd60x - ok
22:54:27.0740 2692  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
22:54:27.0740 2692  BBSvc - ok
22:54:27.0771 2692  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
22:54:27.0787 2692  BBUpdate - ok
22:54:27.0802 2692  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:54:27.0818 2692  BDESVC - ok
22:54:27.0849 2692  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:54:27.0865 2692  Beep - ok
22:54:27.0927 2692  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
22:54:27.0927 2692  BFE - ok
22:54:27.0958 2692  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
22:54:27.0974 2692  BITS - ok
22:54:27.0974 2692  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:54:27.0989 2692  blbdrive - ok
22:54:28.0005 2692  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:54:28.0005 2692  bowser - ok
22:54:28.0036 2692  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:54:28.0052 2692  BrFiltLo - ok
22:54:28.0052 2692  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:54:28.0067 2692  BrFiltUp - ok
22:54:28.0083 2692  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
22:54:28.0083 2692  Browser - ok
22:54:28.0099 2692  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:54:28.0114 2692  Brserid - ok
22:54:28.0130 2692  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:54:28.0145 2692  BrSerWdm - ok
22:54:28.0145 2692  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:54:28.0161 2692  BrUsbMdm - ok
22:54:28.0177 2692  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:54:28.0177 2692  BrUsbSer - ok
22:54:28.0255 2692  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
22:54:28.0255 2692  BrYNSvc - ok
22:54:28.0270 2692  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:54:28.0286 2692  BTHMODEM - ok
22:54:28.0317 2692  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
22:54:28.0333 2692  bthserv - ok
22:54:28.0348 2692  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:54:28.0364 2692  cdfs - ok
22:54:28.0395 2692  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:54:28.0411 2692  cdrom - ok
22:54:28.0457 2692  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:54:28.0457 2692  CertPropSvc - ok
22:54:28.0489 2692  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:54:28.0520 2692  circlass - ok
22:54:28.0535 2692  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
22:54:28.0535 2692  CLFS - ok
22:54:28.0598 2692  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:28.0598 2692  clr_optimization_v2.0.50727_32 - ok
22:54:28.0645 2692  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:28.0660 2692  clr_optimization_v4.0.30319_32 - ok
22:54:28.0676 2692  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:54:28.0707 2692  CmBatt - ok
22:54:28.0738 2692  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:54:28.0738 2692  cmdide - ok
22:54:28.0769 2692  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:54:28.0769 2692  CNG - ok
22:54:28.0785 2692  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:54:28.0801 2692  Compbatt - ok
22:54:28.0832 2692  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:54:28.0863 2692  CompositeBus - ok
22:54:28.0863 2692  COMSysApp - ok
22:54:28.0879 2692  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:54:28.0879 2692  crcdisk - ok
22:54:28.0910 2692  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:54:28.0910 2692  CryptSvc - ok
22:54:28.0941 2692  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
22:54:28.0988 2692  CSC - ok
22:54:29.0019 2692  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
22:54:29.0035 2692  CscService - ok
22:54:29.0050 2692  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:54:29.0066 2692  DcomLaunch - ok
22:54:29.0097 2692  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:54:29.0097 2692  defragsvc - ok
22:54:29.0113 2692  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:54:29.0113 2692  DfsC - ok
22:54:29.0144 2692  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:54:29.0159 2692  Dhcp - ok
22:54:29.0159 2692  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
22:54:29.0159 2692  discache - ok
22:54:29.0191 2692  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:54:29.0191 2692  Disk - ok
22:54:29.0206 2692  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:54:29.0206 2692  Dnscache - ok
22:54:29.0237 2692  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:54:29.0269 2692  dot3svc - ok
22:54:29.0300 2692  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:54:29.0315 2692  Dot4 - ok
22:54:29.0331 2692  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:54:29.0347 2692  Dot4Print - ok
22:54:29.0362 2692  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:54:29.0378 2692  dot4usb - ok
22:54:29.0409 2692  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
22:54:29.0409 2692  DPS - ok
22:54:29.0440 2692  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:54:29.0456 2692  drmkaud - ok
22:54:29.0487 2692  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:54:29.0503 2692  DXGKrnl - ok
22:54:29.0518 2692  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
22:54:29.0518 2692  EapHost - ok
22:54:29.0612 2692  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
22:54:29.0721 2692  ebdrv - ok
22:54:29.0737 2692  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
22:54:29.0737 2692  EFS - ok
22:54:29.0783 2692  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:54:29.0830 2692  ehRecvr - ok
22:54:29.0861 2692  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
22:54:29.0893 2692  ehSched - ok
22:54:29.0924 2692  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:54:29.0924 2692  elxstor - ok
22:54:29.0939 2692  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:54:29.0955 2692  ErrDev - ok
22:54:29.0986 2692  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
22:54:30.0002 2692  EventSystem - ok
22:54:30.0017 2692  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
22:54:30.0033 2692  exfat - ok
