TechSpot

[A] Two viruses - generic29.anpx & win64/patched.a

Inactive
By PatJj
Sep 20, 2012
  1. Hi, I recently started getting AVG pop-ups showing that I have these 2 viruses:
    C:\windows\assembly\gac_64\desktop.ini Generic29.anpx
    C:\windows\system32\\services.exe Win64/Patched.A

    AVG can't do anything about them, and neither can Ad Aware or Malwarebytes. I've looked through the forum, and it seems that the removal procedure is done specifically to each individual. If you could offer any assistance it would be greatly, greatly appreciated. Thanks!
     
  2. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    Here's the Malwarebytes log:


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.20.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Pat & Sara :: PATSARA-HP [administrator]

    9/20/2012 11:28:58 PM
    mbam-log-2012-09-20 (23-28-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219751
    Time elapsed: 4 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.

    (end)
     
  3. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    GMER log was empty
     
  4. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    I downloaded DDS. A dos prompt opens up for about a second then closes upon running the file. No logs are being created, and it doesn't look like anything is even happening..... :(
     
  5. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Reopened.
     
  7. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    Thank you so much!
    Here's the aswMBR log:


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-26 01:09:35
    -----------------------------
    01:09:35.756 OS Version: Windows x64 6.1.7601 Service Pack 1
    01:09:35.756 Number of processors: 2 586 0x2A07
    01:09:35.757 ComputerName: PATSARA-HP UserName: Pat & Sara
    01:09:41.079 Initialize success
    01:09:52.681 AVAST engine defs: 12092501
    01:10:06.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    01:10:06.364 Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 3
    01:10:06.384 Disk 0 MBR read successfully
    01:10:06.386 Disk 0 MBR scan
    01:10:06.389 Disk 0 Windows 7 default MBR code
    01:10:06.399 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    01:10:06.411 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942033 MB offset 206848
    01:10:06.443 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11734 MB offset 1929490432
    01:10:06.490 Disk 0 scanning C:\Windows\system32\drivers
    01:10:17.538 Service scanning
    01:10:32.531 Modules scanning
    01:10:32.539 Disk 0 trace - called modules:
    01:10:32.547 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    01:10:32.555 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006e43060]
    01:10:32.561 3 CLASSPNP.SYS[fffff88000dac43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a81050]
    01:10:36.921 AVAST engine scan C:\Windows
    01:10:46.242 AVAST engine scan C:\Windows\system32
    01:11:46.078 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
    01:12:15.838 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    01:12:17.400 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    01:13:16.432 AVAST engine scan C:\Windows\system32\drivers
    01:13:27.521 AVAST engine scan C:\Users\Pat & Sara
    01:15:11.338 File: C:\Users\Pat & Sara\AppData\Local\Temp\67e81a4d.dll **INFECTED** Win32:Trojan-gen
    01:15:12.458 File: C:\Users\Pat & Sara\AppData\Local\Temp\bssf8uo1tjyf7ymr.exe **INFECTED** Win32:Andromeda-B [Trj]
    01:15:43.308 File: C:\Users\Pat & Sara\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2783a20a-3e52daed **INFECTED** Win32:Andromeda-B [Trj]
    01:37:29.596 AVAST engine scan C:\ProgramData
    01:40:12.159 Scan finished successfully
    06:23:02.949 Disk 0 MBR has been saved successfully to "C:\Users\Pat & Sara\Documents\MBR.dat"
    06:23:02.959 The log file has been saved successfully to "C:\Users\Pat & Sara\Documents\aswMBR.txt"



    I'll be back from work around 8PM EST
     
  8. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Please always run tools in order I posted them.
    You'll need to re-run aswMBR again after running two other tools.
     
  9. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    Ok, I will get it right this time....
    TDSSKiller Log:

    22:39:01.0197 5136 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    22:39:01.0524 5136 ============================================================
    22:39:01.0524 5136 Current date / time: 2012/09/26 22:39:01.0524
    22:39:01.0524 5136 SystemInfo:
    22:39:01.0524 5136
    22:39:01.0524 5136 OS Version: 6.1.7601 ServicePack: 1.0
    22:39:01.0524 5136 Product type: Workstation
    22:39:01.0524 5136 ComputerName: PATSARA-HP
    22:39:01.0525 5136 UserName: Pat & Sara
    22:39:01.0525 5136 Windows directory: C:\Windows
    22:39:01.0525 5136 System windows directory: C:\Windows
    22:39:01.0525 5136 Running under WOW64
    22:39:01.0525 5136 Processor architecture: Intel x64
    22:39:01.0525 5136 Number of processors: 2
    22:39:01.0525 5136 Page size: 0x1000
    22:39:01.0525 5136 Boot type: Normal boot
    22:39:01.0525 5136 ============================================================
    22:39:02.0321 5136 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:39:02.0327 5136 Drive \Device\Harddisk2\DR2 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:39:02.0328 5136 ============================================================
    22:39:02.0328 5136 \Device\Harddisk0\DR0:
    22:39:02.0329 5136 MBR partitions:
    22:39:02.0329 5136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    22:39:02.0329 5136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FE8800
    22:39:02.0329 5136 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7301B000, BlocksNum 0x16EB000
    22:39:02.0329 5136 \Device\Harddisk2\DR2:
    22:39:02.0329 5136 MBR partitions:
    22:39:02.0329 5136 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1EBFE0
    22:39:02.0329 5136 ============================================================
    22:39:02.0341 5136 C: <-> \Device\Harddisk0\DR0\Partition2
    22:39:02.0374 5136 D: <-> \Device\Harddisk0\DR0\Partition3
    22:39:02.0386 5136 ============================================================
    22:39:02.0386 5136 Initialize success
    22:39:02.0386 5136 ============================================================
    22:39:25.0793 5476 ============================================================
    22:39:25.0793 5476 Scan started
    22:39:25.0793 5476 Mode: Manual;
    22:39:25.0793 5476 ============================================================
    22:39:29.0916 5476 ================ Scan system memory ========================
    22:39:29.0916 5476 System memory - ok
    22:39:29.0917 5476 ================ Scan services =============================
    22:39:30.0044 5476 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:39:30.0060 5476 1394ohci - ok
    22:39:30.0081 5476 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:39:30.0083 5476 ACPI - ok
    22:39:30.0097 5476 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:39:30.0101 5476 AcpiPmi - ok
    22:39:30.0178 5476 [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    22:39:30.0192 5476 Ad-Aware Service - ok
    22:39:30.0215 5476 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    22:39:30.0224 5476 adp94xx - ok
    22:39:30.0250 5476 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    22:39:30.0257 5476 adpahci - ok
    22:39:30.0277 5476 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    22:39:30.0282 5476 adpu320 - ok
    22:39:30.0300 5476 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:39:30.0303 5476 AeLookupSvc - ok
    22:39:30.0365 5476 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:39:30.0371 5476 AFD - ok
    22:39:30.0394 5476 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:39:30.0401 5476 agp440 - ok
    22:39:30.0412 5476 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:39:30.0416 5476 ALG - ok
    22:39:30.0426 5476 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:39:30.0430 5476 aliide - ok
    22:39:30.0451 5476 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:39:30.0456 5476 amdide - ok
    22:39:30.0470 5476 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    22:39:30.0474 5476 AmdK8 - ok
    22:39:30.0490 5476 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    22:39:30.0495 5476 AmdPPM - ok
    22:39:30.0543 5476 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:39:30.0549 5476 amdsata - ok
    22:39:30.0568 5476 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    22:39:30.0573 5476 amdsbs - ok
    22:39:30.0585 5476 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:39:30.0590 5476 amdxata - ok
    22:39:30.0619 5476 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:39:30.0624 5476 AppID - ok
    22:39:30.0638 5476 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:39:30.0642 5476 AppIDSvc - ok
    22:39:30.0651 5476 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:39:30.0653 5476 Appinfo - ok
    22:39:30.0754 5476 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:39:30.0758 5476 Apple Mobile Device - ok
    22:39:30.0779 5476 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    22:39:30.0783 5476 arc - ok
    22:39:30.0808 5476 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    22:39:30.0841 5476 arcsas - ok
    22:39:30.0921 5476 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:39:30.0930 5476 aspnet_state - ok
    22:39:30.0953 5476 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:39:30.0956 5476 AsyncMac - ok
    22:39:30.0968 5476 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:39:30.0974 5476 atapi - ok
    22:39:30.0992 5476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:39:30.0999 5476 AudioEndpointBuilder - ok
    22:39:31.0013 5476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:39:31.0017 5476 AudioSrv - ok
    22:39:31.0219 5476 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    22:39:31.0248 5476 AVGIDSAgent - ok
    22:39:31.0329 5476 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    22:39:31.0335 5476 AVGIDSDriver - ok
    22:39:31.0351 5476 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    22:39:31.0354 5476 AVGIDSFilter - ok
    22:39:31.0390 5476 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    22:39:31.0394 5476 AVGIDSHA - ok
    22:39:31.0410 5476 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    22:39:31.0416 5476 Avgldx64 - ok
    22:39:31.0430 5476 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    22:39:31.0435 5476 Avgmfx64 - ok
    22:39:31.0451 5476 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    22:39:31.0454 5476 Avgrkx64 - ok
    22:39:31.0473 5476 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    22:39:31.0479 5476 Avgtdia - ok
    22:39:31.0517 5476 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    22:39:31.0519 5476 avgwd - ok
    22:39:31.0544 5476 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:39:31.0551 5476 AxInstSV - ok
    22:39:31.0580 5476 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    22:39:31.0588 5476 b06bdrv - ok
    22:39:31.0609 5476 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:39:31.0615 5476 b57nd60a - ok
    22:39:31.0636 5476 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:39:31.0641 5476 BDESVC - ok
    22:39:31.0650 5476 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:39:31.0654 5476 Beep - ok
    22:39:31.0663 5476 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    22:39:31.0668 5476 blbdrive - ok
    22:39:31.0724 5476 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:39:31.0728 5476 Bonjour Service - ok
    22:39:31.0744 5476 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:39:31.0759 5476 bowser - ok
    22:39:31.0771 5476 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    22:39:31.0777 5476 BrFiltLo - ok
    22:39:31.0797 5476 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    22:39:31.0806 5476 BrFiltUp - ok
    22:39:31.0876 5476 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:39:31.0878 5476 Browser - ok
    22:39:31.0907 5476 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:39:31.0931 5476 Brserid - ok
    22:39:31.0966 5476 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:39:31.0970 5476 BrSerWdm - ok
    22:39:31.0982 5476 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:39:32.0013 5476 BrUsbMdm - ok
    22:39:32.0057 5476 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:39:32.0060 5476 BrUsbSer - ok
    22:39:32.0085 5476 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    22:39:32.0106 5476 BTHMODEM - ok
    22:39:32.0119 5476 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:39:32.0125 5476 bthserv - ok
    22:39:32.0143 5476 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:39:32.0153 5476 cdfs - ok
    22:39:32.0171 5476 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:39:32.0181 5476 cdrom - ok
    22:39:32.0203 5476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:39:32.0206 5476 CertPropSvc - ok
    22:39:32.0219 5476 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    22:39:32.0224 5476 circlass - ok
    22:39:32.0241 5476 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:39:32.0245 5476 CLFS - ok
    22:39:32.0293 5476 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:39:32.0311 5476 clr_optimization_v2.0.50727_32 - ok
    22:39:32.0342 5476 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:39:32.0360 5476 clr_optimization_v2.0.50727_64 - ok
    22:39:32.0421 5476 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:39:32.0422 5476 clr_optimization_v4.0.30319_32 - ok
    22:39:32.0430 5476 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:39:32.0431 5476 clr_optimization_v4.0.30319_64 - ok
    22:39:32.0443 5476 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    22:39:32.0447 5476 CmBatt - ok
    22:39:32.0463 5476 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:39:32.0466 5476 cmdide - ok
    22:39:32.0512 5476 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    22:39:32.0517 5476 CNG - ok
    22:39:32.0528 5476 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    22:39:32.0531 5476 Compbatt - ok
    22:39:32.0546 5476 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    22:39:32.0551 5476 CompositeBus - ok
    22:39:32.0555 5476 COMSysApp - ok
    22:39:32.0571 5476 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    22:39:32.0575 5476 crcdisk - ok
    22:39:32.0617 5476 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:39:32.0620 5476 CryptSvc - ok
    22:39:32.0641 5476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:39:32.0646 5476 DcomLaunch - ok
    22:39:32.0666 5476 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:39:32.0672 5476 defragsvc - ok
    22:39:32.0686 5476 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:39:32.0690 5476 DfsC - ok
    22:39:32.0708 5476 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:39:32.0712 5476 Dhcp - ok
    22:39:32.0721 5476 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:39:32.0723 5476 discache - ok
    22:39:32.0737 5476 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    22:39:32.0740 5476 Disk - ok
    22:39:32.0764 5476 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:39:32.0766 5476 Dnscache - ok
    22:39:32.0790 5476 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:39:32.0814 5476 dot3svc - ok
    22:39:32.0836 5476 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:39:32.0839 5476 DPS - ok
    22:39:32.0861 5476 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:39:32.0868 5476 drmkaud - ok
    22:39:32.0906 5476 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:39:32.0919 5476 DXGKrnl - ok
    22:39:32.0944 5476 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:39:32.0949 5476 EapHost - ok
    22:39:33.0015 5476 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    22:39:33.0089 5476 ebdrv - ok
    22:39:33.0144 5476 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:39:33.0146 5476 EFS - ok
    22:39:33.0222 5476 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:39:33.0226 5476 ehRecvr - ok
    22:39:33.0251 5476 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:39:33.0253 5476 ehSched - ok
    22:39:33.0282 5476 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    22:39:33.0291 5476 elxstor - ok
    22:39:33.0311 5476 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:39:33.0317 5476 ErrDev - ok
    22:39:33.0338 5476 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:39:33.0341 5476 EventSystem - ok
    22:39:33.0357 5476 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:39:33.0362 5476 exfat - ok
    22:39:33.0381 5476 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:39:33.0387 5476 fastfat - ok
    22:39:33.0414 5476 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:39:33.0421 5476 Fax - ok
    22:39:33.0439 5476 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    22:39:33.0444 5476 fdc - ok
    22:39:33.0466 5476 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:39:33.0469 5476 fdPHost - ok
    22:39:33.0476 5476 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:39:33.0478 5476 FDResPub - ok
    22:39:33.0494 5476 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:39:33.0497 5476 FileInfo - ok
    22:39:33.0510 5476 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:39:33.0513 5476 Filetrace - ok
    22:39:33.0525 5476 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    22:39:33.0527 5476 flpydisk - ok
    22:39:33.0543 5476 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:39:33.0546 5476 FltMgr - ok
    22:39:33.0582 5476 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    22:39:33.0589 5476 FontCache - ok
    22:39:33.0636 5476 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:39:33.0641 5476 FontCache3.0.0.0 - ok
    22:39:33.0647 5476 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:39:33.0654 5476 FsDepends - ok
    22:39:33.0696 5476 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:39:33.0700 5476 Fs_Rec - ok
    22:39:33.0711 5476 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:39:33.0715 5476 fvevol - ok
    22:39:33.0726 5476 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    22:39:33.0732 5476 gagp30kx - ok
    22:39:33.0779 5476 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    22:39:33.0810 5476 GamesAppService - ok
    22:39:33.0844 5476 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:39:33.0848 5476 GEARAspiWDM - ok
    22:39:33.0868 5476 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:39:33.0874 5476 gpsvc - ok
    22:39:33.0888 5476 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:39:33.0892 5476 hcw85cir - ok
    22:39:33.0916 5476 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:39:33.0920 5476 HdAudAddService - ok
    22:39:33.0943 5476 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    22:39:33.0944 5476 HDAudBus - ok
    22:39:33.0960 5476 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    22:39:33.0964 5476 HidBatt - ok
    22:39:33.0974 5476 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    22:39:33.0980 5476 HidBth - ok
    22:39:34.0000 5476 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    22:39:34.0005 5476 HidIr - ok
    22:39:34.0021 5476 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    22:39:34.0024 5476 hidserv - ok
    22:39:34.0033 5476 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:39:34.0038 5476 HidUsb - ok
    22:39:34.0050 5476 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:39:34.0055 5476 hkmsvc - ok
    22:39:34.0070 5476 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:39:34.0072 5476 HomeGroupListener - ok
    22:39:34.0094 5476 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:39:34.0098 5476 HomeGroupProvider - ok
    22:39:34.0139 5476 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    22:39:34.0144 5476 HP Support Assistant Service - ok
    22:39:34.0209 5476 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    22:39:34.0212 5476 HPClientSvc - ok
    22:39:34.0281 5476 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    22:39:34.0282 5476 HPDrvMntSvc.exe - ok
    22:39:34.0339 5476 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    22:39:34.0348 5476 hpqwmiex - ok
    22:39:34.0366 5476 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:39:34.0374 5476 HpSAMD - ok
    22:39:34.0405 5476 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:39:34.0412 5476 HTTP - ok
    22:39:34.0424 5476 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:39:34.0428 5476 hwpolicy - ok
    22:39:34.0451 5476 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    22:39:34.0455 5476 i8042prt - ok
    22:39:34.0475 5476 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
    22:39:34.0478 5476 iaStor - ok
    22:39:34.0500 5476 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:39:34.0507 5476 iaStorV - ok
    22:39:34.0576 5476 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:39:34.0605 5476 idsvc - ok
    22:39:34.0888 5476 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:39:35.0091 5476 igfx - ok
    22:39:35.0115 5476 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    22:39:35.0118 5476 iirsp - ok
    22:39:35.0146 5476 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:39:35.0155 5476 IKEEXT - ok
    22:39:35.0171 5476 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
    22:39:35.0179 5476 Impcd - ok
    22:39:35.0298 5476 [ 91ED47813243B455E2D81115A8255F0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:39:35.0392 5476 IntcAzAudAddService - ok
    22:39:35.0421 5476 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:39:35.0425 5476 intelide - ok
    22:39:35.0440 5476 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    22:39:35.0441 5476 intelppm - ok
    22:39:35.0465 5476 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:39:35.0468 5476 IPBusEnum - ok
    22:39:35.0485 5476 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:39:35.0492 5476 IpFilterDriver - ok
    22:39:35.0502 5476 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:39:35.0508 5476 IPMIDRV - ok
    22:39:35.0519 5476 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:39:35.0524 5476 IPNAT - ok
    22:39:35.0576 5476 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:39:35.0581 5476 iPod Service - ok
    22:39:35.0605 5476 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:39:35.0609 5476 IRENUM - ok
    22:39:35.0632 5476 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:39:35.0634 5476 isapnp - ok
    22:39:35.0654 5476 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:39:35.0660 5476 iScsiPrt - ok
    22:39:35.0676 5476 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:39:35.0681 5476 kbdclass - ok
    22:39:35.0695 5476 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:39:35.0699 5476 kbdhid - ok
    22:39:35.0708 5476 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:39:35.0709 5476 KeyIso - ok
    22:39:35.0748 5476 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:39:35.0751 5476 KSecDD - ok
    22:39:35.0761 5476 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:39:35.0763 5476 KSecPkg - ok
    22:39:35.0774 5476 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:39:35.0778 5476 ksthunk - ok
    22:39:35.0790 5476 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:39:35.0796 5476 KtmRm - ok
    22:39:35.0832 5476 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    22:39:35.0838 5476 LanmanServer - ok
    22:39:35.0843 5476 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:39:35.0846 5476 LanmanWorkstation - ok
    22:39:35.0885 5476 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    22:39:35.0903 5476 LBTServ - ok
    22:39:35.0926 5476 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    22:39:35.0934 5476 LHidFilt - ok
    22:39:35.0945 5476 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:39:35.0950 5476 lltdio - ok
    22:39:35.0968 5476 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:39:35.0975 5476 lltdsvc - ok
    22:39:35.0990 5476 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:39:35.0992 5476 lmhosts - ok
    22:39:35.0996 5476 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    22:39:35.0998 5476 LMouFilt - ok
    22:39:36.0041 5476 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:39:36.0044 5476 LMS - ok
    22:39:36.0059 5476 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    22:39:36.0070 5476 LSI_FC - ok
    22:39:36.0090 5476 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    22:39:36.0095 5476 LSI_SAS - ok
    22:39:36.0105 5476 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    22:39:36.0109 5476 LSI_SAS2 - ok
    22:39:36.0120 5476 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    22:39:36.0126 5476 LSI_SCSI - ok
    22:39:36.0139 5476 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:39:36.0142 5476 luafv - ok
    22:39:36.0163 5476 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
    22:39:36.0169 5476 LUsbFilt - ok
    22:39:36.0187 5476 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:39:36.0190 5476 Mcx2Svc - ok
    22:39:36.0204 5476 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    22:39:36.0208 5476 megasas - ok
    22:39:36.0228 5476 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    22:39:36.0231 5476 MegaSR - ok
    22:39:36.0247 5476 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
    22:39:36.0251 5476 MEIx64 - ok
    22:39:36.0260 5476 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:39:36.0263 5476 MMCSS - ok
    22:39:36.0272 5476 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:39:36.0274 5476 Modem - ok
    22:39:36.0281 5476 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:39:36.0282 5476 monitor - ok
    22:39:36.0295 5476 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:39:36.0299 5476 mouclass - ok
    22:39:36.0313 5476 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:39:36.0319 5476 mouhid - ok
    22:39:36.0329 5476 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:39:36.0335 5476 mountmgr - ok
    22:39:36.0462 5476 [ 07F4AEC305DEF7717CFE0259F334C571 ] Movies By CraigWorks C:\Users\Pat & Sara\Desktop\Movies\craigworks\movies\bin\cwmservice32.exe
    22:39:36.0463 5476 Movies By CraigWorks - ok
    22:39:36.0518 5476 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:39:36.0521 5476 MozillaMaintenance - ok
    22:39:36.0534 5476 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:39:36.0538 5476 mpio - ok
    22:39:36.0553 5476 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:39:36.0558 5476 mpsdrv - ok
    22:39:36.0577 5476 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:39:36.0581 5476 MRxDAV - ok
    22:39:36.0627 5476 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:39:36.0629 5476 mrxsmb - ok
    22:39:36.0640 5476 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:39:36.0643 5476 mrxsmb10 - ok
    22:39:36.0651 5476 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:39:36.0657 5476 mrxsmb20 - ok
    22:39:36.0675 5476 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:39:36.0676 5476 msahci - ok
    22:39:36.0690 5476 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:39:36.0692 5476 msdsm - ok
    22:39:36.0708 5476 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:39:36.0712 5476 MSDTC - ok
    22:39:36.0720 5476 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:39:36.0722 5476 Msfs - ok
    22:39:36.0741 5476 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:39:36.0745 5476 mshidkmdf - ok
    22:39:36.0749 5476 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:39:36.0751 5476 msisadrv - ok
    22:39:36.0773 5476 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:39:36.0778 5476 MSiSCSI - ok
    22:39:36.0781 5476 msiserver - ok
    22:39:36.0795 5476 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:39:36.0799 5476 MSKSSRV - ok
    22:39:36.0807 5476 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:39:36.0811 5476 MSPCLOCK - ok
    22:39:36.0814 5476 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:39:36.0818 5476 MSPQM - ok
    22:39:36.0837 5476 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:39:36.0842 5476 MsRPC - ok
    22:39:36.0862 5476 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    22:39:36.0863 5476 mssmbios - ok
    22:39:36.0875 5476 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:39:36.0879 5476 MSTEE - ok
    22:39:36.0890 5476 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    22:39:36.0894 5476 MTConfig - ok
    22:39:36.0902 5476 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:39:36.0905 5476 Mup - ok
    22:39:36.0932 5476 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:39:36.0941 5476 napagent - ok
    22:39:36.0965 5476 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:39:36.0972 5476 NativeWifiP - ok
    22:39:37.0020 5476 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:39:37.0026 5476 NDIS - ok
    22:39:37.0034 5476 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:39:37.0038 5476 NdisCap - ok
    22:39:37.0052 5476 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:39:37.0083 5476 NdisTapi - ok
    22:39:37.0168 5476 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:39:37.0175 5476 Ndisuio - ok
    22:39:37.0357 5476 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:39:37.0361 5476 NdisWan - ok
    22:39:37.0372 5476 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:39:37.0377 5476 NDProxy - ok
    22:39:37.0387 5476 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:39:37.0390 5476 NetBIOS - ok
    22:39:37.0399 5476 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:39:37.0404 5476 NetBT - ok
    22:39:37.0414 5476 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:39:37.0416 5476 Netlogon - ok
    22:39:37.0446 5476 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:39:37.0451 5476 Netman - ok
    22:39:37.0478 5476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:39:37.0482 5476 NetMsmqActivator - ok
    22:39:37.0486 5476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:39:37.0487 5476 NetPipeActivator - ok
    22:39:37.0504 5476 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:39:37.0508 5476 netprofm - ok
    22:39:37.0511 5476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:39:37.0513 5476 NetTcpActivator - ok
    22:39:37.0517 5476 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:39:37.0519 5476 NetTcpPortSharing - ok
    22:39:37.0537 5476 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    22:39:37.0542 5476 nfrd960 - ok
    22:39:37.0559 5476 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:39:37.0563 5476 NlaSvc - ok
    22:39:37.0577 5476 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:39:37.0579 5476 Npfs - ok
    22:39:37.0592 5476 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:39:37.0595 5476 nsi - ok
    22:39:37.0603 5476 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:39:37.0604 5476 nsiproxy - ok
    22:39:37.0670 5476 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:39:37.0706 5476 Ntfs - ok
    22:39:37.0721 5476 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:39:37.0723 5476 Null - ok
    22:39:37.0760 5476 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:39:37.0763 5476 nvraid - ok
    22:39:37.0782 5476 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:39:37.0788 5476 nvstor - ok
    22:39:37.0808 5476 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:39:37.0812 5476 nv_agp - ok
    22:39:37.0824 5476 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:39:37.0828 5476 ohci1394 - ok
    22:39:37.0849 5476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:39:37.0853 5476 p2pimsvc - ok
    22:39:37.0874 5476 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:39:37.0879 5476 p2psvc - ok
    22:39:37.0901 5476 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    22:39:37.0909 5476 Parport - ok
    22:39:37.0929 5476 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:39:37.0930 5476 partmgr - ok
    22:39:37.0982 5476 [ 7C0582921913D00180EC2B8518BA135C ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
    22:39:37.0982 5476 pbfilter - ok
    22:39:37.0995 5476 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:39:37.0998 5476 PcaSvc - ok
    22:39:38.0012 5476 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:39:38.0015 5476 pci - ok
    22:39:38.0030 5476 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:39:38.0032 5476 pciide - ok
    22:39:38.0043 5476 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    22:39:38.0048 5476 pcmcia - ok
    22:39:38.0067 5476 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:39:38.0070 5476 pcw - ok
    22:39:38.0092 5476 pdfcDispatcher - ok
     
