57 replies to this topic

[BigBK]

Several of my Desktop Icons are gone and all files appear to have been set to hidden status. I ran Malware Quick Scan and it detects svchost.exe infected with Trojan.Agent. Upon cleaning and rebooting they seem to come back. Any help you can provide is greatly appreciated. Attached are the DDS and Attach logs. Thanks.

 DDS.txt   32.7K   9 downloads

 Attach.txt   13.64K   10 downloads

[BigBK]

Here is the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Brian at 9:59:21 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6140.3042 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\WebUpdateSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\SeaMonkey\seamonkey.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\SeaMonkey\plugin-container.exe
C:\Program Files (x86)\SeaMonkey\plugin-container.exe
C:\Program Files (x86)\SeaMonkey\plugin-container.exe
C:\Program Files (x86)\SeaMonkey\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyServer = 188.138.24.221:8080
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [OnlineBackupScheduler] C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe
uRun: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - C:\Users\Brian\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe
StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://chil.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\0343A5431313336313139323 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\039364850333037333238393 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\130364851303137333734383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\14962707F62747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\34963736F61353236313 : DhcpNameServer = 216.111.202.15 216.111.202.20
TCP: Interfaces\{28FD0F17-7081-48B6-96E8-AABF7ACC4DB5}\36F6D666F6274713 : DhcpNameServer = 68.87.68.162 68.87.74.162
TCP: Interfaces\{3F1076DD-9D1D-45FD-B1E4-20B43BAAE7F7} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\
FF - prefs.js: browser.startup.homepage - hxxp://batheo.clapalong.com/?action=webgame!gamelogin&sid=19
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\extensions\avg@toolbar\components\toolbarhomewmp.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbasic.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Brian\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-4 136176]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-30 228408]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-4 136176]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2010-3-9 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2010-3-9 218608]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-03 13:43:56 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-04-03 12:23:55 20480 ----a-w- C:\Windows\svchost.exe
2012-03-31 12:06:40 -------- d--h--w- C:\Users\Brian\AppData\Roaming\Malwarebytes
2012-03-31 12:06:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 12:06:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-31 12:06:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 01:53:00 -------- d-----w- C:\Users\Brian\AppData\Local\ABBYY
2012-03-24 01:50:28 -------- d-----w- C:\ProgramData\ABBYY
2012-03-24 01:50:28 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2012-03-24 01:50:27 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY
2012-03-24 01:44:08 -------- d-----w- C:\Program Files\Common Files\EPSON
2012-03-24 01:42:13 -------- d-----w- C:\Program Files\EPSON
2012-03-24 01:41:53 558592 ----a-w- C:\Windows\System32\ensppmon.dll
2012-03-24 01:41:53 558592 ----a-w- C:\Windows\System32\enppmon.dll
2012-03-24 01:41:53 538112 ----a-w- C:\Windows\System32\ensppui.dll
2012-03-24 01:41:53 538112 ----a-w- C:\Windows\System32\enppui.dll
2012-03-24 01:41:53 250880 ----a-w- C:\Windows\System32\enspres.dll
2012-03-24 01:41:53 250880 ----a-w- C:\Windows\System32\enpres.dll
2012-03-24 01:41:53 -------- d-----w- C:\Program Files\EpsonNet
2012-03-24 01:41:27 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2012-03-24 01:39:54 -------- d-----w- C:\Program Files (x86)\Epson America Inc
2012-03-24 01:39:20 -------- d-----w- C:\Program Files (x86)\Epson Software
2012-03-24 01:37:44 118784 ----a-w- C:\Windows\System32\E_YLMHVA.DLL
2012-03-24 01:37:42 83456 ----a-w- C:\Windows\System32\E_YD4BHVA.DLL
2012-03-24 01:37:31 -------- d-----w- C:\ProgramData\EPSON
2012-03-24 01:37:19 464384 ----a-w- C:\Windows\System32\esxw2ud.dll
2012-03-24 01:37:19 13824 ----a-w- C:\Windows\System32\esxcdev.dll
2012-03-24 01:37:19 132560 ----a-w- C:\Windows\System32\esdevapp.exe
2012-03-24 01:37:15 -------- d-----w- C:\Program Files (x86)\epson
2012-03-21 04:30:22 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 04:30:22 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 07:09:17 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 07:09:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:09:15 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 12:33:40 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 12:33:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 12:33:37 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:32:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:32:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 12:32:56 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 12:32:54 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:32:54 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:32:54 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:32:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-03-12 01:13:56 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
.
============= FINISH: 10:01:51.53 ===============

[BigBK]

And the Attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/21/2010 6:36:25 PM
System Uptime: 4/3/2012 8:21:58 AM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 363A
Processor: AMD Turion™ II Ultra Dual-Core Mobile M620 | Socket S1G3 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 578 GiB total, 450.142 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.822 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP196: 3/7/2012 1:59:20 PM - Scheduled Checkpoint
RP197: 3/15/2012 3:00:17 AM - Windows Update
RP198: 3/23/2012 9:38:13 PM - Installed Epson Event Manager
RP199: 3/23/2012 9:39:38 PM - Installed Epson Connect
RP200: 3/23/2012 9:40:32 PM - Installed FAX Utility
RP201: 3/23/2012 9:41:43 PM - Installed EpsonNet Print
RP202: 3/23/2012 9:48:43 PM - Installed ABBYY FineReader 9.0 Sprint
RP203: 4/1/2012 8:23:20 AM - Scheduled Checkpoint
RP204: 4/3/2012 9:46:05 AM - Removed FriendFinder Messenger v4.1
.
==== Installed Programs ======================
.
3100_3200_3300_Help
3100_3200_3300trb
3200
5600
5600_Help
5600Trb
AA3Deploy
ABBYY FineReader 9.0 Sprint
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Amaya
AMD USB Filter Driver
America's Army 3
Apple Application Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
Auction Client
Autodesk DWF Viewer 7
AVG Security Toolbar
Battlefield 2™
BufferChm
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Copy
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
CyberLink DVD Suite
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DivX Setup
DocProc
Dungeons & Dragons Online - Eberron Unlimited™
DVD Menu Pack for HP MediaSmart Video
Epson Connect
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print
eReg
erLT
Fax
FileZilla Client 3.3.4.1
Flight Simulator X
Flight Simulator X Service Pack 1
FLV Player
Free DWG Viewer 6.3
Free Mouse and Keyboard Recorder 3.1.3.2
GIMP 2.6.11
Google Chrome
Google Earth Plug-in
Google SketchUp 8
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0153
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Hulu Desktop
IDT Audio
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 30
JMicron Flash Media Controller Driver
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Live Search Toolbar
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetObjects Fusion Essentials
Norton Online Backup
OpenOffice.org 3.2
Opera 11.61
PictureMover
Power2Go
PowerDirector
PunkBuster Services
QLBCASL
QuickBooks
QuickBooks Online Backup
QuickBooks Pro 2010
QuickTime
RcCAD
Realtek 8136 8168 8169 Ethernet Driver
Recovery Manager
Ruby 1.9.2-p0
Safari
Scan
SeaMonkey (2.8)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
SimCity 4 Deluxe
SmartWebPrinting
SolutionCenter
SPCA1528 PC Driver
Status
Steam
STK02N 2.3
System Requirements Lab
System Requirements Lab CYRI
Toolbox
TrayApp
Turbine Download Manager
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
Utherverse 3D Client
VC80CRTRedist - 8.0.50727.6195
VideoStudio
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Web Update Wizard Version 3.00
WebReg
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Winfoil 3
WinRAR 4.00 beta 2 (32-bit)
Xvid Video Codec
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/3/2012 8:26:06 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
4/3/2012 8:25:15 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
4/3/2012 8:25:15 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
4/3/2012 8:25:15 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
4/3/2012 8:23:12 AM, Error: Service Control Manager [7000] - The SPCA1528 Video Camera Service service failed to start due to the following error: The system cannot find the file specified.
4/3/2012 8:22:58 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
4/3/2012 8:22:52 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
4/3/2012 8:07:15 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service has not been started.
4/2/2012 9:55:33 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/2/2012 10:11:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
4/2/2012 10:11:43 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/2/2012 10:09:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
4/2/2012 10:09:47 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/2/2012 10:07:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Web Update Service by PowerProgrammer service to connect.
4/2/2012 10:06:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f8b7da, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040212-50528-01.
4/2/2012 10:01:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ed, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d05045). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040212-57205-01.
4/1/2012 7:47:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
4/1/2012 7:47:10 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/28/2012 1:09:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
.
==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Download and run unhide.exe:

http://download.blee...nler/unhide.exe

That should make your files visible.

------------------------------

Then.......
Please remove any usb or external drives from the computer before you run this scan!
Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

[BigBK]

Thanks for the help MrC. I ran the unhide.exe and that appears to have restored all of the files from their hidden state.

I then downloaded and ran RogueKiller. RogueKiller runs its prescan and then I clicked on Scan. It starts to scan for a bit and the I get a dialog box saying that RogueKiller has stopped working and windows is checking for a solution. Then it doesn't find a solution and I click close program. I have attached the RK_Quarantine debug file.

 debug.log   315.34K   7 downloads

[MrCharlie]

Lets do this instead:

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[BigBK]

Sorry for the delay MrC...below is the contents of the TDSSKiller log file. Thank you for your continued help.

