Windows 7 home 64bit Infected (scans freeze computer)

[Gyroc]

I will start by saying I have done HJT logs before on a different forum and I worked in the IT field for over two years. My friends sister who lives out of state called me having computer issues (this did not surprise me she always gets her PC's infected but im getting off topic) she complained of it running slow my first assumption was a virus. After installing two remote assistance programs 1. Teamviewer and 2. Logmein I updated her MBAM and ran a full scan, The scan never completed because the laptop restarted on its own. This made me think she had something serious so I preformed another scan excluding her C:\Windows folder (this is where the scan triggered the restart) and was able to remove about 124 viruses

Everytime my MBAM scans

C:\Windows\System32\NlsLexicons0009.dll

C:\Windows\System32\NlsLexicons0007.dll

The computer freezes (I have scanned in safe mode and normal boot) if I exclude the Windows folder as stated above it will scan just fine I have ran a DDS log as well and posted it but I fear that not having completed the full scan I will need to do something else to help clean it up more for you and then run a second scan please advise, and thank you for your time

[Gyroc]

Logs

Attach.txt

DDS.txt

[Maurice Naggar]

Hello Gyroc,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 4

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of aswMBR report;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[Gyroc]

Thank you for the help. I have followed those steps.

aswMBR.txt

RKreport1.txt

tdskiller report.txt

[Maurice Naggar]

No, do not attach files.

Copy and Paste the logs inside the main-body of reply box.

TIA

[Gyroc]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-09 11:49:40

-----------------------------

11:49:40.642 OS Version: Windows x64 6.1.7601 Service Pack 1

11:49:40.642 Number of processors: 1 586 0x603

11:49:40.642 ComputerName: BRITTANY-PC UserName: B rittany

11:49:41.173 Initialize success

11:50:43.774 AVAST engine defs: 12090900

11:51:06.306 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

11:51:06.306 Disk 0 Vendor: TOSHIBA_MK2555GSXN GC002M Size: 238475MB BusType: 11

11:51:06.353 Disk 0 MBR read successfully

11:51:06.353 Disk 0 MBR scan

11:51:06.353 Disk 0 Windows VISTA default MBR code

11:51:06.369 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

11:51:06.384 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227762 MB offset 3074048

11:51:06.431 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9212 MB offset 469530624

11:51:06.509 Disk 0 scanning C:\windows\system32\drivers

11:51:20.234 Service scanning

11:52:01.244 Modules scanning

11:52:01.260 Scan finished successfully

12:01:11.182 Disk 0 MBR has been saved successfully to "C:\Users\B rittany\Desktop\MBR.dat"

12:01:11.197 The log file has been saved successfully to "C:\Users\B rittany\Desktop\aswMBR.txt"

--------------------------------------------------------------------------------------------------------------------------------------------

12:03:47.0861 4024 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

12:03:48.0361 4024 ============================================================

12:03:48.0361 4024 Current date / time: 2012/09/09 12:03:48.0361

12:03:48.0361 4024 SystemInfo:

12:03:48.0361 4024

12:03:48.0361 4024 OS Version: 6.1.7601 ServicePack: 1.0

12:03:48.0361 4024 Product type: Workstation

12:03:48.0361 4024 ComputerName: BRITTANY-PC

12:03:48.0361 4024 UserName: B rittany

12:03:48.0361 4024 Windows directory: C:\windows

12:03:48.0361 4024 System windows directory: C:\windows

12:03:48.0361 4024 Running under WOW64

12:03:48.0361 4024 Processor architecture: Intel x64

12:03:48.0361 4024 Number of processors: 1

12:03:48.0361 4024 Page size: 0x1000

12:03:48.0361 4024 Boot type: Normal boot

12:03:48.0361 4024 ============================================================

12:03:49.0687 4024 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:03:49.0687 4024 ============================================================

12:03:49.0687 4024 \Device\Harddisk0\DR0:

12:03:49.0687 4024 MBR partitions:

12:03:49.0687 4024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCD9000

12:03:49.0687 4024 ============================================================

12:03:49.0733 4024 C: <-> \Device\Harddisk0\DR0\Partition1

12:03:49.0733 4024 ============================================================

12:03:49.0733 4024 Initialize success

12:03:49.0733 4024 ============================================================

12:03:51.0137 4232 ============================================================

12:03:51.0137 4232 Scan started

12:03:51.0137 4232 Mode: Manual;

12:03:51.0137 4232 ============================================================

12:03:51.0855 4232 ================ Scan system memory ========================

12:03:51.0855 4232 System memory - ok

12:03:51.0855 4232 ================ Scan services =============================

12:03:52.0027 4232 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

12:03:52.0027 4232 1394ohci - ok

12:03:52.0089 4232 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

12:03:52.0105 4232 ACPI - ok

12:03:52.0136 4232 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

12:03:52.0136 4232 AcpiPmi - ok

12:03:52.0292 4232 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:03:52.0292 4232 AdobeARMservice - ok

12:03:52.0354 4232 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

12:03:52.0354 4232 adp94xx - ok

12:03:52.0385 4232 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

12:03:52.0385 4232 adpahci - ok

12:03:52.0417 4232 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

12:03:52.0417 4232 adpu320 - ok

12:03:52.0448 4232 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

12:03:52.0448 4232 AeLookupSvc - ok

12:03:52.0510 4232 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

12:03:52.0510 4232 AFD - ok

12:03:52.0557 4232 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

12:03:52.0557 4232 agp440 - ok

12:03:52.0604 4232 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

12:03:52.0604 4232 ALG - ok

12:03:52.0666 4232 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

12:03:52.0666 4232 aliide - ok

12:03:52.0729 4232 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe

12:03:52.0729 4232 AMD External Events Utility - ok

12:03:52.0775 4232 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

12:03:52.0775 4232 amdide - ok

12:03:52.0822 4232 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

12:03:52.0822 4232 AmdK8 - ok

12:03:53.0041 4232 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\windows\system32\DRIVERS\atipmdag.sys