  10. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    22:39:38.0115 5476 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:39:38.0122 5476 PEAUTH - ok
    22:39:38.0172 5476 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:39:38.0200 5476 PerfHost - ok
    22:39:38.0269 5476 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:39:38.0305 5476 pla - ok
    22:39:38.0349 5476 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:39:38.0357 5476 PlugPlay - ok
    22:39:38.0373 5476 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:39:38.0376 5476 PNRPAutoReg - ok
    22:39:38.0390 5476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:39:38.0393 5476 PNRPsvc - ok
    22:39:38.0420 5476 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:39:38.0426 5476 PolicyAgent - ok
    22:39:38.0449 5476 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:39:38.0453 5476 Power - ok
    22:39:38.0496 5476 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:39:38.0501 5476 PptpMiniport - ok
    22:39:38.0517 5476 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    22:39:38.0521 5476 Processor - ok
    22:39:38.0563 5476 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:39:38.0567 5476 ProfSvc - ok
    22:39:38.0580 5476 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:39:38.0581 5476 ProtectedStorage - ok
    22:39:38.0601 5476 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:39:38.0604 5476 Psched - ok
    22:39:38.0652 5476 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    22:39:38.0678 5476 ql2300 - ok
    22:39:38.0702 5476 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    22:39:38.0706 5476 ql40xx - ok
    22:39:38.0731 5476 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:39:38.0740 5476 QWAVE - ok
    22:39:38.0756 5476 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:39:38.0758 5476 QWAVEdrv - ok
    22:39:38.0767 5476 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:39:38.0774 5476 RasAcd - ok
    22:39:38.0789 5476 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:39:38.0794 5476 RasAgileVpn - ok
    22:39:38.0803 5476 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:39:38.0811 5476 RasAuto - ok
    22:39:38.0828 5476 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:39:38.0858 5476 Rasl2tp - ok
    22:39:38.0914 5476 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:39:38.0919 5476 RasMan - ok
    22:39:38.0936 5476 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:39:38.0941 5476 RasPppoe - ok
    22:39:38.0953 5476 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:39:38.0956 5476 RasSstp - ok
    22:39:38.0974 5476 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:39:38.0978 5476 rdbss - ok
    22:39:38.0989 5476 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    22:39:38.0993 5476 rdpbus - ok
    22:39:39.0008 5476 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:39:39.0009 5476 RDPCDD - ok
    22:39:39.0034 5476 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:39:39.0036 5476 RDPENCDD - ok
    22:39:39.0040 5476 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:39:39.0042 5476 RDPREFMP - ok
    22:39:39.0220 5476 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:39:39.0229 5476 RDPWD - ok
    22:39:39.0253 5476 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:39:39.0258 5476 rdyboost - ok
    22:39:39.0282 5476 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:39:39.0289 5476 RemoteAccess - ok
    22:39:39.0304 5476 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:39:39.0308 5476 RemoteRegistry - ok
    22:39:39.0337 5476 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    22:39:39.0340 5476 RoxioNow Service - ok
    22:39:39.0348 5476 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:39:39.0352 5476 RpcEptMapper - ok
    22:39:39.0369 5476 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:39:39.0375 5476 RpcLocator - ok
    22:39:39.0392 5476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:39:39.0396 5476 RpcSs - ok
    22:39:39.0416 5476 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:39:39.0423 5476 rspndr - ok
    22:39:39.0483 5476 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:39:39.0490 5476 RTL8167 - ok
    22:39:39.0504 5476 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:39:39.0505 5476 SamSs - ok
    22:39:39.0593 5476 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    22:39:39.0614 5476 SBAMSvc - ok
    22:39:39.0644 5476 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
    22:39:39.0650 5476 sbapifs - ok
    22:39:39.0663 5476 [ 19954328DDA3D656F8A879B3A46FFED6 ] SbFw C:\Windows\system32\drivers\SbFw.sys
    22:39:39.0673 5476 SbFw - ok
    22:39:39.0704 5476 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
    22:39:39.0707 5476 SBFWIMCL - ok
    22:39:39.0711 5476 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
    22:39:39.0713 5476 SBFWIMCLMP - ok
    22:39:39.0724 5476 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
    22:39:39.0753 5476 sbhips - ok
    22:39:39.0791 5476 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:39:39.0794 5476 sbp2port - ok
    22:39:39.0810 5476 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
    22:39:39.0814 5476 SBRE - ok
    22:39:39.0825 5476 [ EAB54ADCCECA64B2F38CD859FB494895 ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
    22:39:39.0831 5476 sbwtis - ok
    22:39:39.0861 5476 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:39:39.0868 5476 SCardSvr - ok
    22:39:39.0884 5476 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:39:39.0888 5476 scfilter - ok
    22:39:39.0915 5476 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:39:39.0942 5476 Schedule - ok
    22:39:39.0961 5476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:39:39.0962 5476 SCPolicySvc - ok
    22:39:39.0979 5476 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:39:39.0986 5476 SDRSVC - ok
    22:39:40.0004 5476 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:39:40.0008 5476 secdrv - ok
    22:39:40.0020 5476 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:39:40.0028 5476 seclogon - ok
    22:39:40.0044 5476 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:39:40.0048 5476 SENS - ok
    22:39:40.0068 5476 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:39:40.0073 5476 SensrSvc - ok
    22:39:40.0084 5476 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    22:39:40.0090 5476 Serenum - ok
    22:39:40.0112 5476 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    22:39:40.0118 5476 Serial - ok
    22:39:40.0131 5476 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    22:39:40.0136 5476 sermouse - ok
    22:39:40.0156 5476 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:39:40.0160 5476 SessionEnv - ok
    22:39:40.0173 5476 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:39:40.0177 5476 sffdisk - ok
    22:39:40.0184 5476 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:39:40.0189 5476 sffp_mmc - ok
    22:39:40.0192 5476 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:39:40.0194 5476 sffp_sd - ok
    22:39:40.0203 5476 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    22:39:40.0205 5476 sfloppy - ok
    22:39:40.0223 5476 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:39:40.0228 5476 ShellHWDetection - ok
    22:39:40.0252 5476 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    22:39:40.0257 5476 SiSRaid2 - ok
    22:39:40.0272 5476 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    22:39:40.0277 5476 SiSRaid4 - ok
    22:39:40.0301 5476 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:39:40.0307 5476 Smb - ok
    22:39:40.0326 5476 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:39:40.0345 5476 SNMPTRAP - ok
    22:39:40.0364 5476 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:39:40.0370 5476 spldr - ok
    22:39:40.0480 5476 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    22:39:40.0484 5476 Spooler - ok
    22:39:40.0547 5476 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:39:40.0567 5476 sppsvc - ok
    22:39:40.0577 5476 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:39:40.0583 5476 sppuinotify - ok
    22:39:40.0645 5476 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:39:40.0650 5476 srv - ok
    22:39:40.0669 5476 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:39:40.0675 5476 srv2 - ok
    22:39:40.0692 5476 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:39:40.0695 5476 srvnet - ok
    22:39:40.0717 5476 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:39:40.0721 5476 SSDPSRV - ok
    22:39:40.0732 5476 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:39:40.0738 5476 SstpSvc - ok
    22:39:40.0750 5476 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    22:39:40.0753 5476 stexstor - ok
    22:39:40.0775 5476 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:39:40.0786 5476 stisvc - ok
    22:39:40.0804 5476 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    22:39:40.0808 5476 swenum - ok
    22:39:40.0953 5476 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    22:39:40.0965 5476 SwitchBoard - ok
    22:39:40.0990 5476 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:39:40.0996 5476 swprv - ok
    22:39:41.0040 5476 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:39:41.0051 5476 SysMain - ok
    22:39:41.0072 5476 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:39:41.0078 5476 TabletInputService - ok
    22:39:41.0131 5476 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:39:41.0192 5476 TapiSrv - ok
    22:39:41.0204 5476 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:39:41.0209 5476 TBS - ok
    22:39:41.0279 5476 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:39:41.0313 5476 Tcpip - ok
    22:39:41.0355 5476 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:39:41.0365 5476 TCPIP6 - ok
    22:39:41.0400 5476 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:39:41.0406 5476 tcpipreg - ok
    22:39:41.0415 5476 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:39:41.0418 5476 TDPIPE - ok
    22:39:41.0456 5476 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:39:41.0461 5476 TDTCP - ok
    22:39:41.0474 5476 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:39:41.0480 5476 tdx - ok
    22:39:41.0502 5476 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    22:39:41.0507 5476 TermDD - ok
    22:39:41.0529 5476 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:39:41.0538 5476 TermService - ok
    22:39:41.0547 5476 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:39:41.0550 5476 Themes - ok
    22:39:41.0571 5476 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:39:41.0573 5476 THREADORDER - ok
    22:39:41.0583 5476 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:39:41.0588 5476 TrkWks - ok
    22:39:41.0630 5476 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:39:41.0631 5476 TrustedInstaller - ok
    22:39:41.0645 5476 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:39:41.0645 5476 tssecsrv - ok
    22:39:41.0657 5476 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:39:41.0661 5476 TsUsbFlt - ok
    22:39:41.0674 5476 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    22:39:41.0678 5476 TsUsbGD - ok
    22:39:41.0700 5476 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:39:41.0708 5476 tunnel - ok
    22:39:41.0721 5476 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    22:39:41.0724 5476 uagp35 - ok
    22:39:41.0741 5476 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:39:41.0747 5476 udfs - ok
    22:39:41.0767 5476 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:39:41.0773 5476 UI0Detect - ok
    22:39:41.0786 5476 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:39:41.0795 5476 uliagpkx - ok
    22:39:41.0804 5476 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    22:39:41.0808 5476 umbus - ok
    22:39:41.0823 5476 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:39:41.0827 5476 UmPass - ok
    22:39:41.0908 5476 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:39:41.0924 5476 UNS - ok
    22:39:41.0966 5476 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:39:41.0971 5476 upnphost - ok
    22:39:42.0010 5476 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:39:42.0015 5476 usbccgp - ok
    22:39:42.0038 5476 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:39:42.0043 5476 usbcir - ok
    22:39:42.0054 5476 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    22:39:42.0055 5476 usbehci - ok
    22:39:42.0070 5476 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:39:42.0075 5476 usbhub - ok
    22:39:42.0112 5476 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    22:39:42.0115 5476 usbohci - ok
    22:39:42.0139 5476 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    22:39:42.0143 5476 usbprint - ok
    22:39:42.0178 5476 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:39:42.0184 5476 USBSTOR - ok
    22:39:42.0197 5476 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:39:42.0201 5476 usbuhci - ok
    22:39:42.0213 5476 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:39:42.0216 5476 UxSms - ok
    22:39:42.0227 5476 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:39:42.0228 5476 VaultSvc - ok
    22:39:42.0247 5476 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:39:42.0249 5476 vdrvroot - ok
    22:39:42.0276 5476 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:39:42.0286 5476 vds - ok
    22:39:42.0290 5476 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:39:42.0292 5476 vga - ok
    22:39:42.0311 5476 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:39:42.0313 5476 VgaSave - ok
    22:39:42.0329 5476 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:39:42.0334 5476 vhdmp - ok
    22:39:42.0355 5476 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:39:42.0360 5476 viaide - ok
    22:39:42.0373 5476 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:39:42.0379 5476 volmgr - ok
    22:39:42.0400 5476 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:39:42.0404 5476 volmgrx - ok
    22:39:42.0421 5476 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:39:42.0425 5476 volsnap - ok
    22:39:42.0441 5476 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    22:39:42.0444 5476 vsmraid - ok
    22:39:42.0480 5476 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:39:42.0520 5476 VSS - ok
    22:39:42.0546 5476 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    22:39:42.0552 5476 vwifibus - ok
    22:39:42.0571 5476 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:39:42.0576 5476 W32Time - ok
    22:39:42.0589 5476 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    22:39:42.0592 5476 WacomPen - ok
    22:39:42.0619 5476 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:39:42.0629 5476 WANARP - ok
    22:39:42.0632 5476 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:39:42.0633 5476 Wanarpv6 - ok
    22:39:42.0685 5476 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:39:42.0728 5476 WatAdminSvc - ok
    22:39:42.0804 5476 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:39:42.0830 5476 wbengine - ok
    22:39:42.0849 5476 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:39:42.0856 5476 WbioSrvc - ok
    22:39:42.0876 5476 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:39:42.0884 5476 wcncsvc - ok
    22:39:42.0904 5476 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:39:42.0910 5476 WcsPlugInService - ok
    22:39:42.0918 5476 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    22:39:42.0923 5476 Wd - ok
    22:39:42.0945 5476 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:39:42.0952 5476 Wdf01000 - ok
    22:39:42.0965 5476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:39:42.0969 5476 WdiServiceHost - ok
    22:39:42.0972 5476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:39:42.0974 5476 WdiSystemHost - ok
    22:39:42.0998 5476 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:39:43.0006 5476 WebClient - ok
    22:39:43.0022 5476 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:39:43.0030 5476 Wecsvc - ok
    22:39:43.0046 5476 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:39:43.0048 5476 wercplsupport - ok
    22:39:43.0202 5476 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:39:43.0208 5476 WerSvc - ok
    22:39:43.0246 5476 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:39:43.0252 5476 WfpLwf - ok
    22:39:43.0298 5476 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:39:43.0300 5476 WIMMount - ok
    22:39:43.0309 5476 WinHttpAutoProxySvc - ok
    22:39:43.0353 5476 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:39:43.0356 5476 Winmgmt - ok
    22:39:43.0400 5476 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:39:43.0438 5476 WinRM - ok
    22:39:43.0496 5476 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:39:43.0598 5476 Wlansvc - ok
    22:39:43.0651 5476 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:39:43.0684 5476 wlcrasvc - ok
    22:39:43.0758 5476 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:39:43.0772 5476 wlidsvc - ok
    22:39:43.0815 5476 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    22:39:43.0818 5476 WmiAcpi - ok
    22:39:43.0840 5476 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:39:43.0872 5476 wmiApSrv - ok
    22:39:43.0920 5476 WMPNetworkSvc - ok
    22:39:43.0931 5476 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:39:43.0936 5476 WPCSvc - ok
    22:39:43.0945 5476 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:39:43.0949 5476 WPDBusEnum - ok
    22:39:43.0968 5476 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:39:43.0974 5476 ws2ifsl - ok
    22:39:43.0993 5476 WSearch - ok
    22:39:44.0008 5476 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:39:44.0027 5476 WudfPf - ok
