Jump to content

I cannot scan with Malwarebytes - I get the blue screen of death


Recommended Posts

I don't know for sure that I have a virus other than I cannot get Malwarebytes to complete a scan - I get the blue screen of death, and all my restore points have disappeared Sometimes it's 30 seconds into the scan, sometimes it's after 50,000 files have been scanned, or somewhere in between.

attach.txt is attached

Here is the text in dds.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.5.1

Run by Darren at 20:27:12 on 2012-08-26

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3032.1454 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Lenovo\PMDriver\PMSveH.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Lenovo\PMDriver\PMHandler.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Common Files\ArcSoft\CONNECTION SERVICE\BIN\ACDaemon.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\Logitech Vid\Vid.exe

C:\Program Files\Software Informer\softinfo.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\TiVo\Desktop\TiVoTransfer.exe

C:\Program Files\TiVo\Desktop\TiVoNotify.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe

C:\Users\Darren\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\ArcSoft\CONNECTION SERVICE\BIN\ArcCon.ac

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = https://www.paypal.com/

uDefault_Page_URL = hxxp://lenovo.live.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\Vid.exe" -bootmode

uRun: [Logitech Vid HD] "c:\program files\logitech\logitech vid\vid.exe" -bootmode

uRun: [software Informer] "c:\program files\software informer\softinfo.exe" -autorun

uRun: [fsm]

uRun: [TivoServer] c:\program files\tivo\desktop\TiVoServer.exe /service /registry

uRun: [TivoTransfer] c:\program files\tivo\desktop\TiVoTransfer.exe

uRun: [TivoNotify] c:\program files\tivo\desktop\TiVoNotify.exe /service /registry /auto:TivoNotify

uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHandler.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe

mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup

mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\darren\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\darren\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{29656A43-55F3-40F6-92D3-17ED404CC178} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{B6B51E4E-AAFD-46D9-8B19-050612BAFB47} : DhcpNameServer = 192.168.0.5

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\darren\appdata\roaming\mozilla\firefox\profiles\70bzqjey.default\

FF - prefs.js: browser.search.selectedEngine - Swagbucks.com

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bda08b25a-5a73-4d0b-8634-e145b0e268c3%7D&mid=0236673dd72cc8ec6a5e7fac0a604884-6ae972be8bf95a26720bafee866129c8cf23fd1c&ds=AVG&v=9.0.0.18.1〈=en&pr=fr&d=2011-10-06%2010%3A06%3A06&sap=ku&q=

FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]

R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-3-26 44544]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-26 112128]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-26 97536]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-3-26 48192]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca7b3cc622411a;Google Update Service (gupdate1ca7b3cc622411a);c:\program files\google\update\GoogleUpdate.exe [2009-12-12 133104]

S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-28 947528]

S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-4-1 245760]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-12 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-26 40776]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-24 113120]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

S4 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2010-8-24 1104656]

.

=============== Created Last 30 ================

.

2012-08-26 20:55:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-13 16:20:57 -------- d-----r- c:\program files\Skype

.

==================== Find3M ====================

.

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 20:27:53.43 ===============

Attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please uninstall AutocompletePro, it's considered malware.

~~~~~~~~~~~~~~

Then.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Thank you for your help!

I uninstalled AutoCompletePro (which had been then since May 2010!). At the end of the uninstall it said that it wasn't all removed, but could be removed manually. I did not remove anything manually because it did not tell me what or how to remove.

Here is RKreport.txt:

RogueKiller V8.0.0 [08/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version

Started in : Normal mode

User : Darren [Admin rights]

Mode : Scan -- Date : 08/27/2012 08:18:20

¤¤¤ Bad processes : 2 ¤¤¤

[RESIDUE] TiVoTransfer.exe -- C:\Program Files\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc]

[RESIDUE] TiVoNotify.exe -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : TivoServer (C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : TivoTransfer (C:\Program Files\TiVo\Desktop\TiVoTransfer.exe) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : TivoNotify (C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1376172574-1599886409-3189326231-1003[...]\Run : TivoServer (C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1376172574-1599886409-3189326231-1003[...]\Run : TivoTransfer (C:\Program Files\TiVo\Desktop\TiVoTransfer.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1376172574-1599886409-3189326231-1003[...]\Run : TivoNotify (C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1376172574-1599886409-3189326231-1003[...]\Run : TranscodingService (C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160827AS ATA Device +++++

--- User ---

[MBR] 1ee2a303b6f6b4196b4bfce2d4b50e24

[bSP] 6d61e6448903c38ca8c7d487471a1e80 : Lenovo tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 141124 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292098048 | Size: 10000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Thank you again!

Link to post
Share on other sites

Not much showing, lets run some scans......

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

~~~~~~~~~~~~~~~

Then.......

Please read the directions carefully so you don't end up deleting something that is good!!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Here is the TDSSKiller file:

08:53:10.0107 4800 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

08:53:10.0451 4800 ============================================================

08:53:10.0451 4800 Current date / time: 2012/08/27 08:53:10.0451

08:53:10.0451 4800 SystemInfo:

08:53:10.0452 4800

08:53:10.0452 4800 OS Version: 6.0.6001 ServicePack: 1.0

08:53:10.0452 4800 Product type: Workstation

08:53:10.0452 4800 ComputerName: LENOVALAPTOP

08:53:10.0452 4800 UserName: Darren

08:53:10.0452 4800 Windows directory: C:\Windows

08:53:10.0452 4800 System windows directory: C:\Windows

08:53:10.0452 4800 Processor architecture: Intel x86

08:53:10.0453 4800 Number of processors: 2

08:53:10.0453 4800 Page size: 0x1000

08:53:10.0453 4800 Boot type: Normal boot

08:53:10.0453 4800 ============================================================

08:53:12.0947 4800 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:53:12.0980 4800 ============================================================

08:53:12.0980 4800 \Device\Harddisk0\DR0:

08:53:13.0018 4800 MBR partitions:

08:53:13.0018 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000

08:53:13.0018 4800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8

08:53:13.0018 4800 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000

08:53:13.0018 4800 ============================================================

08:53:13.0239 4800 C: <-> \Device\Harddisk0\DR0\Partition2

08:53:13.0306 4800 S: <-> \Device\Harddisk0\DR0\Partition1

08:53:13.0456 4800 Q: <-> \Device\Harddisk0\DR0\Partition3

08:53:13.0456 4800 ============================================================

08:53:13.0456 4800 Initialize success

08:53:13.0456 4800 ============================================================

08:54:48.0402 5136 ============================================================

08:54:48.0402 5136 Scan started

08:54:48.0402 5136 Mode: Manual; SigCheck; TDLFS;

08:54:48.0402 5136 ============================================================

08:54:50.0402 5136 ================ Scan system memory ========================

08:54:50.0402 5136 System memory - ok

08:54:50.0403 5136 ================ Scan services =============================

08:54:50.0839 5136 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

08:54:51.0084 5136 ACDaemon - ok

08:54:51.0590 5136 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys

08:54:51.0623 5136 ACPI - ok

08:54:51.0687 5136 [ A125765807A56B6323635CDDC5EF0770 ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

