Infected - new topic requested

[woofs2china]

We have external hard drive. No boot

[Maniac]

Needed will be disk or USB, which will be used for a tool. Do you have disk with Windows?

[woofs2china]

I think I have an empty dvd too

[woofs2china]

We have windows 7. We upgraded a previous computer from vista to 7. We bought it/downloaded it for precious computer. The executable files are on the external hard drive.

[woofs2china]

Previous not precious. Geez

[woofs2china]

usb, but it is a small old one. Not sure how large, may only be 1 gb or smaller

[Maniac]

Good to know that you have Windows 7 on hand.

usb, but it is a small old one. Not sure how large, may only be 1 gb or smaller

It is enough.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[woofs2china]

Scan result of Farbar Recovery Scan Tool Version: 15-06-2012 01

Ran by SYSTEM at 16-06-2012 08:23:16

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]

HKLM\...\Run: [igfxTray] C:\windows\system32\igfxtray.exe [167256 2011-04-07] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391000 2011-04-07] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [418136 2011-04-07] (Intel Corporation)

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)

HKLM\...\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1520552 2011-03-02] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)

HKLM\...\Run: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [770728 2011-01-23] ()

HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()

HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]

HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba)

HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]

HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [NMSVC] C:\Program Files (x86)\CE\CovenantEyes.exe [2433280 2011-11-28] ()

HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [362432 2011-12-22] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKU\Stephen Woof\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-15] (Google Inc.)

HKU\Stephen Woof\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17356424 2012-04-05] (Skype Technologies S.A.)

HKU\Stephen Woof\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]

HKU\Stephen Woof\...\Run: [fontnfig] rundll32 "C:\Users\STEPHE~1\AppData\Local\Temp\cttuelog.dll",CreateProcessNotify [56832 2012-06-10] (ESET)

HKU\Stephen Woof\...\Run: [rrinEdit] rundll32 "C:\Users\STEPHE~1\AppData\Local\Temp\cttuelog64.dll",CreateProcessNotify [62976 2012-06-10] (ESET)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1161072 2012-03-29] (Lavasoft Limited)

2 Auth Service; C:\windows\system32\authServer.exe [2219520 2011-11-28] ()

2 Auth Service; C:\windows\SysWow64\authServer.exe [2219520 2011-11-28] ()

3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)

2 lxecCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)

2 lxec_device; C:\windows\system32\lxeccoms.exe -service [1052328 2010-04-14] ( )

2 lxec_device; C:\windows\SysWow64\lxeccoms.exe -service [598696 2010-04-14] ( )

2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe /s [123320 2011-02-03] (Symantec Corporation)

2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll" /prefetch:1 [132984 2011-02-03] (Symantec Corporation)

2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe" [2804280 2011-05-17] (Sunbelt Software)

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [91864 2011-06-29] (Citrix Systems, Inc.)

3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA)

3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-01] (Realtek Semiconductor Corp.)

3 RSUSBVSTOR; C:\Windows\System32\Drivers\RTSUVSTOR.sys [307304 2010-11-30] (Realtek Semiconductor Corp.)

3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [1109096 2011-01-05] (Realtek Semiconductor Corporation )

2 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)

1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)

3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)

3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)

3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)

1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)

1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)

0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-16 08:23 - 2012-06-16 08:23 - 00000000 ____D C:\FRST

2012-06-15 07:01 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-06-15 07:00 - 2012-06-15 19:24 - 00000000 ___SD C:\ComboFix

2012-06-15 07:00 - 2012-06-15 07:00 - 00000000 ____D C:\Qoobox

2012-06-14 14:41 - 2012-06-14 14:41 - 00000000 ____D C:\_OTL

2012-06-13 07:27 - 2012-06-13 07:27 - 00065566 ____A C:\Users\Stephen Woof\Desktop\Extrassafe.Txt

2012-06-13 07:26 - 2012-06-13 07:26 - 00095796 ____A C:\Users\Stephen Woof\Desktop\OTLsafe.Txt

2012-06-13 07:20 - 2012-06-13 07:17 - 00596480 ____A (OldTimer Tools) C:\Users\Stephen Woof\Desktop\myapp.exe

2012-06-13 05:32 - 2012-06-13 04:45 - 00126976 ____A C:\Users\Stephen Woof\Desktop\ResetTeaTimer.exe

2012-06-13 03:11 - 2012-06-12 18:42 - 00607260 ____R (Swearware) C:\Users\Stephen Woof\Desktop\dds.scr

2012-06-10 18:20 - 2012-06-10 18:13 - 00463080 ____A (CNET Download.com) C:\Users\Stephen Woof\Desktop\myapp.exe.exe

2012-06-10 18:17 - 2012-06-10 18:11 - 00301640 ____A (Softonic) C:\Users\Stephen Woof\Desktop\SoftonicDownloader_for_kaspersky-tdsskiller.exe

2012-06-10 17:35 - 2012-06-10 17:35 - 00000000 ____D C:\Users\Stephen Woof\Desktop\Chameleon

2012-06-10 16:26 - 2012-06-10 16:26 - 00001105 ____A C:\Users\Stephen Woof\Desktop\Live Security Platinum.lnk

2012-06-10 16:24 - 2012-06-15 19:24 - 00000000 ____D C:\Users\All Users\F4D55F590D33A72A230E6950B4EB2367

2012-06-10 03:31 - 2012-06-10 03:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-06-04 07:57 - 2012-06-13 08:14 - 01494924 ____A C:\Windows\ntbtlog.txt

2012-06-03 13:08 - 2012-06-10 16:24 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\CrashDumps

2012-06-02 18:38 - 2012-06-02 18:38 - 00724688 ____A C:\Windows\Minidump\060212-17300-01.dmp

2012-06-01 06:04 - 2012-06-01 06:04 - 26433600 ____A C:\Users\Stephen Woof\Desktop\Lexmark_Pro800-Pro900_Series_C082511_00_FWUpdate.exe

2012-05-30 06:56 - 2012-05-30 06:56 - 00000000 ____D C:\Users\All Users\Lexmark Pro800-Pro900 Series

2012-05-30 06:56 - 2012-05-30 06:56 - 00000000 ____A C:\Users\All Users\cmn_upld.log

2012-05-30 06:41 - 2012-05-30 06:41 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2012-05-30 06:41 - 2012-05-30 06:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

2012-05-29 15:52 - 2012-05-29 16:02 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Kjs.AppLife.Update

2012-05-29 15:36 - 2012-05-29 15:36 - 00000000 ____D C:\Users\All Users\Toshiba Book Place

2012-05-29 15:26 - 2012-05-29 15:26 - 00000000 ____D C:\Users\Stephen Woof\Documents\Book Place

2012-05-29 15:26 - 2012-05-29 15:26 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Book Place

2012-05-28 16:01 - 2012-05-28 16:02 - 00724552 ____A C:\Windows\Minidump\052812-46129-01.dmp

2012-05-24 05:35 - 2012-05-24 05:35 - 00013296 ____A C:\Users\Stephen Woof\Documents\Weekly time sheet1.xlsx

2012-05-23 17:20 - 2012-05-23 17:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2012-05-22 07:16 - 2012-05-22 07:16 - 00000000 ____A C:\Users\All Users\LxWbGwLog.log

2012-05-22 07:14 - 2012-05-22 07:14 - 00000252 ____A C:\Users\All Users\FastPics.log

2012-05-22 07:14 - 2012-05-22 07:14 - 00000000 ____D C:\Users\All Users\Ezprint

2012-05-22 07:12 - 2012-06-14 14:43 - 00002250 ____A C:\Users\All Users\lxecscan.log

2012-05-22 07:12 - 2010-04-14 11:08 - 00295592 ____A (Lexmark International, Inc.) C:\Windows\System32\LXECwupd.exe

2012-05-22 07:12 - 2010-02-22 01:09 - 00510464 ____A (Lexmark International, Inc.) C:\Windows\System32\LXECwupd.dll

2012-05-22 07:11 - 2012-05-22 07:12 - 00000000 ____D C:\Program Files\Lexmark

2012-05-22 07:11 - 2012-05-22 07:12 - 00000000 ____D C:\Program Files (x86)\Lexmark Pro800-Pro900 Series

2012-05-22 07:11 - 2012-05-22 07:11 - 00000000 ____D C:\Program Files (x86)\Lexmark Toolbar

2012-05-22 07:11 - 2012-05-22 07:11 - 00000000 ____D C:\Program Files (x86)\Lexmark

2012-05-22 07:11 - 2012-05-22 07:11 - 00000000 ____A C:\Users\All Users\UpdaterLog.txt

2012-05-22 07:11 - 2010-04-14 11:08 - 00598696 ____A ( ) C:\Windows\SysWOW64\lxeccoms.exe

2012-05-22 07:11 - 2010-04-14 11:08 - 00373416 ____A ( ) C:\Windows\SysWOW64\lxeccfg.exe

2012-05-22 07:11 - 2010-04-14 11:08 - 00324264 ____A ( ) C:\Windows\SysWOW64\lxecih.exe

2012-05-22 07:11 - 2010-04-14 09:37 - 00002059 ____A C:\Windows\SysWOW64\lxec.loc

2012-05-22 07:11 - 2010-03-08 23:58 - 00344064 ____A () C:\Windows\SysWOW64\lxeccomx.dll

2012-05-22 07:11 - 2009-12-09 11:24 - 00579584 ____A ( ) C:\Windows\System32\lxeccomm.dll

2012-05-22 07:11 - 2009-12-09 11:23 - 00495616 ____A C:\Windows\System32\LXECinst.dll

2012-05-22 07:11 - 2009-12-09 10:47 - 00643072 ____A ( ) C:\Windows\SysWOW64\lxecpmui.dll

2012-05-22 07:11 - 2009-12-09 10:43 - 01048576 ____A ( ) C:\Windows\SysWOW64\lxecserv.dll

2012-05-22 07:11 - 2009-12-09 10:41 - 00688128 ____A ( ) C:\Windows\SysWOW64\lxechbn3.dll

2012-05-22 07:11 - 2009-12-09 10:40 - 00847872 ____A ( ) C:\Windows\SysWOW64\lxecusb1.dll

2012-05-22 07:11 - 2009-12-09 10:36 - 00577536 ____A ( ) C:\Windows\SysWOW64\lxeclmpm.dll

2012-05-22 07:11 - 2009-12-09 10:36 - 00372736 ____A ( ) C:\Windows\SysWOW64\lxeccomm.dll