12:03:53.0181 4232 amdkmdag - ok

12:03:53.0243 4232 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys

12:03:53.0243 4232 amdkmdap - ok

12:03:53.0290 4232 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

12:03:53.0290 4232 AmdPPM - ok

12:03:53.0353 4232 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

12:03:53.0353 4232 amdsata - ok

12:03:53.0399 4232 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

12:03:53.0399 4232 amdsbs - ok

12:03:53.0446 4232 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

12:03:53.0446 4232 amdxata - ok

12:03:53.0555 4232 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

12:03:53.0555 4232 AntiVirSchedulerService - ok

12:03:53.0618 4232 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

12:03:53.0618 4232 AntiVirService - ok

12:03:53.0696 4232 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

12:03:53.0696 4232 AppID - ok

12:03:53.0727 4232 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

12:03:53.0727 4232 AppIDSvc - ok

12:03:53.0789 4232 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

12:03:53.0789 4232 Appinfo - ok

12:03:53.0867 4232 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:03:53.0867 4232 Apple Mobile Device - ok

12:03:53.0930 4232 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys

12:03:53.0930 4232 arc - ok

12:03:53.0961 4232 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

12:03:53.0961 4232 arcsas - ok

12:03:53.0977 4232 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

12:03:53.0977 4232 AsyncMac - ok

12:03:54.0023 4232 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

12:03:54.0023 4232 atapi - ok

12:03:54.0101 4232 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\windows\system32\DRIVERS\athrx.sys

12:03:54.0133 4232 athr - ok

12:03:54.0179 4232 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys

12:03:54.0179 4232 AtiPcie - ok

12:03:54.0257 4232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

12:03:54.0273 4232 AudioEndpointBuilder - ok

12:03:54.0289 4232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

12:03:54.0289 4232 AudioSrv - ok

12:03:54.0335 4232 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys

12:03:54.0335 4232 avgntflt - ok

12:03:54.0351 4232 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys

12:03:54.0351 4232 avipbb - ok

12:03:54.0398 4232 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

12:03:54.0413 4232 AxInstSV - ok

12:03:54.0460 4232 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys

12:03:54.0476 4232 b06bdrv - ok

12:03:54.0523 4232 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

12:03:54.0523 4232 b57nd60a - ok

12:03:54.0601 4232 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

12:03:54.0601 4232 BDESVC - ok

12:03:54.0632 4232 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

12:03:54.0632 4232 Beep - ok

12:03:54.0694 4232 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

12:03:54.0710 4232 BFE - ok

12:03:54.0741 4232 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

12:03:54.0757 4232 BITS - ok

12:03:54.0819 4232 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

12:03:54.0819 4232 blbdrive - ok

12:03:54.0897 4232 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

12:03:54.0897 4232 Bonjour Service - ok

12:03:54.0944 4232 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

12:03:54.0959 4232 bowser - ok

12:03:54.0991 4232 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

12:03:54.0991 4232 BrFiltLo - ok

12:03:55.0006 4232 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

12:03:55.0006 4232 BrFiltUp - ok

12:03:55.0053 4232 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

12:03:55.0053 4232 Browser - ok

12:03:55.0069 4232 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

12:03:55.0069 4232 Brserid - ok

12:03:55.0084 4232 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

12:03:55.0084 4232 BrSerWdm - ok

12:03:55.0100 4232 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

12:03:55.0100 4232 BrUsbMdm - ok

12:03:55.0147 4232 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

12:03:55.0147 4232 BrUsbSer - ok

12:03:55.0162 4232 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

12:03:55.0162 4232 BTHMODEM - ok

12:03:55.0225 4232 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

12:03:55.0225 4232 bthserv - ok

12:03:55.0287 4232 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\windows\system32\drivers\BVRPMPR5a64.SYS

12:03:55.0287 4232 BVRPMPR5a64 - ok

12:03:55.0303 4232 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

12:03:55.0303 4232 cdfs - ok

12:03:55.0365 4232 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys

12:03:55.0365 4232 cdrom - ok

12:03:55.0412 4232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

12:03:55.0412 4232 CertPropSvc - ok

12:03:55.0474 4232 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys

12:03:55.0474 4232 circlass - ok

12:03:55.0537 4232 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

12:03:55.0537 4232 CLFS - ok

12:03:55.0615 4232 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:03:55.0615 4232 clr_optimization_v2.0.50727_32 - ok

12:03:55.0661 4232 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:03:55.0661 4232 clr_optimization_v2.0.50727_64 - ok

12:03:55.0724 4232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:03:55.0739 4232 clr_optimization_v4.0.30319_32 - ok

12:03:55.0802 4232 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:03:55.0802 4232 clr_optimization_v4.0.30319_64 - ok