08:54:51.0705 5136 AcPrfMgrSvc - ok

08:54:51.0739 5136 [ 977457D42BC46E46D1FEA8D375685DE9 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

08:54:51.0763 5136 AcSvc - ok

08:54:51.0905 5136 [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

08:54:51.0929 5136 AdobeActiveFileMonitor8.0 - ok

08:54:52.0142 5136 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

08:54:52.0159 5136 AdobeARMservice - ok

08:54:52.0355 5136 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:54:52.0384 5136 AdobeFlashPlayerUpdateSvc - ok

08:54:52.0515 5136 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

08:54:52.0575 5136 adp94xx - ok

08:54:52.0614 5136 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

08:54:52.0646 5136 adpahci - ok

08:54:52.0678 5136 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

08:54:52.0703 5136 adpu160m - ok

08:54:52.0751 5136 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

08:54:52.0776 5136 adpu320 - ok

08:54:52.0838 5136 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

08:54:53.0020 5136 AeLookupSvc - ok

08:54:53.0111 5136 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys

08:54:53.0130 5136 Afc - ok

08:54:53.0381 5136 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys

08:54:53.0517 5136 AFD - ok

08:54:53.0557 5136 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

08:54:53.0580 5136 agp440 - ok

08:54:53.0619 5136 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

08:54:53.0642 5136 aic78xx - ok

08:54:53.0666 5136 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

08:54:53.0749 5136 ALG - ok

08:54:53.0776 5136 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

08:54:53.0814 5136 aliide - ok

08:54:53.0855 5136 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

08:54:53.0876 5136 amdagp - ok

08:54:53.0895 5136 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

08:54:53.0924 5136 amdide - ok

08:54:53.0960 5136 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

08:54:54.0107 5136 AmdK7 - ok

08:54:54.0158 5136 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

08:54:54.0282 5136 AmdK8 - ok

08:54:54.0362 5136 [ 0F83CB9BCB247869BCAD28026B8F134B ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

08:54:54.0401 5136 ApfiltrService - ok

08:54:54.0451 5136 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

08:54:54.0540 5136 Appinfo - ok

08:54:54.0673 5136 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:54:54.0691 5136 Apple Mobile Device - ok

08:54:54.0727 5136 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

08:54:54.0750 5136 arc - ok

08:54:54.0796 5136 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

08:54:54.0819 5136 arcsas - ok

08:54:54.0856 5136 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

08:54:54.0943 5136 AsyncMac - ok

08:54:54.0991 5136 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys

08:54:55.0011 5136 atapi - ok

08:54:55.0195 5136 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:54:55.0294 5136 AudioEndpointBuilder - ok

08:54:55.0337 5136 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll

08:54:55.0394 5136 Audiosrv - ok

08:54:55.0760 5136 [ EE651D98B03FE3C075CCC58AB61C9287 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

08:54:55.0841 5136 AVG Security Toolbar Service - ok

08:54:56.0527 5136 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

08:54:56.0857 5136 AVGIDSAgent - ok

08:54:56.0961 5136 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys

08:54:56.0981 5136 AVGIDSDriver - ok

08:54:57.0017 5136 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys

08:54:57.0035 5136 AVGIDSFilter - ok

08:54:57.0161 5136 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys

08:54:57.0177 5136 AVGIDSHX - ok

08:54:57.0285 5136 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys

08:54:57.0350 5136 AVGIDSShim - ok

08:54:57.0397 5136 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys

08:54:57.0421 5136 Avgldx86 - ok

08:54:57.0485 5136 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys

08:54:57.0509 5136 Avgmfx86 - ok

08:54:57.0528 5136 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys

08:54:57.0543 5136 Avgrkx86 - ok

08:54:57.0574 5136 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys

08:54:57.0603 5136 Avgtdix - ok

08:54:57.0689 5136 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

08:54:57.0709 5136 avgwd - ok

08:54:57.0762 5136 [ F17463EDDB3B6A988F939FF403E067C3 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

08:54:57.0840 5136 b57nd60x - ok

08:54:57.0925 5136 [ 36AEC496BA179120305319D1086228FC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys

08:54:58.0032 5136 BCM43XX - ok

08:54:58.0284 5136 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

08:54:58.0302 5136 BcmSqlStartupSvc - ok

08:54:58.0369 5136 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

08:54:58.0433 5136 Beep - ok

08:54:58.0501 5136 [ D3E6D78285529962349A7F1617035938 ] BFE C:\Windows\System32\bfe.dll

08:54:58.0614 5136 BFE - ok

08:54:58.0726 5136 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll

08:54:58.0870 5136 BITS - ok

08:54:58.0893 5136 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

08:54:58.0947 5136 blbdrive - ok

08:54:59.0045 5136 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

08:54:59.0099 5136 Bonjour Service - ok

08:54:59.0175 5136 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

08:54:59.0310 5136 bowser - ok

08:54:59.0385 5136 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

08:54:59.0489 5136 BrFiltLo - ok

08:54:59.0512 5136 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

08:54:59.0562 5136 BrFiltUp - ok

08:54:59.0609 5136 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

08:54:59.0673 5136 Browser - ok

08:54:59.0742 5136 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

08:54:59.0992 5136 Brserid - ok

08:55:00.0026 5136 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

08:55:00.0119 5136 BrSerWdm - ok

08:55:00.0143 5136 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

08:55:00.0271 5136 BrUsbMdm - ok

08:55:00.0317 5136 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

08:55:00.0440 5136 BrUsbSer - ok

08:55:00.0573 5136 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe

08:55:00.0682 5136 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning

08:55:00.0682 5136 BrYNSvc - detected UnsignedFile.Multi.Generic (1)

08:55:00.0778 5136 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

08:55:00.0931 5136 BTHMODEM - ok

08:55:00.0993 5136 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

08:55:01.0063 5136 cdfs - ok

08:55:01.0103 5136 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

08:55:01.0172 5136 cdrom - ok

08:55:01.0230 5136 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll

08:55:01.0308 5136 CertPropSvc - ok

08:55:01.0354 5136 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

08:55:01.0409 5136 circlass - ok

08:55:01.0474 5136 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys

08:55:01.0500 5136 CLFS - ok

08:55:01.0689 5136 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:55:01.0726 5136 clr_optimization_v2.0.50727_32 - ok

08:55:01.0956 5136 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:55:01.0993 5136 clr_optimization_v4.0.30319_32 - ok