22:54:30.0049 2692  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:54:30.0064 2692  fastfat - ok
22:54:30.0095 2692  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
22:54:30.0111 2692  Fax - ok
22:54:30.0127 2692  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:54:30.0142 2692  fdc - ok
22:54:30.0158 2692  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:54:30.0158 2692  fdPHost - ok
22:54:30.0158 2692  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
22:54:30.0173 2692  FDResPub - ok
22:54:30.0189 2692  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:54:30.0189 2692  FileInfo - ok
22:54:30.0205 2692  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:54:30.0220 2692  Filetrace - ok
22:54:30.0220 2692  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:54:30.0236 2692  flpydisk - ok
22:54:30.0251 2692  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:54:30.0251 2692  FltMgr - ok
22:54:30.0298 2692  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
22:54:30.0314 2692  FontCache - ok
22:54:30.0361 2692  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:54:30.0361 2692  FontCache3.0.0.0 - ok
22:54:30.0361 2692  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:54:30.0361 2692  FsDepends - ok
22:54:30.0392 2692  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:54:30.0392 2692  Fs_Rec - ok
22:54:30.0423 2692  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:54:30.0423 2692  fvevol - ok
22:54:30.0454 2692  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:54:30.0470 2692  gagp30kx - ok
22:54:30.0501 2692  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:54:30.0517 2692  gpsvc - ok
22:54:30.0579 2692  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:30.0579 2692  gupdate - ok
22:54:30.0595 2692  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:30.0595 2692  gupdatem - ok
22:54:30.0641 2692  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:54:30.0641 2692  gusvc - ok
22:54:30.0657 2692  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:54:30.0673 2692  hcw85cir - ok
22:54:30.0719 2692  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:54:30.0751 2692  HdAudAddService - ok
22:54:30.0782 2692  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:54:30.0782 2692  HDAudBus - ok
22:54:30.0797 2692  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:54:30.0813 2692  HidBatt - ok
22:54:30.0813 2692  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:54:30.0829 2692  HidBth - ok
22:54:30.0844 2692  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:54:30.0860 2692  HidIr - ok
22:54:30.0891 2692  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
22:54:30.0891 2692  hidserv - ok
22:54:30.0907 2692  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:54:30.0922 2692  HidUsb - ok
22:54:30.0938 2692  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:54:30.0953 2692  hkmsvc - ok
22:54:30.0969 2692  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:54:30.0985 2692  HomeGroupListener - ok
22:54:31.0016 2692  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:54:31.0016 2692  HomeGroupProvider - ok
22:54:31.0125 2692  [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:54:31.0125 2692  hpqcxs08 - ok
22:54:31.0156 2692  [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:54:31.0172 2692  hpqddsvc - ok
22:54:31.0219 2692  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:54:31.0219 2692  HpSAMD - ok
22:54:31.0250 2692  [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:54:31.0265 2692  HPSLPSVC - ok
22:54:31.0297 2692  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:54:31.0297 2692  HTTP - ok
22:54:31.0312 2692  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:54:31.0312 2692  hwpolicy - ok
22:54:31.0328 2692  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:54:31.0328 2692  i8042prt - ok
22:54:31.0359 2692  [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:54:31.0375 2692  iaStorV - ok
22:54:31.0421 2692  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:54:31.0453 2692  idsvc - ok
22:54:31.0468 2692  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:54:31.0468 2692  iirsp - ok
22:54:31.0515 2692  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:54:31.0531 2692  IKEEXT - ok
22:54:31.0609 2692  [ 441A9ADCE9394E18FF6C23F77C983C04 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:54:31.0718 2692  IntcAzAudAddService - ok
22:54:31.0718 2692  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:54:31.0718 2692  intelide - ok
22:54:31.0733 2692  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:54:31.0749 2692  intelppm - ok
22:54:31.0765 2692  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:54:31.0765 2692  IPBusEnum - ok
22:54:31.0780 2692  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:54:31.0796 2692  IpFilterDriver - ok
22:54:31.0811 2692  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:54:31.0827 2692  IPMIDRV - ok
22:54:31.0843 2692  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:54:31.0843 2692  IPNAT - ok
22:54:31.0858 2692  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:54:31.0874 2692  IRENUM - ok
22:54:31.0874 2692  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:54:31.0874 2692  isapnp - ok
22:54:31.0905 2692  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:54:31.0905 2692  iScsiPrt - ok
22:54:31.0921 2692  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:54:31.0921 2692  kbdclass - ok
22:54:31.0936 2692  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:54:31.0952 2692  kbdhid - ok
22:54:31.0967 2692  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
22:54:31.0967 2692  KeyIso - ok
22:54:31.0983 2692  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:54:31.0983 2692  KSecDD - ok
22:54:31.0999 2692  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:54:31.0999 2692  KSecPkg - ok
22:54:32.0014 2692  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:54:32.0045 2692  KtmRm - ok
22:54:32.0061 2692  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:54:32.0061 2692  LanmanServer - ok