12:03:55.0849 4232 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

12:03:55.0849 4232 CmBatt - ok

12:03:55.0895 4232 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

12:03:55.0895 4232 cmdide - ok

12:03:55.0942 4232 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

12:03:55.0958 4232 CNG - ok

12:03:56.0020 4232 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys

12:03:56.0020 4232 CnxtHdAudService - ok

12:03:56.0067 4232 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

12:03:56.0067 4232 Compbatt - ok

12:03:56.0098 4232 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

12:03:56.0098 4232 CompositeBus - ok

12:03:56.0129 4232 COMSysApp - ok

12:03:56.0161 4232 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

12:03:56.0161 4232 crcdisk - ok

12:03:56.0239 4232 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll

12:03:56.0239 4232 CryptSvc - ok

12:03:56.0317 4232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

12:03:56.0317 4232 DcomLaunch - ok

12:03:56.0363 4232 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

12:03:56.0363 4232 defragsvc - ok

12:03:56.0426 4232 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

12:03:56.0426 4232 DfsC - ok

12:03:56.0488 4232 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

12:03:56.0488 4232 Dhcp - ok

12:03:56.0519 4232 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

12:03:56.0519 4232 discache - ok

12:03:56.0566 4232 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys

12:03:56.0566 4232 Disk - ok

12:03:56.0597 4232 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

12:03:56.0597 4232 Dnscache - ok

12:03:56.0644 4232 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

12:03:56.0660 4232 dot3svc - ok

12:03:56.0707 4232 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

12:03:56.0707 4232 DPS - ok

12:03:56.0769 4232 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

12:03:56.0769 4232 drmkaud - ok

12:03:56.0816 4232 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

12:03:56.0831 4232 DXGKrnl - ok

12:03:56.0878 4232 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

12:03:56.0878 4232 EapHost - ok

12:03:56.0987 4232 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys

12:03:57.0034 4232 ebdrv - ok

12:03:57.0065 4232 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

12:03:57.0065 4232 EFS - ok

12:03:57.0159 4232 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

12:03:57.0175 4232 ehRecvr - ok

12:03:57.0206 4232 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

12:03:57.0206 4232 ehSched - ok

12:03:57.0268 4232 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

12:03:57.0268 4232 elxstor - ok

12:03:57.0377 4232 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

12:03:57.0424 4232 ErrDev - ok

12:03:57.0502 4232 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

12:03:57.0502 4232 EventSystem - ok

12:03:57.0549 4232 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

12:03:57.0549 4232 exfat - ok

12:03:57.0580 4232 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

12:03:57.0580 4232 fastfat - ok

12:03:57.0643 4232 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

12:03:57.0658 4232 Fax - ok

12:03:57.0689 4232 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys

12:03:57.0689 4232 fdc - ok

12:03:57.0752 4232 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

12:03:57.0752 4232 fdPHost - ok

12:03:57.0767 4232 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

12:03:57.0767 4232 FDResPub - ok

12:03:57.0783 4232 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

12:03:57.0783 4232 FileInfo - ok

12:03:57.0814 4232 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

12:03:57.0814 4232 Filetrace - ok

12:03:57.0845 4232 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

12:03:57.0845 4232 flpydisk - ok

12:03:57.0908 4232 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

12:03:57.0908 4232 FltMgr - ok

12:03:57.0986 4232 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

12:03:58.0001 4232 FontCache - ok

12:03:58.0064 4232 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:03:58.0064 4232 FontCache3.0.0.0 - ok

12:03:58.0095 4232 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

12:03:58.0095 4232 FsDepends - ok

12:03:58.0142 4232 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

12:03:58.0142 4232 Fs_Rec - ok

12:03:58.0204 4232 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

12:03:58.0204 4232 fvevol - ok

12:03:58.0267 4232 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys

12:03:58.0267 4232 FwLnk - ok

12:03:58.0313 4232 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

12:03:58.0313 4232 gagp30kx - ok

12:03:58.0407 4232 [ 1A0B9D84BEB3306F728BC3009D432F5C ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

12:03:58.0407 4232 GameConsoleService - ok

12:03:58.0454 4232 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

12:03:58.0454 4232 GEARAspiWDM - ok

12:03:58.0516 4232 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

12:03:58.0516 4232 gpsvc - ok

12:03:58.0625 4232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:03:58.0625 4232 gupdate - ok

12:03:58.0672 4232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:03:58.0672 4232 gupdatem - ok

12:03:58.0859 4232 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

12:03:58.0859 4232 gusvc - ok

12:03:58.0906 4232 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

12:03:58.0906 4232 hcw85cir - ok

12:03:58.0984 4232 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

12:03:58.0984 4232 HdAudAddService - ok

12:03:59.0015 4232 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

12:03:59.0015 4232 HDAudBus - ok

12:03:59.0062 4232 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

12:03:59.0062 4232 HidBatt - ok

12:03:59.0078 4232 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

12:03:59.0078 4232 HidBth - ok

12:03:59.0078 4232 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys

12:03:59.0093 4232 HidIr - ok

12:03:59.0109 4232 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

12:03:59.0109 4232 hidserv - ok

12:03:59.0187 4232 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys

12:03:59.0187 4232 HidUsb - ok

12:03:59.0234 4232 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

12:03:59.0234 4232 hkmsvc - ok

12:03:59.0281 4232 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

12:03:59.0296 4232 HomeGroupListener - ok

12:03:59.0327 4232 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

12:03:59.0343 4232 HomeGroupProvider - ok

12:03:59.0405 4232 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

12:03:59.0405 4232 HpSAMD - ok

12:03:59.0468 4232 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

12:03:59.0483 4232 HTTP - ok

12:03:59.0530 4232 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

12:03:59.0530 4232 hwpolicy - ok

12:03:59.0608 4232 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

12:03:59.0608 4232 i8042prt - ok

12:03:59.0655 4232 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

12:03:59.0655 4232 iaStorV - ok

12:03:59.0733 4232 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:03:59.0764 4232 idsvc - ok

12:03:59.0811 4232 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

12:03:59.0811 4232 iirsp - ok

12:03:59.0889 4232 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

12:03:59.0889 4232 IKEEXT - ok

12:03:59.0920 4232 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

12:03:59.0920 4232 intelide - ok

12:03:59.0983 4232 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

12:03:59.0983 4232 intelppm - ok

12:04:00.0029 4232 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

12:04:00.0029 4232 IPBusEnum - ok

12:04:00.0061 4232 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

12:04:00.0076 4232 IpFilterDriver - ok

12:04:00.0123 4232 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

12:04:00.0123 4232 iphlpsvc - ok

12:04:00.0170 4232 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

12:04:00.0170 4232 IPMIDRV - ok

12:04:00.0217 4232 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

12:04:00.0217 4232 IPNAT - ok

12:04:00.0295 4232 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

12:04:00.0310 4232 iPod Service - ok

12:04:00.0357 4232 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

12:04:00.0357 4232 IRENUM - ok

12:04:00.0388 4232 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

12:04:00.0388 4232 isapnp - ok

12:04:00.0435 4232 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

12:04:00.0435 4232 iScsiPrt - ok

12:04:00.0466 4232 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys

12:04:00.0466 4232 kbdclass - ok

12:04:00.0513 4232 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

12:04:00.0513 4232 kbdhid - ok

12:04:00.0544 4232 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

12:04:00.0544 4232 KeyIso - ok

12:04:00.0591 4232 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

12:04:00.0591 4232 KSecDD - ok

12:04:00.0638 4232 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

12:04:00.0638 4232 KSecPkg - ok

12:04:00.0685 4232 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

12:04:00.0685 4232 ksthunk - ok

12:04:00.0731 4232 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

12:04:00.0731 4232 KtmRm - ok

12:04:00.0794 4232 [ 48686C29856F46443952A831424F8D6F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys

12:04:00.0794 4232 L1C - ok

12:04:00.0841 4232 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

12:04:00.0856 4232 LanmanServer - ok

12:04:00.0903 4232 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

12:04:00.0903 4232 LanmanWorkstation - ok

12:04:00.0950 4232 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

12:04:00.0950 4232 lltdio - ok

12:04:00.0981 4232 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

12:04:00.0997 4232 lltdsvc - ok

12:04:01.0012 4232 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

12:04:01.0012 4232 lmhosts - ok

12:04:01.0106 4232 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

12:04:01.0121 4232 LMIGuardianSvc - ok

12:04:01.0184 4232 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

12:04:01.0184 4232 LMIInfo - ok

12:04:01.0246 4232 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

12:04:01.0246 4232 LMIMaint - ok

12:04:01.0277 4232 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\windows\system32\DRIVERS\lmimirr.sys

12:04:01.0277 4232 lmimirr - ok

12:04:01.0309 4232 LMIRfsClientNP - ok

12:04:01.0355 4232 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\windows\system32\drivers\LMIRfsDriver.sys

12:04:01.0355 4232 LMIRfsDriver - ok

12:04:01.0402 4232 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

12:04:01.0402 4232 LogMeIn - ok

12:04:01.0449 4232 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

12:04:01.0449 4232 LSI_FC - ok

12:04:01.0496 4232 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

12:04:01.0496 4232 LSI_SAS - ok

12:04:01.0511 4232 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

12:04:01.0511 4232 LSI_SAS2 - ok

12:04:01.0558 4232 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

12:04:01.0558 4232 LSI_SCSI - ok

12:04:01.0589 4232 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

12:04:01.0589 4232 luafv - ok

12:04:01.0636 4232 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys

12:04:01.0636 4232 LVRS64 - ok

12:04:01.0683 4232 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

12:04:01.0683 4232 Mcx2Svc - ok

12:04:01.0714 4232 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys

12:04:01.0714 4232 megasas - ok

12:04:01.0777 4232 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

12:04:01.0777 4232 MegaSR - ok

12:04:01.0839 4232 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

12:04:01.0839 4232 MMCSS - ok

12:04:01.0870 4232 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

12:04:01.0870 4232 Modem - ok

12:04:01.0917 4232 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

12:04:01.0917 4232 monitor - ok

12:04:01.0964 4232 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\windows\system32\Drivers\motoandroid.sys

12:04:01.0964 4232 motandroidusb - ok

12:04:02.0042 4232 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

12:04:02.0042 4232 MotoHelper - ok

12:04:02.0089 4232 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys

12:04:02.0089 4232 mouclass - ok

12:04:02.0120 4232 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

12:04:02.0120 4232 mouhid - ok

12:04:02.0167 4232 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

12:04:02.0167 4232 mountmgr - ok

12:04:02.0245 4232 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

12:04:02.0245 4232 MozillaMaintenance - ok

12:04:02.0276 4232 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

12:04:02.0291 4232 mpio - ok

12:04:02.0323 4232 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

12:04:02.0323 4232 mpsdrv - ok

12:04:02.0385 4232 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

12:04:02.0385 4232 MpsSvc - ok

12:04:02.0432 4232 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

12:04:02.0432 4232 MRxDAV - ok

12:04:02.0479 4232 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

12:04:02.0479 4232 mrxsmb - ok

12:04:02.0541 4232 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

12:04:02.0541 4232 mrxsmb10 - ok

12:04:02.0572 4232 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

12:04:02.0572 4232 mrxsmb20 - ok

12:04:02.0603 4232 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

12:04:02.0603 4232 msahci - ok

12:04:02.0650 4232 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

12:04:02.0650 4232 msdsm - ok

12:04:02.0681 4232 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

12:04:02.0681 4232 MSDTC - ok

12:04:02.0744 4232 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

12:04:02.0744 4232 Msfs - ok

12:04:02.0775 4232 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

12:04:02.0775 4232 mshidkmdf - ok

12:04:02.0806 4232 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

12:04:02.0806 4232 msisadrv - ok

12:04:02.0853 4232 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

12:04:02.0853 4232 MSiSCSI - ok

12:04:02.0869 4232 msiserver - ok

12:04:02.0915 4232 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

12:04:02.0915 4232 MSKSSRV - ok

12:04:02.0947 4232 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

12:04:02.0947 4232 MSPCLOCK - ok

12:04:02.0978 4232 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

12:04:02.0978 4232 MSPQM - ok

12:04:03.0025 4232 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

12:04:03.0025 4232 MsRPC - ok

12:04:03.0071 4232 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

12:04:03.0071 4232 mssmbios - ok

12:04:03.0134 4232 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

12:04:03.0134 4232 MSTEE - ok

12:04:03.0149 4232 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

12:04:03.0149 4232 MTConfig - ok

12:04:03.0181 4232 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

12:04:03.0181 4232 Mup - ok

12:04:03.0243 4232 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

12:04:03.0243 4232 napagent - ok

12:04:03.0305 4232 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

12:04:03.0321 4232 NativeWifiP - ok

12:04:03.0383 4232 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys

12:04:03.0399 4232 NDIS - ok

12:04:03.0430 4232 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

12:04:03.0430 4232 NdisCap - ok

12:04:03.0493 4232 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

12:04:03.0493 4232 NdisTapi - ok

12:04:03.0539 4232 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

12:04:03.0539 4232 Ndisuio - ok

12:04:03.0586 4232 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

12:04:03.0586 4232 NdisWan - ok

12:04:03.0633 4232 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

12:04:03.0633 4232 NDProxy - ok

12:04:03.0680 4232 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

12:04:03.0680 4232 NetBIOS - ok

12:04:03.0727 4232 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

12:04:03.0727 4232 NetBT - ok

12:04:03.0742 4232 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

12:04:03.0742 4232 Netlogon - ok

12:04:03.0805 4232 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

12:04:03.0805 4232 Netman - ok

12:04:03.0836 4232 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

12:04:03.0851 4232 netprofm - ok

12:04:03.0883 4232 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:04:03.0883 4232 NetTcpPortSharing - ok