02:13:57.0607 6192 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
02:13:58.0375 6192 ============================================================
02:13:58.0375 6192 Current date / time: 2012/04/08 02:13:58.0375
02:13:58.0375 6192 SystemInfo:
02:13:58.0375 6192
02:13:58.0375 6192 OS Version: 6.1.7601 ServicePack: 1.0
02:13:58.0375 6192 Product type: Workstation
02:13:58.0375 6192 ComputerName: BRIAN-PC
02:13:58.0389 6192 UserName: Brian
02:13:58.0389 6192 Windows directory: C:\Windows
02:13:58.0389 6192 System windows directory: C:\Windows
02:13:58.0389 6192 Running under WOW64
02:13:58.0389 6192 Processor architecture: Intel x64
02:13:58.0389 6192 Number of processors: 2
02:13:58.0389 6192 Page size: 0x1000
02:13:58.0389 6192 Boot type: Normal boot
02:13:58.0389 6192 ============================================================
02:14:00.0554 6192 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:14:00.0559 6192 \Device\Harddisk0\DR0:
02:14:00.0559 6192 MBR used
02:14:00.0559 6192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
02:14:00.0559 6192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x484E2000
02:14:00.0559 6192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48546000, BlocksNum 0x22DE000
02:14:00.0559 6192 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
02:14:00.0850 6192 Initialize success
02:14:00.0850 6192 ============================================================
02:14:31.0785 1780 ============================================================
02:14:31.0785 1780 Scan started
02:14:31.0785 1780 Mode: Manual; SigCheck; TDLFS;
02:14:31.0785 1780 ============================================================
02:14:36.0213 1780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:14:36.0405 1780 1394ohci - ok
02:14:36.0548 1780 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
02:14:36.0570 1780 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
02:14:36.0665 1780 Accelerometer (7bb93bb5a578984090748f310ed895ef) C:\Windows\system32\DRIVERS\Accelerometer.sys
02:14:36.0796 1780 Accelerometer - ok
02:14:37.0123 1780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:14:37.0139 1780 ACPI - ok
02:14:37.0186 1780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:14:37.0290 1780 AcpiPmi - ok
02:14:37.0443 1780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:14:37.0468 1780 adp94xx - ok
02:14:37.0575 1780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:14:37.0596 1780 adpahci - ok
02:14:37.0704 1780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:14:37.0739 1780 adpu320 - ok
02:14:37.0832 1780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:14:38.0003 1780 AeLookupSvc - ok
02:14:38.0289 1780 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
02:14:38.0373 1780 AESTFilters - ok
02:14:38.0555 1780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:14:38.0642 1780 AFD - ok
02:14:38.0902 1780 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
02:14:39.0018 1780 AgereSoftModem - ok
02:14:39.0164 1780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:14:39.0182 1780 agp440 - ok
02:14:39.0289 1780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:14:39.0403 1780 ALG - ok
02:14:39.0503 1780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:14:39.0513 1780 aliide - ok
02:14:39.0582 1780 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
02:14:39.0675 1780 AMD External Events Utility - ok
02:14:39.0820 1780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:14:39.0838 1780 amdide - ok
02:14:39.0908 1780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:14:40.0021 1780 AmdK8 - ok
02:14:40.0321 1780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:14:40.0458 1780 AmdPPM - ok
02:14:40.0577 1780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:14:40.0590 1780 amdsata - ok
02:14:40.0645 1780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:14:40.0660 1780 amdsbs - ok
02:14:40.0818 1780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:14:40.0835 1780 amdxata - ok
02:14:40.0954 1780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:14:41.0198 1780 AppID - ok
02:14:41.0293 1780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:14:41.0410 1780 AppIDSvc - ok
02:14:41.0537 1780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:14:41.0689 1780 Appinfo - ok
02:14:41.0798 1780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:14:41.0814 1780 arc - ok
02:14:41.0936 1780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:14:41.0971 1780 arcsas - ok
02:14:42.0226 1780 aspnet_state - ok
02:14:42.0341 1780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:14:42.0438 1780 AsyncMac - ok
02:14:42.0481 1780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:14:42.0494 1780 atapi - ok
02:14:42.0981 1780 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
02:14:43.0109 1780 athr - ok
02:14:43.0277 1780 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
02:14:43.0290 1780 AtiHdmiService - ok
02:14:43.0585 1780 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
02:14:43.0918 1780 atikmdag - ok
02:14:44.0037 1780 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
02:14:44.0052 1780 AtiPcie - ok
02:14:44.0114 1780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:14:44.0227 1780 AudioEndpointBuilder - ok
02:14:44.0238 1780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:14:44.0285 1780 AudioSrv - ok
02:14:44.0517 1780 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
02:14:44.0698 1780 AVGIDSAgent - ok
02:14:44.0800 1780 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
02:14:44.0821 1780 AVGIDSDriver - ok
02:14:44.0874 1780 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
02:14:44.0929 1780 AVGIDSEH - ok
02:14:44.0983 1780 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
02:14:45.0035 1780 AVGIDSFilter - ok
02:14:45.0330 1780 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
02:14:45.0351 1780 Avgldx64 - ok
02:14:45.0401 1780 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
02:14:45.0417 1780 Avgmfx64 - ok
02:14:45.0518 1780 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
02:14:45.0534 1780 Avgrkx64 - ok
02:14:45.0579 1780 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
02:14:45.0599 1780 Avgtdia - ok
02:14:45.0796 1780 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
02:14:45.0809 1780 avgwd - ok
02:14:45.0907 1780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:14:46.0025 1780 AxInstSV - ok
02:14:46.0124 1780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:14:46.0248 1780 b06bdrv - ok
02:14:46.0348 1780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:14:46.0435 1780 b57nd60a - ok
02:14:46.0651 1780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:14:46.0740 1780 BDESVC - ok
02:14:46.0808 1780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:14:46.0857 1780 Beep - ok
02:14:46.0984 1780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:14:47.0070 1780 BFE - ok
02:14:47.0841 1780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
02:14:48.0127 1780 BITS - ok
02:14:48.0967 1780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:14:49.0023 1780 blbdrive - ok
02:14:49.0177 1780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:14:49.0206 1780 bowser - ok
02:14:49.0293 1780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:14:49.0409 1780 BrFiltLo - ok
02:14:49.0643 1780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:14:49.0662 1780 BrFiltUp - ok
02:14:49.0692 1780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:14:49.0794 1780 Browser - ok
02:14:49.0987 1780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:14:50.0128 1780 Brserid - ok
02:14:50.0214 1780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:14:50.0265 1780 BrSerWdm - ok
02:14:50.0390 1780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:14:50.0436 1780 BrUsbMdm - ok
02:14:50.0459 1780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:14:50.0486 1780 BrUsbSer - ok
02:14:50.0581 1780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:14:50.0619 1780 BTHMODEM - ok
02:14:50.0922 1780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:14:50.0962 1780 bthserv - ok
02:14:51.0130 1780 Bulk1528 - ok
02:14:51.0211 1780 Ca1528av - ok
02:14:51.0289 1780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:14:51.0422 1780 cdfs - ok
02:14:51.0589 1780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:14:51.0621 1780 cdrom - ok
02:14:51.0725 1780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:14:51.0812 1780 CertPropSvc - ok
02:14:51.0939 1780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:14:51.0979 1780 circlass - ok
02:14:52.0119 1780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:14:52.0140 1780 CLFS - ok
02:14:52.0235 1780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:14:52.0250 1780 clr_optimization_v2.0.50727_32 - ok
02:14:52.0310 1780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:14:52.0323 1780 clr_optimization_v2.0.50727_64 - ok
02:14:52.0459 1780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:14:52.0475 1780 clr_optimization_v4.0.30319_32 - ok
02:14:52.0600 1780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:14:52.0610 1780 clr_optimization_v4.0.30319_64 - ok
02:14:52.0699 1780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:14:52.0740 1780 CmBatt - ok
02:14:52.0776 1780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:14:52.0790 1780 cmdide - ok
02:14:52.0965 1780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:14:53.0071 1780 CNG - ok
02:14:53.0579 1780 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
02:14:53.0597 1780 Com4QLBEx - ok
02:14:53.0703 1780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:14:53.0717 1780 Compbatt - ok
02:14:53.0769 1780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:14:53.0848 1780 CompositeBus - ok
02:14:53.0956 1780 COMSysApp - ok
02:14:54.0030 1780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:14:54.0041 1780 crcdisk - ok
02:14:54.0373 1780 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
02:14:54.0504 1780 CryptSvc - ok
02:14:54.0604 1780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:14:54.0680 1780 DcomLaunch - ok
02:14:54.0813 1780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:14:54.0889 1780 defragsvc - ok
02:14:55.0055 1780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:14:55.0120 1780 DfsC - ok
02:14:55.0314 1780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:14:55.0392 1780 Dhcp - ok
02:14:55.0656 1780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:14:55.0751 1780 discache - ok
02:14:55.0995 1780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:14:56.0044 1780 Disk - ok
02:14:56.0220 1780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:14:56.0305 1780 Dnscache - ok
02:14:56.0366 1780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:14:56.0416 1780 dot3svc - ok
02:14:56.0571 1780 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
02:14:56.0613 1780 Dot4 - ok
02:14:56.0725 1780 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:14:56.0753 1780 Dot4Print - ok
02:14:56.0871 1780 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
02:14:56.0904 1780 dot4usb - ok
02:14:56.0981 1780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:14:57.0037 1780 DPS - ok
02:14:57.0174 1780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:14:57.0218 1780 drmkaud - ok
02:14:57.0354 1780 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
02:14:57.0374 1780 dtsoftbus01 - ok
02:14:57.0899 1780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:14:57.0928 1780 DXGKrnl - ok
02:14:58.0022 1780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:14:58.0082 1780 EapHost - ok
02:14:58.0465 1780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:14:58.0734 1780 ebdrv - ok
02:14:58.0919 1780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:14:59.0056 1780 EFS - ok
02:14:59.0447 1780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:14:59.0542 1780 ehRecvr - ok
02:14:59.0673 1780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:14:59.0839 1780 ehSched - ok
02:15:00.0237 1780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:15:00.0477 1780 elxstor - ok
02:15:00.0571 1780 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
02:15:00.0633 1780 enecir - ok
02:15:00.0868 1780 EpsonCustomerParticipation (757305c7ad34222f4a46d86fe0bee241) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
02:15:00.0890 1780 EpsonCustomerParticipation - ok
02:15:01.0280 1780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:15:01.0319 1780 ErrDev - ok
02:15:01.0436 1780 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
02:15:01.0453 1780 esgiguard - ok
02:15:01.0682 1780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:15:01.0986 1780 EventSystem - ok
02:15:02.0190 1780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:15:02.0248 1780 exfat - ok
02:15:02.0661 1780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:15:02.0771 1780 fastfat - ok
02:15:02.0901 1780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:15:03.0007 1780 Fax - ok
02:15:03.0153 1780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:15:03.0216 1780 fdc - ok
02:15:03.0356 1780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:15:03.0639 1780 fdPHost - ok
02:15:04.0116 1780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:15:04.0251 1780 FDResPub - ok
02:15:04.0504 1780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:15:04.0517 1780 FileInfo - ok
02:15:04.0562 1780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:15:04.0616 1780 Filetrace - ok
02:15:04.0870 1780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:15:04.0889 1780 flpydisk - ok
02:15:04.0992 1780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:15:05.0038 1780 FltMgr - ok
02:15:05.0294 1780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:15:05.0433 1780 FontCache - ok
02:15:05.0536 1780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:15:05.0545 1780 FontCache3.0.0.0 - ok
02:15:05.0661 1780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:15:05.0680 1780 FsDepends - ok
02:15:05.0801 1780 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
02:15:05.0844 1780 fssfltr - ok
02:15:06.0174 1780 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:15:06.0247 1780 fsssvc - ok
02:15:06.0532 1780 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:15:06.0546 1780 Fs_Rec - ok
02:15:06.0668 1780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:15:06.0684 1780 fvevol - ok
02:15:06.0776 1780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:15:06.0791 1780 gagp30kx - ok
02:15:06.0909 1780 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
02:15:06.0942 1780 GamesAppService - ok
02:15:07.0141 1780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:15:07.0285 1780 gpsvc - ok
02:15:07.0449 1780 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:15:07.0459 1780 gupdate - ok
02:15:07.0516 1780 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:15:07.0528 1780 gupdatem - ok
02:15:07.0667 1780 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:15:07.0678 1780 gusvc - ok
02:15:07.0796 1780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:15:07.0876 1780 hcw85cir - ok
02:15:08.0114 1780 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:15:08.0147 1780 HdAudAddService - ok
02:15:08.0374 1780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:15:08.0454 1780 HDAudBus - ok
02:15:08.0532 1780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:15:08.0577 1780 HidBatt - ok
02:15:08.0621 1780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:15:08.0662 1780 HidBth - ok
02:15:08.0773 1780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:15:08.0825 1780 HidIr - ok
02:15:09.0030 1780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
02:15:09.0150 1780 hidserv - ok
02:15:09.0293 1780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
02:15:09.0481 1780 HidUsb - ok
02:15:09.0684 1780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:15:09.0788 1780 hkmsvc - ok
02:15:09.0828 1780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:15:09.0932 1780 HomeGroupListener - ok
02:15:09.0981 1780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:15:10.0082 1780 HomeGroupProvider - ok
02:15:10.0234 1780 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
02:15:10.0259 1780 HP Health Check Service - ok
02:15:10.0340 1780 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
02:15:10.0349 1780 HPDrvMntSvc.exe - ok
02:15:10.0447 1780 hpdskflt (0193c30760032cc044ef47a1919f20dc) C:\Windows\system32\DRIVERS\hpdskflt.sys
02:15:10.0537 1780 hpdskflt - ok
02:15:10.0734 1780 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
02:15:10.0833 1780 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
02:15:10.0833 1780 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
02:15:11.0234 1780 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
02:15:11.0389 1780 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
02:15:11.0389 1780 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
02:15:11.0752 1780 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
02:15:11.0830 1780 HpqKbFiltr - ok
02:15:12.0002 1780 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
02:15:12.0027 1780 hpqwmiex - ok
02:15:12.0164 1780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:15:12.0178 1780 HpSAMD - ok
02:15:12.0424 1780 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
02:15:12.0562 1780 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
02:15:12.0562 1780 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
02:15:12.0809 1780 hpsrv (65a2b4b003d733c6faa16f22212bb86d) C:\Windows\system32\Hpservice.exe
02:15:12.0891 1780 hpsrv - ok
02:15:13.0069 1780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:15:13.0172 1780 HTTP - ok
02:15:13.0372 1780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:15:13.0385 1780 hwpolicy - ok