22:54:32.0092 2692  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:54:32.0108 2692  LanmanWorkstation - ok
22:54:32.0123 2692  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:54:32.0123 2692  lltdio - ok
22:54:32.0155 2692  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:54:32.0170 2692  lltdsvc - ok
22:54:32.0201 2692  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:54:32.0201 2692  lmhosts - ok
22:54:32.0233 2692  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:54:32.0233 2692  LSI_FC - ok
22:54:32.0248 2692  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:54:32.0248 2692  LSI_SAS - ok
22:54:32.0279 2692  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:54:32.0279 2692  LSI_SAS2 - ok
22:54:32.0279 2692  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:54:32.0295 2692  LSI_SCSI - ok
22:54:32.0295 2692  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
22:54:32.0295 2692  luafv - ok
22:54:32.0357 2692  [ E6CB119EF2E148EAA1A247343550756E ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
22:54:32.0357 2692  McciCMService - ok
22:54:32.0389 2692  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:54:32.0404 2692  Mcx2Svc - ok
22:54:32.0435 2692  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:54:32.0435 2692  megasas - ok
22:54:32.0451 2692  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:54:32.0451 2692  MegaSR - ok
22:54:32.0467 2692  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
22:54:32.0467 2692  MMCSS - ok
22:54:32.0482 2692  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
22:54:32.0498 2692  Modem - ok
22:54:32.0513 2692  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:54:32.0513 2692  monitor - ok
22:54:32.0545 2692  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:54:32.0545 2692  mouclass - ok
22:54:32.0560 2692  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:54:32.0576 2692  mouhid - ok
22:54:32.0591 2692  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:54:32.0607 2692  mountmgr - ok
22:54:32.0607 2692  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:54:32.0623 2692  mpio - ok
22:54:32.0638 2692  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:54:32.0654 2692  mpsdrv - ok
22:54:32.0685 2692  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:54:32.0701 2692  MREMP50 - ok
22:54:32.0701 2692  MREMPR5 - ok
22:54:32.0701 2692  MRENDIS5 - ok
22:54:32.0732 2692  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:54:32.0763 2692  MRESP50 - ok
22:54:32.0794 2692  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:54:32.0825 2692  MRxDAV - ok
22:54:32.0841 2692  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:54:32.0841 2692  mrxsmb - ok
22:54:32.0872 2692  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:54:32.0872 2692  mrxsmb10 - ok
22:54:32.0903 2692  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:54:32.0903 2692  mrxsmb20 - ok
22:54:32.0935 2692  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:54:32.0935 2692  msahci - ok
22:54:32.0966 2692  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:54:32.0966 2692  msdsm - ok
22:54:32.0981 2692  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
22:54:32.0997 2692  MSDTC - ok
22:54:33.0013 2692  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:54:33.0013 2692  Msfs - ok
22:54:33.0028 2692  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:54:33.0044 2692  mshidkmdf - ok
22:54:33.0059 2692  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:54:33.0059 2692  msisadrv - ok
22:54:33.0075 2692  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:54:33.0091 2692  MSiSCSI - ok
22:54:33.0106 2692  msiserver - ok
22:54:33.0122 2692  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:54:33.0137 2692  MSKSSRV - ok
22:54:33.0153 2692  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:54:33.0169 2692  MSPCLOCK - ok
22:54:33.0184 2692  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:54:33.0200 2692  MSPQM - ok
22:54:33.0215 2692  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:54:33.0215 2692  MsRPC - ok
22:54:33.0231 2692  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:54:33.0231 2692  mssmbios - ok
22:54:33.0231 2692  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:54:33.0247 2692  MSTEE - ok
22:54:33.0262 2692  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:54:33.0278 2692  MTConfig - ok
22:54:33.0309 2692  [ CBE71C122434805CB73FFB6619F60598 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
22:54:33.0309 2692  MTsensor - ok
22:54:33.0325 2692  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:54:33.0325 2692  Mup - ok
22:54:33.0340 2692  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
22:54:33.0356 2692  napagent - ok
22:54:33.0387 2692  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:54:33.0418 2692  NativeWifiP - ok
22:54:33.0465 2692  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:54:33.0465 2692  NDIS - ok
22:54:33.0496 2692  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:54:33.0512 2692  NdisCap - ok
22:54:33.0543 2692  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:54:33.0559 2692  NdisTapi - ok
22:54:33.0590 2692  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:54:33.0621 2692  Ndisuio - ok
22:54:33.0652 2692  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:54:33.0683 2692  NdisWan - ok
22:54:33.0699 2692  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:54:33.0730 2692  NDProxy - ok
22:54:33.0777 2692  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:54:33.0777 2692  Net Driver HPZ12 - ok
22:54:33.0793 2692  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:54:33.0793 2692  NetBIOS - ok
22:54:33.0824 2692  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:54:33.0871 2692  NetBT - ok
22:54:33.0886 2692  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
22:54:33.0902 2692  Netlogon - ok
22:54:33.0933 2692  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
22:54:33.0933 2692  Netman - ok
22:54:33.0964 2692  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:54:33.0980 2692  NetMsmqActivator - ok