2012-05-22 07:11 - 2009-12-09 10:35 - 00802816 ____A ( ) C:\Windows\SysWOW64\lxeccomc.dll

2012-05-22 07:11 - 2009-12-09 10:35 - 00364544 ____A ( ) C:\Windows\SysWOW64\lxecinpa.dll

2012-05-22 07:11 - 2009-12-09 10:35 - 00344064 ____A ( ) C:\Windows\SysWOW64\lxeciesc.dll

2012-05-22 07:11 - 2009-12-09 10:34 - 00331776 ____A C:\Windows\SysWOW64\LXECinst.dll

2012-05-22 07:11 - 2009-11-25 23:52 - 00086184 ____A (Lexmark International) C:\Windows\SysWOW64\LXECcfg.dll

2012-05-22 07:11 - 2009-11-08 23:06 - 00262144 ____A () C:\Windows\SysWOW64\lxecinsb.dll

2012-05-22 07:11 - 2009-11-08 23:06 - 00253952 ____A () C:\Windows\SysWOW64\lxeccu.dll

2012-05-22 07:11 - 2009-11-08 23:06 - 00106496 ____A () C:\Windows\SysWOW64\lxecinsr.dll

2012-05-22 07:11 - 2009-11-08 23:06 - 00090112 ____A () C:\Windows\SysWOW64\lxeccub.dll

2012-05-22 07:11 - 2009-11-08 23:06 - 00057344 ____A () C:\Windows\SysWOW64\lxecjswr.dll

2012-05-22 07:11 - 2009-11-08 23:06 - 00036864 ____A () C:\Windows\SysWOW64\lxeccur.dll

2012-05-22 07:11 - 2009-11-08 23:05 - 00323584 ____A () C:\Windows\SysWOW64\lxecins.dll

2012-05-22 07:11 - 2009-03-20 02:20 - 00007680 ____A (eaio) C:\Windows\SysWOW64\NativeCall.dll

2012-05-22 07:11 - 2006-12-06 18:28 - 00126976 ____A (Lexmark International Inc.) C:\Windows\SysWOW64\lxeclnks.dll

2012-05-22 07:10 - 2012-05-22 07:10 - 00000000 ____D C:\Lexmark

2012-05-22 06:45 - 2012-05-22 06:45 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\ElevatedDiagnostics

2012-05-20 14:38 - 2012-05-20 14:38 - 00000000 ___HD C:\Users\All Users\CanonBJ

2012-05-19 16:19 - 2012-05-19 16:19 - 00746056 ____A C:\Windows\Minidump\051912-18642-01.dmp

============ 3 Months Modified Files and Folders =============

2012-06-16 08:23 - 2012-06-16 08:23 - 00000000 ____D C:\FRST

2012-06-15 19:25 - 2012-04-15 18:04 - 00000000 ____D C:\users\Stephen Woof

2012-06-15 19:24 - 2012-06-15 07:00 - 00000000 ___SD C:\ComboFix

2012-06-15 19:24 - 2012-06-10 16:24 - 00000000 ____D C:\Users\All Users\F4D55F590D33A72A230E6950B4EB2367

2012-06-15 19:24 - 2012-04-19 15:00 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\uTorrent

2012-06-15 19:24 - 2012-04-15 19:19 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection

2012-06-15 19:24 - 2012-04-15 19:19 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus

2012-06-15 19:24 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media

2012-06-15 19:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-06-15 19:23 - 2012-04-15 18:04 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Macromedia

2012-06-15 19:23 - 2011-03-23 18:30 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2012-06-15 19:23 - 2011-03-23 18:30 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2012-06-15 19:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-06-15 07:04 - 2012-04-29 14:47 - 00020440 ____A C:\ceProcesses.txt

2012-06-15 07:00 - 2012-06-15 07:00 - 00000000 ____D C:\Qoobox

2012-06-15 06:52 - 2012-04-15 19:18 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Ad-Aware Antivirus

2012-06-14 14:43 - 2012-05-22 07:12 - 00002250 ____A C:\Users\All Users\lxecscan.log

2012-06-14 14:41 - 2012-06-14 14:41 - 00000000 ____D C:\_OTL

2012-06-14 10:14 - 2012-04-15 17:03 - 01479177 ____A C:\Windows\WindowsUpdate.log

2012-06-14 09:43 - 2012-04-15 17:31 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-06-14 09:38 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-06-14 09:38 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-06-14 09:36 - 2009-07-13 21:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-14 09:35 - 2012-04-16 19:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-06-14 09:31 - 2012-04-15 19:19 - 00001879 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2012-06-14 09:30 - 2012-04-15 17:31 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-06-14 09:30 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-06-14 09:30 - 2009-07-13 20:51 - 00042641 ____A C:\Windows\setupact.log

2012-06-13 08:14 - 2012-06-04 07:57 - 01494924 ____A C:\Windows\ntbtlog.txt

2012-06-13 07:27 - 2012-06-13 07:27 - 00065566 ____A C:\Users\Stephen Woof\Desktop\Extrassafe.Txt

2012-06-13 07:26 - 2012-06-13 07:26 - 00095796 ____A C:\Users\Stephen Woof\Desktop\OTLsafe.Txt

2012-06-13 07:17 - 2012-06-13 07:20 - 00596480 ____A (OldTimer Tools) C:\Users\Stephen Woof\Desktop\myapp.exe

2012-06-13 07:13 - 2010-11-20 19:47 - 00209440 ____A C:\Windows\PFRO.log

2012-06-13 07:12 - 2012-04-15 17:27 - 00000000 ____D C:\Program Files (x86)\NortonInstaller

2012-06-13 05:32 - 2012-04-15 17:27 - 00000000 ____D C:\Users\All Users\Norton

2012-06-13 04:45 - 2012-06-13 05:32 - 00126976 ____A C:\Users\Stephen Woof\Desktop\ResetTeaTimer.exe

2012-06-12 18:42 - 2012-06-13 03:11 - 00607260 ____R (Swearware) C:\Users\Stephen Woof\Desktop\dds.scr

2012-06-10 18:13 - 2012-06-10 18:20 - 00463080 ____A (CNET Download.com) C:\Users\Stephen Woof\Desktop\myapp.exe.exe

2012-06-10 18:11 - 2012-06-10 18:17 - 00301640 ____A (Softonic) C:\Users\Stephen Woof\Desktop\SoftonicDownloader_for_kaspersky-tdsskiller.exe

2012-06-10 17:35 - 2012-06-10 17:35 - 00000000 ____D C:\Users\Stephen Woof\Desktop\Chameleon

2012-06-10 16:26 - 2012-06-10 16:26 - 00001105 ____A C:\Users\Stephen Woof\Desktop\Live Security Platinum.lnk

2012-06-10 16:24 - 2012-06-03 13:08 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\CrashDumps

2012-06-10 16:23 - 2012-04-15 18:04 - 00000000 ____D C:\Users\Stephen Woof\AppData\LocalLow

2012-06-10 10:16 - 2012-04-16 03:18 - 00000958 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

2012-06-10 03:31 - 2012-06-10 03:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-06-06 04:40 - 2012-04-15 19:22 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Skype

2012-06-02 18:38 - 2012-06-02 18:38 - 00724688 ____A C:\Windows\Minidump\060212-17300-01.dmp

2012-06-02 18:38 - 2012-04-20 14:56 - 517616165 ____A C:\Windows\MEMORY.DMP

2012-06-02 18:38 - 2012-04-20 14:56 - 00000000 ____D C:\Windows\Minidump

2012-06-01 06:04 - 2012-06-01 06:04 - 26433600 ____A C:\Users\Stephen Woof\Desktop\Lexmark_Pro800-Pro900_Series_C082511_00_FWUpdate.exe

2012-05-30 15:21 - 2012-04-19 15:46 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Apple Computer

2012-05-30 06:56 - 2012-05-30 06:56 - 00000000 ____D C:\Users\All Users\Lexmark Pro800-Pro900 Series

2012-05-30 06:56 - 2012-05-30 06:56 - 00000000 ____A C:\Users\All Users\cmn_upld.log

2012-05-30 06:55 - 2012-04-23 06:08 - 00025026 ____A C:\Users\All Users\lxecJSW.log

2012-05-30 06:47 - 2012-05-01 10:46 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-05-30 06:44 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-05-30 06:41 - 2012-05-30 06:41 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2012-05-30 06:41 - 2012-05-30 06:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

2012-05-29 16:02 - 2012-05-29 15:52 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Kjs.AppLife.Update

2012-05-29 15:36 - 2012-05-29 15:36 - 00000000 ____D C:\Users\All Users\Toshiba Book Place

2012-05-29 15:26 - 2012-05-29 15:26 - 00000000 ____D C:\Users\Stephen Woof\Documents\Book Place

2012-05-29 15:26 - 2012-05-29 15:26 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Book Place

2012-05-28 16:03 - 2012-04-15 18:12 - 00108840 ____A C:\Users\Stephen Woof\AppData\Local\GDIPFONTCACHEV1.DAT

2012-05-28 16:02 - 2012-05-28 16:01 - 00724552 ____A C:\Windows\Minidump\052812-46129-01.dmp

2012-05-28 16:02 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT

2012-05-26 17:15 - 2012-04-16 19:10 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-05-26 17:15 - 2012-04-16 19:10 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-05-24 05:35 - 2012-05-24 05:35 - 00013296 ____A C:\Users\Stephen Woof\Documents\Weekly time sheet1.xlsx

2012-05-23 17:31 - 2012-04-15 19:33 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\SoftGrid Client

2012-05-23 17:31 - 2011-03-23 18:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2012-05-23 17:24 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew

2012-05-23 17:21 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2012-05-23 17:20 - 2012-05-23 17:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2012-05-22 07:20 - 2012-04-15 21:19 - 00000000 ____D C:\Users\All Users\lx_Cats

2012-05-22 07:16 - 2012-05-22 07:16 - 00000000 ____A C:\Users\All Users\LxWbGwLog.log

2012-05-22 07:14 - 2012-05-22 07:14 - 00000252 ____A C:\Users\All Users\FastPics.log

2012-05-22 07:14 - 2012-05-22 07:14 - 00000000 ____D C:\Users\All Users\Ezprint

2012-05-22 07:13 - 2012-04-15 21:19 - 00223571 ____A C:\Windows\System32\LexFiles.ulf