02:15:13.0452 1780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:15:13.0486 1780 i8042prt - ok
02:15:13.0696 1780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:15:13.0714 1780 iaStorV - ok
02:15:13.0817 1780 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:15:13.0932 1780 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:15:13.0932 1780 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:15:14.0075 1780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:15:14.0130 1780 idsvc - ok
02:15:14.0583 1780 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:15:15.0244 1780 igfx - ok
02:15:15.0355 1780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:15:15.0366 1780 iirsp - ok
02:15:15.0548 1780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:15:15.0664 1780 IKEEXT - ok
02:15:15.0866 1780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:15:15.0881 1780 intelide - ok
02:15:15.0921 1780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:15:16.0058 1780 intelppm - ok
02:15:16.0141 1780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:15:16.0269 1780 IPBusEnum - ok
02:15:16.0512 1780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:15:16.0694 1780 IpFilterDriver - ok
02:15:16.0983 1780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:15:17.0082 1780 iphlpsvc - ok
02:15:17.0264 1780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:15:17.0363 1780 IPMIDRV - ok
02:15:17.0502 1780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:15:17.0631 1780 IPNAT - ok
02:15:17.0789 1780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:15:17.0893 1780 IRENUM - ok
02:15:18.0258 1780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:15:18.0298 1780 isapnp - ok
02:15:18.0508 1780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:15:18.0540 1780 iScsiPrt - ok
02:15:18.0616 1780 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
02:15:18.0691 1780 JMCR - ok
02:15:18.0927 1780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:15:18.0977 1780 kbdclass - ok
02:15:19.0082 1780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:15:19.0126 1780 kbdhid - ok
02:15:19.0174 1780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:15:19.0209 1780 KeyIso - ok
02:15:19.0320 1780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:15:19.0336 1780 KSecDD - ok
02:15:19.0539 1780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:15:19.0551 1780 KSecPkg - ok
02:15:19.0582 1780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:15:19.0633 1780 ksthunk - ok
02:15:19.0852 1780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:15:19.0916 1780 KtmRm - ok
02:15:19.0991 1780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
02:15:20.0044 1780 LanmanServer - ok
02:15:20.0172 1780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:15:20.0335 1780 LanmanWorkstation - ok
02:15:20.0570 1780 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
02:15:20.0640 1780 LBTServ - ok
02:15:20.0915 1780 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
02:15:20.0946 1780 LHidFilt - ok
02:15:21.0200 1780 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
02:15:21.0219 1780 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
02:15:21.0219 1780 LightScribeService - detected UnsignedFile.Multi.Generic (1)
02:15:21.0444 1780 LiveTurbineMessageService (ad36b5f8ac7c2bafb32973b743a65265) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe
02:15:21.0524 1780 LiveTurbineMessageService - ok
02:15:21.0665 1780 LiveTurbineNetworkService (ffdff7e4d8fda5c1bfa50f9dbfb780ce) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe
02:15:21.0818 1780 LiveTurbineNetworkService - ok
02:15:22.0034 1780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:15:22.0120 1780 lltdio - ok
02:15:22.0229 1780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:15:22.0306 1780 lltdsvc - ok
02:15:22.0812 1780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:15:22.0866 1780 lmhosts - ok
02:15:23.0654 1780 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
02:15:23.0679 1780 LMouFilt - ok
02:15:24.0295 1780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:15:24.0309 1780 LSI_FC - ok
02:15:24.0525 1780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:15:25.0941 1780 LSI_SAS - ok
02:15:26.0045 1780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:15:26.0075 1780 LSI_SAS2 - ok
02:15:26.0109 1780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:15:26.0130 1780 LSI_SCSI - ok
02:15:26.0155 1780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:15:26.0215 1780 luafv - ok
02:15:26.0244 1780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:15:26.0264 1780 Mcx2Svc - ok
02:15:26.0300 1780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:15:26.0315 1780 megasas - ok
02:15:26.0351 1780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:15:26.0368 1780 MegaSR - ok
02:15:26.0403 1780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:15:26.0470 1780 MMCSS - ok
02:15:26.0526 1780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:15:26.0577 1780 Modem - ok
02:15:26.0676 1780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:15:26.0715 1780 monitor - ok
02:15:26.0812 1780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
02:15:26.0831 1780 mouclass - ok
02:15:26.0901 1780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:15:26.0948 1780 mouhid - ok
02:15:27.0052 1780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:15:27.0068 1780 mountmgr - ok
02:15:27.0098 1780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:15:27.0124 1780 mpio - ok
02:15:27.0160 1780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:15:27.0216 1780 mpsdrv - ok
02:15:27.0269 1780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:15:27.0350 1780 MpsSvc - ok
02:15:27.0447 1780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:15:27.0488 1780 MRxDAV - ok
02:15:27.0528 1780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:15:27.0563 1780 mrxsmb - ok
02:15:27.0605 1780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:15:27.0667 1780 mrxsmb10 - ok
02:15:27.0777 1780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:15:27.0818 1780 mrxsmb20 - ok
02:15:27.0849 1780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:15:27.0891 1780 msahci - ok
02:15:27.0914 1780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:15:27.0934 1780 msdsm - ok
02:15:27.0984 1780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:15:28.0038 1780 MSDTC - ok
02:15:28.0104 1780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:15:28.0157 1780 Msfs - ok
02:15:28.0175 1780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:15:28.0239 1780 mshidkmdf - ok
02:15:28.0273 1780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:15:28.0300 1780 msisadrv - ok
02:15:28.0340 1780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:15:28.0416 1780 MSiSCSI - ok
02:15:28.0424 1780 msiserver - ok
02:15:28.0489 1780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:15:28.0577 1780 MSKSSRV - ok
02:15:28.0673 1780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:15:28.0744 1780 MSPCLOCK - ok
02:15:28.0776 1780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:15:28.0832 1780 MSPQM - ok
02:15:28.0872 1780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:15:28.0934 1780 MsRPC - ok
02:15:29.0060 1780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:15:29.0076 1780 mssmbios - ok
02:15:29.0181 1780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:15:29.0249 1780 MSTEE - ok
02:15:29.0347 1780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:15:29.0402 1780 MTConfig - ok
02:15:29.0512 1780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:15:29.0539 1780 Mup - ok
02:15:29.0648 1780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:15:29.0729 1780 napagent - ok
02:15:29.0860 1780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:15:29.0924 1780 NativeWifiP - ok
02:15:29.0995 1780 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:15:30.0041 1780 NDIS - ok
02:15:30.0171 1780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:15:30.0285 1780 NdisCap - ok
02:15:30.0317 1780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:15:30.0359 1780 NdisTapi - ok
02:15:30.0415 1780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:15:30.0511 1780 Ndisuio - ok
02:15:30.0993 1780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:15:31.0100 1780 NdisWan - ok
02:15:31.0225 1780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:15:31.0315 1780 NDProxy - ok
02:15:31.0457 1780 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
02:15:31.0479 1780 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
02:15:31.0479 1780 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
02:15:31.0535 1780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:15:31.0596 1780 NetBIOS - ok
02:15:31.0713 1780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:15:31.0796 1780 NetBT - ok
02:15:31.0841 1780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:15:31.0872 1780 Netlogon - ok
02:15:31.0912 1780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:15:32.0003 1780 Netman - ok
02:15:32.0026 1780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:15:32.0103 1780 netprofm - ok
02:15:32.0167 1780 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:15:32.0184 1780 NetTcpPortSharing - ok
02:15:32.0375 1780 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
02:15:32.0572 1780 netw5v64 - ok
02:15:32.0668 1780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:15:32.0697 1780 nfrd960 - ok
02:15:32.0808 1780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:15:32.0864 1780 NlaSvc - ok
02:15:32.0901 1780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:15:32.0954 1780 Npfs - ok
02:15:33.0588 1780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:15:33.0710 1780 nsi - ok
02:15:33.0840 1780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:15:33.0891 1780 nsiproxy - ok
02:15:33.0969 1780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:15:34.0035 1780 Ntfs - ok
02:15:34.0131 1780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:15:34.0194 1780 Null - ok
02:15:34.0260 1780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:15:34.0279 1780 nvraid - ok
02:15:34.0342 1780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:15:34.0359 1780 nvstor - ok
02:15:34.0422 1780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:15:34.0440 1780 nv_agp - ok
02:15:34.0485 1780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:15:34.0520 1780 ohci1394 - ok
02:15:34.0594 1780 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:15:34.0606 1780 ose - ok
02:15:34.0781 1780 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:15:35.0055 1780 osppsvc - ok
02:15:35.0394 1780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:15:35.0498 1780 p2pimsvc - ok
02:15:35.0606 1780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:15:35.0678 1780 p2psvc - ok
02:15:35.0768 1780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:15:35.0820 1780 Parport - ok
02:15:35.0855 1780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:15:35.0876 1780 partmgr - ok
02:15:35.0923 1780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:15:36.0064 1780 PcaSvc - ok
02:15:36.0159 1780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:15:36.0176 1780 pci - ok
02:15:36.0200 1780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:15:36.0210 1780 pciide - ok
02:15:36.0254 1780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:15:36.0273 1780 pcmcia - ok
02:15:36.0302 1780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:15:36.0342 1780 pcw - ok
02:15:36.0369 1780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:15:36.0533 1780 PEAUTH - ok
02:15:36.0636 1780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:15:36.0676 1780 PerfHost - ok
02:15:36.0772 1780 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:15:36.0932 1780 pla - ok
02:15:37.0188 1780 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:15:37.0406 1780 PlugPlay - ok
02:15:37.0574 1780 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
02:15:37.0604 1780 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
02:15:37.0604 1780 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
02:15:37.0701 1780 PnkBstrA - ok
02:15:37.0997 1780 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:15:38.0068 1780 PNRPAutoReg - ok
02:15:38.0160 1780 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:15:38.0179 1780 PNRPsvc - ok
02:15:38.0228 1780 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:15:38.0379 1780 PolicyAgent - ok
02:15:38.0502 1780 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:15:38.0698 1780 Power - ok
02:15:38.0912 1780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:15:38.0992 1780 PptpMiniport - ok
02:15:39.0418 1780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:15:39.0526 1780 Processor - ok
02:15:39.0621 1780 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
02:15:39.0692 1780 ProfSvc - ok
02:15:39.0774 1780 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:15:39.0812 1780 ProtectedStorage - ok
02:15:39.0886 1780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:15:39.0942 1780 Psched - ok
02:15:40.0015 1780 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
02:15:40.0034 1780 PSI_SVC_2 - ok
02:15:40.0076 1780 QBCFMonitorService (67bfd5fbe6a5497076b85ac93bfb188b) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
02:15:40.0132 1780 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
02:15:40.0132 1780 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
02:15:40.0190 1780 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
02:15:40.0256 1780 QBFCService ( UnsignedFile.Multi.Generic ) - warning
02:15:40.0257 1780 QBFCService - detected UnsignedFile.Multi.Generic (1)
02:15:40.0352 1780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:15:40.0435 1780 ql2300 - ok
02:15:40.0524 1780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:15:40.0540 1780 ql40xx - ok
02:15:40.0569 1780 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:15:40.0600 1780 QWAVE - ok
02:15:40.0648 1780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:15:40.0700 1780 QWAVEdrv - ok
02:15:40.0796 1780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:15:40.0859 1780 RasAcd - ok
02:15:40.0950 1780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:15:41.0004 1780 RasAgileVpn - ok
02:15:41.0034 1780 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:15:41.0223 1780 RasAuto - ok
02:15:41.0555 1780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:15:41.0631 1780 Rasl2tp - ok
02:15:41.0729 1780 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:15:41.0823 1780 RasMan - ok
02:15:41.0874 1780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:15:41.0928 1780 RasPppoe - ok
02:15:42.0028 1780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:15:42.0121 1780 RasSstp - ok
02:15:42.0160 1780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:15:42.0255 1780 rdbss - ok
02:15:42.0285 1780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:15:42.0368 1780 rdpbus - ok
02:15:42.0398 1780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:15:42.0470 1780 RDPCDD - ok
02:15:42.0480 1780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:15:42.0549 1780 RDPENCDD - ok
02:15:42.0577 1780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:15:42.0635 1780 RDPREFMP - ok
02:15:42.0734 1780 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
02:15:42.0816 1780 RDPWD - ok
02:15:42.0930 1780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:15:42.0967 1780 rdyboost - ok
02:15:43.0381 1780 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:15:43.0504 1780 RemoteAccess - ok
02:15:43.0877 1780 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:15:43.0967 1780 RemoteRegistry - ok
02:15:44.0067 1780 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
02:15:44.0107 1780 RichVideo - ok
02:15:44.0223 1780 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:15:44.0316 1780 RpcEptMapper - ok
02:15:44.0430 1780 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:15:44.0490 1780 RpcLocator - ok
02:15:44.0561 1780 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:15:44.0623 1780 RpcSs - ok
02:15:44.0668 1780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:15:44.0749 1780 rspndr - ok
02:15:44.0849 1780 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:15:44.0921 1780 RTL8167 - ok
02:15:45.0063 1780 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:15:45.0107 1780 SamSs - ok
02:15:45.0153 1780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:15:45.0169 1780 sbp2port - ok
02:15:45.0260 1780 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:15:45.0367 1780 SCardSvr - ok
02:15:45.0432 1780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:15:45.0515 1780 scfilter - ok
02:15:45.0573 1780 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:15:45.0688 1780 Schedule - ok
02:15:45.0736 1780 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:15:45.0882 1780 SCPolicySvc - ok
02:15:46.0007 1780 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
02:15:46.0026 1780 sdbus - ok
02:15:46.0073 1780 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:15:46.0171 1780 SDRSVC - ok
02:15:46.0202 1780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:15:46.0242 1780 secdrv - ok
02:15:46.0284 1780 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:15:46.0388 1780 seclogon - ok
02:15:46.0434 1780 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
02:15:46.0486 1780 SENS - ok
02:15:46.0517 1780 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:15:46.0771 1780 SensrSvc - ok
02:15:46.0867 1780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:15:46.0934 1780 Serenum - ok
02:15:46.0957 1780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:15:47.0097 1780 Serial - ok