12:04:03.0945 4232 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

12:04:03.0945 4232 nfrd960 - ok

12:04:04.0007 4232 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

12:04:04.0007 4232 NlaSvc - ok

12:04:04.0070 4232 Norton PC Checkup Application Launcher - ok

12:04:04.0101 4232 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

12:04:04.0101 4232 Npfs - ok

12:04:04.0132 4232 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

12:04:04.0132 4232 nsi - ok

12:04:04.0148 4232 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

12:04:04.0148 4232 nsiproxy - ok

12:04:04.0226 4232 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

12:04:04.0241 4232 Ntfs - ok

12:04:04.0257 4232 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

12:04:04.0257 4232 Null - ok

12:04:04.0288 4232 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

12:04:04.0288 4232 nvraid - ok

12:04:04.0335 4232 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

12:04:04.0335 4232 nvstor - ok

12:04:04.0366 4232 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

12:04:04.0366 4232 nv_agp - ok

12:04:04.0475 4232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:04:04.0491 4232 odserv - ok

12:04:04.0522 4232 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

12:04:04.0522 4232 ohci1394 - ok

12:04:04.0569 4232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:04:04.0569 4232 ose - ok

12:04:04.0616 4232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

12:04:04.0616 4232 p2pimsvc - ok

12:04:04.0647 4232 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

12:04:04.0663 4232 p2psvc - ok

12:04:04.0709 4232 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys

12:04:04.0709 4232 Parport - ok

12:04:04.0756 4232 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

12:04:04.0756 4232 partmgr - ok

12:04:04.0787 4232 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

12:04:04.0803 4232 PcaSvc - ok

12:04:04.0850 4232 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

12:04:04.0850 4232 PCCUJobMgr - ok

12:04:04.0897 4232 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

12:04:04.0897 4232 pci - ok

12:04:04.0928 4232 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

12:04:04.0928 4232 pciide - ok

12:04:04.0975 4232 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

12:04:04.0975 4232 pcmcia - ok

12:04:04.0990 4232 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

12:04:04.0990 4232 pcw - ok

12:04:05.0037 4232 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

12:04:05.0037 4232 PEAUTH - ok

12:04:05.0115 4232 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

12:04:05.0115 4232 PerfHost - ok

12:04:05.0209 4232 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

12:04:05.0224 4232 pla - ok

12:04:05.0255 4232 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

12:04:05.0271 4232 PlugPlay - ok

12:04:05.0302 4232 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

12:04:05.0302 4232 PNRPAutoReg - ok

12:04:05.0333 4232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

12:04:05.0333 4232 PNRPsvc - ok

12:04:05.0396 4232 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

12:04:05.0396 4232 PolicyAgent - ok

12:04:05.0427 4232 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

12:04:05.0443 4232 Power - ok

12:04:05.0505 4232 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

12:04:05.0505 4232 PptpMiniport - ok

12:04:05.0536 4232 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys

12:04:05.0536 4232 Processor - ok

12:04:05.0599 4232 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

12:04:05.0599 4232 ProfSvc - ok

12:04:05.0630 4232 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

12:04:05.0630 4232 ProtectedStorage - ok

12:04:05.0692 4232 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

12:04:05.0692 4232 Psched - ok

12:04:05.0755 4232 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

12:04:05.0770 4232 ql2300 - ok

12:04:05.0786 4232 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

12:04:05.0801 4232 ql40xx - ok

12:04:05.0833 4232 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

12:04:05.0833 4232 QWAVE - ok

12:04:05.0864 4232 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

12:04:05.0864 4232 QWAVEdrv - ok

12:04:05.0879 4232 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

12:04:05.0879 4232 RasAcd - ok

12:04:05.0942 4232 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

12:04:05.0942 4232 RasAgileVpn - ok

12:04:05.0957 4232 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

12:04:05.0973 4232 RasAuto - ok

12:04:06.0020 4232 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

12:04:06.0020 4232 Rasl2tp - ok

12:04:06.0067 4232 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

12:04:06.0082 4232 RasMan - ok

12:04:06.0129 4232 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

12:04:06.0129 4232 RasPppoe - ok

12:04:06.0145 4232 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

12:04:06.0145 4232 RasSstp - ok

12:04:06.0191 4232 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

12:04:06.0191 4232 rdbss - ok

12:04:06.0223 4232 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

12:04:06.0223 4232 rdpbus - ok

12:04:06.0238 4232 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

12:04:06.0238 4232 RDPCDD - ok

12:04:06.0285 4232 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

12:04:06.0285 4232 RDPENCDD - ok

12:04:06.0301 4232 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

12:04:06.0301 4232 RDPREFMP - ok

12:04:06.0347 4232 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

12:04:06.0363 4232 RDPWD - ok

12:04:06.0425 4232 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

12:04:06.0425 4232 rdyboost - ok

12:04:06.0441 4232 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

12:04:06.0441 4232 RemoteAccess - ok

12:04:06.0488 4232 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

12:04:06.0488 4232 RemoteRegistry - ok

12:04:06.0519 4232 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

12:04:06.0519 4232 RpcEptMapper - ok

12:04:06.0550 4232 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

12:04:06.0550 4232 RpcLocator - ok

12:04:06.0613 4232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

12:04:06.0613 4232 RpcSs - ok

12:04:06.0659 4232 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

12:04:06.0659 4232 rspndr - ok

12:04:06.0691 4232 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

12:04:06.0706 4232 RSUSBSTOR - ok

12:04:06.0722 4232 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

12:04:06.0722 4232 SamSs - ok

12:04:06.0769 4232 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

12:04:06.0769 4232 sbp2port - ok

12:04:06.0815 4232 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

12:04:06.0815 4232 SCardSvr - ok

12:04:06.0862 4232 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

12:04:06.0862 4232 scfilter - ok

12:04:06.0925 4232 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

12:04:06.0940 4232 Schedule - ok

12:04:06.0971 4232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

12:04:06.0971 4232 SCPolicySvc - ok

12:04:07.0018 4232 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

12:04:07.0018 4232 SDRSVC - ok

12:04:07.0065 4232 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

12:04:07.0065 4232 secdrv - ok

12:04:07.0112 4232 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

12:04:07.0112 4232 seclogon - ok

12:04:07.0159 4232 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

12:04:07.0159 4232 SENS - ok