2012-05-22 07:12 - 2012-05-22 07:11 - 00000000 ____D C:\Program Files\Lexmark

2012-05-22 07:12 - 2012-05-22 07:11 - 00000000 ____D C:\Program Files (x86)\Lexmark Pro800-Pro900 Series

2012-05-22 07:12 - 2012-04-15 21:19 - 00000000 ____D C:\Program Files\Lexmark Pro800-Pro900 Series

2012-05-22 07:11 - 2012-05-22 07:11 - 00000000 ____D C:\Program Files (x86)\Lexmark Toolbar

2012-05-22 07:11 - 2012-05-22 07:11 - 00000000 ____D C:\Program Files (x86)\Lexmark

2012-05-22 07:11 - 2012-05-22 07:11 - 00000000 ____A C:\Users\All Users\UpdaterLog.txt

2012-05-22 07:10 - 2012-05-22 07:10 - 00000000 ____D C:\Lexmark

2012-05-22 06:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2012-05-22 06:45 - 2012-05-22 06:45 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\ElevatedDiagnostics

2012-05-20 14:38 - 2012-05-20 14:38 - 00000000 ___HD C:\Users\All Users\CanonBJ

2012-05-19 16:19 - 2012-05-19 16:19 - 00746056 ____A C:\Windows\Minidump\051912-18642-01.dmp

2012-05-16 16:18 - 2012-05-16 16:18 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-05-16 16:18 - 2012-05-16 16:18 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-05-16 16:18 - 2012-05-16 16:18 - 00000000 ____D C:\Program Files\iTunes

2012-05-16 16:18 - 2012-05-16 16:18 - 00000000 ____D C:\Program Files\iPod

2012-05-16 16:18 - 2012-05-16 16:18 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-05-16 16:18 - 2012-05-16 16:15 - 00000000 ____D C:\Users\All Users\Apple Computer

2012-05-16 16:18 - 2012-04-19 15:53 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Apple Computer

2012-05-16 16:17 - 2012-05-16 16:17 - 00000000 ____D C:\Program Files\Common Files\Apple

2012-05-16 16:17 - 2012-05-16 16:17 - 00000000 ____D C:\Program Files\Bonjour

2012-05-16 16:17 - 2012-05-16 16:17 - 00000000 ____D C:\Program Files (x86)\Bonjour

2012-05-16 16:17 - 2012-04-19 15:40 - 00000000 ____D C:\Users\All Users\Apple

2012-05-16 16:15 - 2012-05-16 16:15 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-05-15 18:04 - 2012-05-15 18:04 - 00817728 ____A C:\Windows\Minidump\051512-20576-01.dmp

2012-05-13 16:25 - 2012-05-13 16:24 - 00724656 ____A C:\Windows\Minidump\051312-19297-01.dmp

2012-05-12 05:15 - 2011-03-23 18:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-05-11 16:34 - 2012-04-17 05:18 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-05-11 16:19 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal

2012-05-06 15:50 - 2012-05-06 15:48 - 00000000 ____D C:\Users\All Users\Citrix

2012-05-06 15:49 - 2012-05-06 15:46 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Citrix

2012-05-06 15:49 - 2012-05-06 15:46 - 00000000 ____D C:\Program Files (x86)\Citrix

2012-05-06 15:48 - 2012-05-06 15:48 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\ICAClient

2012-05-04 09:35 - 2012-04-17 01:35 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2012-05-01 13:10 - 2012-04-15 18:12 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Toshiba

2012-05-01 10:46 - 2012-05-01 10:46 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Microsoft Help

2012-04-29 14:47 - 2012-04-29 14:47 - 00000000 ____D C:\Program Files\CE

2012-04-29 14:47 - 2012-04-29 14:47 - 00000000 ____D C:\Program Files (x86)\CE

2012-04-29 14:47 - 2012-04-29 14:46 - 00009082 ____A C:\ceInstall.log

2012-04-29 14:47 - 2011-03-23 18:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2012-04-24 19:47 - 2012-04-24 19:40 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Microsoft Games

2012-04-24 11:06 - 2012-04-24 11:06 - 00001682 ____A C:\Windows\SysWOW64\EmailAVConfig.xml

2012-04-22 16:38 - 2012-04-22 16:38 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Tific

2012-04-21 16:49 - 2012-04-19 15:30 - 00000000 ____D C:\Program Files (x86)\WinRAR

2012-04-21 16:37 - 2012-04-15 18:25 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Google

2012-04-21 04:16 - 2012-04-21 04:16 - 00851400 ____A C:\Windows\Minidump\042112-23540-01.dmp

2012-04-20 19:06 - 2012-04-20 19:06 - 00015473 ____A C:\Users\Stephen Woof\Downloads\Babysisters 2 sc7 (with Bibi Jones, Jesse Jane, Kayden Kross &amp

2012-04-20 14:58 - 2012-04-15 18:24 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Google

2012-04-20 14:56 - 2012-04-20 14:56 - 00769544 ____A C:\Windows\Minidump\042012-39577-01.dmp

2012-04-19 15:45 - 2012-04-19 15:30 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\WinRAR

2012-04-19 15:40 - 2012-04-19 15:40 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Apple

2012-04-19 15:40 - 2012-04-19 15:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx

2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

2012-04-17 12:32 - 2012-04-17 12:32 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml

2012-04-17 11:36 - 2011-03-23 18:29 - 00000000 ____D C:\Users\All Users\Adobe

2012-04-17 02:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2012-04-17 02:05 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System

2012-04-17 01:48 - 2012-04-17 01:47 - 00295910 ____A C:\Windows\msxml4-KB973688-enu.LOG

2012-04-17 01:43 - 2012-04-17 01:42 - 00295624 ____A C:\Windows\msxml4-KB954430-enu.LOG

2012-04-17 01:42 - 2012-04-17 01:42 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0

2012-04-17 01:39 - 2012-04-17 01:39 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2012-04-17 01:39 - 2012-04-17 01:39 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2012-04-17 01:39 - 2012-04-17 01:39 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2012-04-17 01:39 - 2012-04-17 01:39 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2012-04-17 01:39 - 2012-04-17 01:39 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2012-04-17 01:39 - 2012-04-17 01:39 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00072822 ____A C:\Windows\SysWOW64\ieuinit.inf

2012-04-17 01:39 - 2012-04-17 01:39 - 00072822 ____A C:\Windows\System32\ieuinit.inf

2012-04-17 01:39 - 2012-04-17 01:39 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2012-04-17 01:39 - 2012-04-17 01:39 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2012-04-17 01:39 - 2012-04-17 01:39 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2012-04-17 01:39 - 2012-04-17 01:39 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2012-04-17 01:39 - 2012-04-17 01:37 - 00003397 ____A C:\Windows\IE9_main.log

2012-04-17 01:36 - 2012-04-15 19:32 - 00731106 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-04-17 01:36 - 2012-04-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-04-16 19:10 - 2012-04-16 19:10 - 00000000 ____D C:\Windows\System32\Macromed

2012-04-16 19:10 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files

2012-04-16 10:29 - 2012-04-15 22:14 - 00000000 ____D C:\Users\All Users\VirtualizedApplications

2012-04-15 22:15 - 2012-04-15 22:15 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-04-15 21:06 - 2012-04-15 21:06 - 00000000 __RHD C:\MSOCache

2012-04-15 21:01 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf

2012-04-15 21:01 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf

2012-04-15 20:09 - 2012-04-15 20:09 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\Adobe

2012-04-15 20:09 - 2012-04-15 18:25 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\Adobe

2012-04-15 19:33 - 2012-04-15 19:33 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\SoftGrid Client

2012-04-15 19:33 - 2012-04-15 19:31 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\TP

2012-04-15 19:32 - 2012-04-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Office

2012-04-15 19:26 - 2012-04-15 19:23 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-04-15 19:26 - 2012-04-15 19:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-15 19:23 - 2012-04-15 19:23 - 00001273 ____A C:\Users\Stephen Woof\Desktop\Spybot - Search & Destroy.lnk

2012-04-15 19:22 - 2012-04-15 19:22 - 16409960 ____A (Safer Networking Limited ) C:\Users\Stephen Woof\Downloads\spybotsd162.exe

2012-04-15 19:22 - 2012-04-15 19:22 - 00874120 ____A (Skype Technologies S.A.) C:\Users\Stephen Woof\Downloads\SkypeSetup.exe

2012-04-15 19:22 - 2012-04-15 19:22 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2012-04-15 19:22 - 2012-04-15 19:22 - 00000000 ___RD C:\Program Files (x86)\Skype

2012-04-15 19:22 - 2012-04-15 19:22 - 00000000 ____D C:\Users\All Users\Skype

2012-04-15 19:19 - 2012-04-15 19:19 - 00000000 ____D C:\Users\All Users\Lavasoft

2012-04-15 19:17 - 2012-04-15 19:17 - 06243960 ____A (Lavasoft Limited) C:\Users\Stephen Woof\Downloads\Adaware_Installer.exe

2012-04-15 18:54 - 2012-04-15 18:54 - 00000000 ____D C:\Windows\Sun

2012-04-15 18:54 - 2012-04-15 18:54 - 00000000 ____D C:\Users\Stephen Woof\.cmmfs

2012-04-15 18:54 - 2012-04-15 18:53 - 00000000 ____D C:\Users\All Users\CMMFS

2012-04-15 18:51 - 2012-04-15 18:51 - 44022272 ____A (Drake Software) C:\Users\Stephen Woof\Downloads\CMMFS_Windows_2_0_4_9.exe

2012-04-15 18:11 - 2012-04-15 18:08 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\TOSHIBA

2012-04-15 18:07 - 2012-04-15 18:07 - 00000000 ____D C:\Users\Stephen Woof\AppData\Local\VirtualStore

2012-04-15 18:07 - 2011-03-24 10:59 - 00000000 ____D C:\Windows\Panther

2012-04-15 18:07 - 2010-11-20 23:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep

2012-04-15 18:07 - 2009-07-13 19:20 - 00000000 ___AD C:\Windows\System32\sysprep

2012-04-15 18:06 - 2012-04-15 18:06 - 00000013 __RSH C:\Windows\System32\Drivers\fbd.sys

2012-04-15 18:06 - 2011-03-23 18:28 - 00000000 ____D C:\Program Files (x86)\TOSHIBA

2012-04-15 18:05 - 2012-04-15 18:05 - 00000000 ____D C:\Users\Stephen Woof\AppData\Roaming\WinBatch