08:55:02.0095 5136 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

08:55:02.0167 5136 CmBatt - ok

08:55:02.0244 5136 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

08:55:02.0264 5136 cmdide - ok

08:55:02.0289 5136 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

08:55:02.0308 5136 Compbatt - ok

08:55:02.0318 5136 COMSysApp - ok

08:55:02.0362 5136 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

08:55:02.0383 5136 crcdisk - ok

08:55:02.0421 5136 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

08:55:02.0493 5136 Crusoe - ok

08:55:02.0599 5136 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll

08:55:02.0671 5136 CryptSvc - ok

08:55:02.0770 5136 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll

08:55:02.0856 5136 DcomLaunch - ok

08:55:02.0923 5136 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys

08:55:02.0991 5136 DfsC - ok

08:55:03.0166 5136 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe

08:55:03.0399 5136 DFSR - ok

08:55:03.0481 5136 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll

08:55:03.0535 5136 Dhcp - ok

08:55:03.0570 5136 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys

08:55:03.0591 5136 disk - ok

08:55:03.0689 5136 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll

08:55:03.0773 5136 Dnscache - ok

08:55:03.0824 5136 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll

08:55:03.0881 5136 dot3svc - ok

08:55:03.0933 5136 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

08:55:04.0011 5136 DPS - ok

08:55:04.0069 5136 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

08:55:04.0109 5136 drmkaud - ok

08:55:04.0138 5136 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

08:55:04.0246 5136 DXGKrnl - ok

08:55:04.0305 5136 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys

08:55:04.0369 5136 e1express - ok

08:55:04.0422 5136 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

08:55:04.0494 5136 E1G60 - ok

08:55:04.0536 5136 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

08:55:04.0607 5136 EapHost - ok

08:55:04.0665 5136 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys

08:55:04.0689 5136 Ecache - ok

08:55:04.0741 5136 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

08:55:04.0777 5136 elxstor - ok

08:55:04.0882 5136 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll

08:55:04.0959 5136 EMDMgmt - ok

08:55:05.0039 5136 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

08:55:05.0111 5136 ErrDev - ok

08:55:05.0186 5136 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll

08:55:05.0238 5136 EventSystem - ok

08:55:05.0313 5136 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys

08:55:05.0368 5136 exfat - ok

08:55:05.0399 5136 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys

08:55:05.0485 5136 fastfat - ok

08:55:05.0537 5136 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

08:55:05.0601 5136 fdc - ok

08:55:05.0650 5136 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

08:55:05.0720 5136 fdPHost - ok

08:55:05.0750 5136 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

08:55:05.0853 5136 FDResPub - ok

08:55:05.0971 5136 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

08:55:05.0992 5136 FileInfo - ok

08:55:06.0080 5136 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

08:55:06.0166 5136 Filetrace - ok

08:55:06.0368 5136 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

08:55:06.0437 5136 FLEXnet Licensing Service - ok

08:55:06.0483 5136 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

08:55:06.0570 5136 flpydisk - ok

08:55:06.0602 5136 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

08:55:06.0626 5136 FltMgr - ok

08:55:06.0713 5136 [ 85E5AD3A9D56FD6F92DB5FC9CA62E2E4 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys

08:55:06.0773 5136 FlyUsb - ok

08:55:06.0826 5136 [ C4C9A48C3339B6335F8F0DB1F47BB668 ] FNF5SVC C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

08:55:06.0843 5136 FNF5SVC - ok

08:55:06.0929 5136 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:55:06.0948 5136 FontCache3.0.0.0 - ok

08:55:06.0974 5136 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

08:55:07.0057 5136 Fs_Rec - ok

08:55:07.0104 5136 [ B3221FA06AF0ACA6D5D83717D573EB83 ] funfrm C:\Windows\system32\drivers\funfrm.sys

08:55:07.0136 5136 funfrm ( UnsignedFile.Multi.Generic ) - warning

08:55:07.0136 5136 funfrm - detected UnsignedFile.Multi.Generic (1)

08:55:07.0181 5136 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

08:55:07.0204 5136 gagp30kx - ok

08:55:07.0267 5136 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:55:07.0298 5136 GEARAspiWDM - ok

08:55:07.0419 5136 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll

08:55:07.0535 5136 gpsvc - ok

08:55:07.0651 5136 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca7b3cc622411a C:\Program Files\Google\Update\GoogleUpdate.exe

08:55:07.0694 5136 gupdate1ca7b3cc622411a - ok

08:55:07.0702 5136 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

08:55:07.0721 5136 gupdatem - ok

08:55:07.0853 5136 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

08:55:07.0908 5136 gusvc - ok

08:55:07.0944 5136 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

08:55:08.0061 5136 HdAudAddService - ok

08:55:08.0097 5136 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

08:55:08.0200 5136 HDAudBus - ok

08:55:08.0238 5136 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

08:55:08.0333 5136 HidBth - ok

08:55:08.0360 5136 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

08:55:08.0486 5136 HidIr - ok

08:55:08.0519 5136 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll

08:55:08.0610 5136 hidserv - ok

08:55:08.0641 5136 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

08:55:08.0676 5136 HidUsb - ok

08:55:08.0716 5136 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

08:55:08.0806 5136 hkmsvc - ok

08:55:08.0835 5136 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

08:55:08.0856 5136 HpCISSs - ok

08:55:08.0908 5136 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS

08:55:08.0967 5136 HSFHWAZL - ok

08:55:09.0005 5136 [ 33B02459E86D0A2B86A6B9FE19139390 ] HTTP C:\Windows\system32\drivers\HTTP.sys

08:55:09.0106 5136 HTTP - ok

08:55:09.0145 5136 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

08:55:09.0166 5136 i2omp - ok

08:55:09.0251 5136 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

08:55:09.0312 5136 i8042prt - ok

08:55:09.0360 5136 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

08:55:09.0401 5136 iaStorV - ok

08:55:09.0490 5136 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

08:55:09.0505 5136 IDriverT ( UnsignedFile.Multi.Generic ) - warning

08:55:09.0505 5136 IDriverT - detected UnsignedFile.Multi.Generic (1)

08:55:09.0592 5136 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:55:09.0671 5136 idsvc - ok

08:55:10.0297 5136 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

08:55:10.0857 5136 igfx - ok

08:55:10.0883 5136 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

08:55:10.0918 5136 iirsp - ok

08:55:10.0983 5136 [ 68E8C415E102E5D79FD7E4A765B8CBA4 ] IKEEXT C:\Windows\System32\ikeext.dll

08:55:11.0096 5136 IKEEXT - ok

08:55:11.0191 5136 [ C7E7E43CBD34D3B0A0156B51B917DFCC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys

08:55:11.0250 5136 IntcHdmiAddService - ok

08:55:11.0282 5136 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

08:55:11.0303 5136 intelide - ok

08:55:11.0337 5136 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

08:55:11.0400 5136 intelppm - ok

08:55:11.0517 5136 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

08:55:11.0569 5136 IPBusEnum - ok

08:55:11.0623 5136 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:55:11.0706 5136 IpFilterDriver - ok