    22:39:44.0067 5476 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:39:44.0070 5476 WUDFRd - ok
    22:39:44.0080 5476 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:39:44.0083 5476 wudfsvc - ok
    22:39:44.0101 5476 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:39:44.0109 5476 WwanSvc - ok
    22:39:44.0123 5476 ================ Scan global ===============================
    22:39:44.0147 5476 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:39:44.0192 5476 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    22:39:44.0200 5476 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    22:39:44.0222 5476 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:39:44.0266 5476 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
    22:39:44.0276 5476 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
    22:39:44.0276 5476 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
    22:39:44.0276 5476 ================ Scan MBR ==================================
    22:39:44.0286 5476 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    22:39:44.0417 5476 \Device\Harddisk0\DR0 - ok
    22:39:44.0424 5476 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk2\DR2
    22:39:44.0812 5476 \Device\Harddisk2\DR2 - ok
    22:39:44.0814 5476 ================ Scan VBR ==================================
    22:39:44.0843 5476 [ 19057F0570CFE7569B4A563CF0249FAF ] \Device\Harddisk0\DR0\Partition1
    22:39:44.0844 5476 \Device\Harddisk0\DR0\Partition1 - ok
    22:39:44.0855 5476 [ 324949A96C99559ABC93C93378FCE417 ] \Device\Harddisk0\DR0\Partition2
    22:39:44.0856 5476 \Device\Harddisk0\DR0\Partition2 - ok
    22:39:44.0887 5476 [ A84ED8ECB376B51FC0BD88C37DA8E5CA ] \Device\Harddisk0\DR0\Partition3
    22:39:44.0889 5476 \Device\Harddisk0\DR0\Partition3 - ok
    22:39:44.0893 5476 [ 6317A1354FF9C0BA52B2403B0C843926 ] \Device\Harddisk2\DR2\Partition1
    22:39:44.0894 5476 \Device\Harddisk2\DR2\Partition1 - ok
    22:39:44.0895 5476 ============================================================
    22:39:44.0895 5476 Scan finished
    22:39:44.0895 5476 ============================================================
    22:39:44.0904 5748 Detected object count: 1
    22:39:44.0904 5748 Actual detected object count: 1
    22:39:58.0704 5748 C:\Windows\system32\services.exe - copied to quarantine
    22:39:59.0102 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\@ - copied to quarantine
    22:39:59.0145 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\L\00000004.@ - copied to quarantine
    22:39:59.0159 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\L\201d3dde - copied to quarantine
    22:39:59.0198 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\00000004.@ - copied to quarantine
    22:39:59.0236 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\00000008.@ - copied to quarantine
    22:39:59.0243 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\000000cb.@ - copied to quarantine
    22:39:59.0250 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\80000000.@ - copied to quarantine
    22:39:59.0260 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\80000032.@ - copied to quarantine
    22:39:59.0272 5748 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\80000064.@ - copied to quarantine
    22:40:24.0869 5748 Backup copy not found, trying to cure infected file..
    22:40:24.0869 5748 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
    22:40:24.0869 5748 C:\Windows\system32\services.exe - processing error
    22:40:24.0869 5748 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
    22:41:19.0460 3208 ============================================================
    22:41:19.0460 3208 Scan started
    22:41:19.0460 3208 Mode: Manual;
    22:41:19.0460 3208 ============================================================
    22:41:20.0765 3208 ================ Scan system memory ========================
    22:41:20.0765 3208 System memory - ok
    22:41:20.0766 3208 ================ Scan services =============================
    22:41:20.0853 3208 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:41:20.0855 3208 1394ohci - ok
    22:41:20.0890 3208 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:41:20.0892 3208 ACPI - ok
    22:41:20.0906 3208 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:41:20.0906 3208 AcpiPmi - ok
    22:41:21.0020 3208 [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    22:41:21.0027 3208 Ad-Aware Service - ok
    22:41:21.0049 3208 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    22:41:21.0054 3208 adp94xx - ok
    22:41:21.0084 3208 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    22:41:21.0087 3208 adpahci - ok
    22:41:21.0103 3208 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    22:41:21.0104 3208 adpu320 - ok
    22:41:21.0125 3208 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:41:21.0126 3208 AeLookupSvc - ok
    22:41:21.0174 3208 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:41:21.0176 3208 AFD - ok
    22:41:21.0203 3208 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:41:21.0204 3208 agp440 - ok
    22:41:21.0220 3208 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:41:21.0221 3208 ALG - ok
    22:41:21.0234 3208 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:41:21.0235 3208 aliide - ok
    22:41:21.0251 3208 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:41:21.0252 3208 amdide - ok
    22:41:21.0261 3208 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    22:41:21.0262 3208 AmdK8 - ok
    22:41:21.0274 3208 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    22:41:21.0275 3208 AmdPPM - ok
    22:41:21.0310 3208 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:41:21.0311 3208 amdsata - ok
    22:41:21.0335 3208 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    22:41:21.0337 3208 amdsbs - ok
    22:41:21.0352 3208 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:41:21.0353 3208 amdxata - ok
    22:41:21.0377 3208 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:41:21.0380 3208 AppID - ok
    22:41:21.0396 3208 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:41:21.0397 3208 AppIDSvc - ok
    22:41:21.0410 3208 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:41:21.0411 3208 Appinfo - ok
    22:41:21.0487 3208 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:41:21.0488 3208 Apple Mobile Device - ok
    22:41:21.0529 3208 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    22:41:21.0530 3208 arc - ok
    22:41:21.0541 3208 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    22:41:21.0542 3208 arcsas - ok
    22:41:21.0655 3208 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:41:21.0655 3208 aspnet_state - ok
    22:41:21.0670 3208 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:41:21.0670 3208 AsyncMac - ok
    22:41:21.0684 3208 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:41:21.0686 3208 atapi - ok
    22:41:21.0709 3208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:41:21.0713 3208 AudioEndpointBuilder - ok
    22:41:21.0724 3208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:41:21.0729 3208 AudioSrv - ok
    22:41:21.0913 3208 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    22:41:21.0940 3208 AVGIDSAgent - ok
    22:41:21.0988 3208 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    22:41:21.0989 3208 AVGIDSDriver - ok
    22:41:22.0005 3208 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    22:41:22.0006 3208 AVGIDSFilter - ok
    22:41:22.0024 3208 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    22:41:22.0025 3208 AVGIDSHA - ok
    22:41:22.0069 3208 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    22:41:22.0071 3208 Avgldx64 - ok
    22:41:22.0088 3208 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    22:41:22.0089 3208 Avgmfx64 - ok
    22:41:22.0093 3208 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    22:41:22.0094 3208 Avgrkx64 - ok
    22:41:22.0140 3208 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    22:41:22.0142 3208 Avgtdia - ok
    22:41:22.0192 3208 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    22:41:22.0194 3208 avgwd - ok
    22:41:22.0211 3208 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:41:22.0212 3208 AxInstSV - ok
    22:41:22.0238 3208 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    22:41:22.0241 3208 b06bdrv - ok
    22:41:22.0260 3208 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:41:22.0261 3208 b57nd60a - ok
    22:41:22.0287 3208 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:41:22.0288 3208 BDESVC - ok
    22:41:22.0300 3208 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:41:22.0301 3208 Beep - ok
    22:41:22.0314 3208 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    22:41:22.0314 3208 blbdrive - ok
    22:41:22.0373 3208 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:41:22.0376 3208 Bonjour Service - ok
    22:41:22.0394 3208 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:41:22.0395 3208 bowser - ok
    22:41:22.0405 3208 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    22:41:22.0406 3208 BrFiltLo - ok
    22:41:22.0419 3208 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    22:41:22.0420 3208 BrFiltUp - ok
    22:41:22.0468 3208 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:41:22.0469 3208 Browser - ok
    22:41:22.0493 3208 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:41:22.0496 3208 Brserid - ok
    22:41:22.0517 3208 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:41:22.0518 3208 BrSerWdm - ok
    22:41:22.0532 3208 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:41:22.0533 3208 BrUsbMdm - ok
    22:41:22.0541 3208 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:41:22.0541 3208 BrUsbSer - ok
    22:41:22.0551 3208 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    22:41:22.0553 3208 BTHMODEM - ok
    22:41:22.0559 3208 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:41:22.0560 3208 bthserv - ok
    22:41:22.0568 3208 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:41:22.0570 3208 cdfs - ok
    22:41:22.0579 3208 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:41:22.0581 3208 cdrom - ok
    22:41:22.0595 3208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:41:22.0596 3208 CertPropSvc - ok
    22:41:22.0612 3208 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    22:41:22.0612 3208 circlass - ok
    22:41:22.0641 3208 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:41:22.0644 3208 CLFS - ok
    22:41:22.0686 3208 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:41:22.0687 3208 clr_optimization_v2.0.50727_32 - ok
    22:41:22.0718 3208 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:41:22.0719 3208 clr_optimization_v2.0.50727_64 - ok
    22:41:22.0746 3208 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:41:22.0748 3208 clr_optimization_v4.0.30319_32 - ok
    22:41:22.0764 3208 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:41:22.0765 3208 clr_optimization_v4.0.30319_64 - ok
    22:41:22.0777 3208 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    22:41:22.0777 3208 CmBatt - ok
    22:41:22.0788 3208 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:41:22.0789 3208 cmdide - ok
    22:41:22.0839 3208 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    22:41:22.0843 3208 CNG - ok
    22:41:22.0861 3208 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    22:41:22.0863 3208 Compbatt - ok
    22:41:22.0880 3208 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    22:41:22.0881 3208 CompositeBus - ok
    22:41:22.0887 3208 COMSysApp - ok
    22:41:22.0905 3208 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    22:41:22.0905 3208 crcdisk - ok
    22:41:22.0951 3208 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:41:22.0952 3208 CryptSvc - ok
    22:41:22.0975 3208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:41:22.0979 3208 DcomLaunch - ok
    22:41:23.0000 3208 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:41:23.0002 3208 defragsvc - ok
    22:41:23.0020 3208 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:41:23.0021 3208 DfsC - ok
    22:41:23.0034 3208 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:41:23.0036 3208 Dhcp - ok
    22:41:23.0047 3208 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:41:23.0047 3208 discache - ok
    22:41:23.0055 3208 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    22:41:23.0057 3208 Disk - ok
    22:41:23.0098 3208 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:41:23.0100 3208 Dnscache - ok
    22:41:23.0115 3208 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:41:23.0118 3208 dot3svc - ok
    22:41:23.0136 3208 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:41:23.0138 3208 DPS - ok
    22:41:23.0145 3208 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:41:23.0145 3208 drmkaud - ok
    22:41:23.0173 3208 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:41:23.0178 3208 DXGKrnl - ok
    22:41:23.0194 3208 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:41:23.0197 3208 EapHost - ok
    22:41:23.0253 3208 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    22:41:23.0271 3208 ebdrv - ok
    22:41:23.0336 3208 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:41:23.0338 3208 EFS - ok
    22:41:23.0383 3208 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:41:23.0387 3208 ehRecvr - ok
    22:41:23.0402 3208 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:41:23.0403 3208 ehSched - ok
    22:41:23.0434 3208 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    22:41:23.0437 3208 elxstor - ok
    22:41:23.0453 3208 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:41:23.0454 3208 ErrDev - ok
    22:41:23.0472 3208 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:41:23.0475 3208 EventSystem - ok
    22:41:23.0525 3208 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:41:23.0527 3208 exfat - ok
    22:41:23.0554 3208 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:41:23.0560 3208 fastfat - ok
    22:41:23.0589 3208 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:41:23.0594 3208 Fax - ok
    22:41:23.0606 3208 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    22:41:23.0607 3208 fdc - ok
    22:41:23.0642 3208 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:41:23.0643 3208 fdPHost - ok
    22:41:23.0651 3208 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:41:23.0652 3208 FDResPub - ok
    22:41:23.0661 3208 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:41:23.0662 3208 FileInfo - ok
    22:41:23.0678 3208 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:41:23.0678 3208 Filetrace - ok
    22:41:23.0692 3208 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    22:41:23.0693 3208 flpydisk - ok
    22:41:23.0710 3208 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:41:23.0712 3208 FltMgr - ok
    22:41:23.0751 3208 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    22:41:23.0758 3208 FontCache - ok
    22:41:23.0786 3208 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:41:23.0787 3208 FontCache3.0.0.0 - ok
    22:41:23.0798 3208 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:41:23.0798 3208 FsDepends - ok
    22:41:23.0838 3208 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:41:23.0839 3208 Fs_Rec - ok
    22:41:23.0854 3208 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:41:23.0856 3208 fvevol - ok
    22:41:23.0877 3208 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    22:41:23.0878 3208 gagp30kx - ok
    22:41:23.0905 3208 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    22:41:23.0906 3208 GamesAppService - ok
    22:41:23.0936 3208 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:41:23.0937 3208 GEARAspiWDM - ok
    22:41:23.0960 3208 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:41:23.0965 3208 gpsvc - ok
    22:41:23.0980 3208 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:41:23.0981 3208 hcw85cir - ok
    22:41:24.0000 3208 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:41:24.0003 3208 HdAudAddService - ok
    22:41:24.0052 3208 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    22:41:24.0054 3208 HDAudBus - ok
    22:41:24.0069 3208 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    22:41:24.0070 3208 HidBatt - ok
    22:41:24.0084 3208 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    22:41:24.0085 3208 HidBth - ok
    22:41:24.0101 3208 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    22:41:24.0102 3208 HidIr - ok
    22:41:24.0114 3208 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    22:41:24.0115 3208 hidserv - ok
    22:41:24.0134 3208 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:41:24.0135 3208 HidUsb - ok
    22:41:24.0151 3208 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:41:24.0153 3208 hkmsvc - ok
    22:41:24.0169 3208 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:41:24.0172 3208 HomeGroupListener - ok
    22:41:24.0187 3208 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:41:24.0189 3208 HomeGroupProvider - ok
    22:41:24.0273 3208 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    22:41:24.0274 3208 HP Support Assistant Service - ok
    22:41:24.0326 3208 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    22:41:24.0329 3208 HPClientSvc - ok
    22:41:24.0382 3208 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    22:41:24.0383 3208 HPDrvMntSvc.exe - ok
    22:41:24.0440 3208 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    22:41:24.0445 3208 hpqwmiex - ok
    22:41:24.0467 3208 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:41:24.0468 3208 HpSAMD - ok
    22:41:24.0622 3208 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:41:24.0626 3208 HTTP - ok
     