12:04:07.0190 4232 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

12:04:07.0190 4232 SensrSvc - ok

12:04:07.0221 4232 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys

12:04:07.0221 4232 Serenum - ok

12:04:07.0252 4232 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys

12:04:07.0268 4232 Serial - ok

12:04:07.0299 4232 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

12:04:07.0299 4232 sermouse - ok

12:04:07.0361 4232 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

12:04:07.0361 4232 SessionEnv - ok

12:04:07.0393 4232 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

12:04:07.0393 4232 sffdisk - ok

12:04:07.0424 4232 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

12:04:07.0424 4232 sffp_mmc - ok

12:04:07.0455 4232 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

12:04:07.0455 4232 sffp_sd - ok

12:04:07.0502 4232 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

12:04:07.0502 4232 sfloppy - ok

12:04:07.0549 4232 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

12:04:07.0564 4232 SharedAccess - ok

12:04:07.0595 4232 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

12:04:07.0611 4232 ShellHWDetection - ok

12:04:07.0658 4232 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

12:04:07.0658 4232 SiSRaid2 - ok

12:04:07.0658 4232 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

12:04:07.0673 4232 SiSRaid4 - ok

12:04:07.0845 4232 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

12:04:07.0892 4232 Skype C2C Service - ok

12:04:07.0954 4232 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

12:04:07.0954 4232 SkypeUpdate - ok

12:04:08.0001 4232 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

12:04:08.0001 4232 Smb - ok

12:04:08.0063 4232 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

12:04:08.0063 4232 SNMPTRAP - ok

12:04:08.0095 4232 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

12:04:08.0095 4232 spldr - ok

12:04:08.0141 4232 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

12:04:08.0157 4232 Spooler - ok

12:04:08.0266 4232 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

12:04:08.0313 4232 sppsvc - ok

12:04:08.0344 4232 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

12:04:08.0360 4232 sppuinotify - ok

12:04:08.0407 4232 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

12:04:08.0407 4232 srv - ok

12:04:08.0438 4232 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

12:04:08.0438 4232 srv2 - ok

12:04:08.0469 4232 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

12:04:08.0469 4232 srvnet - ok

12:04:08.0516 4232 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

12:04:08.0516 4232 SSDPSRV - ok

12:04:08.0547 4232 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

12:04:08.0547 4232 SstpSvc - ok

12:04:08.0578 4232 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

12:04:08.0578 4232 stexstor - ok

12:04:08.0625 4232 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

12:04:08.0641 4232 stisvc - ok

12:04:08.0687 4232 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys

12:04:08.0687 4232 swenum - ok

12:04:08.0734 4232 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

12:04:08.0734 4232 swprv - ok

12:04:08.0765 4232 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

12:04:08.0765 4232 SynTP - ok

12:04:08.0843 4232 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

12:04:08.0859 4232 SysMain - ok

12:04:08.0906 4232 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

12:04:08.0906 4232 TabletInputService - ok

12:04:08.0968 4232 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

12:04:08.0968 4232 TapiSrv - ok

12:04:09.0015 4232 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

12:04:09.0015 4232 TBS - ok

12:04:09.0093 4232 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys

12:04:09.0124 4232 Tcpip - ok

12:04:09.0155 4232 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

12:04:09.0171 4232 TCPIP6 - ok

12:04:09.0218 4232 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

12:04:09.0218 4232 tcpipreg - ok

12:04:09.0280 4232 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

12:04:09.0280 4232 tdcmdpst - ok

12:04:09.0311 4232 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

12:04:09.0311 4232 TDPIPE - ok

12:04:09.0358 4232 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

12:04:09.0358 4232 TDTCP - ok

12:04:09.0421 4232 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

12:04:09.0421 4232 tdx - ok

12:04:09.0545 4232 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

12:04:09.0592 4232 TeamViewer7 - ok

12:04:09.0623 4232 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys

12:04:09.0623 4232 TermDD - ok

12:04:09.0686 4232 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

12:04:09.0686 4232 TermService - ok

12:04:09.0748 4232 [ FA5BFB71E561D279EDAE7E118435C1C9 ] TfFsMon C:\windows\system32\drivers\TfFsMon.sys

12:04:09.0748 4232 TfFsMon - ok

12:04:09.0795 4232 [ FA8400D74345EC4BF10E476CA0AAA2DF ] TfNetMon C:\windows\system32\drivers\TfNetMon.sys

12:04:09.0795 4232 TfNetMon - ok

12:04:09.0842 4232 [ F11AA1A704A4C027E5E8E0F355523834 ] TfSysMon C:\windows\system32\drivers\TfSysMon.sys

12:04:09.0842 4232 TfSysMon - ok

12:04:09.0889 4232 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

12:04:09.0889 4232 Themes - ok

12:04:09.0935 4232 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

12:04:09.0935 4232 THREADORDER - ok

12:04:09.0982 4232 ThreatFire - ok

12:04:10.0045 4232 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

12:04:10.0060 4232 TMachInfo - ok

12:04:10.0091 4232 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe

12:04:10.0091 4232 TODDSrv - ok

12:04:10.0201 4232 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

12:04:10.0201 4232 TosCoSrv - ok

12:04:10.0263 4232 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

12:04:10.0263 4232 TOSHIBA HDD SSD Alert Service - ok

12:04:10.0310 4232 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

12:04:10.0310 4232 TrkWks - ok

12:04:10.0372 4232 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

12:04:10.0372 4232 TrustedInstaller - ok

12:04:10.0435 4232 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

12:04:10.0435 4232 tssecsrv - ok

12:04:10.0481 4232 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

12:04:10.0481 4232 TsUsbFlt - ok

12:04:10.0559 4232 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

12:04:10.0559 4232 tunnel - ok

12:04:10.0606 4232 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

12:04:10.0606 4232 TVALZ - ok

12:04:10.0637 4232 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

12:04:10.0653 4232 uagp35 - ok

12:04:10.0684 4232 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

12:04:10.0684 4232 udfs - ok

12:04:10.0731 4232 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

12:04:10.0731 4232 UI0Detect - ok

12:04:10.0762 4232 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

12:04:10.0762 4232 uliagpkx - ok

12:04:10.0840 4232 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys

12:04:10.0840 4232 umbus - ok

12:04:10.0871 4232 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys

12:04:10.0871 4232 UmPass - ok

12:04:10.0918 4232 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

12:04:10.0918 4232 upnphost - ok

12:04:10.0965 4232 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

12:04:10.0965 4232 USBAAPL64 - ok

12:04:11.0012 4232 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys

12:04:11.0012 4232 usbaudio - ok

12:04:11.0027 4232 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\drivers\usbccgp.sys