22:54:33.0980 2692  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:54:33.0980 2692  NetPipeActivator - ok
22:54:34.0011 2692  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
22:54:34.0011 2692  netprofm - ok
22:54:34.0011 2692  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:54:34.0027 2692  NetTcpActivator - ok
22:54:34.0027 2692  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:54:34.0027 2692  NetTcpPortSharing - ok
22:54:34.0042 2692  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:54:34.0042 2692  nfrd960 - ok
22:54:34.0058 2692  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:54:34.0058 2692  NlaSvc - ok
22:54:34.0073 2692  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:54:34.0073 2692  Npfs - ok
22:54:34.0089 2692  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
22:54:34.0089 2692  nsi - ok
22:54:34.0105 2692  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:54:34.0120 2692  nsiproxy - ok
22:54:34.0167 2692  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:54:34.0183 2692  Ntfs - ok
22:54:34.0198 2692  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
22:54:34.0198 2692  Null - ok
22:54:34.0229 2692  [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
22:54:34.0229 2692  nusb3hub - ok
22:54:34.0261 2692  [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:54:34.0261 2692  nusb3xhc - ok
22:54:34.0292 2692  [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:54:34.0292 2692  nvraid - ok
22:54:34.0323 2692  [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:54:34.0323 2692  nvstor - ok
22:54:34.0339 2692  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:54:34.0339 2692  nv_agp - ok
22:54:34.0401 2692  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:54:34.0417 2692  odserv - ok
22:54:34.0432 2692  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:54:34.0463 2692  ohci1394 - ok
22:54:34.0495 2692  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:34.0495 2692  ose - ok
22:54:34.0526 2692  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:54:34.0557 2692  p2pimsvc - ok
22:54:34.0588 2692  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:54:34.0619 2692  p2psvc - ok
22:54:34.0635 2692  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:54:34.0635 2692  Parport - ok
22:54:34.0651 2692  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:54:34.0651 2692  partmgr - ok
22:54:34.0666 2692  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:54:34.0682 2692  Parvdm - ok
22:54:34.0697 2692  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:54:34.0697 2692  PcaSvc - ok
22:54:34.0713 2692  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
22:54:34.0713 2692  pci - ok
22:54:34.0744 2692  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
22:54:34.0744 2692  pciide - ok
22:54:34.0775 2692  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:54:34.0775 2692  pcmcia - ok
22:54:34.0791 2692  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
22:54:34.0791 2692  pcw - ok
22:54:34.0838 2692  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:54:34.0838 2692  PEAUTH - ok
22:54:34.0869 2692  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:54:34.0916 2692  PeerDistSvc - ok
22:54:34.0963 2692  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
22:54:35.0025 2692  pla - ok
22:54:35.0072 2692  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:54:35.0072 2692  PlugPlay - ok
22:54:35.0119 2692  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:54:35.0119 2692  Pml Driver HPZ12 - ok
22:54:35.0150 2692  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:54:35.0181 2692  PNRPAutoReg - ok
22:54:35.0197 2692  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:54:35.0197 2692  PNRPsvc - ok
22:54:35.0228 2692  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:54:35.0243 2692  PolicyAgent - ok
22:54:35.0275 2692  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
22:54:35.0275 2692  Power - ok
22:54:35.0290 2692  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:54:35.0321 2692  PptpMiniport - ok
22:54:35.0337 2692  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:54:35.0368 2692  Processor - ok
22:54:35.0384 2692  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:54:35.0399 2692  ProfSvc - ok
22:54:35.0415 2692  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:54:35.0415 2692  ProtectedStorage - ok
22:54:35.0431 2692  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:54:35.0446 2692  Psched - ok
22:54:35.0493 2692  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
22:54:35.0493 2692  PxHelp20 - ok
22:54:35.0540 2692  [ C8DA4746D1C87FE3E5DCC3CE86218B62 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
22:54:35.0540 2692  QBCFMonitorService - ok
22:54:35.0587 2692  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
22:54:35.0587 2692  QBFCService - ok
22:54:35.0633 2692  [ 0C7B65C8743442A37152FCFAC5F7D16A ] QBVSS           C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
22:54:35.0665 2692  QBVSS - ok
22:54:35.0711 2692  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:54:35.0727 2692  ql2300 - ok
22:54:35.0743 2692  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:54:35.0743 2692  ql40xx - ok
22:54:35.0774 2692  QuickBooksDB22 - ok
22:54:35.0805 2692  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
22:54:35.0836 2692  QWAVE - ok
22:54:35.0836 2692  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:54:35.0852 2692  QWAVEdrv - ok
22:54:35.0867 2692  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:54:35.0867 2692  RasAcd - ok
22:54:35.0899 2692  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:54:35.0914 2692  RasAgileVpn - ok
22:54:35.0930 2692  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
22:54:35.0945 2692  RasAuto - ok
22:54:35.0945 2692  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:54:35.0961 2692  Rasl2tp - ok
22:54:35.0992 2692  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
22:54:36.0008 2692  RasMan - ok