2012-04-15 18:05 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore

2012-04-15 18:04 - 2012-04-15 18:04 - 00000020 __ASH C:\Users\Stephen Woof\ntuser.ini

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\Templates

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\Start Menu

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\PrintHood

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\NetHood

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\My Documents

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\Documents\My Videos

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\Documents\My Pictures

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\Documents\My Music

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\AppData\Local\Temporary Internet Files

2012-04-15 18:04 - 2012-04-15 18:04 - 00000000 __SHD C:\Users\Stephen Woof\AppData\Local\History

2012-04-15 18:04 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries

2012-04-15 17:58 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG

2012-04-15 17:58 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template

2012-04-15 17:39 - 2009-07-13 20:46 - 00004059 ____A C:\Windows\DtcInstall.log

2012-04-15 17:33 - 2011-03-23 18:27 - 00000000 ____D C:\Program Files\Toshiba

2012-04-15 17:32 - 2012-04-15 17:29 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation

2012-04-15 17:31 - 2012-04-15 17:31 - 00000000 ____D C:\Program Files\Google

2012-04-15 17:31 - 2012-04-15 17:31 - 00000000 ____D C:\Program Files (x86)\Google

2012-04-15 17:31 - 2012-04-15 17:26 - 00000000 ____D C:\Users\All Users\Google

2012-04-15 17:31 - 2011-03-23 18:30 - 00000000 ____D C:\Users\All Users\Toshiba

2012-04-15 17:30 - 2012-04-15 17:30 - 00031555 ____A C:\Windows\ie8_main.log

2012-04-15 17:30 - 2012-04-15 17:30 - 00000000 ____D C:\Program Files (x86)\Corel

2012-04-15 17:30 - 2011-03-23 18:31 - 00203546 ____A C:\Windows\DirectX.log

2012-04-15 17:27 - 2012-04-15 17:27 - 00000000 ____D C:\Windows\System32\Drivers\NortonPCCheckupx64

2012-04-15 17:27 - 2012-04-15 17:27 - 00000000 ____D C:\Users\All Users\NortonInstaller

2012-04-15 17:27 - 2012-04-15 17:27 - 00000000 ____D C:\Program Files (x86)\Toshiba Online Backup

2012-04-15 17:27 - 2012-04-15 17:27 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup

2012-04-15 17:26 - 2012-04-15 17:24 - 00000000 ____D C:\Users\All Users\WildTangent

2012-04-15 17:26 - 2012-04-15 17:24 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games

2012-04-15 17:25 - 2012-04-15 17:24 - 00000000 ____D C:\Program Files (x86)\WildTangent Games

2012-04-15 17:17 - 2011-03-23 18:28 - 00000000 ____D C:\Windows\Downloaded Installations

2012-04-15 17:15 - 2012-04-15 17:15 - 00000000 ____D C:\Windows\SysWOW64\sda

2012-04-15 17:14 - 2012-04-15 17:14 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e

2012-04-15 17:14 - 2012-04-15 17:14 - 00000000 ____D C:\Program Files (x86)\Realtek

2012-04-15 17:13 - 2012-04-15 17:13 - 00007886 ____A C:\Windows\DPINST.LOG

2012-04-15 17:13 - 2012-04-15 17:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf

2012-04-15 17:13 - 2012-04-15 17:13 - 00000000 ____D C:\Program Files\Synaptics

2012-04-15 17:13 - 2012-04-15 17:13 - 00000000 ____D C:\Program Files (x86)\Cisco

2012-04-15 17:13 - 2012-04-15 17:12 - 00000000 ____D C:\Program Files (x86)\Realtek WLAN Driver

2012-04-15 17:10 - 2012-04-15 17:10 - 00000000 ____D C:\Program Files\CONEXANT

2012-04-15 17:05 - 2012-04-15 17:05 - 00015828 ____A C:\Windows\System32\results.xml

2012-04-15 17:05 - 2011-03-23 18:41 - 00000000 ____D C:\Program Files (x86)\Intel

2012-04-15 17:03 - 2012-04-15 17:03 - 00000000 ____D C:\Program Files\Common Files\Intel

2012-04-15 17:03 - 2012-04-15 17:03 - 00000000 ____D C:\Intel

2012-04-15 17:00 - 2011-03-23 18:18 - 00003652 ____A C:\Windows\TSSysprep.log

2012-03-30 22:05 - 2012-05-09 08:24 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-03-30 20:39 - 2012-05-09 08:24 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-03-30 20:39 - 2012-05-09 08:24 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-03-30 19:10 - 2012-05-09 08:24 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-03-30 03:35 - 2012-05-09 08:23 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%

Total physical RAM: 4043.86 MB

Available physical RAM: 3478.79 MB

Total Pagefile: 4042.06 MB

Available Pagefile: 3478.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106139W0E) (Fixed) (Total:580.98 GB) (Free:539 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive g: (LEXAR) (Fixed) (Total:0.24 GB) (Free:0.24 GB) FAT

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 596 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 247 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 1500 MB 1024 KB

Partition 2 Primary 580 GB 1501 MB

Partition 3 Primary 13 GB 582 GB

======================================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C TI106139W0E NTFS Partition 580 GB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : 17 (Suspicious Type)

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 247 MB 31 KB

======================================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G LEXAR FAT Partition 247 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 19:25

======================= End Of Log ==========================

[Maniac]

Well done!

• </p><p>
• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  
• Right-click in the open notepad and select Paste).
  
• Save it on the flashdrive as fixlist.txt
  
  
  
  
  C:\Users\Stephen Woof\AppData\Local\Temp\cttuelog.dll
  HKU\Stephen Woof\...\Run: [rrinEdit] rundll32 "C:\Users\STEPHE~1\AppData\Local\Temp\cttuelog64.dll",CreateProcessNotify [62976 2012-06-10] (ESET)
  C:\Users\Stephen Woof\AppData\Local\Temp\cttuelog64.dll

  HKU\Stephen Woof\...\Run: [fontnfig] rundll32 "C:\Users\STEPHE~1\AppData\Local\Temp\cttuelog.dll",CreateProcessNotify [56832 2012-06-10] (ESET)

  
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7
  Now please enter System Recovery Options.
  Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

[woofs2china]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-06-2012 01

Ran by SYSTEM at 2012-06-16 10:56:48 Run:1

Running from G:\

==============================================

HKEY_USERS\Stephen Woof\Software\Microsoft\Windows\CurrentVersion\Run\\fontnfig Value deleted successfully.

C:\Users\Stephen Woof\AppData\Local\Temp\cttuelog.dll moved successfully.

HKEY_USERS\Stephen Woof\Software\Microsoft\Windows\CurrentVersion\Run\\rrinEdit Value deleted successfully.

C:\Users\Stephen Woof\AppData\Local\Temp\cttuelog64.dll moved successfully.

==== End of Fixlog ====

[Maniac]

Good!

Any progress? Can you log in Normal mode?

[woofs2china]

appears to be starting in normal mode. No blue screen. Accessing the internet. Live Security platinum shortcut is still on the desktop. But it doesn't appear to be starting automatically

[Maniac]

Nice job!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[woofs2china]

Got the same blue screen The only thing that I could catch because it was up and gone so quickly was something about sbtis.sys missing? sigh . . .

I do appreciate your time and help though.

[woofs2china]

Left it alone and it brought up system repair menu. Didn't touch it, unsure of what you would want me to do. Came back awhile later and it had restarted itself and was at the password entry screen. I entered my password and it brought up the desktop with internet access. Live Security Premium still there though.

[Maniac]

Try to run ComboFix in Safe Mode with Networking:

http://windows.microsoft.com/en-us/windows7/Start-your-computer-in-safe-mode

[woofs2china]

wouldn't run in safe w/ networking. Got to the blue box, but the words "COmbo fix is preparing to run/start" doesn't ever come up.

I rebooted in straight safe mode and was able to get it to run, but got the black screen telliing me that windows was unable to start. Asked me if I wanted it to attempt startup repair. Which after 15 sec started automatically. Now waiting for it to finish that process. It says it may restart several times in the process.

[Maniac]

Okay, let me know about that.

[woofs2china]

Start-up repair said the computer couldn't be repaired automatically I clicked finish to shut the computer down. Left it off for a minute then I restarted in safe with networking. Got the following message: Windows has recovered from an unexpected shutdown. Here are the problem details. Not sure if this is useful info or not

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

Additional information about the problem:

BCCode: d4

BCP1: FFFFF880014BA338

BCP2: 0000000000000002

BCP3: 0000000000000000

BCP4: FFFFF80002EDBAD9

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\061612-15834-01.dmp

C:\Users\Stephen Woof\AppData\Local\Temp\WER-36582-0.sysdata.xml

Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\windows\system32\en-US\erofflps.txt

[woofs2china]

tried running combofix in safe with networking. still doesn't owrk. Restarted in safe mode and trying combo fix again. It is running now.

[woofs2china]

It is beginning to look like every time I try to run combo fix, the start-up repair menu appears. Will wait now on your direction.

[Maniac]

Please compress this folder:

C:\FRST\Quarantine

How to do this here:

http://windows.microsoft.com/en-us/windows7/compress-and-uncompress-files-zip-files

Next, upload it in http://www.4shared.com/ for example and send me download link in PM.