02:15:47.0133 1780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:15:47.0183 1780 sermouse - ok
02:15:47.0238 1780 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:15:47.0306 1780 SessionEnv - ok
02:15:47.0351 1780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:15:47.0424 1780 sffdisk - ok
02:15:47.0527 1780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:15:47.0574 1780 sffp_mmc - ok
02:15:47.0671 1780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:15:47.0733 1780 sffp_sd - ok
02:15:47.0777 1780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:15:47.0816 1780 sfloppy - ok
02:15:47.0938 1780 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:15:48.0017 1780 SharedAccess - ok
02:15:48.0065 1780 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:15:48.0206 1780 ShellHWDetection - ok
02:15:48.0267 1780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:15:48.0283 1780 SiSRaid2 - ok
02:15:48.0303 1780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:15:48.0319 1780 SiSRaid4 - ok
02:15:48.0357 1780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:15:48.0457 1780 Smb - ok
02:15:48.0513 1780 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:15:48.0551 1780 SNMPTRAP - ok
02:15:48.0655 1780 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
02:15:48.0744 1780 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:15:48.0744 1780 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:15:48.0834 1780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:15:48.0851 1780 spldr - ok
02:15:48.0899 1780 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:15:48.0973 1780 Spooler - ok
02:15:49.0065 1780 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:15:49.0227 1780 sppsvc - ok
02:15:49.0317 1780 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:15:49.0401 1780 sppuinotify - ok
02:15:49.0463 1780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:15:49.0523 1780 srv - ok
02:15:49.0615 1780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:15:49.0640 1780 srv2 - ok
02:15:49.0690 1780 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
02:15:49.0758 1780 SrvHsfHDA - ok
02:15:49.0883 1780 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
02:15:50.0007 1780 SrvHsfV92 - ok
02:15:50.0121 1780 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
02:15:50.0208 1780 SrvHsfWinac - ok
02:15:50.0310 1780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:15:50.0351 1780 srvnet - ok
02:15:50.0437 1780 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:15:50.0493 1780 SSDPSRV - ok
02:15:50.0525 1780 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:15:50.0670 1780 SstpSvc - ok
02:15:50.0799 1780 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
02:15:50.0930 1780 STacSV - ok
02:15:51.0385 1780 Steam Client Service - ok
02:15:51.0640 1780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:15:51.0664 1780 stexstor - ok
02:15:51.0812 1780 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
02:15:51.0889 1780 STHDA - ok
02:15:52.0409 1780 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:15:52.0496 1780 stisvc - ok
02:15:52.0584 1780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:15:52.0606 1780 swenum - ok
02:15:52.0650 1780 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:15:52.0833 1780 swprv - ok
02:15:52.0968 1780 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
02:15:53.0055 1780 SynTP - ok
02:15:53.0173 1780 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:15:53.0302 1780 SysMain - ok
02:15:53.0399 1780 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:15:53.0435 1780 TabletInputService - ok
02:15:53.0487 1780 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:15:53.0549 1780 TapiSrv - ok
02:15:53.0580 1780 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:15:53.0624 1780 TBS - ok
02:15:53.0712 1780 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
02:15:53.0818 1780 Tcpip - ok
02:15:54.0001 1780 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
02:15:54.0051 1780 TCPIP6 - ok
02:15:54.0107 1780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:15:54.0280 1780 tcpipreg - ok
02:15:54.0311 1780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:15:54.0381 1780 TDPIPE - ok
02:15:54.0416 1780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:15:54.0473 1780 TDTCP - ok
02:15:54.0573 1780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:15:54.0610 1780 tdx - ok
02:15:54.0647 1780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:15:54.0658 1780 TermDD - ok
02:15:54.0700 1780 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:15:54.0766 1780 TermService - ok
02:15:54.0811 1780 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:15:54.0917 1780 Themes - ok
02:15:55.0203 1780 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:15:55.0255 1780 THREADORDER - ok
02:15:55.0503 1780 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:15:55.0595 1780 TrkWks - ok
02:15:55.0671 1780 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:15:55.0762 1780 TrustedInstaller - ok
02:15:55.0842 1780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:15:55.0935 1780 tssecsrv - ok
02:15:56.0065 1780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:15:56.0115 1780 TsUsbFlt - ok
02:15:56.0167 1780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:15:56.0231 1780 tunnel - ok
02:15:56.0259 1780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:15:56.0276 1780 uagp35 - ok
02:15:56.0319 1780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:15:56.0415 1780 udfs - ok
02:15:56.0454 1780 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:15:56.0499 1780 UI0Detect - ok
02:15:56.0550 1780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:15:56.0562 1780 uliagpkx - ok
02:15:56.0595 1780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:15:56.0627 1780 umbus - ok
02:15:56.0664 1780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:15:56.0749 1780 UmPass - ok
02:15:56.0847 1780 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:15:56.0918 1780 upnphost - ok
02:15:57.0041 1780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:15:57.0102 1780 usbccgp - ok
02:15:57.0200 1780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:15:57.0246 1780 usbcir - ok
02:15:57.0341 1780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
02:15:57.0367 1780 usbehci - ok
02:15:57.0699 1780 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
02:15:57.0740 1780 usbfilter - ok
02:15:57.0844 1780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:15:57.0943 1780 usbhub - ok
02:15:58.0062 1780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
02:15:58.0147 1780 usbohci - ok
02:15:58.0178 1780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:15:58.0274 1780 usbprint - ok
02:15:58.0360 1780 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:15:58.0437 1780 usbscan - ok
02:15:58.0491 1780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:15:58.0561 1780 USBSTOR - ok
02:15:58.0652 1780 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
02:15:58.0696 1780 usbuhci - ok
02:15:58.0907 1780 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:15:58.0950 1780 usbvideo - ok
02:15:58.0997 1780 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:15:59.0087 1780 UxSms - ok
02:15:59.0141 1780 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:15:59.0157 1780 VaultSvc - ok
02:15:59.0206 1780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:15:59.0223 1780 vdrvroot - ok
02:15:59.0268 1780 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:15:59.0326 1780 vds - ok
02:15:59.0362 1780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:15:59.0382 1780 vga - ok
02:15:59.0400 1780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:15:59.0459 1780 VgaSave - ok
02:15:59.0506 1780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:15:59.0526 1780 vhdmp - ok
02:15:59.0567 1780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:15:59.0580 1780 viaide - ok
02:15:59.0595 1780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:15:59.0612 1780 volmgr - ok
02:15:59.0661 1780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:15:59.0680 1780 volmgrx - ok
02:15:59.0712 1780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:15:59.0814 1780 volsnap - ok
02:15:59.0858 1780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:15:59.0874 1780 vsmraid - ok
02:15:59.0941 1780 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:16:00.0101 1780 VSS - ok
02:16:00.0186 1780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:16:00.0243 1780 vwifibus - ok
02:16:00.0346 1780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:16:00.0400 1780 vwififlt - ok
02:16:00.0442 1780 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:16:00.0509 1780 W32Time - ok
02:16:00.0552 1780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:16:00.0615 1780 WacomPen - ok
02:16:00.0668 1780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:16:00.0730 1780 WANARP - ok
02:16:00.0734 1780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:16:00.0793 1780 Wanarpv6 - ok
02:16:00.0909 1780 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:16:00.0964 1780 WatAdminSvc - ok
02:16:01.0131 1780 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:16:01.0267 1780 wbengine - ok
02:16:01.0350 1780 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:16:01.0372 1780 WbioSrvc - ok
02:16:01.0406 1780 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:16:01.0531 1780 wcncsvc - ok
02:16:01.0569 1780 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:16:01.0626 1780 WcsPlugInService - ok
02:16:01.0704 1780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:16:01.0718 1780 Wd - ok
02:16:01.0757 1780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:16:01.0784 1780 Wdf01000 - ok
02:16:01.0815 1780 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:16:01.0920 1780 WdiServiceHost - ok
02:16:01.0935 1780 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:16:01.0965 1780 WdiSystemHost - ok
02:16:02.0071 1780 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:16:02.0124 1780 WebClient - ok
02:16:02.0227 1780 WebUpdate (12129e3be5afc0da136fa556a90296af) C:\Windows\SysWOW64\WebUpdateSvc.exe
02:16:02.0282 1780 WebUpdate ( UnsignedFile.Multi.Generic ) - warning
02:16:02.0282 1780 WebUpdate - detected UnsignedFile.Multi.Generic (1)
02:16:02.0339 1780 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:16:02.0425 1780 Wecsvc - ok
02:16:02.0453 1780 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:16:02.0569 1780 wercplsupport - ok
02:16:02.0596 1780 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:16:02.0655 1780 WerSvc - ok
02:16:02.0690 1780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:16:02.0772 1780 WfpLwf - ok
02:16:02.0795 1780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:16:02.0809 1780 WIMMount - ok
02:16:02.0844 1780 WinDefend - ok
02:16:02.0851 1780 WinHttpAutoProxySvc - ok
02:16:02.0980 1780 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:16:03.0065 1780 Winmgmt - ok
02:16:03.0204 1780 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:16:03.0338 1780 WinRM - ok
02:16:03.0468 1780 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:16:03.0630 1780 Wlansvc - ok
02:16:03.0929 1780 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:16:04.0006 1780 wlcrasvc - ok
02:16:04.0471 1780 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:16:04.0586 1780 wlidsvc - ok
02:16:04.0697 1780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:16:04.0761 1780 WmiAcpi - ok
02:16:04.0888 1780 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:16:04.0955 1780 wmiApSrv - ok
02:16:04.0989 1780 WMPNetworkSvc - ok
02:16:05.0194 1780 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:16:05.0277 1780 WPCSvc - ok
02:16:05.0352 1780 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:16:05.0413 1780 WPDBusEnum - ok
02:16:05.0572 1780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:16:05.0674 1780 ws2ifsl - ok
02:16:05.0794 1780 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
02:16:05.0911 1780 wscsvc - ok
02:16:06.0011 1780 WSearch - ok
02:16:06.0439 1780 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
02:16:06.0781 1780 wuauserv - ok
02:16:07.0057 1780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:16:07.0248 1780 WudfPf - ok
02:16:07.0790 1780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:16:07.0866 1780 WUDFRd - ok
02:16:08.0127 1780 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:16:08.0172 1780 wudfsvc - ok
02:16:08.0525 1780 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:16:08.0610 1780 WwanSvc - ok
02:16:08.0824 1780 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:16:09.0152 1780 YahooAUService - ok
02:16:10.0036 1780 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
02:16:10.0106 1780 yukonw7 - ok
02:16:10.0152 1780 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0
02:16:10.0234 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
02:16:10.0234 1780 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
02:16:16.0780 1780 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:16:16.0780 1780 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:16:16.0819 1780 Boot (0x1200) (85b23e6519cd4ef196d7bbc4f2bac0c3) \Device\Harddisk0\DR0\Partition0
02:16:16.0821 1780 \Device\Harddisk0\DR0\Partition0 - ok
02:16:16.0841 1780 Boot (0x1200) (c971dbdcd495e794e9c484e6222dee7c) \Device\Harddisk0\DR0\Partition1
02:16:16.0843 1780 \Device\Harddisk0\DR0\Partition1 - ok
02:16:16.0877 1780 Boot (0x1200) (a4a4b8e1ba8a61716f1b879eecc310a6) \Device\Harddisk0\DR0\Partition2
02:16:16.0879 1780 \Device\Harddisk0\DR0\Partition2 - ok
02:16:16.0890 1780 Boot (0x1200) (9143ba43b45077786159449c5d813500) \Device\Harddisk0\DR0\Partition3
02:16:16.0891 1780 \Device\Harddisk0\DR0\Partition3 - ok
02:16:16.0892 1780 ============================================================
02:16:16.0892 1780 Scan finished
02:16:16.0892 1780 ============================================================
02:16:16.0904 3548 Detected object count: 13
02:16:16.0904 3548 Actual detected object count: 13
02:18:01.0983 3548 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0983 3548 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:01.0986 3548 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0986 3548 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:01.0988 3548 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0988 3548 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:01.0990 3548 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0990 3548 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:01.0992 3548 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0992 3548 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:01.0993 3548 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0994 3548 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:01.0995 3548 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0995 3548 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:01.0997 3548 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0997 3548 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:01.0999 3548 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:01.0999 3548 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:02.0001 3548 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:02.0001 3548 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:02.0003 3548 WebUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
02:18:02.0003 3548 WebUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:18:02.0071 3548 \Device\Harddisk0\DR0\# - copied to quarantine
02:18:02.0071 3548 \Device\Harddisk0\DR0 - copied to quarantine
02:18:02.0116 3548 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
02:18:02.0118 3548 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
02:18:02.0122 3548 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
02:18:02.0127 3548 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
02:18:02.0149 3548 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
02:18:02.0157 3548 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
02:18:02.0158 3548 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
02:18:02.0159 3548 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
02:18:02.0161 3548 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
02:18:02.0163 3548 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
02:18:02.0166 3548 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
02:18:02.0167 3548 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
02:18:02.0199 3548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
02:18:02.0200 3548 \Device\Harddisk0\DR0 - ok
02:18:04.0657 3548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
02:18:05.0069 3548 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
02:18:05.0073 3548 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
02:18:05.0084 3548 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
02:18:05.0094 3548 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
02:18:05.0151 3548 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
02:18:05.0162 3548 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
02:18:05.0179 3548 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
02:18:05.0184 3548 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
02:18:05.0186 3548 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
02:18:05.0192 3548 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
02:18:05.0194 3548 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
02:18:05.0196 3548 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
02:18:05.0196 3548 \Device\Harddisk0\DR0\TDLFS - deleted
02:18:05.0196 3548 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
02:18:30.0154 3392 Deinitialize success