22:54:36.0023 2692  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:54:36.0039 2692  RasPppoe - ok
22:54:36.0055 2692  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:54:36.0070 2692  RasSstp - ok
22:54:36.0086 2692  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:54:36.0086 2692  rdbss - ok
22:54:36.0101 2692  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:54:36.0117 2692  rdpbus - ok
22:54:36.0148 2692  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:54:36.0148 2692  RDPCDD - ok
22:54:36.0164 2692  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:54:36.0164 2692  RDPDR - ok
22:54:36.0195 2692  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:54:36.0211 2692  RDPENCDD - ok
22:54:36.0226 2692  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:54:36.0226 2692  RDPREFMP - ok
22:54:36.0257 2692  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:54:36.0273 2692  RdpVideoMiniport - ok
22:54:36.0304 2692  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:54:36.0304 2692  RDPWD - ok
22:54:36.0304 2692  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:54:36.0320 2692  rdyboost - ok
22:54:36.0335 2692  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:54:36.0351 2692  RemoteAccess - ok
22:54:36.0382 2692  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:54:36.0398 2692  RemoteRegistry - ok
22:54:36.0413 2692  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:54:36.0413 2692  RpcEptMapper - ok
22:54:36.0413 2692  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
22:54:36.0429 2692  RpcLocator - ok
22:54:36.0445 2692  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
22:54:36.0460 2692  RpcSs - ok
22:54:36.0476 2692  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:54:36.0476 2692  rspndr - ok
22:54:36.0491 2692  [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
22:54:36.0523 2692  RTL8167 - ok
22:54:36.0554 2692  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:54:36.0554 2692  s3cap - ok
22:54:36.0569 2692  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
22:54:36.0569 2692  SamSs - ok
22:54:36.0601 2692  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:54:36.0616 2692  sbp2port - ok
22:54:36.0632 2692  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:54:36.0647 2692  SCardSvr - ok
22:54:36.0663 2692  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:54:36.0679 2692  scfilter - ok
22:54:36.0710 2692  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
22:54:36.0725 2692  Schedule - ok
22:54:36.0757 2692  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:54:36.0757 2692  SCPolicySvc - ok
22:54:36.0772 2692  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:54:36.0788 2692  SDRSVC - ok
22:54:36.0803 2692  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:54:36.0819 2692  secdrv - ok
22:54:36.0819 2692  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
22:54:36.0835 2692  seclogon - ok
22:54:36.0866 2692  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
22:54:36.0866 2692  SENS - ok
22:54:36.0881 2692  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:54:36.0913 2692  SensrSvc - ok
22:54:36.0913 2692  [ A2CC81C30BEF6AC9F27055490EEF6DE3 ] Sentinel        C:\Windows\System32\Drivers\SENTINEL.SYS
22:54:36.0928 2692  Sentinel - ok
22:54:36.0944 2692  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:54:36.0959 2692  Serenum - ok
22:54:36.0975 2692  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:54:36.0991 2692  Serial - ok
22:54:36.0991 2692  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:54:37.0006 2692  sermouse - ok
22:54:37.0037 2692  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:54:37.0037 2692  SessionEnv - ok
22:54:37.0069 2692  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:54:37.0084 2692  sffdisk - ok
22:54:37.0084 2692  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:54:37.0100 2692  sffp_mmc - ok
22:54:37.0115 2692  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:54:37.0131 2692  sffp_sd - ok
22:54:37.0147 2692  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:54:37.0162 2692  sfloppy - ok
22:54:37.0178 2692  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:54:37.0193 2692  ShellHWDetection - ok
22:54:37.0209 2692  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:54:37.0225 2692  sisagp - ok
22:54:37.0240 2692  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:54:37.0240 2692  SiSRaid2 - ok
22:54:37.0256 2692  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:54:37.0256 2692  SiSRaid4 - ok
22:54:37.0271 2692  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:54:37.0287 2692  Smb - ok
22:54:37.0318 2692  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:54:37.0334 2692  SNMPTRAP - ok
22:54:37.0349 2692  [ CE724FC3EF8468BBAB146CA1793C66DC ] SNTNLUSB        C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
22:54:37.0349 2692  SNTNLUSB - ok
22:54:37.0349 2692  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:54:37.0349 2692  spldr - ok
22:54:37.0381 2692  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\Windows\System32\spoolsv.exe
22:54:37.0396 2692  Spooler - ok
22:54:37.0443 2692  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:54:37.0474 2692  sppsvc - ok
22:54:37.0490 2692  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:54:37.0505 2692  sppuinotify - ok
22:54:37.0521 2692  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:54:37.0521 2692  srv - ok
22:54:37.0537 2692  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:54:37.0537 2692  srv2 - ok
22:54:37.0552 2692  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:54:37.0568 2692  srvnet - ok
22:54:37.0583 2692  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:54:37.0599 2692  SSDPSRV - ok
22:54:37.0599 2692  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:54:37.0615 2692  SstpSvc - ok
22:54:37.0630 2692  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:54:37.0630 2692  stexstor - ok
22:54:37.0646 2692  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:54:37.0661 2692  StillCam - ok