08:55:11.0812 5136 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

08:55:11.0889 5136 iphlpsvc - ok

08:55:11.0897 5136 IpInIp - ok

08:55:11.0924 5136 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

08:55:11.0994 5136 IPMIDRV - ok

08:55:12.0038 5136 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

08:55:12.0107 5136 IPNAT - ok

08:55:12.0181 5136 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

08:55:12.0296 5136 iPod Service - ok

08:55:12.0330 5136 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

08:55:12.0406 5136 IRENUM - ok

08:55:12.0434 5136 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

08:55:12.0456 5136 isapnp - ok

08:55:12.0543 5136 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

08:55:12.0647 5136 iScsiPrt - ok

08:55:12.0666 5136 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

08:55:12.0691 5136 iteatapi - ok

08:55:12.0732 5136 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

08:55:12.0775 5136 iteraid - ok

08:55:12.0917 5136 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

08:55:12.0953 5136 IviRegMgr - ok

08:55:12.0978 5136 [ A69A1B991824B98F744913555F665893 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

08:55:13.0111 5136 JMCR - ok

08:55:13.0148 5136 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

08:55:13.0175 5136 kbdclass - ok

08:55:13.0243 5136 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

08:55:13.0361 5136 kbdhid - ok

08:55:13.0391 5136 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe

08:55:13.0465 5136 KeyIso - ok

08:55:13.0579 5136 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

08:55:13.0615 5136 KSecDD - ok

08:55:13.0702 5136 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

08:55:13.0810 5136 KtmRm - ok

08:55:13.0867 5136 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll

08:55:13.0927 5136 LanmanServer - ok

08:55:13.0976 5136 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:55:14.0062 5136 LanmanWorkstation - ok

08:55:14.0454 5136 [ 4CCC8AABE7880C56BA10043B8FBCA3EB ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

08:55:14.0818 5136 LeapFrog Connect Device Service - ok

08:55:14.0886 5136 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys

08:55:14.0903 5136 lenovo.smi - ok

08:55:14.0935 5136 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

08:55:15.0012 5136 lltdio - ok

08:55:15.0062 5136 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

08:55:15.0131 5136 lltdsvc - ok

08:55:15.0147 5136 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

08:55:15.0274 5136 lmhosts - ok

08:55:15.0332 5136 [ 31F74D5D47EEA83E5E89447586917774 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys

08:55:15.0347 5136 LPCFilter - ok

08:55:15.0383 5136 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

08:55:15.0410 5136 LSI_FC - ok

08:55:15.0449 5136 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

08:55:15.0487 5136 LSI_SAS - ok

08:55:15.0512 5136 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

08:55:15.0537 5136 LSI_SCSI - ok

08:55:15.0574 5136 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

08:55:15.0626 5136 luafv - ok

08:55:15.0633 5136 lxdw_device - ok

08:55:15.0713 5136 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys

08:55:15.0734 5136 MBAMSwissArmy - ok

08:55:15.0901 5136 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe

08:55:15.0935 5136 McComponentHostService - ok

08:55:15.0943 5136 mdmxsdk - ok

08:55:15.0977 5136 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

08:55:15.0998 5136 megasas - ok

08:55:16.0047 5136 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

08:55:16.0122 5136 MegaSR - ok

08:55:16.0175 5136 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

08:55:16.0309 5136 MMCSS - ok

08:55:16.0387 5136 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

08:55:16.0518 5136 Modem - ok

08:55:16.0595 5136 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

08:55:16.0648 5136 monitor - ok

08:55:16.0681 5136 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

08:55:16.0713 5136 mouclass - ok

08:55:16.0740 5136 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

08:55:16.0812 5136 mouhid - ok

08:55:16.0847 5136 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

08:55:16.0871 5136 MountMgr - ok

08:55:17.0041 5136 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

08:55:17.0089 5136 MozillaMaintenance - ok

08:55:17.0139 5136 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

08:55:17.0165 5136 mpio - ok

08:55:17.0187 5136 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

08:55:17.0241 5136 mpsdrv - ok

08:55:17.0280 5136 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll

08:55:17.0518 5136 MpsSvc - ok

08:55:17.0554 5136 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

08:55:17.0575 5136 Mraid35x - ok

08:55:17.0627 5136 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

08:55:17.0691 5136 MRxDAV - ok

08:55:17.0752 5136 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

08:55:17.0832 5136 mrxsmb - ok

08:55:17.0965 5136 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:55:17.0995 5136 mrxsmb10 - ok

08:55:18.0085 5136 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:55:18.0135 5136 mrxsmb20 - ok

08:55:18.0198 5136 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys

08:55:18.0230 5136 msahci - ok

08:55:18.0268 5136 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

08:55:18.0317 5136 msdsm - ok

08:55:18.0359 5136 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

08:55:18.0436 5136 MSDTC - ok

08:55:18.0460 5136 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

08:55:18.0539 5136 Msfs - ok

08:55:18.0575 5136 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

08:55:18.0595 5136 msisadrv - ok

08:55:18.0650 5136 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

08:55:18.0718 5136 MSiSCSI - ok

08:55:18.0725 5136 msiserver - ok

08:55:18.0758 5136 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

08:55:18.0831 5136 MSKSSRV - ok

08:55:18.0845 5136 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

08:55:18.0919 5136 MSPCLOCK - ok

08:55:18.0945 5136 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

08:55:18.0996 5136 MSPQM - ok

08:55:19.0034 5136 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

08:55:19.0059 5136 MsRPC - ok

08:55:19.0088 5136 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

08:55:19.0108 5136 mssmbios - ok

08:55:19.0172 5136 MSSQL$MSSMLBIZ - ok

08:55:19.0269 5136 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

08:55:19.0300 5136 MSSQLServerADHelper - ok

08:55:19.0343 5136 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

08:55:19.0410 5136 MSTEE - ok

08:55:19.0439 5136 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys

08:55:19.0460 5136 Mup - ok

08:55:19.0596 5136 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll

08:55:19.0693 5136 napagent - ok

08:55:19.0724 5136 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

08:55:19.0776 5136 NativeWifiP - ok

08:55:20.0034 5136 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe

08:55:20.0073 5136 NAUpdate - ok

08:55:20.0132 5136 [ C8560010A542B5DCA94C62468DC20784 ] NDIS C:\Windows\system32\drivers\ndis.sys

08:55:20.0168 5136 NDIS - ok

08:55:20.0191 5136 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

08:55:20.0267 5136 NdisTapi - ok

08:55:20.0289 5136 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

08:55:20.0339 5136 Ndisuio - ok

08:55:20.0361 5136 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

08:55:20.0443 5136 NdisWan - ok

08:55:20.0478 5136 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

08:55:20.0538 5136 NDProxy - ok

08:55:20.0565 5136 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

08:55:20.0655 5136 NetBIOS - ok

08:55:20.0690 5136 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

08:55:20.0758 5136 netbt - ok

08:55:20.0786 5136 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe

08:55:20.0814 5136 Netlogon - ok

08:55:20.0858 5136 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

08:55:20.0944 5136 Netman - ok

08:55:20.0993 5136 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

08:55:21.0074 5136 netprofm - ok

08:55:21.0173 5136 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:55:21.0197 5136 NetTcpPortSharing - ok