[MrCharlie]

Great, TDSSKiller found the rootkit and MBR infection.

Please delete your copy of TDSSKiller and download and run a fresh copy, post the results.

Those UnsignedFile.Multi.Generic files are OK.

MrC

[BigBK]

Sounds like we are making some progress.

Fresh TDSSKiller downloaded and ran, here is the new log:

09:17:28.0152 4416 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
09:17:28.0548 4416 ============================================================
09:17:28.0548 4416 Current date / time: 2012/04/08 09:17:28.0548
09:17:28.0549 4416 SystemInfo:
09:17:28.0549 4416
09:17:28.0549 4416 OS Version: 6.1.7601 ServicePack: 1.0
09:17:28.0549 4416 Product type: Workstation
09:17:28.0549 4416 ComputerName: BRIAN-PC
09:17:28.0549 4416 UserName: Brian
09:17:28.0549 4416 Windows directory: C:\Windows
09:17:28.0550 4416 System windows directory: C:\Windows
09:17:28.0550 4416 Running under WOW64
09:17:28.0550 4416 Processor architecture: Intel x64
09:17:28.0550 4416 Number of processors: 2
09:17:28.0550 4416 Page size: 0x1000
09:17:28.0550 4416 Boot type: Normal boot
09:17:28.0550 4416 ============================================================
09:17:29.0825 4416 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:29.0834 4416 \Device\Harddisk0\DR0:
09:17:29.0835 4416 MBR used
09:17:29.0835 4416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:17:29.0835 4416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x484E2000
09:17:29.0835 4416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48546000, BlocksNum 0x22DE000
09:17:29.0835 4416 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
09:17:29.0942 4416 Initialize success
09:17:29.0943 4416 ============================================================
09:17:38.0846 4348 ============================================================
09:17:38.0846 4348 Scan started
09:17:38.0846 4348 Mode: Manual; SigCheck; TDLFS;
09:17:38.0846 4348 ============================================================
09:17:40.0696 4348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:17:40.0839 4348 1394ohci - ok
09:17:40.0970 4348 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
09:17:41.0044 4348 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
09:17:41.0127 4348 Accelerometer (7bb93bb5a578984090748f310ed895ef) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:17:41.0229 4348 Accelerometer - ok
09:17:41.0275 4348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:17:41.0331 4348 ACPI - ok
09:17:41.0413 4348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:17:41.0491 4348 AcpiPmi - ok
09:17:41.0630 4348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:17:41.0683 4348 adp94xx - ok
09:17:41.0805 4348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:17:41.0859 4348 adpahci - ok
09:17:41.0898 4348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:17:41.0948 4348 adpu320 - ok
09:17:41.0994 4348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:17:42.0084 4348 AeLookupSvc - ok
09:17:42.0161 4348 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
09:17:42.0229 4348 AESTFilters - ok
09:17:42.0360 4348 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:17:42.0461 4348 AFD - ok
09:17:42.0555 4348 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
09:17:42.0649 4348 AgereSoftModem - ok
09:17:42.0773 4348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:17:42.0827 4348 agp440 - ok
09:17:42.0883 4348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:17:42.0936 4348 ALG - ok
09:17:43.0053 4348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:17:43.0110 4348 aliide - ok
09:17:43.0278 4348 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
09:17:43.0374 4348 AMD External Events Utility - ok
09:17:43.0468 4348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:17:43.0529 4348 amdide - ok
09:17:43.0569 4348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:17:43.0686 4348 AmdK8 - ok
09:17:43.0793 4348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:17:43.0902 4348 AmdPPM - ok
09:17:44.0005 4348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:17:44.0058 4348 amdsata - ok
09:17:44.0106 4348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:17:44.0125 4348 amdsbs - ok
09:17:44.0168 4348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:17:44.0198 4348 amdxata - ok
09:17:44.0315 4348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:17:44.0427 4348 AppID - ok
09:17:44.0477 4348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:17:44.0565 4348 AppIDSvc - ok
09:17:44.0687 4348 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:17:44.0777 4348 Appinfo - ok
09:17:44.0860 4348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:17:44.0914 4348 arc - ok
09:17:45.0019 4348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:17:45.0071 4348 arcsas - ok
09:17:45.0166 4348 aspnet_state - ok
09:17:45.0269 4348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:17:45.0365 4348 AsyncMac - ok
09:17:45.0476 4348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:17:45.0538 4348 atapi - ok
09:17:45.0648 4348 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
09:17:45.0742 4348 athr - ok
09:17:45.0883 4348 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
09:17:45.0904 4348 AtiHdmiService - ok
09:17:46.0163 4348 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
09:17:46.0394 4348 atikmdag - ok
09:17:46.0498 4348 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:17:46.0546 4348 AtiPcie - ok
09:17:46.0613 4348 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:17:46.0722 4348 AudioEndpointBuilder - ok
09:17:46.0733 4348 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:17:46.0787 4348 AudioSrv - ok
09:17:47.0000 4348 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
09:17:47.0089 4348 AVGIDSAgent - ok
09:17:47.0218 4348 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:17:47.0298 4348 AVGIDSDriver - ok
09:17:47.0357 4348 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:17:47.0394 4348 AVGIDSEH - ok
09:17:47.0422 4348 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:17:47.0445 4348 AVGIDSFilter - ok
09:17:47.0516 4348 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:17:47.0568 4348 Avgldx64 - ok
09:17:47.0606 4348 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:17:47.0635 4348 Avgmfx64 - ok
09:17:47.0768 4348 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:17:47.0820 4348 Avgrkx64 - ok
09:17:47.0876 4348 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
09:17:47.0915 4348 Avgtdia - ok
09:17:48.0026 4348 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
09:17:48.0078 4348 avgwd - ok
09:17:48.0203 4348 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:17:48.0267 4348 AxInstSV - ok
09:17:48.0434 4348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:17:48.0527 4348 b06bdrv - ok
09:17:48.0646 4348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:17:48.0771 4348 b57nd60a - ok
09:17:48.0891 4348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:17:48.0953 4348 BDESVC - ok
09:17:49.0070 4348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:17:49.0172 4348 Beep - ok
09:17:49.0307 4348 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:17:49.0436 4348 BFE - ok
09:17:49.0577 4348 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
09:17:49.0714 4348 BITS - ok
09:17:49.0818 4348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:17:49.0915 4348 blbdrive - ok
09:17:50.0029 4348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:17:50.0080 4348 bowser - ok
09:17:50.0110 4348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:17:50.0155 4348 BrFiltLo - ok
09:17:50.0172 4348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:17:50.0207 4348 BrFiltUp - ok
09:17:50.0254 4348 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:17:50.0345 4348 Browser - ok
09:17:50.0463 4348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:17:50.0546 4348 Brserid - ok
09:17:50.0687 4348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:17:50.0750 4348 BrSerWdm - ok
09:17:50.0863 4348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:17:50.0935 4348 BrUsbMdm - ok
09:17:50.0955 4348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:17:50.0995 4348 BrUsbSer - ok
09:17:51.0032 4348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:17:51.0084 4348 BTHMODEM - ok
09:17:51.0207 4348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:17:51.0294 4348 bthserv - ok
09:17:51.0325 4348 Bulk1528 - ok
09:17:51.0345 4348 Ca1528av - ok
09:17:51.0493 4348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:17:51.0553 4348 cdfs - ok
09:17:51.0672 4348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:17:51.0707 4348 cdrom - ok
09:17:51.0965 4348 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:17:52.0129 4348 CertPropSvc - ok
09:17:52.0234 4348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:17:52.0310 4348 circlass - ok
09:17:52.0416 4348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:17:52.0485 4348 CLFS - ok
09:17:52.0552 4348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:17:52.0594 4348 clr_optimization_v2.0.50727_32 - ok
09:17:52.0639 4348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:17:52.0686 4348 clr_optimization_v2.0.50727_64 - ok
09:17:52.0830 4348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:17:52.0892 4348 clr_optimization_v4.0.30319_32 - ok
09:17:52.0951 4348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:17:53.0011 4348 clr_optimization_v4.0.30319_64 - ok
09:17:53.0104 4348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:17:53.0183 4348 CmBatt - ok
09:17:53.0226 4348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:17:53.0258 4348 cmdide - ok
09:17:53.0319 4348 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:17:53.0380 4348 CNG - ok
09:17:53.0553 4348 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:17:53.0612 4348 Com4QLBEx - ok
09:17:53.0707 4348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:17:53.0763 4348 Compbatt - ok
09:17:53.0853 4348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:17:53.0934 4348 CompositeBus - ok
09:17:53.0996 4348 COMSysApp - ok
09:17:54.0036 4348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:17:54.0092 4348 crcdisk - ok
09:17:54.0203 4348 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:17:54.0308 4348 CryptSvc - ok
09:17:54.0424 4348 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:17:54.0534 4348 DcomLaunch - ok
09:17:54.0563 4348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:17:54.0641 4348 defragsvc - ok
09:17:54.0706 4348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:17:54.0804 4348 DfsC - ok
09:17:54.0909 4348 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:17:54.0978 4348 Dhcp - ok
09:17:55.0028 4348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:17:55.0082 4348 discache - ok
09:17:55.0188 4348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:17:55.0238 4348 Disk - ok
09:17:55.0283 4348 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:17:55.0346 4348 Dnscache - ok
09:17:55.0383 4348 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:17:55.0456 4348 dot3svc - ok
09:17:55.0566 4348 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
09:17:55.0644 4348 Dot4 - ok
09:17:55.0763 4348 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:17:55.0828 4348 Dot4Print - ok
09:17:55.0943 4348 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
09:17:56.0040 4348 dot4usb - ok
09:17:56.0088 4348 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:17:56.0179 4348 DPS - ok
09:17:56.0236 4348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:17:56.0295 4348 drmkaud - ok
09:17:56.0406 4348 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:17:56.0455 4348 dtsoftbus01 - ok
09:17:56.0523 4348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:17:56.0583 4348 DXGKrnl - ok
09:17:56.0628 4348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:17:56.0714 4348 EapHost - ok
09:17:56.0835 4348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:17:56.0912 4348 ebdrv - ok
09:17:57.0014 4348 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:17:57.0095 4348 EFS - ok
09:17:57.0198 4348 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:17:57.0283 4348 ehRecvr - ok
09:17:57.0379 4348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:17:57.0431 4348 ehSched - ok
09:17:57.0502 4348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:17:57.0555 4348 elxstor - ok
09:17:57.0597 4348 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
09:17:57.0672 4348 enecir - ok
09:17:57.0756 4348 EpsonCustomerParticipation (757305c7ad34222f4a46d86fe0bee241) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
09:17:57.0818 4348 EpsonCustomerParticipation - ok
09:17:57.0897 4348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:17:57.0956 4348 ErrDev - ok
09:17:58.0096 4348 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
09:17:58.0145 4348 esgiguard - ok
09:17:58.0246 4348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:17:58.0340 4348 EventSystem - ok
09:17:58.0384 4348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:17:58.0457 4348 exfat - ok
09:17:58.0769 4348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:17:58.0859 4348 fastfat - ok
09:17:58.0988 4348 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:17:59.0043 4348 Fax - ok
09:17:59.0092 4348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:17:59.0156 4348 fdc - ok
09:17:59.0184 4348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:17:59.0249 4348 fdPHost - ok
09:17:59.0266 4348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:17:59.0320 4348 FDResPub - ok
09:17:59.0377 4348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:17:59.0407 4348 FileInfo - ok
09:17:59.0502 4348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:17:59.0577 4348 Filetrace - ok
09:17:59.0677 4348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:17:59.0734 4348 flpydisk - ok
09:17:59.0778 4348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:17:59.0829 4348 FltMgr - ok
09:17:59.0898 4348 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:18:00.0004 4348 FontCache - ok
09:18:00.0087 4348 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:18:00.0148 4348 FontCache3.0.0.0 - ok
09:18:00.0222 4348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:18:00.0275 4348 FsDepends - ok
09:18:00.0318 4348 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
09:18:00.0361 4348 fssfltr - ok
09:18:00.0510 4348 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:18:00.0569 4348 fsssvc - ok
09:18:00.0660 4348 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:18:00.0720 4348 Fs_Rec - ok
09:18:00.0842 4348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:18:00.0896 4348 fvevol - ok
09:18:00.0938 4348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:18:00.0971 4348 gagp30kx - ok
09:18:01.0072 4348 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:18:01.0127 4348 GamesAppService - ok
09:18:01.0231 4348 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:18:01.0358 4348 gpsvc - ok
09:18:01.0512 4348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:18:01.0564 4348 gupdate - ok
09:18:01.0623 4348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:18:01.0680 4348 gupdatem - ok
09:18:01.0830 4348 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:18:01.0890 4348 gusvc - ok
09:18:01.0980 4348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:18:02.0058 4348 hcw85cir - ok
09:18:02.0178 4348 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:18:02.0235 4348 HdAudAddService - ok
09:18:02.0280 4348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:18:02.0353 4348 HDAudBus - ok
09:18:02.0449 4348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:18:02.0513 4348 HidBatt - ok
09:18:02.0561 4348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:18:02.0638 4348 HidBth - ok
09:18:02.0746 4348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:18:02.0818 4348 HidIr - ok
09:18:02.0857 4348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:18:02.0913 4348 hidserv - ok
09:18:03.0009 4348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:18:03.0074 4348 HidUsb - ok
09:18:03.0111 4348 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:18:03.0174 4348 hkmsvc - ok
09:18:03.0210 4348 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:18:03.0254 4348 HomeGroupListener - ok
09:18:03.0297 4348 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:18:03.0346 4348 HomeGroupProvider - ok
09:18:03.0473 4348 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
09:18:03.0502 4348 HP Health Check Service - ok
09:18:03.0612 4348 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:18:03.0663 4348 HPDrvMntSvc.exe - ok
09:18:03.0752 4348 hpdskflt (0193c30760032cc044ef47a1919f20dc) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:18:03.0809 4348 hpdskflt - ok
09:18:03.0941 4348 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
09:18:04.0013 4348 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
09:18:04.0013 4348 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
09:18:04.0133 4348 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