22:54:37.0693 2692  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:54:37.0708 2692  StiSvc - ok
22:54:37.0739 2692  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:54:37.0739 2692  storflt - ok
22:54:37.0739 2692  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:54:37.0739 2692  storvsc - ok
22:54:37.0755 2692  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:54:37.0755 2692  swenum - ok
22:54:37.0771 2692  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
22:54:37.0771 2692  swprv - ok
22:54:37.0802 2692  Synth3dVsc - ok
22:54:37.0833 2692  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
22:54:37.0833 2692  SysMain - ok
22:54:37.0864 2692  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:54:37.0895 2692  TabletInputService - ok
22:54:37.0927 2692  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:54:37.0958 2692  TapiSrv - ok
22:54:37.0973 2692  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
22:54:37.0989 2692  TBS - ok
22:54:38.0036 2692  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:54:38.0067 2692  Tcpip - ok
22:54:38.0083 2692  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:54:38.0098 2692  TCPIP6 - ok
22:54:38.0114 2692  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:54:38.0114 2692  tcpipreg - ok
22:54:38.0145 2692  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:54:38.0176 2692  TDPIPE - ok
22:54:38.0192 2692  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:54:38.0192 2692  TDTCP - ok
22:54:38.0207 2692  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:54:38.0223 2692  tdx - ok
22:54:38.0239 2692  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:54:38.0239 2692  TermDD - ok
22:54:38.0270 2692  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
22:54:38.0270 2692  TermService - ok
22:54:38.0285 2692  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
22:54:38.0285 2692  Themes - ok
22:54:38.0301 2692  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
22:54:38.0301 2692  THREADORDER - ok
22:54:38.0317 2692  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
22:54:38.0317 2692  TrkWks - ok
22:54:38.0348 2692  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:54:38.0348 2692  TrustedInstaller - ok
22:54:38.0379 2692  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:54:38.0379 2692  tssecsrv - ok
22:54:38.0395 2692  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:54:38.0410 2692  TsUsbFlt - ok
22:54:38.0426 2692  tsusbhub - ok
22:54:38.0441 2692  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:54:38.0457 2692  tunnel - ok
22:54:38.0473 2692  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:54:38.0473 2692  uagp35 - ok
22:54:38.0504 2692  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:54:38.0535 2692  udfs - ok
22:54:38.0551 2692  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:54:38.0566 2692  UI0Detect - ok
22:54:38.0582 2692  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:54:38.0597 2692  uliagpkx - ok
22:54:38.0597 2692  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:54:38.0613 2692  umbus - ok
22:54:38.0629 2692  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:54:38.0644 2692  UmPass - ok
22:54:38.0675 2692  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:54:38.0675 2692  UmRdpService - ok
22:54:38.0722 2692  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
22:54:38.0722 2692  upnphost - ok
22:54:38.0738 2692  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:54:38.0753 2692  usbccgp - ok
22:54:38.0785 2692  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:54:38.0800 2692  usbcir - ok
22:54:38.0831 2692  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:54:38.0847 2692  usbehci - ok
22:54:38.0878 2692  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
22:54:38.0925 2692  usbhub - ok
22:54:38.0941 2692  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:54:38.0956 2692  usbohci - ok
22:54:38.0987 2692  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:54:38.0987 2692  usbprint - ok
22:54:39.0003 2692  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:54:39.0019 2692  usbscan - ok
22:54:39.0050 2692  [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:54:39.0050 2692  USBSTOR - ok
22:54:39.0065 2692  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:54:39.0097 2692  usbuhci - ok
22:54:39.0112 2692  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
22:54:39.0112 2692  UxSms - ok
22:54:39.0128 2692  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
22:54:39.0143 2692  VaultSvc - ok
22:54:39.0159 2692  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:54:39.0159 2692  vdrvroot - ok
22:54:39.0190 2692  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
22:54:39.0221 2692  vds - ok
22:54:39.0237 2692  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:54:39.0237 2692  vga - ok
22:54:39.0253 2692  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:54:39.0268 2692  VgaSave - ok
22:54:39.0268 2692  VGPU - ok
22:54:39.0284 2692  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:54:39.0284 2692  vhdmp - ok
22:54:39.0299 2692  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:54:39.0315 2692  viaagp - ok
22:54:39.0315 2692  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
22:54:39.0331 2692  ViaC7 - ok
22:54:39.0346 2692  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
22:54:39.0362 2692  viaide - ok
22:54:39.0362 2692  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:54:39.0377 2692  vmbus - ok
22:54:39.0377 2692  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:54:39.0393 2692  VMBusHID - ok
22:54:39.0409 2692  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:54:39.0409 2692  volmgr - ok
22:54:39.0424 2692  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:54:39.0424 2692  volmgrx - ok
22:54:39.0455 2692  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:54:39.0455 2692  volsnap - ok
22:54:39.0487 2692  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:54:39.0487 2692  vsmraid - ok