[woofs2china]

done

[Maniac]

Thanks for the samples! They will be detected from Malwarebytes' Anti-Malware in future similar cases.

http://forums.malwarebytes.org/index.php?showtopic=111259

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• TDSSKiller log
  
• ESET Online Scanner log
  
• aswMBR log

[woofs2china]

eset is running now, but here is kaspersky

20:19:33.0416 5336 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

20:19:33.0852 5336 ============================================================

20:19:33.0852 5336 Current date / time: 2012/06/17 20:19:33.0852

20:19:33.0852 5336 SystemInfo:

20:19:33.0852 5336

20:19:33.0852 5336 OS Version: 6.1.7601 ServicePack: 1.0

20:19:33.0852 5336 Product type: Workstation

20:19:33.0852 5336 ComputerName: STEPHENWOOF-PC

20:19:33.0852 5336 UserName: Stephen Woof

20:19:33.0852 5336 Windows directory: C:\windows

20:19:33.0852 5336 System windows directory: C:\windows

20:19:33.0852 5336 Running under WOW64

20:19:33.0852 5336 Processor architecture: Intel x64

20:19:33.0852 5336 Number of processors: 2

20:19:33.0852 5336 Page size: 0x1000

20:19:33.0852 5336 Boot type: Normal boot

20:19:33.0852 5336 ============================================================

20:19:34.0164 5336 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:19:34.0164 5336 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:19:34.0180 5336 ============================================================

20:19:34.0180 5336 \Device\Harddisk0\DR0:

20:19:34.0180 5336 MBR partitions:

20:19:34.0180 5336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800

20:19:34.0180 5336 \Device\Harddisk1\DR1:

20:19:34.0180 5336 MBR partitions:

20:19:34.0180 5336 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0

20:19:34.0180 5336 ============================================================

20:19:34.0196 5336 C: <-> \Device\Harddisk0\DR0\Partition0

20:19:34.0196 5336 ============================================================

20:19:34.0196 5336 Initialize success

20:19:34.0196 5336 ============================================================

20:20:09.0530 1228 ============================================================

20:20:09.0530 1228 Scan started

20:20:09.0530 1228 Mode: Manual; SigCheck; TDLFS;

20:20:09.0530 1228 ============================================================

20:20:09.0967 1228 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

20:20:10.0029 1228 1394ohci - ok

20:20:10.0107 1228 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

20:20:10.0123 1228 ACPI - ok

20:20:10.0154 1228 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

20:20:10.0216 1228 AcpiPmi - ok

20:20:10.0310 1228 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:20:10.0325 1228 AdobeARMservice - ok

20:20:10.0450 1228 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:20:10.0481 1228 AdobeFlashPlayerUpdateSvc - ok

20:20:10.0528 1228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

20:20:10.0559 1228 adp94xx - ok

20:20:10.0575 1228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

20:20:10.0591 1228 adpahci - ok

20:20:10.0622 1228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

20:20:10.0622 1228 adpu320 - ok

20:20:10.0653 1228 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

20:20:10.0700 1228 AeLookupSvc - ok

20:20:10.0762 1228 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

20:20:10.0809 1228 AFD - ok

20:20:10.0856 1228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

20:20:10.0871 1228 agp440 - ok

20:20:10.0918 1228 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

20:20:10.0949 1228 ALG - ok

20:20:10.0981 1228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

20:20:10.0996 1228 aliide - ok

20:20:11.0027 1228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

20:20:11.0043 1228 amdide - ok

20:20:11.0074 1228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

20:20:11.0105 1228 AmdK8 - ok

20:20:11.0121 1228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

20:20:11.0152 1228 AmdPPM - ok

20:20:11.0199 1228 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

20:20:11.0230 1228 amdsata - ok

20:20:11.0246 1228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

20:20:11.0261 1228 amdsbs - ok

20:20:11.0293 1228 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

20:20:11.0308 1228 amdxata - ok

20:20:11.0371 1228 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

20:20:11.0433 1228 AppID - ok

20:20:11.0464 1228 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

20:20:11.0511 1228 AppIDSvc - ok

20:20:11.0542 1228 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

20:20:11.0605 1228 Appinfo - ok

20:20:11.0698 1228 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:20:11.0714 1228 Apple Mobile Device - ok

20:20:11.0745 1228 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

20:20:11.0761 1228 arc - ok

20:20:11.0761 1228 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

20:20:11.0776 1228 arcsas - ok

20:20:11.0792 1228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

20:20:11.0839 1228 AsyncMac - ok

20:20:11.0885 1228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

20:20:11.0917 1228 atapi - ok

20:20:11.0963 1228 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

20:20:12.0026 1228 AudioEndpointBuilder - ok

20:20:12.0041 1228 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

20:20:12.0088 1228 AudioSrv - ok

20:20:12.0182 1228 Auth Service (68bc55b5abf00a208a1a269405744022) C:\windows\system32\authServer.exe

20:20:12.0229 1228 Auth Service ( UnsignedFile.Multi.Generic ) - warning

20:20:12.0229 1228 Auth Service - detected UnsignedFile.Multi.Generic (1)

20:20:12.0338 1228 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

20:20:12.0400 1228 AxInstSV - ok

20:20:12.0478 1228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

20:20:12.0525 1228 b06bdrv - ok

20:20:12.0572 1228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

20:20:12.0619 1228 b57nd60a - ok

20:20:12.0665 1228 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

20:20:12.0697 1228 BDESVC - ok

20:20:12.0728 1228 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

20:20:12.0790 1228 Beep - ok

20:20:12.0853 1228 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

20:20:12.0915 1228 BFE - ok

20:20:12.0977 1228 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

20:20:13.0087 1228 BITS - ok

20:20:13.0165 1228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

20:20:13.0196 1228 blbdrive - ok

20:20:13.0274 1228 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:20:13.0305 1228 Bonjour Service - ok

20:20:13.0352 1228 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

20:20:13.0367 1228 bowser - ok

20:20:13.0414 1228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

20:20:13.0461 1228 BrFiltLo - ok

20:20:13.0461 1228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

20:20:13.0477 1228 BrFiltUp - ok

20:20:13.0539 1228 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

20:20:13.0601 1228 Browser - ok

20:20:13.0633 1228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

20:20:13.0664 1228 Brserid - ok

20:20:13.0664 1228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

20:20:13.0695 1228 BrSerWdm - ok

20:20:13.0726 1228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

20:20:13.0757 1228 BrUsbMdm - ok

20:20:13.0773 1228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

20:20:13.0789 1228 BrUsbSer - ok

20:20:13.0820 1228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

20:20:13.0835 1228 BTHMODEM - ok

20:20:13.0882 1228 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

20:20:13.0929 1228 bthserv - ok

20:20:13.0976 1228 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

20:20:14.0023 1228 cdfs - ok

20:20:14.0054 1228 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

20:20:14.0085 1228 cdrom - ok

20:20:14.0116 1228 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

20:20:14.0163 1228 CertPropSvc - ok

20:20:14.0194 1228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

20:20:14.0241 1228 circlass - ok

20:20:14.0288 1228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

20:20:14.0319 1228 CLFS - ok

20:20:14.0397 1228 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:20:14.0413 1228 clr_optimization_v2.0.50727_32 - ok

20:20:14.0475 1228 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:20:14.0491 1228 clr_optimization_v2.0.50727_64 - ok

20:20:14.0584 1228 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:20:14.0600 1228 clr_optimization_v4.0.30319_32 - ok

20:20:14.0647 1228 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:20:14.0662 1228 clr_optimization_v4.0.30319_64 - ok

20:20:14.0693 1228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

20:20:14.0740 1228 CmBatt - ok

20:20:14.0756 1228 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

20:20:14.0787 1228 cmdide - ok

20:20:14.0834 1228 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

20:20:14.0881 1228 CNG - ok

20:20:14.0959 1228 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys

20:20:15.0271 1228 CnxtHdAudService - ok

20:20:15.0427 1228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

20:20:15.0442 1228 Compbatt - ok

20:20:15.0458 1228 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

20:20:15.0489 1228 CompositeBus - ok

20:20:15.0505 1228 COMSysApp - ok

20:20:15.0536 1228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

20:20:15.0551 1228 crcdisk - ok

20:20:15.0583 1228 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

20:20:15.0629 1228 CryptSvc - ok

20:20:15.0676 1228 ctxusbm (bf62ff663ae55e4ed99de76881c2c0f1) C:\windows\system32\DRIVERS\ctxusbm.sys

20:20:15.0707 1228 ctxusbm - ok

20:20:15.0832 1228 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

20:20:15.0863 1228 cvhsvc - ok

20:20:15.0910 1228 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

20:20:15.0973 1228 DcomLaunch - ok

20:20:16.0035 1228 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

20:20:16.0097 1228 defragsvc - ok

20:20:16.0144 1228 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

20:20:16.0207 1228 DfsC - ok

20:20:16.0253 1228 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

20:20:16.0300 1228 Dhcp - ok

20:20:16.0331 1228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

20:20:16.0378 1228 discache - ok

20:20:16.0425 1228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

20:20:16.0441 1228 Disk - ok

20:20:16.0472 1228 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

20:20:16.0503 1228 Dnscache - ok

20:20:16.0534 1228 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

20:20:16.0612 1228 dot3svc - ok

20:20:16.0628 1228 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

20:20:16.0675 1228 DPS - ok

20:20:16.0706 1228 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

20:20:16.0753 1228 drmkaud - ok

20:20:16.0799 1228 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

20:20:16.0831 1228 DXGKrnl - ok

20:20:16.0862 1228 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

20:20:16.0909 1228 EapHost - ok

20:20:17.0049 1228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

20:20:17.0143 1228 ebdrv - ok

20:20:17.0236 1228 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

20:20:17.0267 1228 EFS - ok

20:20:17.0345 1228 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

20:20:17.0392 1228 ehRecvr - ok

20:20:17.0439 1228 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

20:20:17.0470 1228 ehSched - ok

20:20:17.0564 1228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

20:20:17.0595 1228 elxstor - ok

20:20:17.0595 1228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

20:20:17.0626 1228 ErrDev - ok

20:20:17.0673 1228 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

20:20:17.0751 1228 EventSystem - ok

20:20:17.0782 1228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

20:20:17.0813 1228 exfat - ok

20:20:17.0845 1228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

20:20:17.0891 1228 fastfat - ok

20:20:17.0954 1228 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

20:20:17.0985 1228 Fax - ok

20:20:18.0032 1228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

20:20:18.0063 1228 fdc - ok

20:20:18.0094 1228 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

20:20:18.0157 1228 fdPHost - ok

20:20:18.0157 1228 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

20:20:18.0219 1228 FDResPub - ok

20:20:18.0235 1228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

20:20:18.0235 1228 FileInfo - ok

20:20:18.0266 1228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

20:20:18.0313 1228 Filetrace - ok

20:20:18.0344 1228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

20:20:18.0344 1228 flpydisk - ok

20:20:18.0375 1228 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

20:20:18.0391 1228 FltMgr - ok

20:20:18.0437 1228 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

20:20:18.0484 1228 FontCache - ok

20:20:18.0562 1228 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:20:18.0578 1228 FontCache3.0.0.0 - ok