  11. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    22:41:24.0658 3208 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:41:24.0659 3208 hwpolicy - ok
    22:41:24.0676 3208 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    22:41:24.0677 3208 i8042prt - ok
    22:41:24.0769 3208 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
    22:41:24.0773 3208 iaStor - ok
    22:41:24.0792 3208 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:41:24.0795 3208 iaStorV - ok
    22:41:24.0835 3208 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:41:24.0840 3208 idsvc - ok
    22:41:25.0108 3208 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:41:25.0178 3208 igfx - ok
    22:41:25.0217 3208 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    22:41:25.0218 3208 iirsp - ok
    22:41:25.0247 3208 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:41:25.0254 3208 IKEEXT - ok
    22:41:25.0271 3208 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
    22:41:25.0273 3208 Impcd - ok
    22:41:25.0424 3208 [ 91ED47813243B455E2D81115A8255F0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:41:25.0450 3208 IntcAzAudAddService - ok
    22:41:25.0497 3208 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:41:25.0497 3208 intelide - ok
    22:41:25.0507 3208 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    22:41:25.0508 3208 intelppm - ok
    22:41:25.0517 3208 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:41:25.0519 3208 IPBusEnum - ok
    22:41:25.0535 3208 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:41:25.0536 3208 IpFilterDriver - ok
    22:41:25.0553 3208 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:41:25.0554 3208 IPMIDRV - ok
    22:41:25.0569 3208 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:41:25.0571 3208 IPNAT - ok
    22:41:25.0603 3208 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:41:25.0609 3208 iPod Service - ok
    22:41:25.0622 3208 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:41:25.0623 3208 IRENUM - ok
    22:41:25.0641 3208 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:41:25.0642 3208 isapnp - ok
    22:41:25.0664 3208 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:41:25.0666 3208 iScsiPrt - ok
    22:41:25.0672 3208 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:41:25.0673 3208 kbdclass - ok
    22:41:25.0688 3208 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:41:25.0689 3208 kbdhid - ok
    22:41:25.0702 3208 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:41:25.0703 3208 KeyIso - ok
    22:41:25.0742 3208 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:41:25.0743 3208 KSecDD - ok
    22:41:25.0754 3208 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:41:25.0756 3208 KSecPkg - ok
    22:41:25.0768 3208 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:41:25.0769 3208 ksthunk - ok
    22:41:25.0784 3208 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:41:25.0788 3208 KtmRm - ok
    22:41:25.0810 3208 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    22:41:25.0812 3208 LanmanServer - ok
    22:41:25.0818 3208 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:41:25.0821 3208 LanmanWorkstation - ok
    22:41:25.0871 3208 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    22:41:25.0873 3208 LBTServ - ok
    22:41:25.0895 3208 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    22:41:25.0896 3208 LHidFilt - ok
    22:41:25.0905 3208 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:41:25.0907 3208 lltdio - ok
    22:41:25.0927 3208 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:41:25.0948 3208 lltdsvc - ok
    22:41:25.0958 3208 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:41:25.0960 3208 lmhosts - ok
    22:41:25.0970 3208 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    22:41:25.0971 3208 LMouFilt - ok
    22:41:26.0002 3208 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:41:26.0005 3208 LMS - ok
    22:41:26.0019 3208 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    22:41:26.0021 3208 LSI_FC - ok
    22:41:26.0042 3208 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    22:41:26.0043 3208 LSI_SAS - ok
    22:41:26.0057 3208 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    22:41:26.0058 3208 LSI_SAS2 - ok
    22:41:26.0072 3208 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    22:41:26.0073 3208 LSI_SCSI - ok
    22:41:26.0082 3208 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:41:26.0085 3208 luafv - ok
    22:41:26.0115 3208 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
    22:41:26.0116 3208 LUsbFilt - ok
    22:41:26.0131 3208 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:41:26.0132 3208 Mcx2Svc - ok
    22:41:26.0148 3208 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    22:41:26.0149 3208 megasas - ok
    22:41:26.0180 3208 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    22:41:26.0181 3208 MegaSR - ok
    22:41:26.0198 3208 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
    22:41:26.0199 3208 MEIx64 - ok
    22:41:26.0212 3208 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:41:26.0213 3208 MMCSS - ok
    22:41:26.0223 3208 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:41:26.0224 3208 Modem - ok
    22:41:26.0233 3208 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:41:26.0234 3208 monitor - ok
    22:41:26.0247 3208 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:41:26.0248 3208 mouclass - ok
    22:41:26.0253 3208 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:41:26.0254 3208 mouhid - ok
    22:41:26.0264 3208 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:41:26.0265 3208 mountmgr - ok
    22:41:26.0381 3208 [ 07F4AEC305DEF7717CFE0259F334C571 ] Movies By CraigWorks C:\Users\Pat & Sara\Desktop\Movies\craigworks\movies\bin\cwmservice32.exe
    22:41:26.0381 3208 Movies By CraigWorks - ok
    22:41:26.0437 3208 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:41:26.0438 3208 MozillaMaintenance - ok
    22:41:26.0453 3208 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:41:26.0454 3208 mpio - ok
    22:41:26.0463 3208 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:41:26.0464 3208 mpsdrv - ok
    22:41:26.0479 3208 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:41:26.0480 3208 MRxDAV - ok
    22:41:26.0521 3208 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:41:26.0522 3208 mrxsmb - ok
    22:41:26.0534 3208 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:41:26.0536 3208 mrxsmb10 - ok
    22:41:26.0544 3208 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:41:26.0546 3208 mrxsmb20 - ok
    22:41:26.0560 3208 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:41:26.0561 3208 msahci - ok
    22:41:26.0575 3208 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:41:26.0576 3208 msdsm - ok
    22:41:26.0618 3208 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:41:26.0620 3208 MSDTC - ok
    22:41:26.0626 3208 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:41:26.0627 3208 Msfs - ok
    22:41:26.0660 3208 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:41:26.0661 3208 mshidkmdf - ok
    22:41:26.0664 3208 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:41:26.0665 3208 msisadrv - ok
    22:41:26.0700 3208 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:41:26.0702 3208 MSiSCSI - ok
    22:41:26.0705 3208 msiserver - ok
    22:41:26.0721 3208 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:41:26.0722 3208 MSKSSRV - ok
    22:41:26.0734 3208 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:41:26.0735 3208 MSPCLOCK - ok
    22:41:26.0739 3208 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:41:26.0740 3208 MSPQM - ok
    22:41:26.0764 3208 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:41:26.0766 3208 MsRPC - ok
    22:41:26.0789 3208 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    22:41:26.0790 3208 mssmbios - ok
    22:41:26.0802 3208 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:41:26.0803 3208 MSTEE - ok
    22:41:26.0825 3208 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    22:41:26.0826 3208 MTConfig - ok
    22:41:26.0837 3208 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:41:26.0838 3208 Mup - ok
    22:41:26.0869 3208 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:41:26.0873 3208 napagent - ok
    22:41:26.0892 3208 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:41:26.0894 3208 NativeWifiP - ok
    22:41:26.0998 3208 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:41:27.0005 3208 NDIS - ok
    22:41:27.0019 3208 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:41:27.0020 3208 NdisCap - ok
    22:41:27.0029 3208 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:41:27.0029 3208 NdisTapi - ok
    22:41:27.0070 3208 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:41:27.0072 3208 Ndisuio - ok
    22:41:27.0244 3208 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:41:27.0245 3208 NdisWan - ok
    22:41:27.0274 3208 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:41:27.0274 3208 NDProxy - ok
    22:41:27.0314 3208 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:41:27.0315 3208 NetBIOS - ok
    22:41:27.0326 3208 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:41:27.0328 3208 NetBT - ok
    22:41:27.0341 3208 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:41:27.0343 3208 Netlogon - ok
    22:41:27.0365 3208 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:41:27.0369 3208 Netman - ok
    22:41:27.0388 3208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:41:27.0390 3208 NetMsmqActivator - ok
    22:41:27.0394 3208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:41:27.0396 3208 NetPipeActivator - ok
    22:41:27.0414 3208 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:41:27.0419 3208 netprofm - ok
    22:41:27.0425 3208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:41:27.0426 3208 NetTcpActivator - ok
    22:41:27.0430 3208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:41:27.0431 3208 NetTcpPortSharing - ok
    22:41:27.0436 3208 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    22:41:27.0437 3208 nfrd960 - ok
    22:41:27.0478 3208 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:41:27.0481 3208 NlaSvc - ok
    22:41:27.0495 3208 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:41:27.0496 3208 Npfs - ok
    22:41:27.0502 3208 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:41:27.0504 3208 nsi - ok
    22:41:27.0513 3208 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:41:27.0514 3208 nsiproxy - ok
    22:41:27.0622 3208 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:41:27.0632 3208 Ntfs - ok
    22:41:27.0665 3208 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:41:27.0666 3208 Null - ok
    22:41:27.0704 3208 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:41:27.0705 3208 nvraid - ok
    22:41:27.0718 3208 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:41:27.0719 3208 nvstor - ok
    22:41:27.0735 3208 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:41:27.0737 3208 nv_agp - ok
    22:41:27.0751 3208 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:41:27.0753 3208 ohci1394 - ok
    22:41:27.0768 3208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:41:27.0772 3208 p2pimsvc - ok
    22:41:27.0792 3208 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:41:27.0796 3208 p2psvc - ok
    22:41:27.0811 3208 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    22:41:27.0812 3208 Parport - ok
    22:41:27.0838 3208 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:41:27.0839 3208 partmgr - ok
    22:41:27.0875 3208 [ 7C0582921913D00180EC2B8518BA135C ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
    22:41:27.0876 3208 pbfilter - ok
    22:41:27.0888 3208 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:41:27.0891 3208 PcaSvc - ok
    22:41:27.0906 3208 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:41:27.0907 3208 pci - ok
    22:41:27.0915 3208 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:41:27.0916 3208 pciide - ok
    22:41:27.0929 3208 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    22:41:27.0930 3208 pcmcia - ok
    22:41:27.0943 3208 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:41:27.0944 3208 pcw - ok
    22:41:27.0961 3208 pdfcDispatcher - ok
    22:41:27.0985 3208 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:41:27.0989 3208 PEAUTH - ok
    22:41:28.0082 3208 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:41:28.0084 3208 PerfHost - ok
    22:41:28.0126 3208 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:41:28.0137 3208 pla - ok
    22:41:28.0283 3208 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:41:28.0287 3208 PlugPlay - ok
    22:41:28.0301 3208 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:41:28.0303 3208 PNRPAutoReg - ok
    22:41:28.0317 3208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:41:28.0321 3208 PNRPsvc - ok
    22:41:28.0346 3208 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:41:28.0351 3208 PolicyAgent - ok
    22:41:28.0379 3208 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:41:28.0382 3208 Power - ok
    22:41:28.0398 3208 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:41:28.0399 3208 PptpMiniport - ok
    22:41:28.0411 3208 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    22:41:28.0412 3208 Processor - ok
    22:41:28.0449 3208 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:41:28.0451 3208 ProfSvc - ok
    22:41:28.0457 3208 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:41:28.0458 3208 ProtectedStorage - ok
    22:41:28.0468 3208 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:41:28.0470 3208 Psched - ok
    22:41:28.0513 3208 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    22:41:28.0526 3208 ql2300 - ok
    22:41:28.0562 3208 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    22:41:28.0563 3208 ql40xx - ok
    22:41:28.0584 3208 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:41:28.0588 3208 QWAVE - ok
    22:41:28.0601 3208 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:41:28.0602 3208 QWAVEdrv - ok
    22:41:28.0610 3208 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:41:28.0611 3208 RasAcd - ok
    22:41:28.0623 3208 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:41:28.0624 3208 RasAgileVpn - ok
    22:41:28.0697 3208 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:41:28.0699 3208 RasAuto - ok
    22:41:28.0730 3208 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:41:28.0731 3208 Rasl2tp - ok
    22:41:28.0749 3208 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:41:28.0753 3208 RasMan - ok
    22:41:28.0764 3208 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:41:28.0765 3208 RasPppoe - ok
    22:41:28.0780 3208 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:41:28.0781 3208 RasSstp - ok
    22:41:28.0803 3208 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:41:28.0805 3208 rdbss - ok
    22:41:28.0816 3208 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    22:41:28.0817 3208 rdpbus - ok
    22:41:28.0835 3208 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:41:28.0836 3208 RDPCDD - ok
    22:41:28.0845 3208 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:41:28.0845 3208 RDPENCDD - ok
    22:41:28.0852 3208 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:41:28.0853 3208 RDPREFMP - ok
    22:41:28.0913 3208 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:41:28.0915 3208 RDPWD - ok
    22:41:28.0930 3208 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:41:28.0932 3208 rdyboost - ok
    22:41:28.0951 3208 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:41:28.0953 3208 RemoteAccess - ok
    22:41:28.0965 3208 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:41:28.0968 3208 RemoteRegistry - ok
    22:41:28.0998 3208 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    22:41:29.0002 3208 RoxioNow Service - ok
    22:41:29.0017 3208 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:41:29.0018 3208 RpcEptMapper - ok
    22:41:29.0030 3208 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:41:29.0031 3208 RpcLocator - ok
    22:41:29.0054 3208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:41:29.0058 3208 RpcSs - ok
    22:41:29.0160 3208 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:41:29.0161 3208 rspndr - ok
    22:41:29.0395 3208 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:41:29.0400 3208 RTL8167 - ok
    22:41:29.0414 3208 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:41:29.0415 3208 SamSs - ok
    22:41:29.0494 3208 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    22:41:29.0511 3208 SBAMSvc - ok
    22:41:29.0537 3208 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
    22:41:29.0538 3208 sbapifs - ok