12:04:11.0027 4232 usbccgp - ok

12:04:11.0090 4232 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

12:04:11.0090 4232 usbcir - ok

12:04:11.0121 4232 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

12:04:11.0121 4232 usbehci - ok

12:04:11.0183 4232 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

12:04:11.0183 4232 usbhub - ok

12:04:11.0230 4232 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys

12:04:11.0230 4232 usbohci - ok

12:04:11.0277 4232 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

12:04:11.0277 4232 usbprint - ok

12:04:11.0324 4232 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

12:04:11.0324 4232 usbscan - ok

12:04:11.0339 4232 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS

12:04:11.0339 4232 USBSTOR - ok

12:04:11.0371 4232 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

12:04:11.0371 4232 usbuhci - ok

12:04:11.0449 4232 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys

12:04:11.0449 4232 usbvideo - ok

12:04:11.0464 4232 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

12:04:11.0480 4232 UxSms - ok

12:04:11.0511 4232 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

12:04:11.0511 4232 VaultSvc - ok

12:04:11.0558 4232 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

12:04:11.0558 4232 vdrvroot - ok

12:04:11.0620 4232 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

12:04:11.0620 4232 vds - ok

12:04:11.0667 4232 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

12:04:11.0667 4232 vga - ok

12:04:11.0698 4232 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

12:04:11.0698 4232 VgaSave - ok

12:04:11.0745 4232 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

12:04:11.0745 4232 vhdmp - ok

12:04:11.0776 4232 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

12:04:11.0776 4232 viaide - ok

12:04:11.0807 4232 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

12:04:11.0807 4232 volmgr - ok

12:04:11.0854 4232 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

12:04:11.0854 4232 volmgrx - ok

12:04:11.0901 4232 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

12:04:11.0901 4232 volsnap - ok

12:04:11.0963 4232 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

12:04:11.0963 4232 vsmraid - ok

12:04:12.0041 4232 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

12:04:12.0073 4232 VSS - ok

12:04:12.0088 4232 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

12:04:12.0088 4232 vwifibus - ok

12:04:12.0135 4232 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

12:04:12.0135 4232 vwififlt - ok

12:04:12.0166 4232 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

12:04:12.0182 4232 W32Time - ok

12:04:12.0213 4232 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

12:04:12.0213 4232 WacomPen - ok

12:04:12.0275 4232 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

12:04:12.0275 4232 WANARP - ok

12:04:12.0291 4232 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

12:04:12.0291 4232 Wanarpv6 - ok

12:04:12.0369 4232 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

12:04:12.0385 4232 WatAdminSvc - ok

12:04:12.0447 4232 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

12:04:12.0478 4232 wbengine - ok

12:04:12.0509 4232 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

12:04:12.0509 4232 WbioSrvc - ok

12:04:12.0556 4232 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

12:04:12.0556 4232 wcncsvc - ok

12:04:12.0587 4232 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

12:04:12.0587 4232 WcsPlugInService - ok

12:04:12.0619 4232 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys

12:04:12.0619 4232 Wd - ok

12:04:12.0650 4232 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

12:04:12.0665 4232 Wdf01000 - ok

12:04:12.0697 4232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

12:04:12.0712 4232 WdiServiceHost - ok

12:04:12.0712 4232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

12:04:12.0712 4232 WdiSystemHost - ok

12:04:12.0775 4232 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

12:04:12.0775 4232 WebClient - ok

12:04:12.0821 4232 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

12:04:12.0821 4232 Wecsvc - ok

12:04:12.0853 4232 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

12:04:12.0853 4232 wercplsupport - ok

12:04:12.0884 4232 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

12:04:12.0899 4232 WerSvc - ok

12:04:12.0946 4232 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

12:04:12.0946 4232 WfpLwf - ok

12:04:12.0977 4232 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

12:04:12.0977 4232 WIMMount - ok

12:04:13.0009 4232 WinDefend - ok

12:04:13.0024 4232 WinHttpAutoProxySvc - ok

12:04:13.0087 4232 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

12:04:13.0087 4232 Winmgmt - ok

12:04:13.0196 4232 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

12:04:13.0227 4232 WinRM - ok

12:04:13.0289 4232 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\drivers\WinUSB.sys

12:04:13.0289 4232 WinUsb - ok

12:04:13.0336 4232 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

12:04:13.0352 4232 Wlansvc - ok

12:04:13.0399 4232 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

12:04:13.0399 4232 WmiAcpi - ok

12:04:13.0461 4232 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

12:04:13.0461 4232 wmiApSrv - ok

12:04:13.0508 4232 WMPNetworkSvc - ok

12:04:13.0539 4232 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

12:04:13.0539 4232 WPCSvc - ok

12:04:13.0570 4232 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

12:04:13.0570 4232 WPDBusEnum - ok

12:04:13.0617 4232 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

12:04:13.0617 4232 ws2ifsl - ok

12:04:13.0648 4232 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

12:04:13.0648 4232 wscsvc - ok

12:04:13.0679 4232 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys

12:04:13.0679 4232 WSDPrintDevice - ok

12:04:13.0695 4232 WSearch - ok

12:04:13.0804 4232 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

12:04:13.0851 4232 wuauserv - ok

12:04:13.0867 4232 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys

12:04:13.0867 4232 WudfPf - ok

12:04:13.0929 4232 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\drivers\WUDFRd.sys