20:20:18.0625 1228 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

20:20:18.0640 1228 FsDepends - ok

20:20:18.0671 1228 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

20:20:18.0687 1228 Fs_Rec - ok

20:20:18.0734 1228 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

20:20:18.0765 1228 fvevol - ok

20:20:18.0796 1228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

20:20:18.0796 1228 gagp30kx - ok

20:20:18.0874 1228 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

20:20:18.0890 1228 GamesAppService - ok

20:20:18.0921 1228 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

20:20:18.0937 1228 GEARAspiWDM - ok

20:20:18.0983 1228 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

20:20:19.0046 1228 gpsvc - ok

20:20:19.0093 1228 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:20:19.0108 1228 gupdate - ok

20:20:19.0124 1228 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:20:19.0139 1228 gupdatem - ok

20:20:19.0171 1228 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

20:20:19.0186 1228 gusvc - ok

20:20:19.0233 1228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

20:20:19.0249 1228 hcw85cir - ok

20:20:19.0280 1228 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

20:20:19.0327 1228 HdAudAddService - ok

20:20:19.0342 1228 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

20:20:19.0373 1228 HDAudBus - ok

20:20:19.0405 1228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

20:20:19.0436 1228 HidBatt - ok

20:20:19.0451 1228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

20:20:19.0483 1228 HidBth - ok

20:20:19.0514 1228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

20:20:19.0529 1228 HidIr - ok

20:20:19.0561 1228 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

20:20:19.0623 1228 hidserv - ok

20:20:19.0670 1228 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

20:20:19.0701 1228 HidUsb - ok

20:20:19.0732 1228 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

20:20:19.0795 1228 hkmsvc - ok

20:20:19.0826 1228 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

20:20:19.0857 1228 HomeGroupListener - ok

20:20:19.0888 1228 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

20:20:19.0904 1228 HomeGroupProvider - ok

20:20:19.0951 1228 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

20:20:19.0966 1228 HpSAMD - ok

20:20:20.0013 1228 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

20:20:20.0075 1228 HTTP - ok

20:20:20.0107 1228 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

20:20:20.0107 1228 hwpolicy - ok

20:20:20.0138 1228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

20:20:20.0153 1228 i8042prt - ok

20:20:20.0200 1228 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys

20:20:20.0216 1228 iaStor - ok

20:20:20.0263 1228 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

20:20:20.0294 1228 iaStorV - ok

20:20:20.0403 1228 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

20:20:20.0419 1228 IDriverT ( UnsignedFile.Multi.Generic ) - warning

20:20:20.0419 1228 IDriverT - detected UnsignedFile.Multi.Generic (1)

20:20:20.0528 1228 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:20:20.0559 1228 idsvc - ok

20:20:21.0105 1228 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys

20:20:21.0417 1228 igfx - ok

20:20:21.0542 1228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

20:20:21.0557 1228 iirsp - ok

20:20:21.0620 1228 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

20:20:21.0698 1228 IKEEXT - ok

20:20:21.0760 1228 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

20:20:21.0791 1228 IntcDAud - ok

20:20:21.0823 1228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

20:20:21.0838 1228 intelide - ok

20:20:21.0869 1228 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

20:20:21.0885 1228 intelppm - ok

20:20:21.0916 1228 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

20:20:21.0979 1228 IPBusEnum - ok

20:20:21.0994 1228 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

20:20:22.0025 1228 IpFilterDriver - ok

20:20:22.0088 1228 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

20:20:22.0150 1228 iphlpsvc - ok

20:20:22.0181 1228 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

20:20:22.0213 1228 IPMIDRV - ok

20:20:22.0213 1228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

20:20:22.0244 1228 IPNAT - ok

20:20:22.0353 1228 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

20:20:22.0384 1228 iPod Service - ok

20:20:22.0415 1228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

20:20:22.0431 1228 IRENUM - ok

20:20:22.0462 1228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

20:20:22.0462 1228 isapnp - ok

20:20:22.0478 1228 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

20:20:22.0493 1228 iScsiPrt - ok

20:20:22.0540 1228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

20:20:22.0556 1228 kbdclass - ok

20:20:22.0587 1228 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

20:20:22.0618 1228 kbdhid - ok

20:20:22.0649 1228 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:20:22.0665 1228 KeyIso - ok

20:20:22.0681 1228 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

20:20:22.0696 1228 KSecDD - ok

20:20:22.0712 1228 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

20:20:22.0727 1228 KSecPkg - ok

20:20:22.0759 1228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

20:20:22.0821 1228 ksthunk - ok

20:20:22.0852 1228 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

20:20:22.0899 1228 KtmRm - ok

20:20:22.0930 1228 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys

20:20:22.0930 1228 L1C - ok

20:20:22.0961 1228 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

20:20:23.0024 1228 LanmanServer - ok

20:20:23.0055 1228 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

20:20:23.0117 1228 LanmanWorkstation - ok

20:20:23.0149 1228 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

20:20:23.0195 1228 lltdio - ok

20:20:23.0227 1228 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

20:20:23.0289 1228 lltdsvc - ok

20:20:23.0320 1228 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

20:20:23.0351 1228 lmhosts - ok

20:20:23.0445 1228 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

20:20:23.0476 1228 LMS - ok

20:20:23.0507 1228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

20:20:23.0523 1228 LSI_FC - ok

20:20:23.0523 1228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

20:20:23.0539 1228 LSI_SAS - ok

20:20:23.0539 1228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

20:20:23.0554 1228 LSI_SAS2 - ok

20:20:23.0554 1228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

20:20:23.0570 1228 LSI_SCSI - ok

20:20:23.0617 1228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

20:20:23.0695 1228 luafv - ok

20:20:23.0757 1228 lxecCATSCustConnectService (1f02b554ddc4086d786537a3bf6488f1) C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe

20:20:23.0788 1228 lxecCATSCustConnectService - ok

20:20:23.0804 1228 lxec_device - ok

20:20:23.0835 1228 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

20:20:23.0851 1228 Mcx2Svc - ok

20:20:23.0882 1228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

20:20:23.0897 1228 megasas - ok

20:20:23.0913 1228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

20:20:23.0929 1228 MegaSR - ok

20:20:23.0975 1228 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

20:20:23.0991 1228 MEIx64 - ok

20:20:24.0022 1228 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

20:20:24.0069 1228 MMCSS - ok

20:20:24.0100 1228 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

20:20:24.0147 1228 Modem - ok

20:20:24.0178 1228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

20:20:24.0225 1228 monitor - ok

20:20:24.0256 1228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

20:20:24.0272 1228 mouclass - ok

20:20:24.0303 1228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys

20:20:24.0334 1228 mouhid - ok

20:20:24.0365 1228 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

20:20:24.0381 1228 mountmgr - ok

20:20:24.0412 1228 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

20:20:24.0428 1228 mpio - ok

20:20:24.0443 1228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

20:20:24.0475 1228 mpsdrv - ok

20:20:24.0537 1228 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

20:20:24.0599 1228 MpsSvc - ok

20:20:24.0631 1228 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

20:20:24.0662 1228 MRxDAV - ok

20:20:24.0693 1228 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

20:20:24.0724 1228 mrxsmb - ok

20:20:24.0740 1228 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

20:20:24.0755 1228 mrxsmb10 - ok

20:20:24.0787 1228 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

20:20:24.0802 1228 mrxsmb20 - ok

20:20:24.0833 1228 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

20:20:24.0833 1228 msahci - ok

20:20:24.0865 1228 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

20:20:24.0880 1228 msdsm - ok

20:20:24.0896 1228 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

20:20:24.0927 1228 MSDTC - ok

20:20:24.0943 1228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

20:20:24.0989 1228 Msfs - ok

20:20:25.0021 1228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

20:20:25.0083 1228 mshidkmdf - ok

20:20:25.0099 1228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

20:20:25.0099 1228 msisadrv - ok

20:20:25.0145 1228 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

20:20:25.0177 1228 MSiSCSI - ok

20:20:25.0177 1228 msiserver - ok

20:20:25.0208 1228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

20:20:25.0255 1228 MSKSSRV - ok

20:20:25.0255 1228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

20:20:25.0286 1228 MSPCLOCK - ok

20:20:25.0301 1228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

20:20:25.0348 1228 MSPQM - ok

20:20:25.0379 1228 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

20:20:25.0411 1228 MsRPC - ok

20:20:25.0426 1228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

20:20:25.0426 1228 mssmbios - ok

20:20:25.0442 1228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

20:20:25.0489 1228 MSTEE - ok

20:20:25.0489 1228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

20:20:25.0504 1228 MTConfig - ok

20:20:25.0535 1228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

20:20:25.0551 1228 Mup - ok

20:20:25.0582 1228 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

20:20:25.0629 1228 napagent - ok

20:20:25.0691 1228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

20:20:25.0754 1228 NativeWifiP - ok

20:20:25.0801 1228 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

20:20:25.0847 1228 NDIS - ok

20:20:25.0879 1228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

20:20:25.0941 1228 NdisCap - ok

20:20:25.0972 1228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

20:20:26.0003 1228 NdisTapi - ok

20:20:26.0019 1228 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

20:20:26.0050 1228 Ndisuio - ok

20:20:26.0081 1228 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

20:20:26.0128 1228 NdisWan - ok

20:20:26.0144 1228 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

20:20:26.0191 1228 NDProxy - ok

20:20:26.0222 1228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

20:20:26.0269 1228 NetBIOS - ok

20:20:26.0284 1228 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

20:20:26.0331 1228 NetBT - ok

20:20:26.0347 1228 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:20:26.0362 1228 Netlogon - ok

20:20:26.0409 1228 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

20:20:26.0471 1228 Netman - ok

20:20:26.0503 1228 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

20:20:26.0565 1228 netprofm - ok

20:20:26.0627 1228 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:20:26.0659 1228 NetTcpPortSharing - ok

20:20:26.0674 1228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

20:20:26.0690 1228 nfrd960 - ok

20:20:26.0737 1228 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

20:20:26.0799 1228 NlaSvc - ok

20:20:26.0846 1228 Norton PC Checkup Application Launcher - ok

20:20:26.0877 1228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

20:20:26.0924 1228 Npfs - ok

20:20:26.0939 1228 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

20:20:26.0986 1228 nsi - ok

20:20:27.0017 1228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

20:20:27.0049 1228 nsiproxy - ok

20:20:27.0127 1228 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

20:20:27.0173 1228 Ntfs - ok

20:20:27.0298 1228 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

20:20:27.0345 1228 Null - ok

20:20:27.0376 1228 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

20:20:27.0392 1228 nvraid - ok

20:20:27.0407 1228 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

20:20:27.0423 1228 nvstor - ok

20:20:27.0470 1228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

20:20:27.0485 1228 nv_agp - ok

20:20:27.0501 1228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

20:20:27.0532 1228 ohci1394 - ok

20:20:27.0595 1228 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:20:27.0626 1228 ose - ok