    22:41:29.0548 3208 [ 19954328DDA3D656F8A879B3A46FFED6 ] SbFw C:\Windows\system32\drivers\SbFw.sys
    22:41:29.0550 3208 SbFw - ok
    22:41:29.0564 3208 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
    22:41:29.0565 3208 SBFWIMCL - ok
    22:41:29.0572 3208 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
    22:41:29.0573 3208 SBFWIMCLMP - ok
    22:41:29.0585 3208 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
    22:41:29.0586 3208 sbhips - ok
    22:41:29.0602 3208 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:41:29.0603 3208 sbp2port - ok
    22:41:29.0620 3208 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
    22:41:29.0621 3208 SBRE - ok
    22:41:29.0627 3208 [ EAB54ADCCECA64B2F38CD859FB494895 ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
    22:41:29.0628 3208 sbwtis - ok
    22:41:29.0647 3208 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:41:29.0649 3208 SCardSvr - ok
    22:41:29.0661 3208 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:41:29.0662 3208 scfilter - ok
    22:41:29.0685 3208 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:41:29.0692 3208 Schedule - ok
    22:41:29.0713 3208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:41:29.0714 3208 SCPolicySvc - ok
    22:41:29.0731 3208 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:41:29.0735 3208 SDRSVC - ok
    22:41:29.0747 3208 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:41:29.0748 3208 secdrv - ok
    22:41:29.0769 3208 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:41:29.0771 3208 seclogon - ok
    22:41:29.0780 3208 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:41:29.0782 3208 SENS - ok
    22:41:29.0795 3208 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:41:29.0797 3208 SensrSvc - ok
    22:41:29.0811 3208 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    22:41:29.0812 3208 Serenum - ok
    22:41:29.0822 3208 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    22:41:29.0823 3208 Serial - ok
    22:41:29.0834 3208 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    22:41:29.0835 3208 sermouse - ok
    22:41:29.0850 3208 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:41:29.0853 3208 SessionEnv - ok
    22:41:29.0867 3208 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:41:29.0868 3208 sffdisk - ok
    22:41:29.0878 3208 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:41:29.0879 3208 sffp_mmc - ok
    22:41:29.0883 3208 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:41:29.0884 3208 sffp_sd - ok
    22:41:29.0897 3208 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    22:41:29.0898 3208 sfloppy - ok
    22:41:29.0916 3208 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:41:29.0920 3208 ShellHWDetection - ok
    22:41:29.0937 3208 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    22:41:29.0938 3208 SiSRaid2 - ok
    22:41:29.0949 3208 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    22:41:29.0950 3208 SiSRaid4 - ok
    22:41:29.0960 3208 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:41:29.0962 3208 Smb - ok
    22:41:29.0979 3208 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:41:29.0980 3208 SNMPTRAP - ok
    22:41:29.0991 3208 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:41:29.0992 3208 spldr - ok
    22:41:30.0040 3208 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    22:41:30.0045 3208 Spooler - ok
    22:41:30.0112 3208 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:41:30.0132 3208 sppsvc - ok
    22:41:30.0162 3208 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:41:30.0164 3208 sppuinotify - ok
    22:41:30.0206 3208 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:41:30.0209 3208 srv - ok
    22:41:30.0222 3208 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:41:30.0224 3208 srv2 - ok
    22:41:30.0236 3208 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:41:30.0238 3208 srvnet - ok
    22:41:30.0253 3208 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:41:30.0256 3208 SSDPSRV - ok
    22:41:30.0268 3208 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:41:30.0270 3208 SstpSvc - ok
    22:41:30.0286 3208 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    22:41:30.0287 3208 stexstor - ok
    22:41:30.0311 3208 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:41:30.0316 3208 stisvc - ok
    22:41:30.0339 3208 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    22:41:30.0340 3208 swenum - ok
    22:41:30.0413 3208 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    22:41:30.0416 3208 SwitchBoard - ok
    22:41:30.0433 3208 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:41:30.0437 3208 swprv - ok
    22:41:30.0474 3208 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:41:30.0484 3208 SysMain - ok
    22:41:30.0523 3208 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:41:30.0525 3208 TabletInputService - ok
    22:41:30.0540 3208 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:41:30.0543 3208 TapiSrv - ok
    22:41:30.0555 3208 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:41:30.0557 3208 TBS - ok
    22:41:30.0622 3208 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:41:30.0632 3208 Tcpip - ok
    22:41:30.0663 3208 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:41:30.0675 3208 TCPIP6 - ok
    22:41:30.0693 3208 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:41:30.0694 3208 tcpipreg - ok
    22:41:30.0708 3208 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:41:30.0709 3208 TDPIPE - ok
    22:41:30.0750 3208 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:41:30.0752 3208 TDTCP - ok
    22:41:30.0759 3208 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:41:30.0760 3208 tdx - ok
    22:41:30.0778 3208 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    22:41:30.0779 3208 TermDD - ok
    22:41:30.0798 3208 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:41:30.0804 3208 TermService - ok
    22:41:30.0815 3208 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:41:30.0818 3208 Themes - ok
    22:41:30.0840 3208 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:41:30.0841 3208 THREADORDER - ok
    22:41:30.0852 3208 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:41:30.0855 3208 TrkWks - ok
    22:41:30.0898 3208 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:41:30.0900 3208 TrustedInstaller - ok
    22:41:30.0905 3208 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:41:30.0906 3208 tssecsrv - ok
    22:41:30.0917 3208 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:41:30.0919 3208 TsUsbFlt - ok
    22:41:30.0935 3208 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    22:41:30.0936 3208 TsUsbGD - ok
    22:41:30.0952 3208 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:41:30.0953 3208 tunnel - ok
    22:41:30.0981 3208 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    22:41:30.0982 3208 uagp35 - ok
    22:41:31.0001 3208 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:41:31.0003 3208 udfs - ok
    22:41:31.0019 3208 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:41:31.0022 3208 UI0Detect - ok
    22:41:31.0037 3208 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:41:31.0038 3208 uliagpkx - ok
    22:41:31.0042 3208 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    22:41:31.0043 3208 umbus - ok
    22:41:31.0050 3208 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:41:31.0051 3208 UmPass - ok
    22:41:31.0143 3208 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:41:31.0160 3208 UNS - ok
    22:41:31.0185 3208 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:41:31.0188 3208 upnphost - ok
    22:41:31.0228 3208 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:41:31.0229 3208 usbccgp - ok
    22:41:31.0248 3208 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:41:31.0250 3208 usbcir - ok
    22:41:31.0297 3208 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    22:41:31.0298 3208 usbehci - ok
    22:41:31.0313 3208 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:41:31.0315 3208 usbhub - ok
    22:41:31.0330 3208 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    22:41:31.0331 3208 usbohci - ok
    22:41:31.0350 3208 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    22:41:31.0352 3208 usbprint - ok
    22:41:31.0363 3208 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:41:31.0364 3208 USBSTOR - ok
    22:41:31.0374 3208 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:41:31.0375 3208 usbuhci - ok
    22:41:31.0390 3208 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:41:31.0391 3208 UxSms - ok
    22:41:31.0403 3208 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:41:31.0405 3208 VaultSvc - ok
    22:41:31.0424 3208 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:41:31.0425 3208 vdrvroot - ok
    22:41:31.0454 3208 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:41:31.0458 3208 vds - ok
    22:41:31.0478 3208 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:41:31.0479 3208 vga - ok
    22:41:31.0496 3208 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:41:31.0497 3208 VgaSave - ok
    22:41:31.0514 3208 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:41:31.0515 3208 vhdmp - ok
    22:41:31.0532 3208 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:41:31.0534 3208 viaide - ok
    22:41:31.0539 3208 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:41:31.0540 3208 volmgr - ok
    22:41:31.0560 3208 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:41:31.0562 3208 volmgrx - ok
    22:41:31.0581 3208 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:41:31.0584 3208 volsnap - ok
    22:41:31.0602 3208 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    22:41:31.0604 3208 vsmraid - ok
    22:41:31.0641 3208 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:41:31.0654 3208 VSS - ok
    22:41:31.0673 3208 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    22:41:31.0674 3208 vwifibus - ok
    22:41:31.0689 3208 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:41:31.0693 3208 W32Time - ok
    22:41:31.0708 3208 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    22:41:31.0709 3208 WacomPen - ok
    22:41:31.0721 3208 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:41:31.0722 3208 WANARP - ok
    22:41:31.0726 3208 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:41:31.0727 3208 Wanarpv6 - ok
    22:41:31.0770 3208 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:41:31.0777 3208 WatAdminSvc - ok
    22:41:31.0856 3208 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:41:31.0866 3208 wbengine - ok
    22:41:31.0893 3208 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:41:31.0896 3208 WbioSrvc - ok
    22:41:31.0912 3208 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:41:31.0917 3208 wcncsvc - ok
    22:41:31.0939 3208 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:41:31.0941 3208 WcsPlugInService - ok
    22:41:31.0978 3208 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    22:41:31.0979 3208 Wd - ok
    22:41:32.0040 3208 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:41:32.0046 3208 Wdf01000 - ok
    22:41:32.0058 3208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:41:32.0062 3208 WdiServiceHost - ok
    22:41:32.0070 3208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:41:32.0073 3208 WdiSystemHost - ok
    22:41:32.0092 3208 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:41:32.0095 3208 WebClient - ok
    22:41:32.0107 3208 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:41:32.0110 3208 Wecsvc - ok
    22:41:32.0131 3208 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:41:32.0134 3208 wercplsupport - ok
    22:41:32.0146 3208 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:41:32.0148 3208 WerSvc - ok
    22:41:32.0156 3208 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:41:32.0157 3208 WfpLwf - ok
    22:41:32.0173 3208 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:41:32.0174 3208 WIMMount - ok
    22:41:32.0180 3208 WinHttpAutoProxySvc - ok
    22:41:32.0230 3208 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:41:32.0232 3208 Winmgmt - ok
    22:41:32.0278 3208 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:41:32.0301 3208 WinRM - ok
    22:41:32.0357 3208 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:41:32.0363 3208 Wlansvc - ok
    22:41:32.0403 3208 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:41:32.0403 3208 wlcrasvc - ok
    22:41:32.0479 3208 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:41:32.0492 3208 wlidsvc - ok
    22:41:32.0509 3208 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    22:41:32.0510 3208 WmiAcpi - ok
    22:41:32.0543 3208 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:41:32.0544 3208 wmiApSrv - ok
    22:41:32.0564 3208 WMPNetworkSvc - ok
    22:41:32.0575 3208 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:41:32.0577 3208 WPCSvc - ok
    22:41:32.0598 3208 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:41:32.0600 3208 WPDBusEnum - ok
    22:41:32.0621 3208 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:41:32.0622 3208 ws2ifsl - ok
    22:41:32.0634 3208 WSearch - ok
    22:41:32.0661 3208 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:41:32.0662 3208 WudfPf - ok
    22:41:32.0677 3208 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:41:32.0679 3208 WUDFRd - ok
    22:41:32.0690 3208 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:41:32.0692 3208 wudfsvc - ok
    22:41:32.0712 3208 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:41:32.0715 3208 WwanSvc - ok
    22:41:32.0722 3208 ================ Scan global ===============================
    22:41:32.0741 3208 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:41:32.0786 3208 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    22:41:32.0793 3208 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    22:41:32.0817 3208 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:41:32.0861 3208 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
    22:41:32.0876 3208 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
    22:41:32.0876 3208 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
    22:41:32.0877 3208 ================ Scan MBR ==================================
    22:41:32.0889 3208 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    22:41:33.0041 3208 \Device\Harddisk0\DR0 - ok
    22:41:33.0049 3208 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk2\DR2
    22:41:33.0451 3208 \Device\Harddisk2\DR2 - ok
    22:41:33.0453 3208 ================ Scan VBR ==================================
    22:41:33.0496 3208 [ 19057F0570CFE7569B4A563CF0249FAF ] \Device\Harddisk0\DR0\Partition1
    22:41:33.0498 3208 \Device\Harddisk0\DR0\Partition1 - ok
    22:41:33.0507 3208 [ 324949A96C99559ABC93C93378FCE417 ] \Device\Harddisk0\DR0\Partition2
    22:41:33.0509 3208 \Device\Harddisk0\DR0\Partition2 - ok
    22:41:33.0540 3208 [ A84ED8ECB376B51FC0BD88C37DA8E5CA ] \Device\Harddisk0\DR0\Partition3
    22:41:33.0546 3208 \Device\Harddisk0\DR0\Partition3 - ok
    22:41:33.0553 3208 [ 6317A1354FF9C0BA52B2403B0C843926 ] \Device\Harddisk2\DR2\Partition1
    22:41:33.0555 3208 \Device\Harddisk2\DR2\Partition1 - ok
    22:41:33.0555 3208 ============================================================
    22:41:33.0555 3208 Scan finished
    22:41:33.0555 3208 ============================================================
    22:41:33.0564 2996 Detected object count: 1
    22:41:33.0564 2996 Actual detected object count: 1
    22:41:35.0862 2996 C:\Windows\system32\services.exe - copied to quarantine
    22:41:35.0960 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\@ - copied to quarantine
    22:41:35.0965 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\L\00000004.@ - copied to quarantine
    22:41:35.0970 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\L\201d3dde - copied to quarantine
    22:41:35.0974 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\00000004.@ - copied to quarantine
    22:41:35.0978 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\00000008.@ - copied to quarantine
    22:41:35.0984 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\000000cb.@ - copied to quarantine
    22:41:35.0988 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\80000000.@ - copied to quarantine
    22:41:35.0992 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\80000032.@ - copied to quarantine
    22:41:35.0996 2996 C:\Windows\installer\{343ef29f-d340-748f-275c-073a130885d2}\U\80000064.@ - copied to quarantine
    22:41:38.0374 2996 Backup copy not found, trying to cure infected file..
    22:41:38.0374 2996 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
    22:41:38.0374 2996 C:\Windows\system32\services.exe - processing error
    22:41:38.0374 2996 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
     