08:55:21.0239 5136 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

08:55:21.0266 5136 nfrd960 - ok

08:55:21.0363 5136 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

08:55:21.0451 5136 NlaSvc - ok

08:55:21.0496 5136 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys

08:55:21.0587 5136 Npfs - ok

08:55:21.0637 5136 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

08:55:21.0693 5136 nsi - ok

08:55:21.0726 5136 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

08:55:21.0842 5136 nsiproxy - ok

08:55:21.0972 5136 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

08:55:22.0094 5136 Ntfs - ok

08:55:22.0117 5136 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

08:55:22.0217 5136 ntrigdigi - ok

08:55:22.0258 5136 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

08:55:22.0342 5136 Null - ok

08:55:22.0362 5136 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

08:55:22.0390 5136 nvraid - ok

08:55:22.0424 5136 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

08:55:22.0446 5136 nvstor - ok

08:55:22.0467 5136 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

08:55:22.0491 5136 nv_agp - ok

08:55:22.0498 5136 NwlnkFlt - ok

08:55:22.0507 5136 NwlnkFwd - ok

08:55:22.0553 5136 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

08:55:22.0605 5136 ohci1394 - ok

08:55:22.0753 5136 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll

08:55:22.0937 5136 p2pimsvc - ok

08:55:22.0990 5136 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll

08:55:23.0068 5136 p2psvc - ok

08:55:23.0144 5136 [ DC450992EBA6F914080C1F7FBEEED72C ] PalmUSBD C:\Windows\system32\drivers\PalmUSBD.sys

08:55:23.0206 5136 PalmUSBD - ok

08:55:23.0227 5136 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

08:55:23.0338 5136 Parport - ok

08:55:23.0404 5136 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys

08:55:23.0426 5136 partmgr - ok

08:55:23.0450 5136 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

08:55:23.0642 5136 Parvdm - ok

08:55:23.0695 5136 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

08:55:23.0757 5136 PcaSvc - ok

08:55:23.0785 5136 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys

08:55:23.0813 5136 pci - ok

08:55:23.0839 5136 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys

08:55:23.0880 5136 pciide - ok

08:55:23.0933 5136 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

08:55:23.0960 5136 pcmcia - ok

08:55:24.0026 5136 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

08:55:24.0242 5136 PEAUTH - ok

08:55:24.0391 5136 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

08:55:24.0603 5136 pla - ok

08:55:24.0698 5136 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll

08:55:24.0756 5136 PlugPlay - ok

08:55:24.0846 5136 [ 29A26236447E5B5E3FCE5E33168C43E0 ] PMSveH C:\Program Files\Lenovo\PMDriver\PMSveH.exe

08:55:24.0854 5136 PMSveH ( UnsignedFile.Multi.Generic ) - warning

08:55:24.0855 5136 PMSveH - detected UnsignedFile.Multi.Generic (1)

08:55:25.0032 5136 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

08:55:25.0171 5136 PNRPAutoReg - ok

08:55:25.0207 5136 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll

08:55:25.0254 5136 PNRPsvc - ok

08:55:25.0338 5136 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

08:55:25.0438 5136 PolicyAgent - ok

08:55:25.0485 5136 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

08:55:25.0537 5136 PptpMiniport - ok

08:55:25.0574 5136 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

08:55:25.0638 5136 Processor - ok

08:55:25.0695 5136 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll

08:55:25.0751 5136 ProfSvc - ok

08:55:25.0775 5136 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe

08:55:25.0803 5136 ProtectedStorage - ok

08:55:25.0862 5136 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\Windows\system32\DRIVERS\psadd.sys

08:55:25.0880 5136 psadd - ok

08:55:25.0908 5136 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys

08:55:25.0979 5136 PSched - ok

08:55:26.0026 5136 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

08:55:26.0044 5136 PxHelp20 - ok

08:55:26.0378 5136 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

08:55:26.0602 5136 ql2300 - ok

08:55:26.0643 5136 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

08:55:26.0666 5136 ql40xx - ok

08:55:26.0743 5136 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

08:55:26.0784 5136 QWAVE - ok

08:55:26.0852 5136 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

08:55:26.0910 5136 QWAVEdrv - ok

08:55:26.0944 5136 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

08:55:26.0994 5136 RasAcd - ok

08:55:27.0039 5136 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

08:55:27.0103 5136 RasAuto - ok

08:55:27.0132 5136 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

08:55:27.0185 5136 Rasl2tp - ok

08:55:27.0318 5136 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll

08:55:27.0413 5136 RasMan - ok

08:55:27.0449 5136 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

08:55:27.0526 5136 RasPppoe - ok

08:55:27.0550 5136 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

08:55:27.0604 5136 RasSstp - ok

08:55:27.0636 5136 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

08:55:27.0712 5136 rdbss - ok

08:55:27.0793 5136 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

08:55:27.0874 5136 RDPCDD - ok

08:55:27.0907 5136 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

08:55:27.0965 5136 rdpdr - ok

08:55:27.0977 5136 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

08:55:28.0027 5136 RDPENCDD - ok

08:55:28.0080 5136 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

08:55:28.0167 5136 RDPWD - ok

08:55:28.0209 5136 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

08:55:28.0274 5136 RemoteAccess - ok

08:55:28.0326 5136 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll

08:55:28.0416 5136 RemoteRegistry - ok

08:55:28.0421 5136 RoxLiveShare10 - ok

08:55:28.0477 5136 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

08:55:28.0552 5136 RpcLocator - ok

08:55:28.0690 5136 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll

08:55:28.0766 5136 RpcSs - ok

08:55:28.0802 5136 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

08:55:28.0886 5136 rspndr - ok

08:55:28.0912 5136 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe

08:55:28.0940 5136 SamSs - ok

08:55:28.0988 5136 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

08:55:29.0010 5136 sbp2port - ok

08:55:29.0042 5136 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll

08:55:29.0113 5136 SCardSvr - ok

08:55:29.0194 5136 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll

08:55:29.0290 5136 Schedule - ok

08:55:29.0324 5136 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll

08:55:29.0375 5136 SCPolicySvc - ok

08:55:29.0451 5136 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

08:55:29.0526 5136 sdbus - ok

08:55:29.0560 5136 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

08:55:29.0651 5136 SDRSVC - ok

08:55:29.0669 5136 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

08:55:29.0781 5136 secdrv - ok

08:55:29.0843 5136 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

08:55:29.0916 5136 seclogon - ok

08:55:29.0948 5136 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll

08:55:30.0030 5136 SENS - ok

08:55:30.0067 5136 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

08:55:30.0155 5136 Serenum - ok

08:55:30.0191 5136 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

08:55:30.0299 5136 Serial - ok

08:55:30.0331 5136 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

08:55:30.0383 5136 sermouse - ok

08:55:30.0442 5136 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

08:55:30.0540 5136 SessionEnv - ok

08:55:30.0633 5136 SessionLauncher - ok

08:55:30.0654 5136 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

08:55:30.0695 5136 sffdisk - ok

08:55:30.0755 5136 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

08:55:30.0834 5136 sffp_mmc - ok

08:55:30.0874 5136 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

08:55:30.0924 5136 sffp_sd - ok

08:55:30.0948 5136 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

08:55:31.0047 5136 sfloppy - ok

08:55:31.0116 5136 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

08:55:31.0173 5136 SharedAccess - ok

08:55:31.0236 5136 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:55:31.0310 5136 ShellHWDetection - ok