20:20:27.0844 1228 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:20:28.0031 1228 osppsvc - ok

20:20:28.0141 1228 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

20:20:28.0187 1228 p2pimsvc - ok

20:20:28.0234 1228 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

20:20:28.0265 1228 p2psvc - ok

20:20:28.0312 1228 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

20:20:28.0312 1228 Parport - ok

20:20:28.0343 1228 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

20:20:28.0359 1228 partmgr - ok

20:20:28.0375 1228 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

20:20:28.0421 1228 PcaSvc - ok

20:20:28.0484 1228 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe

20:20:28.0499 1228 PCCUJobMgr - ok

20:20:28.0531 1228 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

20:20:28.0546 1228 pci - ok

20:20:28.0562 1228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

20:20:28.0577 1228 pciide - ok

20:20:28.0593 1228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

20:20:28.0609 1228 pcmcia - ok

20:20:28.0640 1228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

20:20:28.0640 1228 pcw - ok

20:20:28.0671 1228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

20:20:28.0733 1228 PEAUTH - ok

20:20:28.0780 1228 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

20:20:28.0811 1228 PerfHost - ok

20:20:28.0858 1228 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

20:20:28.0874 1228 PGEffect - ok

20:20:28.0952 1228 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

20:20:29.0045 1228 pla - ok

20:20:29.0092 1228 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

20:20:29.0123 1228 PlugPlay - ok

20:20:29.0155 1228 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

20:20:29.0201 1228 PNRPAutoReg - ok

20:20:29.0217 1228 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

20:20:29.0233 1228 PNRPsvc - ok

20:20:29.0264 1228 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

20:20:29.0326 1228 PolicyAgent - ok

20:20:29.0357 1228 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

20:20:29.0389 1228 Power - ok

20:20:29.0467 1228 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

20:20:29.0529 1228 PptpMiniport - ok

20:20:29.0560 1228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

20:20:29.0560 1228 Processor - ok

20:20:29.0591 1228 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

20:20:29.0654 1228 ProfSvc - ok

20:20:29.0669 1228 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:20:29.0685 1228 ProtectedStorage - ok

20:20:29.0716 1228 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

20:20:29.0763 1228 Psched - ok

20:20:29.0794 1228 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys

20:20:29.0810 1228 QIOMem - ok

20:20:29.0903 1228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

20:20:29.0935 1228 ql2300 - ok

20:20:30.0075 1228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

20:20:30.0106 1228 ql40xx - ok

20:20:30.0137 1228 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

20:20:30.0169 1228 QWAVE - ok

20:20:30.0169 1228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

20:20:30.0215 1228 QWAVEdrv - ok

20:20:30.0231 1228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

20:20:30.0278 1228 RasAcd - ok

20:20:30.0293 1228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

20:20:30.0340 1228 RasAgileVpn - ok

20:20:30.0371 1228 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

20:20:30.0418 1228 RasAuto - ok

20:20:30.0449 1228 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

20:20:30.0512 1228 Rasl2tp - ok

20:20:30.0543 1228 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

20:20:30.0590 1228 RasMan - ok

20:20:30.0621 1228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

20:20:30.0668 1228 RasPppoe - ok

20:20:30.0683 1228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

20:20:30.0746 1228 RasSstp - ok

20:20:30.0777 1228 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

20:20:30.0839 1228 rdbss - ok

20:20:30.0855 1228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

20:20:30.0871 1228 rdpbus - ok

20:20:30.0917 1228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

20:20:30.0980 1228 RDPCDD - ok

20:20:30.0995 1228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

20:20:31.0042 1228 RDPENCDD - ok

20:20:31.0089 1228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

20:20:31.0120 1228 RDPREFMP - ok

20:20:31.0167 1228 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

20:20:31.0183 1228 RDPWD - ok

20:20:31.0229 1228 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

20:20:31.0245 1228 rdyboost - ok

20:20:31.0276 1228 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

20:20:31.0323 1228 RemoteAccess - ok

20:20:31.0354 1228 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

20:20:31.0401 1228 RemoteRegistry - ok

20:20:31.0432 1228 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

20:20:31.0479 1228 RpcEptMapper - ok

20:20:31.0510 1228 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

20:20:31.0526 1228 RpcLocator - ok

20:20:31.0573 1228 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

20:20:31.0619 1228 RpcSs - ok

20:20:31.0651 1228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

20:20:31.0682 1228 rspndr - ok

20:20:31.0729 1228 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys

20:20:31.0744 1228 RSUSBSTOR - ok

20:20:31.0775 1228 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys

20:20:31.0775 1228 RSUSBVSTOR - ok

20:20:31.0869 1228 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys

20:20:31.0900 1228 RTL8192Ce - ok

20:20:31.0931 1228 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:20:31.0931 1228 SamSs - ok

20:20:31.0978 1228 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\windows\system32\drivers\SbFw.sys

20:20:31.0994 1228 SbFw - ok

20:20:32.0025 1228 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\windows\system32\DRIVERS\sbfwim.sys

20:20:32.0025 1228 SBFWIMCL - ok

20:20:32.0025 1228 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\windows\system32\DRIVERS\SBFWIM.sys

20:20:32.0041 1228 SBFWIMCLMP - ok

20:20:32.0072 1228 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\windows\system32\drivers\sbhips.sys

20:20:32.0072 1228 sbhips - ok

20:20:32.0103 1228 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

20:20:32.0119 1228 sbp2port - ok

20:20:32.0119 1228 SBRE - ok

20:20:32.0150 1228 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\windows\system32\drivers\sbtis.sys

20:20:32.0165 1228 SbTis - ok

20:20:32.0197 1228 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

20:20:32.0243 1228 SCardSvr - ok

20:20:32.0259 1228 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

20:20:32.0306 1228 scfilter - ok

20:20:32.0368 1228 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

20:20:32.0446 1228 Schedule - ok

20:20:32.0477 1228 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

20:20:32.0509 1228 SCPolicySvc - ok

20:20:32.0524 1228 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

20:20:32.0555 1228 SDRSVC - ok

20:20:32.0602 1228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

20:20:32.0680 1228 secdrv - ok

20:20:32.0711 1228 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

20:20:32.0758 1228 seclogon - ok

20:20:32.0774 1228 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

20:20:32.0821 1228 SENS - ok

20:20:32.0836 1228 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

20:20:32.0867 1228 SensrSvc - ok

20:20:32.0899 1228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

20:20:32.0930 1228 Serenum - ok

20:20:32.0945 1228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

20:20:32.0992 1228 Serial - ok

20:20:33.0039 1228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

20:20:33.0070 1228 sermouse - ok

20:20:33.0117 1228 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

20:20:33.0179 1228 SessionEnv - ok

20:20:33.0179 1228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

20:20:33.0195 1228 sffdisk - ok

20:20:33.0211 1228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

20:20:33.0242 1228 sffp_mmc - ok

20:20:33.0242 1228 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

20:20:33.0257 1228 sffp_sd - ok

20:20:33.0289 1228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

20:20:33.0335 1228 sfloppy - ok

20:20:33.0413 1228 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

20:20:33.0445 1228 Sftfs - ok

20:20:33.0507 1228 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

20:20:33.0538 1228 sftlist - ok

20:20:33.0569 1228 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

20:20:33.0585 1228 Sftplay - ok

20:20:33.0601 1228 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

20:20:33.0601 1228 Sftredir - ok

20:20:33.0616 1228 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

20:20:33.0632 1228 Sftvol - ok

20:20:33.0647 1228 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

20:20:33.0663 1228 sftvsa - ok

20:20:33.0694 1228 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

20:20:33.0741 1228 SharedAccess - ok

20:20:33.0772 1228 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

20:20:33.0835 1228 ShellHWDetection - ok

20:20:33.0866 1228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

20:20:33.0881 1228 SiSRaid2 - ok

20:20:33.0881 1228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

20:20:33.0897 1228 SiSRaid4 - ok

20:20:33.0913 1228 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe

20:20:33.0928 1228 SkypeUpdate - ok

20:20:33.0959 1228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

20:20:34.0006 1228 Smb - ok

20:20:34.0053 1228 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

20:20:34.0069 1228 SNMPTRAP - ok

20:20:34.0100 1228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

20:20:34.0115 1228 spldr - ok

20:20:34.0147 1228 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

20:20:34.0193 1228 Spooler - ok

20:20:34.0334 1228 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

20:20:34.0474 1228 sppsvc - ok

20:20:34.0568 1228 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

20:20:34.0630 1228 sppuinotify - ok

20:20:34.0693 1228 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

20:20:34.0739 1228 srv - ok

20:20:34.0817 1228 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

20:20:34.0895 1228 srv2 - ok

20:20:34.0958 1228 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS

20:20:34.0989 1228 SrvHsfHDA - ok

20:20:35.0051 1228 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS

20:20:35.0114 1228 SrvHsfV92 - ok

20:20:35.0254 1228 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS

20:20:35.0317 1228 SrvHsfWinac - ok

20:20:35.0348 1228 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

20:20:35.0379 1228 srvnet - ok

20:20:35.0410 1228 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

20:20:35.0457 1228 SSDPSRV - ok

20:20:35.0473 1228 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

20:20:35.0504 1228 SstpSvc - ok

20:20:35.0519 1228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

20:20:35.0535 1228 stexstor - ok

20:20:35.0582 1228 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

20:20:35.0597 1228 stisvc - ok

20:20:35.0629 1228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

20:20:35.0629 1228 swenum - ok

20:20:35.0675 1228 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

20:20:35.0753 1228 swprv - ok

20:20:35.0847 1228 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys

20:20:35.0878 1228 SynTP - ok

20:20:36.0034 1228 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

20:20:36.0097 1228 SysMain - ok

20:20:36.0190 1228 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

20:20:36.0237 1228 TabletInputService - ok

20:20:36.0268 1228 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

20:20:36.0331 1228 TapiSrv - ok

20:20:36.0362 1228 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

20:20:36.0393 1228 TBS - ok

20:20:36.0502 1228 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

20:20:36.0565 1228 Tcpip - ok

20:20:36.0736 1228 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

20:20:36.0799 1228 TCPIP6 - ok

20:20:36.0908 1228 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

20:20:36.0986 1228 tcpipreg - ok

20:20:37.0017 1228 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

20:20:37.0048 1228 tdcmdpst - ok

20:20:37.0079 1228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

20:20:37.0095 1228 TDPIPE - ok

20:20:37.0126 1228 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

20:20:37.0142 1228 TDTCP - ok

20:20:37.0173 1228 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

20:20:37.0220 1228 tdx - ok

20:20:37.0267 1228 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

20:20:37.0282 1228 TermDD - ok

20:20:37.0345 1228 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

20:20:37.0423 1228 TermService - ok

20:20:37.0438 1228 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

20:20:37.0469 1228 Themes - ok

20:20:37.0501 1228 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

20:20:37.0532 1228 THREADORDER - ok

20:20:37.0641 1228 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

20:20:37.0657 1228 TMachInfo - ok

20:20:37.0672 1228 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe

20:20:37.0688 1228 TODDSrv - ok

20:20:37.0781 1228 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

20:20:37.0813 1228 TosCoSrv - ok

20:20:37.0875 1228 TOSHIBA eco Utility Service (d0f868a67cb4d817a3f7abef8c42f49c) C:\Program Files\TOSHIBA\TECO\TecoService.exe