22:54:39.0533 2692  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
22:54:39.0549 2692  VSS - ok
22:54:39.0643 2692  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
22:54:39.0658 2692  vToolbarUpdater15.2.0 - ok
22:54:39.0674 2692  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:54:39.0689 2692  vwifibus - ok
22:54:39.0689 2692  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
22:54:39.0705 2692  W32Time - ok
22:54:39.0721 2692  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:54:39.0736 2692  WacomPen - ok
22:54:39.0767 2692  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:54:39.0799 2692  WANARP - ok
22:54:39.0799 2692  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:54:39.0799 2692  Wanarpv6 - ok
22:54:39.0877 2692  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:54:39.0892 2692  WatAdminSvc - ok
22:54:39.0923 2692  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
22:54:39.0939 2692  wbengine - ok
22:54:39.0955 2692  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:54:39.0970 2692  WbioSrvc - ok
22:54:40.0001 2692  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:54:40.0001 2692  wcncsvc - ok
22:54:40.0017 2692  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:54:40.0017 2692  WcsPlugInService - ok
22:54:40.0033 2692  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:54:40.0033 2692  Wd - ok
22:54:40.0048 2692  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
22:54:40.0064 2692  WDC_SAM - ok
22:54:40.0079 2692  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:54:40.0079 2692  Wdf01000 - ok
22:54:40.0095 2692  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:54:40.0095 2692  WdiServiceHost - ok
22:54:40.0095 2692  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:54:40.0095 2692  WdiSystemHost - ok
22:54:40.0126 2692  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
22:54:40.0142 2692  WebClient - ok
22:54:40.0173 2692  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:54:40.0189 2692  Wecsvc - ok
22:54:40.0204 2692  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:54:40.0220 2692  wercplsupport - ok
22:54:40.0235 2692  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:54:40.0251 2692  WerSvc - ok
22:54:40.0251 2692  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:54:40.0267 2692  WfpLwf - ok
22:54:40.0267 2692  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:54:40.0282 2692  WIMMount - ok
22:54:40.0282 2692  WinHttpAutoProxySvc - ok
22:54:40.0345 2692  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:54:40.0345 2692  Winmgmt - ok
22:54:40.0391 2692  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:54:40.0454 2692  WinRM - ok
22:54:40.0485 2692  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:54:40.0501 2692  WinUsb - ok
22:54:40.0516 2692  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:54:40.0563 2692  Wlansvc - ok
22:54:40.0625 2692  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:54:40.0657 2692  wlidsvc - ok
22:54:40.0688 2692  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:54:40.0688 2692  WmiAcpi - ok
22:54:40.0719 2692  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:54:40.0750 2692  wmiApSrv - ok
22:54:40.0813 2692  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:54:40.0844 2692  WMPNetworkSvc - ok
22:54:40.0859 2692  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:54:40.0875 2692  WPCSvc - ok
22:54:40.0906 2692  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:54:40.0906 2692  WPDBusEnum - ok
22:54:40.0922 2692  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:54:40.0937 2692  ws2ifsl - ok
22:54:40.0953 2692  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:54:40.0969 2692  WSDPrintDevice - ok
22:54:40.0969 2692  WSearch - ok
22:54:41.0015 2692  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:54:41.0062 2692  wuauserv - ok
22:54:41.0093 2692  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:54:41.0093 2692  WudfPf - ok
22:54:41.0109 2692  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:54:41.0125 2692  WUDFRd - ok
22:54:41.0156 2692  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:54:41.0156 2692  wudfsvc - ok
22:54:41.0187 2692  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:54:41.0203 2692  WwanSvc - ok
22:54:41.0265 2692  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:54:41.0281 2692  YahooAUService - ok
22:54:41.0296 2692  ================ Scan global ===============================
22:54:41.0327 2692  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:54:41.0359 2692  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:54:41.0374 2692  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:54:41.0390 2692  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:54:41.0405 2692  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:54:41.0405 2692  [Global] - ok
22:54:41.0405 2692  ================ Scan MBR ==================================
22:54:41.0421 2692  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:54:41.0733 2692  \Device\Harddisk0\DR0 - ok
22:54:41.0749 2692  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:54:41.0827 2692  \Device\Harddisk1\DR1 - ok
22:54:41.0827 2692  ================ Scan VBR ==================================
22:54:41.0842 2692  [ D33919A6D67F92EC22E76C96DF5850B7 ] \Device\Harddisk0\DR0\Partition1
22:54:41.0842 2692  \Device\Harddisk0\DR0\Partition1 - ok
22:54:41.0873 2692  [ E6DAB52D4B7A959FFF2FAE37190064A7 ] \Device\Harddisk0\DR0\Partition2
22:54:41.0873 2692  \Device\Harddisk0\DR0\Partition2 - ok
22:54:41.0873 2692  [ 1DF67EDFFFFB9F59915BE3A0A435CF51 ] \Device\Harddisk1\DR1\Partition1
22:54:41.0873 2692  \Device\Harddisk1\DR1\Partition1 - ok
22:54:41.0873 2692  ============================================================
22:54:41.0873 2692  Scan finished
22:54:41.0873 2692  ============================================================
22:54:41.0889 3968  Detected object count: 0
22:54:41.0889 3968  Actual detected object count: 0
22:55:45.0844 6412  Deinitialize success
 