08:55:31.0338 5136 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

08:55:31.0361 5136 sisagp - ok

08:55:31.0398 5136 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

08:55:31.0420 5136 SiSRaid2 - ok

08:55:31.0445 5136 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

08:55:31.0500 5136 SiSRaid4 - ok

08:55:31.0601 5136 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

08:55:31.0624 5136 SkypeUpdate - ok

08:55:31.0892 5136 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe

08:55:32.0458 5136 slsvc - ok

08:55:32.0585 5136 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll

08:55:32.0642 5136 SLUINotify - ok

08:55:32.0668 5136 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys

08:55:32.0763 5136 Smb - ok

08:55:32.0796 5136 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

08:55:32.0826 5136 SNMPTRAP - ok

08:55:32.0841 5136 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

08:55:32.0861 5136 spldr - ok

08:55:32.0917 5136 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe

08:55:32.0982 5136 Spooler - ok

08:55:33.0017 5136 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

08:55:33.0045 5136 SQLBrowser - ok

08:55:33.0122 5136 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

08:55:33.0141 5136 SQLWriter - ok

08:55:33.0258 5136 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys

08:55:33.0338 5136 srv - ok

08:55:33.0448 5136 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

08:55:33.0577 5136 srv2 - ok

08:55:33.0605 5136 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

08:55:33.0632 5136 srvnet - ok

08:55:33.0671 5136 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

08:55:33.0756 5136 SSDPSRV - ok

08:55:33.0806 5136 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

08:55:33.0872 5136 SstpSvc - ok

08:55:33.0935 5136 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll

08:55:34.0040 5136 stisvc - ok

08:55:34.0121 5136 [ B71A41CAD9DE92219C3891E88F822AC3 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe

08:55:34.0129 5136 SUService ( UnsignedFile.Multi.Generic ) - warning

08:55:34.0129 5136 SUService - detected UnsignedFile.Multi.Generic (1)

08:55:34.0158 5136 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

08:55:34.0178 5136 swenum - ok

08:55:34.0225 5136 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll

08:55:34.0310 5136 swprv - ok

08:55:34.0356 5136 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

08:55:34.0378 5136 Symc8xx - ok

08:55:34.0401 5136 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

08:55:34.0421 5136 Sym_hi - ok

08:55:34.0448 5136 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

08:55:34.0477 5136 Sym_u3 - ok

08:55:34.0528 5136 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll

08:55:34.0637 5136 SysMain - ok

08:55:34.0685 5136 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:55:34.0732 5136 TabletInputService - ok

08:55:34.0804 5136 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll

08:55:34.0885 5136 TapiSrv - ok

08:55:34.0914 5136 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

08:55:35.0007 5136 TBS - ok

08:55:35.0088 5136 [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

08:55:35.0199 5136 Tcpip - ok

08:55:35.0465 5136 [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

08:55:35.0562 5136 Tcpip6 - ok

08:55:35.0605 5136 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

08:55:35.0695 5136 tcpipreg - ok

08:55:35.0741 5136 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

08:55:35.0832 5136 TDPIPE - ok

08:55:35.0858 5136 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

08:55:35.0929 5136 TDTCP - ok

08:55:35.0996 5136 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

08:55:36.0090 5136 tdx - ok

08:55:36.0127 5136 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

08:55:36.0149 5136 TermDD - ok

08:55:36.0223 5136 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll

08:55:36.0345 5136 TermService - ok

08:55:36.0391 5136 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll

08:55:36.0444 5136 Themes - ok

08:55:36.0681 5136 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

08:55:36.0740 5136 ThinkVantage Registry Monitor Service - ok

08:55:36.0763 5136 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

08:55:36.0816 5136 THREADORDER - ok

08:55:37.0055 5136 [ 4DE3FAEE834E9EF5151A71866F6DB55D ] TivoBeacon2 C:\Program Files\TiVo\Desktop\TiVoBeacon.exe

08:55:37.0212 5136 TivoBeacon2 - ok

08:55:37.0261 5136 [ 93CFFC9CB0D4354FDF60C4982DD3D379 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

08:55:37.0269 5136 TPHKSVC ( UnsignedFile.Multi.Generic ) - warning

08:55:37.0269 5136 TPHKSVC - detected UnsignedFile.Multi.Generic (1)

08:55:37.0388 5136 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys

08:55:37.0445 5136 TPM - ok

08:55:37.0480 5136 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

08:55:37.0535 5136 TrkWks - ok

08:55:37.0678 5136 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:55:37.0767 5136 TrustedInstaller - ok

08:55:37.0793 5136 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

08:55:37.0861 5136 tssecsrv - ok

08:55:37.0936 5136 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

08:55:38.0011 5136 tunmp - ok

08:55:38.0051 5136 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

08:55:38.0097 5136 tunnel - ok

08:55:38.0185 5136 [ 1A9F115D6F82FC0753D06599E42B2295 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

08:55:38.0235 5136 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning

08:55:38.0235 5136 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)

08:55:38.0300 5136 [ 43FFBB6AF7245C97865ADA74B8CEECF9 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

08:55:38.0335 5136 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning

08:55:38.0336 5136 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)

08:55:38.0509 5136 [ 58BC366538A8A1F252D2750C1F5193B6 ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

08:55:38.0637 5136 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning

08:55:38.0637 5136 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)

08:55:38.0667 5136 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys

08:55:38.0676 5136 tvtfilter ( UnsignedFile.Multi.Generic ) - warning

08:55:38.0676 5136 tvtfilter - detected UnsignedFile.Multi.Generic (1)

08:55:38.0699 5136 [ 7E66DDA1EF146BFC3A6E36E08E036602 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys

08:55:38.0727 5136 TVTI2C - ok

08:55:38.0818 5136 [ FC4D5A1EA9D736907CB547085248199F ] tvtumon C:\Windows\system32\DRIVERS\tvtumon.sys