09:18:04.0195 4348 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
09:18:04.0195 4348 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
09:18:04.0301 4348 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:18:04.0369 4348 HpqKbFiltr - ok
09:18:04.0469 4348 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:18:04.0569 4348 hpqwmiex - ok
09:18:04.0670 4348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:18:04.0736 4348 HpSAMD - ok
09:18:04.0892 4348 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:18:05.0005 4348 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
09:18:05.0005 4348 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
09:18:05.0103 4348 hpsrv (65a2b4b003d733c6faa16f22212bb86d) C:\Windows\system32\Hpservice.exe
09:18:05.0156 4348 hpsrv - ok
09:18:05.0242 4348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:18:05.0319 4348 HTTP - ok
09:18:05.0411 4348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:18:05.0450 4348 hwpolicy - ok
09:18:05.0548 4348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:18:05.0602 4348 i8042prt - ok
09:18:05.0661 4348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:18:05.0713 4348 iaStorV - ok
09:18:05.0801 4348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:18:05.0888 4348 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:18:05.0888 4348 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:18:05.0986 4348 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:18:06.0046 4348 idsvc - ok
09:18:06.0267 4348 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:18:06.0498 4348 igfx - ok
09:18:06.0606 4348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:18:06.0675 4348 iirsp - ok
09:18:06.0721 4348 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:18:06.0802 4348 IKEEXT - ok
09:18:06.0906 4348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:18:06.0968 4348 intelide - ok
09:18:07.0005 4348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:18:07.0081 4348 intelppm - ok
09:18:07.0170 4348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:18:07.0304 4348 IPBusEnum - ok
09:18:07.0397 4348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:18:07.0485 4348 IpFilterDriver - ok
09:18:07.0618 4348 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:18:07.0729 4348 iphlpsvc - ok
09:18:07.0793 4348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:18:07.0853 4348 IPMIDRV - ok
09:18:07.0886 4348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:18:07.0969 4348 IPNAT - ok
09:18:08.0073 4348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:18:08.0150 4348 IRENUM - ok
09:18:08.0263 4348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:18:08.0329 4348 isapnp - ok
09:18:08.0376 4348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:18:08.0421 4348 iScsiPrt - ok
09:18:08.0479 4348 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
09:18:08.0539 4348 JMCR - ok
09:18:08.0645 4348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:18:08.0715 4348 kbdclass - ok
09:18:08.0755 4348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:18:08.0827 4348 kbdhid - ok
09:18:08.0870 4348 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:18:08.0938 4348 KeyIso - ok
09:18:08.0960 4348 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:18:09.0000 4348 KSecDD - ok
09:18:09.0023 4348 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:18:09.0063 4348 KSecPkg - ok
09:18:09.0121 4348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:18:09.0222 4348 ksthunk - ok
09:18:09.0317 4348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:18:09.0422 4348 KtmRm - ok
09:18:09.0488 4348 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
09:18:09.0577 4348 LanmanServer - ok
09:18:09.0679 4348 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:18:09.0776 4348 LanmanWorkstation - ok
09:18:09.0923 4348 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:18:09.0978 4348 LBTServ - ok
09:18:10.0089 4348 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:18:10.0109 4348 LHidFilt - ok
09:18:10.0196 4348 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:18:10.0208 4348 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
09:18:10.0208 4348 LightScribeService - detected UnsignedFile.Multi.Generic (1)
09:18:10.0308 4348 LiveTurbineMessageService (ad36b5f8ac7c2bafb32973b743a65265) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe
09:18:10.0336 4348 LiveTurbineMessageService - ok
09:18:10.0361 4348 LiveTurbineNetworkService (ffdff7e4d8fda5c1bfa50f9dbfb780ce) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe
09:18:10.0375 4348 LiveTurbineNetworkService - ok
09:18:10.0496 4348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:18:10.0570 4348 lltdio - ok
09:18:10.0660 4348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:18:10.0739 4348 lltdsvc - ok
09:18:10.0774 4348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:18:10.0808 4348 lmhosts - ok
09:18:10.0861 4348 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:18:10.0882 4348 LMouFilt - ok
09:18:10.0991 4348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:18:11.0019 4348 LSI_FC - ok
09:18:11.0054 4348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:18:11.0064 4348 LSI_SAS - ok
09:18:11.0152 4348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:18:11.0176 4348 LSI_SAS2 - ok
09:18:11.0272 4348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:18:11.0297 4348 LSI_SCSI - ok
09:18:11.0328 4348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:18:11.0389 4348 luafv - ok
09:18:11.0474 4348 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:18:11.0506 4348 Mcx2Svc - ok
09:18:11.0562 4348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:18:11.0587 4348 megasas - ok
09:18:11.0637 4348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:18:11.0658 4348 MegaSR - ok
09:18:11.0744 4348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:18:11.0822 4348 MMCSS - ok
09:18:11.0876 4348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:18:11.0934 4348 Modem - ok
09:18:12.0037 4348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:18:12.0078 4348 monitor - ok
09:18:12.0129 4348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:18:12.0138 4348 mouclass - ok
09:18:12.0184 4348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:18:12.0219 4348 mouhid - ok
09:18:12.0334 4348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:18:12.0362 4348 mountmgr - ok
09:18:12.0403 4348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:18:12.0419 4348 mpio - ok
09:18:12.0455 4348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:18:12.0500 4348 mpsdrv - ok
09:18:12.0552 4348 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:18:12.0625 4348 MpsSvc - ok
09:18:12.0688 4348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:18:12.0758 4348 MRxDAV - ok
09:18:12.0801 4348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:18:12.0842 4348 mrxsmb - ok
09:18:12.0891 4348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:18:12.0937 4348 mrxsmb10 - ok
09:18:12.0984 4348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:18:13.0011 4348 mrxsmb20 - ok
09:18:13.0043 4348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:18:13.0056 4348 msahci - ok
09:18:13.0086 4348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:18:13.0097 4348 msdsm - ok
09:18:13.0134 4348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:18:13.0165 4348 MSDTC - ok
09:18:13.0221 4348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:18:13.0278 4348 Msfs - ok
09:18:13.0314 4348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:18:13.0353 4348 mshidkmdf - ok
09:18:13.0389 4348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:18:13.0398 4348 msisadrv - ok
09:18:13.0435 4348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:18:13.0486 4348 MSiSCSI - ok
09:18:13.0551 4348 msiserver - ok
09:18:13.0617 4348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:18:13.0677 4348 MSKSSRV - ok
09:18:13.0779 4348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:18:13.0849 4348 MSPCLOCK - ok
09:18:13.0892 4348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:18:13.0936 4348 MSPQM - ok
09:18:14.0058 4348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:18:14.0089 4348 MsRPC - ok
09:18:14.0132 4348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:18:14.0142 4348 mssmbios - ok
09:18:14.0187 4348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:18:14.0242 4348 MSTEE - ok
09:18:14.0340 4348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:18:14.0363 4348 MTConfig - ok
09:18:14.0395 4348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:18:14.0409 4348 Mup - ok
09:18:14.0479 4348 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:18:14.0543 4348 napagent - ok
09:18:14.0679 4348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:18:14.0726 4348 NativeWifiP - ok
09:18:14.0797 4348 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:18:14.0832 4348 NDIS - ok
09:18:14.0876 4348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:18:14.0934 4348 NdisCap - ok
09:18:15.0033 4348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:18:15.0092 4348 NdisTapi - ok
09:18:15.0152 4348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:18:15.0237 4348 Ndisuio - ok
09:18:15.0277 4348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:18:15.0328 4348 NdisWan - ok
09:18:15.0364 4348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:18:15.0398 4348 NDProxy - ok
09:18:15.0519 4348 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
09:18:15.0541 4348 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:18:15.0541 4348 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:18:15.0596 4348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:18:15.0659 4348 NetBIOS - ok
09:18:15.0696 4348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:18:15.0754 4348 NetBT - ok
09:18:15.0814 4348 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:18:15.0836 4348 Netlogon - ok
09:18:15.0873 4348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:18:15.0919 4348 Netman - ok
09:18:15.0942 4348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:18:15.0994 4348 netprofm - ok
09:18:16.0063 4348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:18:16.0088 4348 NetTcpPortSharing - ok
09:18:16.0280 4348 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
09:18:16.0459 4348 netw5v64 - ok
09:18:16.0563 4348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:18:16.0590 4348 nfrd960 - ok
09:18:16.0638 4348 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:18:16.0690 4348 NlaSvc - ok
09:18:16.0718 4348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:18:16.0750 4348 Npfs - ok
09:18:16.0772 4348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:18:16.0812 4348 nsi - ok
09:18:16.0857 4348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:18:16.0900 4348 nsiproxy - ok
09:18:16.0963 4348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:18:17.0018 4348 Ntfs - ok
09:18:17.0037 4348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:18:17.0069 4348 Null - ok
09:18:17.0121 4348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:18:17.0131 4348 nvraid - ok
09:18:17.0170 4348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:18:17.0180 4348 nvstor - ok
09:18:17.0296 4348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:18:17.0323 4348 nv_agp - ok
09:18:17.0358 4348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:18:17.0381 4348 ohci1394 - ok
09:18:17.0456 4348 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:18:17.0477 4348 ose - ok
09:18:17.0665 4348 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:18:17.0830 4348 osppsvc - ok
09:18:17.0924 4348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:18:17.0973 4348 p2pimsvc - ok
09:18:18.0007 4348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:18:18.0032 4348 p2psvc - ok
09:18:18.0074 4348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:18:18.0105 4348 Parport - ok
09:18:18.0138 4348 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:18:18.0148 4348 partmgr - ok
09:18:18.0173 4348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:18:18.0213 4348 PcaSvc - ok
09:18:18.0322 4348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:18:18.0348 4348 pci - ok
09:18:18.0362 4348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:18:18.0374 4348 pciide - ok
09:18:18.0413 4348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:18:18.0425 4348 pcmcia - ok
09:18:18.0452 4348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:18:18.0461 4348 pcw - ok
09:18:18.0535 4348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:18:18.0622 4348 PEAUTH - ok
09:18:18.0731 4348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:18:18.0768 4348 PerfHost - ok
09:18:18.0863 4348 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:18:18.0987 4348 pla - ok
09:18:19.0086 4348 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:18:19.0139 4348 PlugPlay - ok
09:18:19.0258 4348 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
09:18:19.0287 4348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:18:19.0287 4348 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:18:19.0295 4348 PnkBstrA - ok
09:18:19.0347 4348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:18:19.0388 4348 PNRPAutoReg - ok
09:18:19.0435 4348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:18:19.0466 4348 PNRPsvc - ok
09:18:19.0511 4348 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:18:19.0582 4348 PolicyAgent - ok
09:18:19.0618 4348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:18:19.0667 4348 Power - ok
09:18:19.0729 4348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:18:19.0806 4348 PptpMiniport - ok
09:18:19.0858 4348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:18:19.0907 4348 Processor - ok
09:18:19.0949 4348 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:18:20.0004 4348 ProfSvc - ok
09:18:20.0046 4348 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:18:20.0057 4348 ProtectedStorage - ok
09:18:20.0115 4348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:18:20.0169 4348 Psched - ok
09:18:20.0256 4348 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
09:18:20.0284 4348 PSI_SVC_2 - ok
09:18:20.0327 4348 QBCFMonitorService (67bfd5fbe6a5497076b85ac93bfb188b) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:18:20.0359 4348 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
09:18:20.0359 4348 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
09:18:20.0419 4348 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:18:20.0440 4348 QBFCService ( UnsignedFile.Multi.Generic ) - warning
09:18:20.0441 4348 QBFCService - detected UnsignedFile.Multi.Generic (1)
09:18:20.0581 4348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:18:20.0620 4348 ql2300 - ok
09:18:20.0662 4348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:18:20.0672 4348 ql40xx - ok
09:18:20.0697 4348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:18:20.0717 4348 QWAVE - ok
09:18:20.0754 4348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:18:20.0782 4348 QWAVEdrv - ok
09:18:20.0801 4348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:18:20.0848 4348 RasAcd - ok
09:18:20.0890 4348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:18:20.0938 4348 RasAgileVpn - ok
09:18:20.0962 4348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:18:21.0006 4348 RasAuto - ok
09:18:21.0073 4348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:18:21.0137 4348 Rasl2tp - ok
09:18:21.0175 4348 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:18:21.0212 4348 RasMan - ok
09:18:21.0258 4348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:18:21.0320 4348 RasPppoe - ok
09:18:21.0423 4348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:18:21.0508 4348 RasSstp - ok
09:18:21.0558 4348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:18:21.0620 4348 rdbss - ok
09:18:21.0647 4348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:18:21.0673 4348 rdpbus - ok
09:18:21.0715 4348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:18:21.0776 4348 RDPCDD - ok
09:18:21.0859 4348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:18:21.0912 4348 RDPENCDD - ok
09:18:21.0938 4348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:18:21.0971 4348 RDPREFMP - ok
09:18:22.0018 4348 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:18:22.0072 4348 RDPWD - ok
09:18:22.0126 4348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:18:22.0155 4348 rdyboost - ok
09:18:22.0187 4348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:18:22.0245 4348 RemoteAccess - ok
09:18:22.0294 4348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:18:22.0339 4348 RemoteRegistry - ok
09:18:22.0441 4348 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
09:18:22.0472 4348 RichVideo - ok
09:18:22.0539 4348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:18:22.0596 4348 RpcEptMapper - ok
09:18:22.0635 4348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:18:22.0676 4348 RpcLocator - ok
09:18:22.0720 4348 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:18:22.0767 4348 RpcSs - ok