12:04:13.0929 4232 WUDFRd - ok

12:04:13.0976 4232 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

12:04:13.0991 4232 wudfsvc - ok

12:04:14.0023 4232 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

12:04:14.0023 4232 WwanSvc - ok

12:04:14.0054 4232 ================ Scan global ===============================

12:04:14.0101 4232 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

12:04:14.0132 4232 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

12:04:14.0147 4232 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

12:04:14.0179 4232 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

12:04:14.0210 4232 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

12:04:14.0225 4232 [Global] - ok

12:04:14.0225 4232 ================ Scan MBR ==================================

12:04:14.0241 4232 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

12:04:14.0428 4232 \Device\Harddisk0\DR0 - ok

12:04:14.0444 4232 ================ Scan VBR ==================================

12:04:14.0459 4232 [ E2F96C4322052ACB3E8E486DDD3B8F77 ] \Device\Harddisk0\DR0\Partition1

12:04:14.0459 4232 \Device\Harddisk0\DR0\Partition1 - ok

12:04:14.0459 4232 ============================================================

12:04:14.0459 4232 Scan finished

12:04:14.0459 4232 ============================================================

12:04:14.0475 3584 Detected object count: 0

12:04:14.0475 3584 Actual detected object count: 0

[Gyroc]

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : B rittany [Admin rights]

Mode : Scan -- Date : 09/09/2012 12:10:48

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] LULnchr.exe -- C:\Users\B rittany\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe -> KILLED [TermProc]

[sUSP PATH] LogitechUpdate.exe -- C:\Users\B rittany\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤

[sTARTUP][bLACKLIST DLL] Monitor Ink Alerts - .lnk @B rittany : C:\windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BG29HJK05NR;CONNECTION=USB;MONITOR=1; -> FOUND

[sTARTUP][bLACKLIST DLL] Monitor Ink Alerts - HP Photosmart 5510 series.lnk @B rittany : C:\windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BG29HJK05NR;CONNECTION=USB;MONITOR=1; -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSXN ATA Device +++++

--- User ---

[MBR] 51cc899eba79fbdca15608b8dafe61e2

[bSP] f857a2e22280eb00b8488b0844a16fb0 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227762 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469530624 | Size: 9212 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Gyroc (brittany) only. If you are a casual viewer, do NOT try this on your system!

If you are not Gyroc (brittany) and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

[Gyroc]

I had her run combo fix it ran for about 8 hours she reported that the green bar got about half way I had her take a picture of it the last three lines were

Extract: streamtools.zip

Ouput folder: C:\32788R22FWJFW\N_

Ouput folder: C:\32788R22FWJFW

As I stated before I remote in to help her but as per your instructions I didnt want to have her run combofix again I wanted to post about what happened and see what you said.

[Maurice Naggar]

It should have finished long ago.

Make sure the system was restarted fresh.

Look for C:\Combofix.txt

if found, copy & paste contents

Tell me, How is the system now?

Who is the owner of this system?

Who has control of it?

[Gyroc]

I forgot to include that in my last post I apologize. I did look for the combo fix.txt file after a restart it was not on the system the owner (and controller of the pc is Brittany) I am an old friend of hers. She is out of state so I figured I could remote in and do some scans to fix her PC when it kept rebooting I had to escalate the problem to these forums (you more specifically) I have not tried to run another MBAM scan to see if it finishes when I get home tonight I will do that.

I will mention again that I have around 2 years IT experience if a manual removal of something is required I feel confident that I can do it. The programs I use to remote in for her are listed below.

1. Teamviewer

2. Logmein

[Maurice Naggar]

We'll have to forgo any combofix run.

Look at the MBAM FAQ - Common Issues, Questions, and their Solutions

http://forums.malwarebytes.org/index.php?showtopic=10138

Study it and set trust settings in both the antivirus program and MBAM, that way there should not be a conflict between the two apps during a scan.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the scan log

[Gyroc]

I added the exceptions and tried two quick scans after fully updating MABAM. Both scans froze the computer listed below

Scan 1: C:\Windows\System32\NlsLexicons0003.dll

Scan 2: C:\Windows\System32\NlsLexicons0002.dll

No log file was saved I am currently doing a CHKDSK with repair ill update how that goes

[Gyroc]

CHKDSK seems to have made it run correctly heres the completed MBAM log im running one more scan and I will post how the computer is running /

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.13.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

B rittany :: BRITTANY-PC [administrator]

9/12/2012 10:19:41 PM

mbam-log-2012-09-12 (22-19-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199320

Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 15

HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 5

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: a[

[Maurice Naggar]

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

[Gyroc]

Doing a full scan now, she reported that her pc is running much better now I will re post my results after they finish

[Gyroc]

I have not yet remoted in to copy the actual log but she reported to me that it found 0 malacious files

[Maurice Naggar]

Good result then.

How is the system generally, as compared to when we started ?

Download Security Check by screen317 from here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

[Gyroc]

She reported it being much faster I am still going to turn off some things on her startup from msconfig but I will run that program as well for her

[Maurice Naggar]

OK. Keep me updated.

You should also let me know what is being trimmed from Msconfig.

[Gyroc]

I will let you know I just got done with a family weekend scanning now, I dont plan on trimming msconfig until after all of the scans are completed.

[Gyroc]

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AntiVir Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

ThreatFire

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 17

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.1.102.63 Flash Player out of Date!

Adobe Reader X 10.1.2 Adobe Reader out of Date!

Mozilla Firefox 14.0.1 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

ThreatFire TFTray.exe

ThreatFire TFService.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

On a side note I could not find the MS safety log but she reported it was clear

[Gyroc]

One other thing is I plan on changing her antivirus to a combination of threatfire and AVAST

[Maurice Naggar]

My view is that Avira is very good a-v, and that Avast is sometimes too complicated for home users.

As to Threatfire, I'd say rather than it, your user is much better off with MBAM Pro (the license is a 1-time low cost and is good for forever. No renewal.)

There needs to be a cleanout of Norton remains. Get the >> Norton removal tool <<

Restart system after it finishes.

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Accept the EULA & Download the latest version of >> Windows Offline << from here
  or >> from here <<
  and save it to your desktop.
  
• Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
  How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  
• Close any programs you may have running - especially your web browser(s).
  
• Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
  ( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Firefox browser must be updated. Firefox >> Help >> About Firefox

Click Check for Updates.

Apply update and allow Firefox to restart {so it finishes processing update}.

[Gyroc]

I will let her know about MBAM pro, and update her things now after removing norton the rest of the way