08:55:38.0856 5136 tvtumon - ok

08:55:38.0915 5136 [ 22A001F3FBB92E3811C3BFD8FDAD3ED3 ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

08:55:38.0933 5136 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning

08:55:38.0933 5136 TVT_UpdateMonitor - detected UnsignedFile.Multi.Generic (1)

08:55:38.0960 5136 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

08:55:38.0989 5136 uagp35 - ok

08:55:39.0028 5136 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

08:55:39.0130 5136 udfs - ok

08:55:39.0214 5136 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

08:55:39.0299 5136 UI0Detect - ok

08:55:39.0328 5136 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

08:55:39.0362 5136 uliagpkx - ok

08:55:39.0413 5136 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

08:55:39.0443 5136 uliahci - ok

08:55:39.0480 5136 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

08:55:39.0530 5136 UlSata - ok

08:55:39.0551 5136 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

08:55:39.0589 5136 ulsata2 - ok

08:55:39.0622 5136 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

08:55:39.0673 5136 umbus - ok

08:55:39.0730 5136 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

08:55:39.0829 5136 upnphost - ok

08:55:39.0908 5136 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

08:55:39.0980 5136 USBAAPL - ok

08:55:40.0036 5136 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

08:55:40.0090 5136 usbaudio - ok

08:55:40.0146 5136 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

08:55:40.0270 5136 usbccgp - ok

08:55:40.0291 5136 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

08:55:40.0410 5136 usbcir - ok

08:55:40.0439 5136 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

08:55:40.0524 5136 usbehci - ok

08:55:40.0596 5136 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

08:55:40.0673 5136 usbhub - ok

08:55:40.0693 5136 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

08:55:40.0784 5136 usbohci - ok

08:55:40.0839 5136 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

08:55:40.0929 5136 usbprint - ok

08:55:40.0973 5136 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

08:55:41.0033 5136 usbscan - ok

08:55:41.0058 5136 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:55:41.0133 5136 USBSTOR - ok

08:55:41.0159 5136 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

08:55:41.0229 5136 usbuhci - ok

08:55:41.0278 5136 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

08:55:41.0333 5136 usbvideo - ok

08:55:41.0358 5136 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll

08:55:41.0414 5136 UxSms - ok

08:55:41.0449 5136 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe

08:55:41.0545 5136 vds - ok

08:55:41.0562 5136 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

08:55:41.0650 5136 vga - ok

08:55:41.0681 5136 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

08:55:41.0732 5136 VgaSave - ok

08:55:41.0775 5136 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

08:55:41.0812 5136 viaagp - ok

08:55:41.0849 5136 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

08:55:41.0930 5136 ViaC7 - ok

08:55:41.0955 5136 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

08:55:41.0977 5136 viaide - ok

08:55:41.0992 5136 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

08:55:42.0013 5136 volmgr - ok

08:55:42.0027 5136 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

08:55:42.0056 5136 volmgrx - ok

08:55:42.0085 5136 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys

08:55:42.0111 5136 volsnap - ok

08:55:42.0145 5136 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

08:55:42.0192 5136 vsmraid - ok

08:55:42.0281 5136 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe

08:55:42.0421 5136 VSS - ok

08:55:42.0690 5136 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

08:55:42.0793 5136 vToolbarUpdater11.2.0 - ok

08:55:42.0937 5136 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll

08:55:42.0998 5136 W32Time - ok

08:55:43.0055 5136 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

08:55:43.0177 5136 WacomPen - ok

08:55:43.0218 5136 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

08:55:43.0284 5136 Wanarp - ok

08:55:43.0290 5136 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

08:55:43.0334 5136 Wanarpv6 - ok

08:55:43.0383 5136 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll

08:55:43.0438 5136 wcncsvc - ok

08:55:43.0484 5136 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:55:43.0548 5136 WcsPlugInService - ok

08:55:43.0603 5136 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

08:55:43.0646 5136 Wd - ok

08:55:43.0697 5136 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

08:55:43.0733 5136 Wdf01000 - ok

08:55:43.0750 5136 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

08:55:43.0823 5136 WdiServiceHost - ok

08:55:43.0846 5136 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

08:55:43.0903 5136 WdiSystemHost - ok

08:55:43.0991 5136 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll

08:55:44.0042 5136 WebClient - ok

08:55:44.0108 5136 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

08:55:44.0167 5136 Wecsvc - ok

08:55:44.0212 5136 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

08:55:44.0279 5136 wercplsupport - ok

08:55:44.0291 5136 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll

08:55:44.0341 5136 WerSvc - ok

08:55:44.0376 5136 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

08:55:44.0415 5136 WimFltr - ok

08:55:44.0523 5136 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

08:55:44.0553 5136 WinDefend - ok

08:55:44.0563 5136 WinHttpAutoProxySvc - ok

08:55:44.0639 5136 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

08:55:44.0719 5136 Winmgmt - ok

08:55:44.0822 5136 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

08:55:45.0032 5136 WinRM - ok

08:55:45.0106 5136 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll

08:55:45.0258 5136 Wlansvc - ok

08:55:45.0551 5136 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:55:45.0947 5136 wlidsvc - ok

08:55:45.0996 5136 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

08:55:46.0051 5136 WmiAcpi - ok

08:55:46.0112 5136 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

08:55:46.0167 5136 wmiApSrv - ok

08:55:46.0278 5136 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

08:55:46.0378 5136 WMPNetworkSvc - ok

08:55:46.0427 5136 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

08:55:46.0509 5136 WPCSvc - ok

08:55:46.0526 5136 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

08:55:46.0584 5136 WPDBusEnum - ok

08:55:46.0616 5136 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

08:55:46.0724 5136 WpdUsb - ok

08:55:46.0973 5136 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

08:55:47.0034 5136 WPFFontCache_v0400 - ok

08:55:47.0063 5136 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

08:55:47.0121 5136 ws2ifsl - ok

08:55:47.0158 5136 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll

08:55:47.0208 5136 wscsvc - ok

08:55:47.0272 5136 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

08:55:47.0312 5136 WSDPrintDevice - ok

08:55:47.0324 5136 WSearch - ok

08:55:47.0566 5136 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll

08:55:47.0882 5136 wuauserv - ok

08:55:47.0979 5136 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

08:55:48.0061 5136 WUDFRd - ok

08:55:48.0234 5136 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

08:55:48.0332 5136 wudfsvc - ok

08:55:48.0380 5136 ================ Scan global ===============================

08:55:48.0451 5136 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

08:55:48.0542 5136 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll

08:55:48.0586 5136 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll

08:55:48.0723 5136 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe

08:55:48.0734 5136 [Global] - ok

08:55:48.0735 5136 ================ Scan MBR ==================================

08:55:48.0773 5136 [ 08ACAA2C3CDDDACA484B76C636B4EDC2 ] \Device\Harddisk0\DR0

08:55:49.0848 5136 \Device\Harddisk0\DR0 - ok

08:55:49.0849 5136 ================ Scan VBR ==================================

08:55:49.0898 5136 [ B986B4BCB12652EC7274DF702E9280C7 ] \Device\Harddisk0\DR0\Partition1