09:18:22.0806 4348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:18:22.0839 4348 rspndr - ok
09:18:22.0946 4348 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:18:23.0007 4348 RTL8167 - ok
09:18:23.0058 4348 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:18:23.0075 4348 SamSs - ok
09:18:23.0116 4348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:18:23.0144 4348 sbp2port - ok
09:18:23.0166 4348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:18:23.0204 4348 SCardSvr - ok
09:18:23.0248 4348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:18:23.0322 4348 scfilter - ok
09:18:23.0407 4348 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:18:23.0528 4348 Schedule - ok
09:18:23.0642 4348 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:18:23.0701 4348 SCPolicySvc - ok
09:18:23.0813 4348 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
09:18:23.0845 4348 sdbus - ok
09:18:23.0891 4348 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:18:23.0931 4348 SDRSVC - ok
09:18:23.0962 4348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:18:23.0996 4348 secdrv - ok
09:18:24.0079 4348 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:18:24.0144 4348 seclogon - ok
09:18:24.0196 4348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:18:24.0248 4348 SENS - ok
09:18:24.0279 4348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:18:24.0311 4348 SensrSvc - ok
09:18:24.0362 4348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:18:24.0404 4348 Serenum - ok
09:18:24.0497 4348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:18:24.0526 4348 Serial - ok
09:18:24.0639 4348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:18:24.0678 4348 sermouse - ok
09:18:24.0731 4348 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:18:24.0799 4348 SessionEnv - ok
09:18:24.0843 4348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:18:24.0866 4348 sffdisk - ok
09:18:24.0888 4348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:18:24.0923 4348 sffp_mmc - ok
09:18:24.0941 4348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:18:24.0967 4348 sffp_sd - ok
09:18:25.0005 4348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:18:25.0048 4348 sfloppy - ok
09:18:25.0100 4348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:18:25.0153 4348 SharedAccess - ok
09:18:25.0193 4348 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:18:25.0245 4348 ShellHWDetection - ok
09:18:25.0285 4348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:18:25.0307 4348 SiSRaid2 - ok
09:18:25.0320 4348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:18:25.0330 4348 SiSRaid4 - ok
09:18:25.0375 4348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:18:25.0430 4348 Smb - ok
09:18:25.0474 4348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:18:25.0511 4348 SNMPTRAP - ok
09:18:25.0606 4348 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
09:18:25.0636 4348 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:18:25.0637 4348 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:18:25.0707 4348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:18:25.0727 4348 spldr - ok
09:18:25.0771 4348 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:18:25.0813 4348 Spooler - ok
09:18:25.0930 4348 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:18:26.0066 4348 sppsvc - ok
09:18:26.0157 4348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:18:26.0246 4348 sppuinotify - ok
09:18:26.0323 4348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:18:26.0365 4348 srv - ok
09:18:26.0400 4348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:18:26.0418 4348 srv2 - ok
09:18:26.0474 4348 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:18:26.0508 4348 SrvHsfHDA - ok
09:18:26.0555 4348 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:18:26.0656 4348 SrvHsfV92 - ok
09:18:26.0766 4348 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:18:26.0840 4348 SrvHsfWinac - ok
09:18:26.0940 4348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:18:26.0970 4348 srvnet - ok
09:18:27.0066 4348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:18:27.0142 4348 SSDPSRV - ok
09:18:27.0164 4348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:18:27.0198 4348 SstpSvc - ok
09:18:27.0284 4348 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
09:18:27.0325 4348 STacSV - ok
09:18:27.0400 4348 Steam Client Service - ok
09:18:27.0479 4348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:18:27.0501 4348 stexstor - ok
09:18:27.0622 4348 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
09:18:27.0684 4348 STHDA - ok
09:18:27.0805 4348 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:18:27.0881 4348 stisvc - ok
09:18:27.0945 4348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:18:27.0971 4348 swenum - ok
09:18:28.0010 4348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:18:28.0068 4348 swprv - ok
09:18:28.0198 4348 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
09:18:28.0220 4348 SynTP - ok
09:18:28.0291 4348 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:18:28.0368 4348 SysMain - ok
09:18:28.0462 4348 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:18:28.0498 4348 TabletInputService - ok
09:18:28.0551 4348 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:18:28.0617 4348 TapiSrv - ok
09:18:28.0653 4348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:18:28.0685 4348 TBS - ok
09:18:28.0786 4348 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:18:28.0829 4348 Tcpip - ok
09:18:28.0874 4348 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:18:28.0908 4348 TCPIP6 - ok
09:18:28.0946 4348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:18:28.0997 4348 tcpipreg - ok
09:18:29.0040 4348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:18:29.0063 4348 TDPIPE - ok
09:18:29.0100 4348 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:18:29.0132 4348 TDTCP - ok
09:18:29.0168 4348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:18:29.0201 4348 tdx - ok
09:18:29.0242 4348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:18:29.0253 4348 TermDD - ok
09:18:29.0311 4348 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:18:29.0425 4348 TermService - ok
09:18:29.0462 4348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:18:29.0487 4348 Themes - ok
09:18:29.0521 4348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:18:29.0553 4348 THREADORDER - ok
09:18:29.0609 4348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:18:29.0657 4348 TrkWks - ok
09:18:29.0734 4348 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:18:29.0809 4348 TrustedInstaller - ok
09:18:29.0871 4348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:18:29.0930 4348 tssecsrv - ok
09:18:30.0049 4348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:18:30.0076 4348 TsUsbFlt - ok
09:18:30.0129 4348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:18:30.0165 4348 tunnel - ok
09:18:30.0207 4348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:18:30.0216 4348 uagp35 - ok
09:18:30.0257 4348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:18:30.0317 4348 udfs - ok
09:18:30.0360 4348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:18:30.0373 4348 UI0Detect - ok
09:18:30.0432 4348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:18:30.0464 4348 uliagpkx - ok
09:18:30.0513 4348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:18:30.0547 4348 umbus - ok
09:18:30.0582 4348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:18:30.0618 4348 UmPass - ok
09:18:30.0653 4348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:18:30.0697 4348 upnphost - ok
09:18:30.0759 4348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:18:30.0792 4348 usbccgp - ok
09:18:30.0828 4348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:18:30.0844 4348 usbcir - ok
09:18:30.0869 4348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:18:30.0933 4348 usbehci - ok
09:18:31.0050 4348 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
09:18:31.0068 4348 usbfilter - ok
09:18:31.0125 4348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:18:31.0171 4348 usbhub - ok
09:18:31.0269 4348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
09:18:31.0306 4348 usbohci - ok
09:18:31.0339 4348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:18:31.0365 4348 usbprint - ok
09:18:31.0467 4348 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:18:31.0501 4348 usbscan - ok
09:18:31.0542 4348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:18:31.0580 4348 USBSTOR - ok
09:18:31.0669 4348 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:18:31.0716 4348 usbuhci - ok
09:18:31.0824 4348 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:18:31.0855 4348 usbvideo - ok
09:18:31.0891 4348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:18:31.0967 4348 UxSms - ok
09:18:32.0013 4348 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:18:32.0024 4348 VaultSvc - ok
09:18:32.0079 4348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:18:32.0105 4348 vdrvroot - ok
09:18:32.0152 4348 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:18:32.0192 4348 vds - ok
09:18:32.0235 4348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:18:32.0249 4348 vga - ok
09:18:32.0272 4348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:18:32.0320 4348 VgaSave - ok
09:18:32.0366 4348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:18:32.0378 4348 vhdmp - ok
09:18:32.0418 4348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:18:32.0444 4348 viaide - ok
09:18:32.0479 4348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:18:32.0490 4348 volmgr - ok
09:18:32.0534 4348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:18:32.0567 4348 volmgrx - ok
09:18:32.0596 4348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:18:32.0609 4348 volsnap - ok
09:18:32.0653 4348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:18:32.0665 4348 vsmraid - ok
09:18:32.0746 4348 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:18:32.0857 4348 VSS - ok
09:18:32.0949 4348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:18:32.0991 4348 vwifibus - ok
09:18:33.0097 4348 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:18:33.0143 4348 vwififlt - ok
09:18:33.0182 4348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:18:33.0222 4348 W32Time - ok
09:18:33.0270 4348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:18:33.0281 4348 WacomPen - ok
09:18:33.0642 4348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:18:33.0698 4348 WANARP - ok
09:18:33.0710 4348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:18:33.0741 4348 Wanarpv6 - ok
09:18:33.0858 4348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:18:33.0900 4348 WatAdminSvc - ok
09:18:33.0982 4348 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:18:34.0077 4348 wbengine - ok
09:18:34.0124 4348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:18:34.0161 4348 WbioSrvc - ok
09:18:34.0201 4348 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:18:34.0242 4348 wcncsvc - ok
09:18:34.0286 4348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:18:34.0333 4348 WcsPlugInService - ok
09:18:34.0365 4348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:18:34.0378 4348 Wd - ok
09:18:34.0417 4348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:18:34.0435 4348 Wdf01000 - ok
09:18:34.0464 4348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:18:34.0497 4348 WdiServiceHost - ok
09:18:34.0501 4348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:18:34.0518 4348 WdiSystemHost - ok
09:18:34.0565 4348 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:18:34.0601 4348 WebClient - ok
09:18:34.0702 4348 WebUpdate (12129e3be5afc0da136fa556a90296af) C:\Windows\SysWOW64\WebUpdateSvc.exe
09:18:34.0723 4348 WebUpdate ( UnsignedFile.Multi.Generic ) - warning
09:18:34.0723 4348 WebUpdate - detected UnsignedFile.Multi.Generic (1)
09:18:34.0802 4348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:18:34.0871 4348 Wecsvc - ok
09:18:34.0891 4348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:18:34.0940 4348 wercplsupport - ok
09:18:34.0968 4348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:18:35.0002 4348 WerSvc - ok
09:18:35.0051 4348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:18:35.0099 4348 WfpLwf - ok
09:18:35.0123 4348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:18:35.0133 4348 WIMMount - ok
09:18:35.0183 4348 WinDefend - ok
09:18:35.0198 4348 WinHttpAutoProxySvc - ok
09:18:35.0309 4348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:18:35.0385 4348 Winmgmt - ok
09:18:35.0470 4348 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:18:35.0667 4348 WinRM - ok
09:18:35.0802 4348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:18:35.0901 4348 Wlansvc - ok
09:18:36.0012 4348 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:18:36.0037 4348 wlcrasvc - ok
09:18:36.0183 4348 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:18:36.0292 4348 wlidsvc - ok
09:18:36.0380 4348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:18:36.0407 4348 WmiAcpi - ok
09:18:36.0461 4348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:18:36.0492 4348 wmiApSrv - ok
09:18:36.0540 4348 WMPNetworkSvc - ok
09:18:36.0598 4348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:18:36.0631 4348 WPCSvc - ok
09:18:36.0680 4348 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:18:36.0711 4348 WPDBusEnum - ok
09:18:36.0744 4348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:18:36.0784 4348 ws2ifsl - ok
09:18:36.0810 4348 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
09:18:36.0838 4348 wscsvc - ok
09:18:36.0845 4348 WSearch - ok
09:18:36.0940 4348 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:18:37.0072 4348 wuauserv - ok
09:18:37.0175 4348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:18:37.0238 4348 WudfPf - ok
09:18:37.0283 4348 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:18:37.0346 4348 WUDFRd - ok
09:18:37.0443 4348 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:18:37.0492 4348 wudfsvc - ok
09:18:37.0519 4348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:18:37.0551 4348 WwanSvc - ok
09:18:37.0634 4348 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:18:37.0674 4348 YahooAUService - ok
09:18:37.0794 4348 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
09:18:37.0826 4348 yukonw7 - ok
09:18:37.0857 4348 MBR (0x1B8) (938f83583ccbfb10ccd7229fdec436d9) \Device\Harddisk0\DR0
09:18:37.0938 4348 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:18:37.0938 4348 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:18:37.0970 4348 Boot (0x1200) (85b23e6519cd4ef196d7bbc4f2bac0c3) \Device\Harddisk0\DR0\Partition0
09:18:37.0973 4348 \Device\Harddisk0\DR0\Partition0 - ok
09:18:37.0990 4348 Boot (0x1200) (c971dbdcd495e794e9c484e6222dee7c) \Device\Harddisk0\DR0\Partition1
09:18:37.0992 4348 \Device\Harddisk0\DR0\Partition1 - ok
09:18:38.0028 4348 Boot (0x1200) (a4a4b8e1ba8a61716f1b879eecc310a6) \Device\Harddisk0\DR0\Partition2
09:18:38.0031 4348 \Device\Harddisk0\DR0\Partition2 - ok
09:18:38.0052 4348 Boot (0x1200) (9143ba43b45077786159449c5d813500) \Device\Harddisk0\DR0\Partition3
09:18:38.0053 4348 \Device\Harddisk0\DR0\Partition3 - ok
09:18:38.0055 4348 ============================================================
09:18:38.0055 4348 Scan finished
09:18:38.0055 4348 ============================================================
09:18:38.0078 5412 Detected object count: 12
09:18:38.0078 5412 Actual detected object count: 12
09:19:04.0592 5412 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0592 5412 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0593 5412 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0593 5412 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0597 5412 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0597 5412 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0601 5412 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0601 5412 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0604 5412 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0604 5412 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0606 5412 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0607 5412 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0608 5412 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0608 5412 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0610 5412 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0610 5412 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0612 5412 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0612 5412 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0614 5412 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0614 5412 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0616 5412 WebUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0616 5412 WebUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:04.0623 5412 \Device\Harddisk0\DR0\TDLFS - deleted
09:19:04.0623 5412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
09:19:15.0908 6100 Deinitialize success