     
  12. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    RogueKiller:
    (It did ask me to restart, and upon getting back into Windows, 2 reports were on my desktop.)

    Rkreport[1]:

    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Pat & Sara [Admin rights]
    Mode : Scan -- Date : 09/26/2012 23:01:18

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Logitech Desktop Messenger (C:\Users\PAT&SA~1\AppData\Local\Temp\ins1.tmp\LDMClient.exe -ReportOnly) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1671991594-1656487196-823088330-1000[...]\Run : Logitech Desktop Messenger (C:\Users\PAT&SA~1\AppData\Local\Temp\ins1.tmp\LDMClient.exe -ReportOnly) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31000524AS +++++
    --- User ---
    [MBR] 3fc967055c6a49698c442b61a7e03d02
    [BSP] b3339f62f996d17a3aba6f170af4f029 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942033 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1929490432 | Size: 11734 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 23e75a1d2cacf984a35a1a471ce73ab1
    [BSP] 1cf7bcbf49b28ca6d459fffe4ab7d8a7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

    +++++ PhysicalDrive2: Kingston DataTraveler 2.0 USB Device +++++
    --- User ---
    [MBR] 32c795fdaea844c5662ebe6140b91bc3
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  13. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    RKreport[2]:

    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Pat & Sara [Admin rights]
    Mode : Scan -- Date : 09/26/2012 23:01:36

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Logitech Desktop Messenger (C:\Users\PAT&SA~1\AppData\Local\Temp\ins1.tmp\LDMClient.exe -ReportOnly) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1671991594-1656487196-823088330-1000[...]\Run : Logitech Desktop Messenger (C:\Users\PAT&SA~1\AppData\Local\Temp\ins1.tmp\LDMClient.exe -ReportOnly) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31000524AS +++++
    --- User ---
    [MBR] 3fc967055c6a49698c442b61a7e03d02
    [BSP] b3339f62f996d17a3aba6f170af4f029 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942033 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1929490432 | Size: 11734 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 23e75a1d2cacf984a35a1a471ce73ab1
    [BSP] 1cf7bcbf49b28ca6d459fffe4ab7d8a7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

    +++++ PhysicalDrive2: Kingston DataTraveler 2.0 USB Device +++++
    --- User ---
    [MBR] 32c795fdaea844c5662ebe6140b91bc3
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  14. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Fresh aswMBR log?
     
  15. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    Here it is!
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-27 05:20:28
    -----------------------------
    05:20:28.150 OS Version: Windows x64 6.1.7601 Service Pack 1
    05:20:28.150 Number of processors: 2 586 0x2A07
    05:20:28.151 ComputerName: PATSARA-HP UserName: Pat & Sara
    05:20:31.907 Initialize success
    05:21:20.647 AVAST engine defs: 12092700
    05:21:38.880 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    05:21:38.882 Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 3
    05:21:38.897 Disk 0 MBR read successfully
    05:21:38.900 Disk 0 MBR scan
    05:21:38.905 Disk 0 Windows 7 default MBR code
    05:21:38.912 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    05:21:38.924 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942033 MB offset 206848
    05:21:38.956 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11734 MB offset 1929490432
    05:21:39.010 Disk 0 scanning C:\Windows\system32\drivers
    05:21:54.148 Service scanning
    05:22:09.532 Modules scanning
    05:22:09.540 Disk 0 trace - called modules:
    05:22:09.547 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    05:22:09.878 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006e42410]
    05:22:09.883 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004aba050]
    05:22:18.707 AVAST engine scan C:\Windows
    05:22:21.854 AVAST engine scan C:\Windows\system32
    05:25:28.197 AVAST engine scan C:\Windows\system32\drivers
    05:25:38.701 AVAST engine scan C:\Users\Pat & Sara
    05:27:41.594 File: C:\Users\Pat & Sara\AppData\Local\Temp\67e81a4d.dll **INFECTED** Win32:Trojan-gen
    05:27:43.149 File: C:\Users\Pat & Sara\AppData\Local\Temp\bssf8uo1tjyf7ymr.exe **INFECTED** Win32:Andromeda-B [Trj]
    05:28:05.715 File: C:\Users\Pat & Sara\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2783a20a-3e52daed **INFECTED** Win32:Andromeda-B [Trj]
    05:41:24.053 AVAST engine scan C:\ProgramData
    05:43:39.349 Scan finished successfully
    08:37:32.204 Disk 0 MBR has been saved successfully to "C:\Users\Pat & Sara\Desktop\MBR.dat"
    08:37:32.211 The log file has been saved successfully to "C:\Users\Pat & Sara\Desktop\aswMBR.txt"
     
  16. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  17. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    FRST.txt:


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012
    Ran by SYSTEM at 27-09-2012 20:32:09
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" [200560 2011-12-19] (GFI Software)
    HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKU\Mcx1-PATSARA-HP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Startup: C:\Users\Pat & Sara\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

    ==================== Services (Whitelisted) ===================

    2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1226096 2012-05-03] (Lavasoft Limited)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 Movies By CraigWorks; C:\Users\Pat & Sara\Desktop\Movies\craigworks\movies\bin\cwmservice32.exe [14336 2012-07-15] ()
    2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-19] (GFI Software)

    ==================== Drivers (Whitelisted) =====================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
    1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-27 04:37 - 2012-09-27 04:37 - 00002302 ____A C:\Users\Pat & Sara\Desktop\aswMBR.txt
    2012-09-27 04:37 - 2012-09-27 04:37 - 00000512 ____A C:\Users\Pat & Sara\Desktop\MBR.dat
    2012-09-26 19:08 - 2012-09-26 19:09 - 04731392 ____A (AVAST Software) C:\Users\Pat & Sara\Desktop\aswMBR.exe
    2012-09-26 19:02 - 2012-09-26 19:02 - 00004710 ____A C:\Users\Pat & Sara\Desktop\RKreport[3].txt
    2012-09-26 19:01 - 2012-09-26 19:01 - 00003731 ____A C:\Users\Pat & Sara\Desktop\RKreport[2].txt
    2012-09-26 19:01 - 2012-09-26 19:01 - 00003713 ____A C:\Users\Pat & Sara\Desktop\RKreport[1].txt
    2012-09-26 19:00 - 2012-09-26 19:01 - 00000000 ____D C:\Users\Pat & Sara\Desktop\RK_Quarantine
    2012-09-26 18:51 - 2012-09-26 18:51 - 01391616 ____A C:\Users\Pat & Sara\Desktop\RogueKiller.exe
    2012-09-26 18:39 - 2012-09-26 18:39 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-09-26 18:38 - 2012-09-26 18:38 - 02193278 ____A C:\Users\Pat & Sara\Desktop\tdsskiller.zip
    2012-09-26 18:38 - 2012-09-17 15:25 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Pat & Sara\Desktop\TDSSKiller.exe
    2012-09-26 18:38 - 2010-12-31 21:14 - 00002254 ___RA C:\Users\Pat & Sara\Desktop\eula.txt
    2012-09-26 02:23 - 2012-09-26 02:23 - 00002597 ____A C:\Users\Pat & Sara\Documents\aswMBR.txt
    2012-09-26 02:23 - 2012-09-26 02:23 - 00000512 ____A C:\Users\Pat & Sara\Documents\MBR.dat
    2012-09-20 22:48 - 2012-09-20 22:48 - 00000000 ____D C:\FRST
    2012-09-20 19:52 - 2012-09-20 19:52 - 00607260 ____R (Swearware) C:\Users\Pat & Sara\Downloads\dds.scr
    2012-09-20 19:52 - 2012-09-20 19:52 - 00607260 ____R (Swearware) C:\Users\Pat & Sara\Downloads\dds(2).com
    2012-09-20 19:50 - 2012-09-20 19:50 - 00607260 ____A (Swearware) C:\Users\Pat & Sara\Downloads\dds(1).com
    2012-09-20 19:48 - 2012-09-20 19:48 - 00607260 ____R (Swearware) C:\Users\Pat & Sara\Desktop\dds.com
    2012-09-20 19:46 - 2012-09-20 19:46 - 00000000 ____A C:\Users\Pat & Sara\Desktop\ggg.log
    2012-09-20 19:44 - 2012-09-20 19:44 - 00000000 ____A C:\Users\Pat & Sara\Desktop\gmer.log
    2012-09-20 19:37 - 2012-09-20 19:37 - 00302592 ____A C:\Users\Pat & Sara\Downloads\wr52w7os.exe
    2012-09-20 18:43 - 2012-09-20 18:43 - 01454509 ____A (Farbar) C:\Users\Pat & Sara\Downloads\FRST64.exe
    2012-09-20 07:27 - 2012-09-20 07:27 - 00000000 ____D C:\Users\Pat & Sara\AppData\Roaming\Malwarebytes
    2012-09-20 07:26 - 2012-09-20 07:27 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-20 07:26 - 2012-09-20 07:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-20 07:26 - 2012-09-20 07:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-20 07:26 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-20 07:23 - 2012-09-20 07:24 - 00000024 ____A C:\users\PAT
    2012-09-20 07:23 - 2012-09-20 07:23 - 01008141 ____A C:\Users\Pat & Sara\Downloads\rkill.com
    2012-09-20 07:23 - 2012-09-20 07:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-09-20 07:11 - 2012-09-20 07:15 - 83023306 ___AT C:\Users\All Users\d4a18e76.pad
    2012-09-20 06:41 - 2012-09-20 06:57 - 00000000 ____D C:\Users\Pat & Sara\Downloads\The Wall
    2012-09-20 06:38 - 2012-09-20 06:39 - 367730880 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E06.HDTV.XviD-P0W4.avi
    2012-09-20 06:38 - 2012-09-20 06:39 - 367174838 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E05.Brick.HDTV.XviD-FQM.[VTV].avi
    2012-09-20 06:38 - 2012-09-20 06:39 - 366972682 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E10.HDTV.XviD-ASAP.avi
    2012-09-20 06:38 - 2012-09-20 06:39 - 366878526 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E08.HDTV.XviD-ASAP.avi
    2012-09-20 06:38 - 2012-09-20 06:38 - 367014792 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E03.HDTV.XviD-ASAP.avi
    2012-09-18 19:55 - 2012-09-20 06:38 - 367728798 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E02.HDTV.XviD-P0W4.avi
    2012-09-18 19:53 - 2012-09-20 06:38 - 576638624 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E01.Out.HDTV.XviD-ASAP.avi
    2012-09-18 19:49 - 2012-09-20 06:37 - 576424856 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E13.NS.HDTV.XviD-FQM.avi
    2012-09-18 19:43 - 2012-09-18 19:49 - 366584958 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E12.HDTV.XviD-FEVER.avi
    2012-09-18 19:42 - 2012-09-18 19:52 - 367149636 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E09.Turas.HDTV.XviD-FQM.avi
    2012-09-18 19:33 - 2012-09-18 19:42 - 367487850 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E07.Widening.Gyre.HDTV.XviD-FQM.avi
    2012-09-18 19:31 - 2012-09-20 06:38 - 00000000 ____D C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E04.HDTV.XviD-P0W4
    2012-09-18 19:31 - 2012-09-18 19:51 - 00000000 ____D C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM
    2012-09-18 19:30 - 2012-09-18 19:41 - 576724088 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E01.So.HDTV.XviD-FQM.avi
    2012-09-18 19:30 - 2012-09-18 19:35 - 00000000 ____D C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E06.The.Push.HDTV.XviD-FQM
    2012-09-18 19:19 - 2012-09-18 19:34 - 1451479089 ____A C:\Users\Pat & Sara\Downloads\Boardwalk.Empire.S03E01.720p.HDTV.x264-EVOLVE.mkv
    2012-09-18 19:18 - 2012-09-18 19:18 - 00000000 ____D C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S05E01.HDTV.XviD-AFG
    2012-09-11 20:08 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-11 20:08 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-09-11 20:08 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-11 20:08 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-09-11 20:08 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-11 20:08 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-09-11 20:08 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-09-08 12:47 - 2012-09-08 12:49 - 00000000 ____D C:\Users\Pat & Sara\Desktop\Les Miserables (symphonic)
    2012-09-08 12:32 - 2012-09-08 12:33 - 00000000 ____D C:\Users\Pat & Sara\Desktop\Les Miserables - Original London Cast
    2012-09-08 12:18 - 2012-09-08 13:55 - 2668031063 ____A C:\Users\Pat & Sara\Desktop\Lord Of War 2005 720p BRRip x264 aac vice.mkv
    2012-09-08 12:18 - 2012-09-08 12:20 - 00000000 ____D C:\Users\Pat & Sara\Desktop\Les Miserables_25th Anniversary Concert_MP3
    2012-09-08 12:18 - 2012-09-08 12:18 - 00000000 ____D C:\Users\Pat & Sara\Desktop\Les Miserables (1985 Original London)