08:55:49.0932 5136 \Device\Harddisk0\DR0\Partition1 - ok

08:55:49.0971 5136 [ 8832575F421D04E1B7F821299E1E8C8A ] \Device\Harddisk0\DR0\Partition2

08:55:49.0975 5136 \Device\Harddisk0\DR0\Partition2 - ok

08:55:50.0018 5136 [ 82478E56A7AE0462CB9D68D9A4177042 ] \Device\Harddisk0\DR0\Partition3

08:55:50.0047 5136 \Device\Harddisk0\DR0\Partition3 - ok

08:55:50.0048 5136 ============================================================

08:55:50.0048 5136 Scan finished

08:55:50.0048 5136 ============================================================

08:55:50.0074 5312 Detected object count: 11

08:55:50.0074 5312 Actual detected object count: 11

08:56:18.0234 5312 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0234 5312 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0235 5312 funfrm ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0235 5312 funfrm ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0238 5312 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0238 5312 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0241 5312 PMSveH ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0241 5312 PMSveH ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0244 5312 SUService ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0245 5312 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0248 5312 TPHKSVC ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0249 5312 TPHKSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0252 5312 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0252 5312 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0255 5312 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0255 5312 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0258 5312 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0259 5312 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0262 5312 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0262 5312 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:18.0266 5312 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

08:56:18.0266 5312 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:56:29.0180 5808 Deinitialize success

Link to post
Share on other sites

That scan was clean.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I disabled my anti-virus (AVG2012) and firewall and attempted to run Combo fix.

I received an error message that ComboFix cannot run if CA Antivirus is installed. So I went to uninstall it, but it's not in my list of available programs to uninstall. The I found it in my list of programs on my start menu and chose the "uninstall" option. Then I get this error:

Error: The specifid products are not installed and therefore cannot be uninstalled (9037). Click Help for more information.

Clicking 'Help' brings up a pop-up that basically tells me that in order to uninstall CA Antivirus I first have to install it, and then uninstall it.

Should I install/uninstall CA Antivirus?

Link to post
Share on other sites

No. The exact error message:

"ComboFix cannot run when CA Anti-Virus is installed. It would be dangerous to continue. Please uninstall CA Anti-Virus or use another tool."

There is only one button to click on this pop-up, which is an "okay" button. Clicking "okay" causes ComboFix to stop running.

Link to post
Share on other sites

OK...please do this..............

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

I don't see any signs of CA anti-virus on the system, did you ever have it installed?

If so...download and install appremover > see if it finds it:

http://www.appremover.com/

---------------------------

Please do this using OTL:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\..\Toolbar\WebBrowser: (no name) - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found.
    O3 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003..\Run: [fsm] File not found
    O37 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\...com [@ = comfile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-21-1376172574-1599886409-3189326231-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2010/02/16 20:55:04 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\쒡瞟웍瞟
    [2010/02/16 20:55:04 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\쒡瞟웍瞟
    (C:\ProgramData\????) -- C:\ProgramData\쒡瞟웍瞟
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

I can't say for sure if CA Anti-Virus was ever installed or not. This laptop was previously my husbands before he handed it off to me.

I downloaded and ran appremover but it didn't find CA Anti-Virus through either option (remove a security program, or clean up a failed install).

I ran the OTL script you pasted, but I don't see any file in the indicated location that ends in ".log". When I rebooted (it made me), it automatically opened up a txt file. Is that what you want? I attached it just in case.

08292012_175249.log

Link to post
Share on other sites

The second link does download an exe file but it's not what the screenshots show it is, or what it will do. After clicking the 2nd "run" button, I get a pop-up wanting me to allow remote assistance. It does NOT do what the screenshots show it will do.

I declined the remote assistance. Do you really want me to do that?

Link to post
Share on other sites

So I installed CA (it made me uninstall MWB!) and uninstalled CA. I tried to run ComboFix, but got the same error as before (cannot run if CA is installed). So I installed CA again and used the AppRemover program you had me download earlier to remove the CA program. It says it was successful! At the end of the uninstall, I had to reboot my laptop.

When it came back up, it can no longer connect to the wireless internet (typing this on our desktop). I rebooted again to see if that would help, it didn't. When I tell Windows to diagnose why it can't connect, it says, "The Windows Wireless Service is not running on this computer." and an option to "Start Windows Wireless Service". I click that and it says "repairing..." Then it says, "Windows cannot resolve the problem. Please contact your network administrator or Internet Service Provider."

Link to post
Share on other sites

You can delete them, they're just cookies > nothing major.

~~~~~~~~~~~

Next.....

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please zip it up and attach it to your next post.

MrC

Link to post
Share on other sites

Whew! That took a long time! During the first scan I got the blue screen of death about 5 minutes into the scan. When my laptop came back up I started the scan again and this time made sure no other programs were in use (other than normal background applications) and it finally finished about an hour after it started.

Below is the log, the mbr.dat file is attached.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-30 12:52:23

-----------------------------

12:52:23.390 OS Version: Windows 6.0.6001 Service Pack 1

12:52:23.391 Number of processors: 2 586 0xF0D

12:52:23.393 ComputerName: LENOVALAPTOP UserName: Darren

12:53:12.068 Initialize success

12:53:35.607 AVAST engine defs: 12083000

12:53:38.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:53:38.719 Disk 0 Vendor: ST9160827AS 3.AAC Size: 152627MB BusType: 3

12:53:38.806 Disk 0 MBR read successfully

12:53:38.810 Disk 0 MBR scan

12:53:38.819 Disk 0 unknown MBR code

12:53:38.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048

12:53:38.905 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 141124 MB offset 3074048

12:53:38.940 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 292098048

12:53:38.982 Disk 0 scanning sectors +312578048

12:53:39.131 Disk 0 scanning C:\Windows\system32\drivers

12:53:58.864 Service scanning

12:55:03.549 Modules scanning

12:55:43.777 Disk 0 trace - called modules:

12:55:43.818 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys

12:55:43.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e6e9d8]

12:55:43.841 3 CLASSPNP.SYS[8c3a8745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x87719ba0]

12:55:50.303 AVAST engine scan C:\Windows

12:56:42.599 AVAST engine scan C:\Windows\system32

13:04:51.650 AVAST engine scan C:\Windows\system32\drivers

13:05:14.788 AVAST engine scan C:\Users\Darren

13:57:06.118 AVAST engine scan C:\ProgramData

14:08:04.545 Scan finished successfully

14:15:59.136 Disk 0 MBR has been saved successfully to "C:\Users\Coupons1\Desktop\MBR.dat"

14:15:59.148 The log file has been saved successfully to "C:\Users\Coupons1\Desktop\aswMBR.txt"

mbr.zip.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.