# AdwCleaner v2.301 - Logfile created 06/05/2013 at 22:56:43
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Mr Sign - SIGNSERVER
# Boot Mode : Normal
# Running from : C:\Users\Mr Sign\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\Mr Sign\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Mr Sign\AppData\Local\PackageAware
Folder Deleted : C:\Users\Mr Sign\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Mr Sign\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://mail.google.com/mail/?shva=1#inbox --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Mr Sign\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"3wvd9s6U/MTqVgDhhAViwMCTnYdILwc46ntJWnW4/a8=","_version":4,"extensions":{"i[...]

*************************

AdwCleaner[S1].txt - [7026 octets] - [05/06/2013 22:56:43]

########## EOF - C:\AdwCleaner[S1].txt - [7086 octets] ##########



#4 Mr Sign

Mr Sign
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 06 June 2013 - 12:54 AM

Here is the eset scan logC:\Users\Mr Sign\AppData\Local\Temp\jar_cache2095246867202102973.tmp Java/Exploit.Agent.OMK trojan cleaned by deleting - quarantined
C:\Users\Mr Sign\AppData\Local\Temp\miaE39A.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Mr Sign\AppData\Local\Temp\miaE39A.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Mr Sign\AppData\Local\Temp\miaE39A.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Mr Sign\AppData\Local\Temp\miaE39A.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Mr Sign\AppData\Local\Temp\miaE39A.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Mr Sign\AppData\Local\Temp\miaE39A.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined



#5 Mr Sign

Mr Sign
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 06 June 2013 - 01:15 AM

I had to download the files you listed from another computer because the virus wont let me download them from here, but I ran them after coping them onto here. I ran all the files in the order you listed.  The only threat that I could see that it reported were the 7 files in the eset log. One threat was  Java/Exploit.Agent.OMK Trojan.

 

I posted all the log for adaware, tdsskiller, eset scan log, and the Mini tool box results. As far as I can tell there is no difference. Still will not download files and the firewall is still not configured. I looked in the services for it and it was not there under windows firewall.

What would be the next step?



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:25 AM

Posted 06 June 2013 - 09:05 AM

Hello, looks like the infection is protected. We need a New topic (per step 7)and the logs from this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:25 AM

Posted 06 June 2013 - 12:34 PM

Closing topic,Mr Sign has opted per PM to Nuke and pave....
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users