    ==================== 3 Months Modified Files ==================

    2012-09-27 16:28 - 2012-06-22 18:38 - 00001870 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2012-09-27 16:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-27 16:27 - 2009-07-13 20:51 - 00056942 ____A C:\Windows\setupact.log
    2012-09-27 16:26 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-27 16:26 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-27 16:24 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-27 04:37 - 2012-09-27 04:37 - 00002302 ____A C:\Users\Pat & Sara\Desktop\aswMBR.txt
    2012-09-27 04:37 - 2012-09-27 04:37 - 00000512 ____A C:\Users\Pat & Sara\Desktop\MBR.dat
    2012-09-26 19:44 - 2011-09-15 12:11 - 00322057 ____N C:\Windows\Minidump\092612-28704-01.dmp
    2012-09-26 19:09 - 2012-09-26 19:08 - 04731392 ____A (AVAST Software) C:\Users\Pat & Sara\Desktop\aswMBR.exe
    2012-09-26 19:02 - 2012-09-26 19:02 - 00004710 ____A C:\Users\Pat & Sara\Desktop\RKreport[3].txt
    2012-09-26 19:01 - 2012-09-26 19:01 - 00003731 ____A C:\Users\Pat & Sara\Desktop\RKreport[2].txt
    2012-09-26 19:01 - 2012-09-26 19:01 - 00003713 ____A C:\Users\Pat & Sara\Desktop\RKreport[1].txt
    2012-09-26 18:51 - 2012-09-26 18:51 - 01391616 ____A C:\Users\Pat & Sara\Desktop\RogueKiller.exe
    2012-09-26 18:38 - 2012-09-26 18:38 - 02193278 ____A C:\Users\Pat & Sara\Desktop\tdsskiller.zip
    2012-09-26 02:23 - 2012-09-26 02:23 - 00002597 ____A C:\Users\Pat & Sara\Documents\aswMBR.txt
    2012-09-26 02:23 - 2012-09-26 02:23 - 00000512 ____A C:\Users\Pat & Sara\Documents\MBR.dat
    2012-09-20 19:52 - 2012-09-20 19:52 - 00607260 ____R (Swearware) C:\Users\Pat & Sara\Downloads\dds.scr
    2012-09-20 19:52 - 2012-09-20 19:52 - 00607260 ____R (Swearware) C:\Users\Pat & Sara\Downloads\dds(2).com
    2012-09-20 19:50 - 2012-09-20 19:50 - 00607260 ____A (Swearware) C:\Users\Pat & Sara\Downloads\dds(1).com
    2012-09-20 19:48 - 2012-09-20 19:48 - 00607260 ____R (Swearware) C:\Users\Pat & Sara\Desktop\dds.com
    2012-09-20 19:46 - 2012-09-20 19:46 - 00000000 ____A C:\Users\Pat & Sara\Desktop\ggg.log
    2012-09-20 19:44 - 2012-09-20 19:44 - 00000000 ____A C:\Users\Pat & Sara\Desktop\gmer.log
    2012-09-20 19:37 - 2012-09-20 19:37 - 00302592 ____A C:\Users\Pat & Sara\Downloads\wr52w7os.exe
    2012-09-20 18:43 - 2012-09-20 18:43 - 01454509 ____A (Farbar) C:\Users\Pat & Sara\Downloads\FRST64.exe
    2012-09-20 08:18 - 2010-11-20 19:47 - 00347682 ____A C:\Windows\PFRO.log
    2012-09-20 07:27 - 2012-09-20 07:26 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-20 07:24 - 2012-09-20 07:23 - 00000024 ____A C:\users\PAT
    2012-09-20 07:23 - 2012-09-20 07:23 - 01008141 ____A C:\Users\Pat & Sara\Downloads\rkill.com
    2012-09-20 07:15 - 2012-09-20 07:11 - 83023306 ___AT C:\Users\All Users\d4a18e76.pad
    2012-09-20 07:14 - 2011-12-30 16:53 - 00000258 _RASH C:\Users\All Users\ntuser.pol
    2012-09-20 07:11 - 2011-12-24 07:09 - 01772441 ____A C:\Windows\WindowsUpdate.log
    2012-09-20 07:00 - 2012-08-02 09:35 - 845693372 ____A C:\Users\Pat & Sara\Downloads\Lady.Gaga-Medley.and.Interview.X-Factor.France.2011.ts
    2012-09-20 06:39 - 2012-09-20 06:38 - 367730880 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E06.HDTV.XviD-P0W4.avi
    2012-09-20 06:39 - 2012-09-20 06:38 - 367174838 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E05.Brick.HDTV.XviD-FQM.[VTV].avi
    2012-09-20 06:39 - 2012-09-20 06:38 - 366972682 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E10.HDTV.XviD-ASAP.avi
    2012-09-20 06:39 - 2012-09-20 06:38 - 366878526 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E08.HDTV.XviD-ASAP.avi
    2012-09-20 06:38 - 2012-09-20 06:38 - 367014792 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E03.HDTV.XviD-ASAP.avi
    2012-09-20 06:38 - 2012-09-18 19:55 - 367728798 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E02.HDTV.XviD-P0W4.avi
    2012-09-20 06:38 - 2012-09-18 19:53 - 576638624 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S04E01.Out.HDTV.XviD-ASAP.avi
    2012-09-20 06:37 - 2012-09-18 19:49 - 576424856 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E13.NS.HDTV.XviD-FQM.avi
    2012-09-18 19:52 - 2012-09-18 19:42 - 367149636 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E09.Turas.HDTV.XviD-FQM.avi
    2012-09-18 19:49 - 2012-09-18 19:43 - 366584958 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E12.HDTV.XviD-FEVER.avi
    2012-09-18 19:42 - 2012-09-18 19:33 - 367487850 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E07.Widening.Gyre.HDTV.XviD-FQM.avi
    2012-09-18 19:41 - 2012-09-18 19:30 - 576724088 ____A C:\Users\Pat & Sara\Downloads\Sons.of.Anarchy.S03E01.So.HDTV.XviD-FQM.avi
    2012-09-18 19:34 - 2012-09-18 19:19 - 1451479089 ____A C:\Users\Pat & Sara\Downloads\Boardwalk.Empire.S03E01.720p.HDTV.x264-EVOLVE.mkv
    2012-09-17 19:04 - 2012-01-08 11:42 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForPat & Sara.job
    2012-09-17 15:25 - 2012-09-26 18:38 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Pat & Sara\Desktop\TDSSKiller.exe
    2012-09-12 19:10 - 2012-09-12 18:45 - 1425998766 ____A C:\Users\Pat & Sara\Desktop\Gangsters Guns Zombies 2012 480p BRRip XViD AC3-LEGi0N (1).avi
    2012-09-11 23:00 - 2011-12-29 23:36 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-08 13:55 - 2012-09-08 12:18 - 2668031063 ____A C:\Users\Pat & Sara\Desktop\Lord Of War 2005 720p BRRip x264 aac vice.mkv
    2012-09-07 13:04 - 2012-09-20 07:26 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-08-22 10:12 - 2012-09-11 20:08 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-11 20:08 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-11 20:08 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-11 20:08 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-17 21:17 - 2009-07-13 20:45 - 04826928 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-02 09:58 - 2012-09-11 20:08 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-11 20:08 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-08-02 06:52 - 2012-08-02 06:52 - 00009881 ____A C:\Users\Pat & Sara\Downloads\0D76F5999581DD6034B68B90FF73DB2E2E7A6278.torrent
    2012-08-02 06:28 - 2012-08-02 06:28 - 00028949 ____A C:\Users\Pat & Sara\Downloads\4D699B306A4BBE22D716D2A762B2CFB2BD8DD384.torrent
    2012-08-02 06:12 - 2012-08-02 06:12 - 00077435 ____A C:\Users\Pat & Sara\Downloads\4E582CA661C212D705459269B2E64908BAF6586A.torrent
    2012-08-02 06:10 - 2012-08-02 06:10 - 00010996 ____A C:\Users\Pat & Sara\Downloads\3A597EA14652D477C42A1772D288DE062A10DB42.torrent
    2012-07-28 17:31 - 2012-07-28 17:31 - 00059821 ____A C:\Users\Pat & Sara\Downloads\DBAFE221BBC1C760702001FB5E2CF8D613291396.torrent
    2012-07-28 17:31 - 2012-07-28 17:31 - 00051480 ____A C:\Users\Pat & Sara\Downloads\BE706A53BB21359258662A5354034C4A46B2ED23.torrent
    2012-07-28 17:31 - 2012-07-28 17:31 - 00050284 ____A C:\Users\Pat & Sara\Downloads\AABB8A868A5F88A790F52F3EB8FF4B6105E2436D.torrent
    2012-07-28 17:31 - 2012-07-28 17:31 - 00034699 ____A C:\Users\Pat & Sara\Downloads\780BCB1A6370AA97689F86B6F33A05533B0A0BE1.torrent
    2012-07-28 17:30 - 2012-07-28 17:30 - 00062479 ____A C:\Users\Pat & Sara\Downloads\F02925B27F0C19DCDBDC617F95A75504977E02DA.torrent
    2012-07-26 05:11 - 2012-07-26 05:11 - 00114194 ____A C:\Users\Pat & Sara\Downloads\2C1200B17B8030AD3B27CDBE54CCE0FEBAB8CECE.torrent
    2012-07-26 05:09 - 2012-07-26 05:09 - 00018977 ____A C:\Users\Pat & Sara\Downloads\AAF536ED55586C7B0AABD9556299B4142A9D1454.torrent
    2012-07-26 05:08 - 2012-07-26 05:08 - 00050747 ____A C:\Users\Pat & Sara\Downloads\86203277F3711B95FB5E16BA5314DAE7CC56A591.torrent
    2012-07-25 23:21 - 2012-07-25 23:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-07-23 18:12 - 2012-07-23 18:12 - 00000024 ____A C:\Windows\60D3B97D8723CB89.log
    2012-07-23 18:09 - 2012-07-22 06:48 - 00000040 ___SH C:\Users\All Users\.zreglib
    2012-07-23 18:05 - 2012-07-23 18:05 - 00074735 ____A C:\Users\Pat & Sara\Downloads\8C9F7B5BAECC236FBD0DD81268CA2A9252C06106.torrent
    2012-07-23 18:04 - 2012-07-23 18:04 - 00021820 ____A C:\Users\Pat & Sara\Downloads\D1D430459EF0409C475602A5EB787EEA66C109CE.torrent
    2012-07-22 17:51 - 2012-07-22 17:51 - 00011154 ____A C:\Users\Pat & Sara\Downloads\[kat.ph]mermaids.the.body.found.torrent
    2012-07-22 17:50 - 2012-07-22 17:50 - 00071704 ____A C:\Users\Pat & Sara\Downloads\9477A8F4CBA112592889763CAFD3FB2C09CD7A3B.torrent
    2012-07-22 17:50 - 2012-07-22 17:50 - 00021343 ____A C:\Users\Pat & Sara\Downloads\1160B7AAB84EC3F442D5F2C2FEBD5793B9158936.torrent
    2012-07-18 10:15 - 2012-08-16 16:00 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-17 18:34 - 2012-07-17 18:01 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-17 18:34 - 2012-07-17 18:01 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-16 05:50 - 2012-07-16 05:50 - 00073655 ____A C:\Users\Pat & Sara\Downloads\E08FABEB0C01C9A548619886D05B7DBC163AB8C0.torrent
    2012-07-14 09:18 - 2012-07-14 09:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-14 09:18 - 2011-09-15 12:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-14 09:13 - 2012-07-14 09:13 - 00012908 ____A C:\Users\Pat & Sara\Downloads\DC5559088C08892C3E491DD0BC19BB71C626C829.torrent
    2012-07-14 09:13 - 2012-07-14 09:13 - 00012712 ____A C:\Users\Pat & Sara\Downloads\6834670069560AE8393A8B3DB87D0AA4899E7A5E.torrent
    2012-07-14 09:13 - 2012-07-14 09:13 - 00012712 ____A C:\Users\Pat & Sara\Downloads\6834670069560AE8393A8B3DB87D0AA4899E7A5E(1).torrent
    2012-07-14 09:10 - 2012-07-14 09:10 - 00048289 ____A C:\Users\Pat & Sara\Downloads\61A592DAB03ED2824FA5B0BDAAA07877923FF2A0.torrent
    2012-07-14 09:10 - 2012-07-14 09:10 - 00046656 ____A C:\Users\Pat & Sara\Downloads\5D3A4B3DE675E9718820B5D4F01DD03CA83B84EB.torrent
    2012-07-14 09:09 - 2012-07-14 09:09 - 00080276 ____A C:\Users\Pat & Sara\Downloads\495E0F8F456EA68768F6B354A2C4E1A30144223B.torrent
    2012-07-06 03:57 - 2009-07-13 21:08 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-05 18:06 - 2012-07-17 18:34 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-05 18:06 - 2012-07-14 08:55 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-07-05 18:06 - 2012-01-17 21:53 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-04 14:16 - 2012-08-16 16:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-16 16:00 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-16 16:00 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-16 16:00 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-16 16:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-04 12:26 - 2012-09-11 20:08 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-07-03 07:22 - 2012-07-03 07:22 - 00001738 ____A C:\Windows\SysWOW64\EmailAVConfig.xml
    2012-07-03 07:22 - 2012-07-03 07:22 - 00001190 ____A C:\Windows\SysWOW64\ServiceConfig.xml
    2012-07-03 05:34 - 2012-07-03 05:34 - 00012917 ____A C:\Users\Pat & Sara\Downloads\4EBD6DEDFCE0EF0C6485F7153AFED6CBCE44A67A.torrent
    2012-07-03 05:33 - 2012-07-03 05:33 - 00015789 ____A C:\Users\Pat & Sara\Downloads\CA95D565F7B1011DDFA2ED985D5A111DC97DE8AC.torrent
    2012-07-03 04:18 - 2012-07-03 04:18 - 00041477 ____A C:\Users\Pat & Sara\Downloads\C4FAC0DECA4D629F6BD1A3360084690E274C96F7.torrent
    2012-07-03 04:16 - 2012-07-03 04:16 - 00027810 ____A C:\Users\Pat & Sara\Downloads\057CC3B594A8DC7387FF7A1C36B5718D8725E10A.torrent
    2012-07-03 04:15 - 2012-07-03 04:15 - 00016411 ____A C:\Users\Pat & Sara\Downloads\E853835059DD94F0C573AE08890E8B11312ED0BB.torrent
    2012-07-03 04:15 - 2012-07-03 04:15 - 00007055 ____A C:\Users\Pat & Sara\Downloads\60718D3B0251B747DB2DEE7EFDA9C8F4D0227D96.torrent
    2012-07-03 03:50 - 2011-12-24 21:49 - 00000965 ____A C:\Users\Public\Desktop\BitTorrent.lnk
    2012-07-03 03:48 - 2012-07-03 03:48 - 00011556 ____A C:\Users\Pat & Sara\Downloads\The.Newsroom.2012.S01E01.720p.HDTV.x264-IMMERSE%20%5BPublicHD%5D.torrent
    2012-07-03 03:46 - 2012-07-03 03:46 - 00014494 ____A C:\Users\Pat & Sara\Downloads\4992575CCA825C002B08F02ED62778E30A8515FA.torrent
    2012-07-03 03:45 - 2012-07-03 03:45 - 00057465 ____A C:\Users\Pat & Sara\Downloads\F799354183338F75D508A98842C8F406396A138A.torrent
    2012-07-03 03:44 - 2012-07-03 03:44 - 00011840 ____A C:\Users\Pat & Sara\Downloads\FA36689C530EA9659C3B9F17531B4C3DCE60E884.torrent
    2012-07-03 03:43 - 2012-07-03 03:43 - 00025888 ____A C:\Users\Pat & Sara\Downloads\F12FF2AC5BA392261B67ED3ED68856BE0A3B90AA.torrent
    2012-07-03 03:41 - 2012-07-03 03:41 - 00048421 ____A C:\Users\Pat & Sara\Downloads\B68F8FEC6D1AB635C94D447B43C018885783B32E.torrent
    2012-07-03 03:41 - 2012-07-03 03:41 - 00017854 ____A C:\Users\Pat & Sara\Downloads\3754FB12469AE879621CF4CB0ED3AAE4539C6A1B.torrent
    2012-07-03 03:41 - 2012-07-03 03:41 - 00010797 ____A C:\Users\Pat & Sara\Downloads\B661C9F6CDC69DED7FB8540D3C5FD48F77F0DC44.torrent
    2012-07-03 03:37 - 2012-07-03 03:37 - 00112908 ____A C:\Users\Pat & Sara\Downloads\0A38D6BC76A2718461746768FDD8DD9CA40EA2FC.torrent


    ZeroAccess:
    C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}
    C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-08-31 18:00:31
    Restore point made on: 2012-09-08 14:27:25
    Restore point made on: 2012-09-11 23:00:26
    Restore point made on: 2012-09-14 18:31:02
    Restore point made on: 2012-09-25 22:17:24

    ==================== Memory info ===========================

    Percentage of memory in use: 23%
    Total physical RAM: 4002.53 MB
    Available physical RAM: 3073.97 MB
    Total Pagefile: 4000.73 MB
    Available Pagefile: 3063.22 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:919.95 GB) (Free:50.75 GB) NTFS
    2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.46 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive h: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.02 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 984 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 919 GB 101 MB
    Partition 3 Primary 11 GB 920 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 919 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 983 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0E
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H KINGSTON FAT Removable 983 MB Healthy

    =========================================================

    Last Boot: 2012-09-25 22:10

    ==================== End Of Log =============================
     
  18. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    Search.txt:

    Farbar Recovery Scan Tool (x64) Version: 25-09-2012
    Ran by SYSTEM at 2012-09-27 20:33:41
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
     
  19. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally and let me know how computer is doing.

    Then...

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     

    Attached Files:

  20. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    Everything seems fine as of right now.
    Here's the fixlog.txt:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2012
    Ran by SYSTEM at 2012-09-27 22:30:29 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Users\Pat & Sara\AppData\Local\Temp\67e81a4d.dll moved successfully.
    C:\Users\Pat & Sara\AppData\Local\Temp\bssf8uo1tjyf7ymr.exe moved successfully.
    C:\Users\Pat & Sara\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2783a20a-3e52daed moved successfully.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{343ef29f-d340-748f-275c-073a130885d2} moved successfully.