[MrCharlie]

Great

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

---------------------------------

After running ComboFix and posting the log......


Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is.

Gone for most if the day, be back tonight....MrC

MrC

[BigBK]

Here is the ComboFix log:

ComboFix 12-04-08.01 - Brian 04/09/2012 1:32.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6140.4470 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Mozilla Firefox\plugins\npbasic.dll
c:\users\Brian\AppData\Roaming\.#
c:\users\Brian\AppData\Roaming\app
c:\users\Brian\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Brian\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\Fonts\N2BMLre6S.com
c:\windows\svchost.exe
c:\windows\SysWow64\zip32.dll
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 05:56 . 2012-04-09 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 06:18 . 2012-04-08 13:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 07:06 . 2012-04-04 07:06 110080 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe
2012-04-04 07:06 . 2012-04-04 07:06 110080 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconD7F16134.exe
2012-04-04 07:06 . 2012-04-04 07:06 110080 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\Icon1226A4C5.exe
2012-04-04 07:06 . 2012-04-04 07:07 -------- d-----w- C:\sh4ldr
2012-04-04 07:06 . 2012-04-04 07:06 -------- d-----w- c:\program files\Enigma Software Group
2012-04-04 07:04 . 2012-04-04 07:07 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-04 07:04 . 2012-04-04 07:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-03 13:43 . 2012-04-03 13:43 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-31 12:06 . 2012-03-31 12:06 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2012-03-31 12:06 . 2012-03-31 12:06 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 12:06 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 12:06 . 2012-04-03 11:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 01:53 . 2012-03-24 01:53 -------- d-----w- c:\users\Brian\AppData\Local\ABBYY
2012-03-24 01:50 . 2012-03-24 01:54 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2012-03-24 01:50 . 2012-03-24 01:50 -------- d-----w- c:\programdata\ABBYY
2012-03-24 01:50 . 2012-03-24 01:50 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2012-03-24 01:44 . 2012-03-24 01:44 -------- d-----w- c:\program files\Common Files\EPSON
2012-03-24 01:42 . 2012-03-24 01:42 -------- d-----w- c:\program files\EPSON
2012-03-24 01:41 . 2012-03-24 01:41 -------- d-----w- c:\program files\EpsonNet
2012-03-24 01:41 . 2010-09-13 19:01 538112 ----a-w- c:\windows\system32\ensppui.dll
2012-03-24 01:41 . 2010-09-13 19:01 538112 ----a-w- c:\windows\system32\enppui.dll
2012-03-24 01:41 . 2010-09-13 19:00 558592 ----a-w- c:\windows\system32\ensppmon.dll
2012-03-24 01:41 . 2010-09-13 19:00 558592 ----a-w- c:\windows\system32\enppmon.dll
2012-03-24 01:41 . 2008-06-18 15:49 250880 ----a-w- c:\windows\system32\enspres.dll
2012-03-24 01:41 . 2008-06-18 15:49 250880 ----a-w- c:\windows\system32\enpres.dll
2012-03-24 01:41 . 2012-03-24 01:41 -------- d-----w- c:\program files (x86)\Common Files\EPSON
2012-03-24 01:40 . 2012-03-31 12:53 -------- d-----w- c:\users\Brian\AppData\Roaming\Epson
2012-03-24 01:39 . 2012-03-24 01:39 -------- d-----w- c:\program files (x86)\Epson America Inc
2012-03-24 01:39 . 2012-03-24 01:40 -------- d-----w- c:\program files (x86)\Epson Software
2012-03-24 01:37 . 2010-09-28 14:01 118784 ----a-w- c:\windows\system32\E_YLMHVA.DLL
2012-03-24 01:37 . 2010-08-09 14:02 83456 ----a-w- c:\windows\system32\E_YD4BHVA.DLL
2012-03-24 01:37 . 2012-03-24 01:44 -------- d-----w- c:\programdata\EPSON
2012-03-24 01:37 . 2009-12-09 04:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-03-24 01:37 . 2009-10-16 04:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-03-24 01:37 . 2009-10-16 04:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-03-24 01:37 . 2012-03-24 01:46 -------- d-----w- c:\program files (x86)\epson
2012-03-21 04:30 . 2012-03-21 04:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 04:30 . 2012-03-21 04:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 07:09 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:09 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:09 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:33 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:33 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:33 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:32 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:32 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:32 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 01:13 . 2010-04-27 18:09 952 --sha-w- c:\programdata\KGyGaAvL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 20:21 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"OnlineBackupScheduler"="c:\program files (x86)\QuickBooks Online Backup\OnlineBackup.exe" [2007-11-02 610304]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-11-24 6497592]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2011-04-24 239488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-08-26 15544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-11-30 271856]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-11-30 218608]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 18:44]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 18:44]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571551730-3999895387-2625692946-1000Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 04:03]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571551730-3999895387-2625692946-1000UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 04:03]
.
2012-04-09 c:\windows\Tasks\HPCeeScheduleForBrian.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-31 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 188.138.24.221:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\69hmrk01.default\
FF - prefs.js: browser.startup.homepage - hxxp://batheo.clapalong.com/?action=webgame!gamelogin&sid=19
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Utherverse 3D Client - c:\program files (x86)\Utherverse Digital Inc\Utherverse VWW Client\Branding\{ff92d786-2e61-4410-8e67-5bc370db244d}\uninst.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\SysWOW64\WebUpdateSvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-04-09 02:28:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 06:27
.
Pre-Run: 482,938,064,896 bytes free
Post-Run: 484,951,044,096 bytes free
.
- - End Of File - - 9B08092F10E02A40EE741E68C29AFC36

[BigBK]

And here is the MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brian :: BRIAN-PC [administrator]

4/9/2012 2:45:08 AM
mbam-log-2012-04-09 (02-45-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207185
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

Did you set this proxy in Internet Explorer:

uInternet Settings,ProxyServer = 188.138.24.221:8080

http://images.ip2loc...om/22097213.png

---------------------------------

The rest looks OK.

How the computer running now? MrC

[BigBK]

No, I did not set that proxy.

[BigBK]

IE now loads google.com fine and overall the computer seems to be running much better. I haven't seen any more notices about AVG blocking some executables. I think I need to update my Java release.

[MrCharlie]

Yes you do,

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 20

Then go to your control panel > Java > Update Tab > Update Now.

Java™ 6 Update 30 <------should be 31

http://www.java.com/...d/installed.jsp <---verify your Java

---------------------------------------

See if you can RogueKiller now, if so we can fix that proxy setting.

MrC

[BigBK]

You have the recommended Java installed (Version 6 Update 31).

Trying RogueKiller again now.

[BigBK]

OK, RogueKiller ran successfully, here is the report from it:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Brian [Admin rights]
Mode: Scan -- Date: 04/09/2012 09:45:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (188.138.24.221:8080) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-60A0RT0 ATA Device +++++
--- User ---
[MBR] addcea1c050b6b007c48a9347babcfb1
[BSP] 2adf95c9b70d7083b6a5c92508ec901e : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 592324 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1213489152 | Size: 17852 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

[MrCharlie]

OK...Good

This is what we want to fix:

Quote

¤¤¤ Registry Entries: 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (188.138.24.221:8080) -> FOUND

To fix that......

Run RogueKiller again > click scan > when the scan is done
Click on ProxyFix on the right hand column


The entry won't be deleted but set into the RK_Quarantine folder.
If there's any problems, all you have to do is open up the folder and double click on the reg file that's in there.

Let me know, we still have to uninstall all the tools we used. MrC

[BigBK]

Thank you so much for your help.

OK, Scanned again, clicked ProxyFix, ran a 2nd scan and it did not detect the Proxy setting anymore.

Awaiting your next instructions.