20:20:37.0906 1228 TOSHIBA eco Utility Service - ok

20:20:37.0953 1228 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

20:20:37.0969 1228 TOSHIBA HDD SSD Alert Service - ok

20:20:38.0031 1228 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

20:20:38.0078 1228 tos_sps64 - ok

20:20:38.0125 1228 TPCHSrv (d65c6b0c070534336b72005391b6168a) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

20:20:38.0156 1228 TPCHSrv - ok

20:20:38.0234 1228 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

20:20:38.0327 1228 TrkWks - ok

20:20:38.0374 1228 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

20:20:38.0468 1228 TrustedInstaller - ok

20:20:38.0499 1228 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

20:20:38.0561 1228 tssecsrv - ok

20:20:38.0577 1228 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

20:20:38.0593 1228 TsUsbFlt - ok

20:20:38.0608 1228 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

20:20:38.0624 1228 TsUsbGD - ok

20:20:38.0655 1228 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

20:20:38.0733 1228 tunnel - ok

20:20:38.0780 1228 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

20:20:38.0795 1228 TVALZ - ok

20:20:38.0827 1228 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

20:20:38.0842 1228 TVALZFL - ok

20:20:38.0873 1228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

20:20:38.0889 1228 uagp35 - ok

20:20:38.0936 1228 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

20:20:39.0014 1228 udfs - ok

20:20:39.0045 1228 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

20:20:39.0061 1228 UI0Detect - ok

20:20:39.0092 1228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

20:20:39.0092 1228 uliagpkx - ok

20:20:39.0123 1228 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

20:20:39.0154 1228 umbus - ok

20:20:39.0185 1228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

20:20:39.0201 1228 UmPass - ok

20:20:39.0404 1228 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

20:20:39.0466 1228 UNS - ok

20:20:39.0560 1228 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

20:20:39.0653 1228 upnphost - ok

20:20:39.0700 1228 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys

20:20:39.0731 1228 USBAAPL64 - ok

20:20:39.0778 1228 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

20:20:39.0809 1228 usbccgp - ok

20:20:39.0825 1228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

20:20:39.0841 1228 usbcir - ok

20:20:39.0872 1228 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

20:20:39.0903 1228 usbehci - ok

20:20:39.0934 1228 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

20:20:39.0981 1228 usbhub - ok

20:20:40.0012 1228 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

20:20:40.0028 1228 usbohci - ok

20:20:40.0059 1228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

20:20:40.0090 1228 usbprint - ok

20:20:40.0121 1228 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

20:20:40.0137 1228 usbscan - ok

20:20:40.0168 1228 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

20:20:40.0199 1228 USBSTOR - ok

20:20:40.0231 1228 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

20:20:40.0262 1228 usbuhci - ok

20:20:40.0293 1228 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

20:20:40.0324 1228 usbvideo - ok

20:20:40.0340 1228 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

20:20:40.0387 1228 UxSms - ok

20:20:40.0418 1228 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

20:20:40.0418 1228 VaultSvc - ok

20:20:40.0465 1228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

20:20:40.0465 1228 vdrvroot - ok

20:20:40.0527 1228 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

20:20:40.0589 1228 vds - ok

20:20:40.0605 1228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

20:20:40.0621 1228 vga - ok

20:20:40.0636 1228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

20:20:40.0714 1228 VgaSave - ok

20:20:40.0714 1228 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

20:20:40.0730 1228 vhdmp - ok

20:20:40.0761 1228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

20:20:40.0777 1228 viaide - ok

20:20:40.0792 1228 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

20:20:40.0792 1228 volmgr - ok

20:20:40.0823 1228 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

20:20:40.0839 1228 volmgrx - ok

20:20:40.0870 1228 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

20:20:40.0886 1228 volsnap - ok

20:20:40.0917 1228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

20:20:40.0933 1228 vsmraid - ok

20:20:41.0026 1228 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

20:20:41.0089 1228 VSS - ok

20:20:41.0198 1228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

20:20:41.0229 1228 vwifibus - ok

20:20:41.0260 1228 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

20:20:41.0307 1228 vwififlt - ok

20:20:41.0338 1228 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

20:20:41.0385 1228 W32Time - ok

20:20:41.0416 1228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

20:20:41.0432 1228 WacomPen - ok

20:20:41.0479 1228 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

20:20:41.0541 1228 WANARP - ok

20:20:41.0557 1228 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

20:20:41.0588 1228 Wanarpv6 - ok

20:20:41.0681 1228 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

20:20:41.0713 1228 WatAdminSvc - ok

20:20:41.0791 1228 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

20:20:41.0837 1228 wbengine - ok

20:20:41.0962 1228 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

20:20:42.0009 1228 WbioSrvc - ok

20:20:42.0025 1228 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

20:20:42.0056 1228 wcncsvc - ok

20:20:42.0087 1228 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

20:20:42.0103 1228 WcsPlugInService - ok

20:20:42.0149 1228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

20:20:42.0149 1228 Wd - ok

20:20:42.0196 1228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

20:20:42.0227 1228 Wdf01000 - ok

20:20:42.0259 1228 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

20:20:42.0305 1228 WdiServiceHost - ok

20:20:42.0321 1228 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

20:20:42.0337 1228 WdiSystemHost - ok

20:20:42.0368 1228 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

20:20:42.0383 1228 WebClient - ok

20:20:42.0430 1228 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

20:20:42.0508 1228 Wecsvc - ok

20:20:42.0524 1228 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

20:20:42.0571 1228 wercplsupport - ok

20:20:42.0602 1228 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

20:20:42.0649 1228 WerSvc - ok

20:20:42.0711 1228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

20:20:42.0773 1228 WfpLwf - ok

20:20:42.0773 1228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

20:20:42.0789 1228 WIMMount - ok

20:20:42.0820 1228 WinDefend - ok

20:20:42.0836 1228 WinHttpAutoProxySvc - ok

20:20:42.0883 1228 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

20:20:42.0945 1228 Winmgmt - ok

20:20:43.0101 1228 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

20:20:43.0163 1228 WinRM - ok

20:20:43.0304 1228 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

20:20:43.0335 1228 WinUsb - ok

20:20:43.0382 1228 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

20:20:43.0429 1228 Wlansvc - ok

20:20:43.0491 1228 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:20:43.0507 1228 wlcrasvc - ok

20:20:43.0678 1228 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:20:43.0741 1228 wlidsvc - ok

20:20:43.0850 1228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

20:20:43.0897 1228 WmiAcpi - ok

20:20:43.0959 1228 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

20:20:44.0006 1228 wmiApSrv - ok

20:20:44.0053 1228 WMPNetworkSvc - ok

20:20:44.0099 1228 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

20:20:44.0131 1228 WPCSvc - ok

20:20:44.0146 1228 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

20:20:44.0162 1228 WPDBusEnum - ok

20:20:44.0177 1228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

20:20:44.0224 1228 ws2ifsl - ok

20:20:44.0255 1228 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

20:20:44.0271 1228 wscsvc - ok

20:20:44.0271 1228 WSearch - ok

20:20:44.0380 1228 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

20:20:44.0458 1228 wuauserv - ok

20:20:44.0583 1228 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

20:20:44.0645 1228 WudfPf - ok

20:20:44.0677 1228 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

20:20:44.0755 1228 WUDFRd - ok

20:20:44.0770 1228 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

20:20:44.0817 1228 wudfsvc - ok

20:20:44.0833 1228 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

20:20:44.0864 1228 WwanSvc - ok

20:20:44.0879 1228 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

20:20:45.0488 1228 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:20:45.0488 1228 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:20:45.0488 1228 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

20:20:48.0031 1228 \Device\Harddisk1\DR1 - ok

20:20:48.0062 1228 Boot (0x1200) (c3b7ebd1da4c0548ce49608c505c6b85) \Device\Harddisk0\DR0\Partition0

20:20:48.0077 1228 \Device\Harddisk0\DR0\Partition0 - ok

20:20:48.0077 1228 Boot (0x1200) (949f9f0dd88ff308bcc83a6c3a02b260) \Device\Harddisk1\DR1\Partition0

20:20:48.0077 1228 \Device\Harddisk1\DR1\Partition0 - ok

20:20:48.0077 1228 ============================================================

20:20:48.0077 1228 Scan finished

20:20:48.0077 1228 ============================================================

20:20:48.0093 5864 Detected object count: 3

20:20:48.0093 5864 Actual detected object count: 3

20:21:25.0065 5864 Auth Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:21:25.0065 5864 Auth Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:21:25.0065 5864 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

20:21:25.0065 5864 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:21:25.0065 5864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:21:25.0065 5864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

20:23:23.0313 0236 ============================================================

20:23:23.0313 0236 Scan started

20:23:23.0313 0236 Mode: Manual; SigCheck; TDLFS;

20:23:23.0313 0236 ============================================================

20:23:23.0485 0236 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

20:23:23.0516 0236 1394ohci - ok

20:23:23.0547 0236 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

20:23:23.0563 0236 ACPI - ok

20:23:23.0578 0236 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

20:23:23.0594 0236 AcpiPmi - ok

20:23:23.0656 0236 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:23:23.0672 0236 AdobeARMservice - ok

20:23:23.0766 0236 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:23:23.0797 0236 AdobeFlashPlayerUpdateSvc - ok