    ==== End of Fixlog ====
     
  21. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    OTL.txt:

    OTL logfile created on: 9/27/2012 10:36:18 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat & Sara\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 68.35% Memory free
    7.82 Gb Paging File | 6.49 Gb Available in Paging File | 82.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 919.95 Gb Total Space | 50.75 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
    Drive D: | 11.46 Gb Total Space | 1.40 Gb Free Space | 12.24% Space Free | Partition Type: NTFS
    Drive G: | 983.72 Mb Total Space | 17.06 Mb Free Space | 1.73% Space Free | Partition Type: FAT

    Computer Name: PATSARA-HP | User Name: Pat & Sara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/27 22:35:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat & Sara\Desktop\OTL.exe
    PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011/05/05 19:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/02/01 03:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/02/01 03:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2012/09/12 22:25:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/15 06:40:44 | 000,014,336 | ---- | M] () [Auto | Stopped] -- C:\Users\Pat & Sara\Desktop\Movies\craigworks\movies\bin\cwmservice32.exe -- (Movies By CraigWorks)
    SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/05/05 19:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/02/01 03:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/02/01 03:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2011/09/02 02:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/05/16 14:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/04/26 15:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/27 13:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
    DRV:64bit: - [2010/10/19 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D7B913FA-41D5-4842-8BAA-2C3F1F57484E}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D7B913FA-41D5-4842-8BAA-2C3F1F57484E}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\SearchScopes\{D7B913FA-41D5-4842-8BAA-2C3F1F57484E}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/12 00:09:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/31 21:30:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 22:25:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 22:25:48 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/12/24 23:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat & Sara\AppData\Roaming\Mozilla\Extensions
    [2012/05/02 22:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat & Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vms3dim1.default\extensions
    [2012/07/19 08:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/12 22:25:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/12 22:25:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/12 22:25:46 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2010/04/30 15:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 adobe.activate.com
    O1 - Hosts: 127.0.0.1 adobeereg.com
    O1 - Hosts: 127.0.0.1 www.adobeereg.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 125.252.224.90
    O1 - Hosts: 127.0.0.1 125.252.224.91
    O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe (GFI Software)
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Pat & Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ED10FBA-F2D0-4D6A-B3C8-9A0463532A59}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/27 22:35:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pat & Sara\Desktop\OTL.exe
    [2012/09/26 23:08:50 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Pat & Sara\Desktop\aswMBR.exe
    [2012/09/26 23:00:42 | 000,000,000 | ---D | C] -- C:\Users\Pat & Sara\Desktop\RK_Quarantine
    [2012/09/26 22:39:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/09/26 22:38:55 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pat & Sara\Desktop\TDSSKiller.exe
    [2012/09/21 02:48:29 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/20 23:48:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Pat & Sara\Desktop\dds.com
    [2012/09/20 11:27:09 | 000,000,000 | ---D | C] -- C:\Users\Pat & Sara\AppData\Roaming\Malwarebytes
    [2012/09/20 11:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/20 11:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/20 11:26:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/20 11:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/20 11:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/09/12 00:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/09/08 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Pat & Sara\Desktop\Les Miserables (symphonic)
    [2012/09/08 16:32:57 | 000,000,000 | ---D | C] -- C:\Users\Pat & Sara\Desktop\Les Miserables - Original London Cast
    [2012/09/08 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\Pat & Sara\Desktop\Les Miserables_25th Anniversary Concert_MP3
    [2012/09/08 16:18:36 | 000,000,000 | ---D | C] -- C:\Users\Pat & Sara\Desktop\Les Miserables (1985 Original London)

    ========== Files - Modified Within 30 Days ==========

    [2012/09/27 22:38:35 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/27 22:38:35 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/27 22:36:14 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/27 22:36:14 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/27 22:36:14 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/27 22:35:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat & Sara\Desktop\OTL.exe
    [2012/09/27 22:31:46 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2012/09/27 22:31:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/27 22:31:19 | 3147,714,560 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/27 18:30:23 | 095,858,043 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/09/27 08:37:32 | 000,000,512 | ---- | M] () -- C:\Users\Pat & Sara\Desktop\MBR.dat
    [2012/09/26 23:09:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Pat & Sara\Desktop\aswMBR.exe
    [2012/09/26 22:51:20 | 001,391,616 | ---- | M] () -- C:\Users\Pat & Sara\Desktop\RogueKiller.exe
    [2012/09/26 22:38:04 | 002,193,278 | ---- | M] () -- C:\Users\Pat & Sara\Desktop\tdsskiller.zip
    [2012/09/26 06:23:02 | 000,000,512 | ---- | M] () -- C:\Users\Pat & Sara\Documents\MBR.dat
    [2012/09/20 23:48:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Pat & Sara\Desktop\dds.com
    [2012/09/20 11:27:42 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/20 11:15:50 | 083,023,306 | ---- | M] () -- C:\ProgramData\d4a18e76.pad
    [2012/09/20 11:14:51 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/09/17 23:04:42 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPat & Sara.job
    [2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pat & Sara\Desktop\TDSSKiller.exe
    [2012/09/15 19:20:08 | 000,001,356 | ---- | M] () -- C:\Users\Pat & Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2012/09/12 23:10:19 | 1425,998,766 | ---- | M] () -- C:\Users\Pat & Sara\Desktop\Gangsters Guns Zombies 2012 480p BRRip XViD AC3-LEGi0N (1).avi
    [2012/09/09 19:47:05 | 000,250,286 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/09/08 17:55:38 | 2668,031,063 | ---- | M] () -- C:\Users\Pat & Sara\Desktop\Lord Of War 2005 720p BRRip x264 aac vice.mkv
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/09/27 08:37:32 | 000,000,512 | ---- | C] () -- C:\Users\Pat & Sara\Desktop\MBR.dat
    [2012/09/26 22:51:18 | 001,391,616 | ---- | C] () -- C:\Users\Pat & Sara\Desktop\RogueKiller.exe
    [2012/09/26 22:38:04 | 002,193,278 | ---- | C] () -- C:\Users\Pat & Sara\Desktop\tdsskiller.zip
    [2012/09/26 06:23:02 | 000,000,512 | ---- | C] () -- C:\Users\Pat & Sara\Documents\MBR.dat
    [2012/09/20 11:26:52 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/20 11:11:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\d4a18e76.pad
    [2012/09/15 19:20:08 | 000,001,356 | ---- | C] () -- C:\Users\Pat & Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2012/09/12 22:45:09 | 1425,998,766 | ---- | C] () -- C:\Users\Pat & Sara\Desktop\Gangsters Guns Zombies 2012 480p BRRip XViD AC3-LEGi0N (1).avi
    [2012/09/08 16:18:48 | 2668,031,063 | ---- | C] () -- C:\Users\Pat & Sara\Desktop\Lord Of War 2005 720p BRRip x264 aac vice.mkv
    [2012/07/22 10:52:07 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
    [2012/07/22 10:52:07 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
    [2012/07/22 10:48:25 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2012/01/23 02:21:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/01/23 02:21:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/12/30 20:53:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/12/25 12:14:32 | 000,017,720 | ---- | C] () -- C:\Windows\SysWow64\namsnz8y.dll
    [2011/12/24 23:18:17 | 000,000,031 | ---- | C] () -- C:\Windows\warhead.ini
    [2011/09/15 15:48:47 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/09/15 15:48:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/09/15 15:48:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/06/21 03:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/02/11 13:15:43 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/20 12:28:42 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\Ad-Aware Antivirus
    [2012/01/20 02:16:19 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\AVG2012
    [2012/09/20 11:12:51 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\BitTorrent
    [2012/03/09 01:35:58 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/02/29 23:52:34 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\com.apexvj.com
    [2012/03/09 11:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\IcoFX2X
    [2012/03/03 13:07:27 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\J River
    [2011/12/24 23:27:15 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\Leadertech
    [2012/01/15 15:15:35 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\WinBatch
    [2012/07/16 16:19:28 | 000,000,000 | ---D | M] -- C:\Users\Pat & Sara\AppData\Roaming\Wondershare Video Converter Ultimate

    ========== Purity Check ==========



    < End of report >
     
  22. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    Extras.txt:

    OTL Extras logfile created on: 9/27/2012 10:36:18 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat & Sara\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 68.35% Memory free
    7.82 Gb Paging File | 6.49 Gb Available in Paging File | 82.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 919.95 Gb Total Space | 50.75 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
    Drive D: | 11.46 Gb Total Space | 1.40 Gb Free Space | 12.24% Space Free | Partition Type: NTFS
    Drive G: | 983.72 Mb Total Space | 17.06 Mb Free Space | 1.73% Space Free | Partition Type: FAT

    Computer Name: PATSARA-HP | User Name: Pat & Sara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1671991594-1656487196-823088330-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "sp6" = Logitech SetPoint 6.32
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
    "{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}" = Adobe Flash Player 10 ActiveX
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB0FCF85-3A90-98A4-6545-55A9C6B2C1EE}" = APEXvjDesktop
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "BackWeb-8876480 Uninstaller" = Logitech Desktop Messenger
    "BitTorrent" = BitTorrent
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.apexvj.com" = APEXvjDesktop
    "IcoFX 2_is1" = IcoFX 2.1
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "Kobo" = Kobo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "PDF Complete" = PDF Complete Special Edition
    "VLC media player" = VLC media player 2.0.0
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0b51058f-466e-4425-87cd-0586666ff31d" = Polar Bowler
    "WTA-0de73daf-3261-4970-b36e-b772c663e9c9" = Virtual Villagers 5 - New Believers
    "WTA-196672f7-b141-44c8-9064-4a103e12994f" = FATE
    "WTA-21e0a32b-4bc2-4f39-8501-a0726ef4a945" = Poker Superstars III
    "WTA-24c2a03a-4d26-4522-a8f4-60115f7cd0d6" = Bejeweled 3
    "WTA-25f90158-388d-4bd3-bd10-e815513052c9" = Cake Mania
    "WTA-2726becc-202f-4426-a958-8ae4b4db6892" = Bounce Symphony
    "WTA-2db5f1fa-19a8-40c8-acc0-98d189db1f1a" = Farm Frenzy
    "WTA-3174a08a-55f0-4771-b71b-08b9eceaee6a" = Mah Jong Medley
    "WTA-3b80b201-dfd1-4c5f-9c36-1bf061f0f1d6" = Agatha Christie - Peril at End House
    "WTA-5c0510ff-cbcb-4b94-801f-c8ac9f47aa7c" = Cradle of Rome 2
    "WTA-6345ce46-3573-48ab-901a-b64678c1a76c" = Blackhawk Striker 2
    "WTA-6c205b43-e8d3-438a-bb6d-5e42dcf030d5" = Slingo Supreme
    "WTA-81a424b7-5b60-4c82-b980-8ad5176a00a1" = Penguins!
    "WTA-87c8f0dc-e572-4835-a468-7506d9d0382c" = Governor of Poker 2 Premium Edition
    "WTA-9754e66b-4053-4404-b5dd-7cd88c089e37" = Plants vs. Zombies - Game of the Year
    "WTA-a6b846a2-d9db-4142-968d-71a50ec43682" = Blasterball 3
    "WTA-ad08df7a-fc4a-4bb5-8b21-cecc0cae708b" = Namco All-Stars: PAC-MAN
    "WTA-c050fa4a-8903-4623-8768-26cd7ada1d16" = Zuma Deluxe
    "WTA-c6019ee6-97b2-4813-9f46-4e3b0187f6f0" = Polar Golfer
    "WTA-ce92e164-7047-44e7-bf8c-b18ad4438796" = Mystery of Mortlake Mansion
    "WTA-d59ea7db-5648-44df-a17e-7f1227f2c35b" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-e023f7cc-5262-4dea-9012-abc42092ef03" = Chuzzle Deluxe
    "WTA-e02de88d-0e23-4e0e-b8fd-2d59a6e5eb78" = Vacation Quest - The Hawaiian Islands
    "WTA-e83b7f8e-2aa5-41dd-8da3-d65016faf4d7" = Chronicles of Albian
    "ZinioReader4" = Zinio Reader 4

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/8/2012 7:46:49 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

    Error - 8/8/2012 7:46:50 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/8/2012 7:46:50 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9001

    Error - 8/8/2012 7:46:50 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9001

    Error - 8/8/2012 7:46:51 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/8/2012 7:46:51 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10015

    Error - 8/8/2012 7:46:51 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10015

    Error - 8/8/2012 7:46:52 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/8/2012 7:46:52 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 11013

    Error - 8/8/2012 7:46:52 PM | Computer Name = PatSara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 11013

    [ Hewlett-Packard Events ]
    Error - 7/14/2012 12:56:43 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

    Error - 7/15/2012 11:41:02 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

    Error - 7/22/2012 9:53:05 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

    Error - 7/29/2012 9:33:09 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

    Error - 8/5/2012 11:15:52 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

    Error - 8/16/2012 8:04:33 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

    Error - 8/19/2012 9:55:41 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

    Error - 8/26/2012 9:22:39 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

    Error - 9/2/2012 9:38:50 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: TargetSite: Void UpdateAndDetect()

    Error - 9/9/2012 9:42:08 PM | Computer Name = PatSara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 4002 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

    [ Media Center Events ]
    Error - 9/20/2012 8:35:00 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 8:34:57 PM - Failed to retrieve Broadband-2.enc (Error: BITS 0x80070424)


    Error - 9/20/2012 9:35:09 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 9:35:09 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
    9:35:09
    PM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 9:35:09 PM - Failed
    to retrieve SMTiles-2.cab (Error: BITS 0x80070424) 9:35:09 PM - Failed to retrieve
    UpdateableMarkup-2.cab (Error: BITS 0x80070424)

    Error - 9/20/2012 9:35:10 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 9:35:09 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    Error - 9/20/2012 9:35:14 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 9:35:10 PM - Failed to retrieve Broadband-2.enc (Error: BITS 0x80070424)


    Error - 9/20/2012 10:35:25 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 10:35:25 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
    10:35:25
    PM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 10:35:25 PM - Failed
    to retrieve SMTiles-2.cab (Error: BITS 0x80070424) 10:35:25 PM - Failed to retrieve
    UpdateableMarkup-2.cab (Error: BITS 0x80070424)

    Error - 9/20/2012 10:35:26 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 10:35:26 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    Error - 9/20/2012 10:35:32 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 10:35:27 PM - Failed to retrieve Broadband-2.enc (Error: BITS 0x80070424)


    Error - 9/20/2012 11:35:53 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 11:35:53 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
    11:35:53
    PM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 11:35:53 PM - Failed
    to retrieve SMTiles-2.cab (Error: BITS 0x80070424) 11:35:53 PM - Failed to retrieve
    UpdateableMarkup-2.cab (Error: BITS 0x80070424)

    Error - 9/20/2012 11:35:54 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 11:35:54 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    Error - 9/20/2012 11:36:00 PM | Computer Name = PatSara-HP | Source = MCUpdate | ID = 0
    Description = 11:35:55 PM - Failed to retrieve Broadband-2.enc (Error: BITS 0x80070424)


    [ System Events ]
    Error - 7/16/2012 4:07:55 PM | Computer Name = PatSara-HP | Source = Service Control Manager | ID = 7034
    Description = The Movies By CraigWorks service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 7/17/2012 9:02:17 AM | Computer Name = PatSara-HP | Source = Service Control Manager | ID = 7034
    Description = The Movies By CraigWorks service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 7/17/2012 8:16:12 PM | Computer Name = PatSara-HP | Source = Service Control Manager | ID = 7034
    Description = The Movies By CraigWorks service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 7/17/2012 9:46:47 PM | Computer Name = PatSara-HP | Source = Service Control Manager | ID = 7034
    Description = The Movies By CraigWorks service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 7/17/2012 9:51:30 PM | Computer Name = PatSara-HP | Source = Service Control Manager | ID = 7034
    Description = The Movies By CraigWorks service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 7/23/2012 10:06:19 PM | Computer Name = PatSara-HP | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the eventlog service.

    Error - 7/23/2012 10:09:06 PM | Computer Name = PatSara-HP | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:07:49 PM on ?7/?23/?2012 was unexpected.

    Error - 7/24/2012 12:15:30 AM | Computer Name = PatSara-HP | Source = Service Control Manager | ID = 7034
    Description = The Ad-Aware service terminated unexpectedly. It has done this 1
    time(s).

    Error - 7/24/2012 2:29:44 AM | Computer Name = PatSara-HP | Source = DCOM | ID = 10010
    Description =

    Error - 7/25/2012 8:34:51 PM | Computer Name = PatSara-HP | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:53:46 AM on ?7/?24/?2012 was unexpected.


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    You're running two AV programs, AVG and Lavasoft Ad-Aware Antivirus.
    You must uninstall one of them.
    I suggest Lavasoft goes.

    ============================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-1671991594-1656487196-823088330-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      [2012/09/21 02:48:29 | 000,000,000 | ---D | C] -- C:\FRST
      [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    OTL Log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1671991594-1656487196-823088330-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    C:\FRST\Quarantine\{343ef29f-d340-748f-275c-073a130885d2}\U folder moved successfully.
    C:\FRST\Quarantine\{343ef29f-d340-748f-275c-073a130885d2} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-PATSARA-HP
    ->Temp folder emptied: 516 bytes
    ->Temporary Internet Files folder emptied: 171103 bytes
    ->Flash cache emptied: 56466 bytes

    User: Pat & Sara
    ->Temp folder emptied: 4396662424 bytes
    ->Temporary Internet Files folder emptied: 157539644 bytes
    ->Java cache emptied: 371695 bytes
    ->FireFox cache emptied: 72285353 bytes
    ->Flash cache emptied: 60195 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 687702653 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 5,069.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Mcx1-PATSARA-HP

    User: Pat & Sara
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mcx1-PATSARA-HP
    ->Flash cache emptied: 0 bytes

    User: Pat & Sara
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 09282012_001803

    Files\Folders moved on Reboot...
    C:\Users\Pat & Sara\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  25. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    Checkup.txt was blank.
    SecurityCheck.exe showed:

    "Results have been copied to checkup.txt, which should open... now?
    The system cannot find the path specified.
    The system cannot find the path specified.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.