No Internet on Win7 normal mode plus it's slow...

Inactive
By pudgyman
Aug 9, 2012
  1. Hi, thank you in advance for helping me out. My pc is running slow right now and I can't work with it plus I don't have internet. I downloaded some stuff in torrents and some games and I probably had a virus from there. I saw my kaspersky got cut off and is not loading anymore plus a sudden change in speed and booting. I need help badly.

    These are the logs as requested by you guys.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.08.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Paolo :: PAOLO-PC [administrator]

    Protection: Enabled

    8/9/2012 1:44:08 PM
    mbam-log-2012-08-09 (13-44-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212276
    Time elapsed: 18 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Paolo at 16:15:15 on 2012-08-09
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8096.6345 [GMT 8:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Anti-Virus *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\ASDR.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Users\Paolo\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    C:\Users\Paolo\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\taskmgr.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [AdobeBridge]
    uRun: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "C:\Program Files (x86)\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    TCP: DhcpNameServer = 124.106.4.2 124.106.5.2
    TCP: Interfaces\{443C4912-4774-42AC-BE70-E97159EC6DF1} : DhcpNameServer = 124.106.5.2 124.106.7.2
    TCP: Interfaces\{6416797A-B523-41A1-A24F-C46F3F0A2F47} : DhcpNameServer = 124.106.4.2 124.106.5.2
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QTTask.exe" -atboottime
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
    R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-8 44808]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2011-4-25 365336]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-8 655944]
    R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-5-3 2253120]
    R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 381248]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-25 1436424]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    S4 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
    S4 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-8-3 654944]
    .
    =============== Created Last 30 ================
    .
    2012-08-08 15:58:1169000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1827742F-6583-4701-85CC-3761111152BF}\offreg.dll
    2012-08-08 11:09:578917360----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1827742F-6583-4701-85CC-3761111152BF}\mpengine.dll
    2012-08-07 16:42:51--------d-----w-C:\Users\Paolo\AppData\Roaming\Malwarebytes
    2012-08-07 16:42:4524904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-08-07 16:42:45--------d-----w-C:\ProgramData\Malwarebytes
    2012-08-07 16:42:45--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 16:38:59--------d-----w-C:\Program Files (x86)\Siber Systems
    2012-08-07 16:36:5754072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-07 16:36:56958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2012-08-07 16:36:5471064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-07 16:36:4141224----a-w-C:\Windows\avastSS.scr
    2012-08-07 16:36:34--------d-----w-C:\ProgramData\AVAST Software
    2012-08-07 16:36:34--------d-----w-C:\Program Files\AVAST Software
    2012-08-02 16:57:29654944----a-w-C:\Windows\SysWow64\xsherlock.xem
    2012-08-02 16:21:22--------d-----w-C:\Program Files (x86)\Overwolf
    2012-08-02 16:14:50--------d-----w-C:\Users\Paolo\AppData\Local\Overwolf
    2012-08-02 16:14:35--------d-----w-C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
    2012-08-02 16:12:29--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-07-27 12:36:49--------d-----w-C:\Windows\System32\appmgmt
    2012-07-24 03:09:16--------d-----w-C:\Users\Paolo\AppData\Local\dxhr
    2012-07-24 03:00:09--------d-----w-C:\Users\Paolo\AppData\Local\28050
    2012-07-23 12:48:33--------d-----w-C:\Users\Paolo\AppData\Roaming\IrfanView
    2012-07-19 06:15:10--------d-----w-C:\Program Files\Adobe Premiere Pro CS6
    2012-07-19 06:09:11--------d-----w-C:\Users\Paolo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-07-19 06:09:02--------d-----w-C:\Program Files (x86)\Adobe Download Assistant
    2012-07-16 09:00:34204800----a-w-C:\Windows\System32\unrar64.dll
    2012-07-16 09:00:33--------d-----w-C:\Program Files\MPC-HC
    .
    ==================== Find3M ====================
    .
    2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-02 07:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-02 07:15:1236864----a-w-C:\Windows\System32\wuapp.exe
    2012-05-31 04:25:12279656------w-C:\Windows\System32\MpSigStub.exe
    2011-10-24 07:30:12796520----a-w-C:\Program Files (x86)\QTPlugin.ocx
    2011-10-24 07:30:121234808----a-w-C:\Program Files (x86)\QuickTimePlayer.exe
    2011-10-24 07:02:288120168----a-w-C:\Program Files (x86)\QuickTimePlayer.dll
    2011-10-24 07:02:24370536----a-w-C:\Program Files (x86)\QTUIPanelControl.dll
    2011-10-24 07:02:20894824----a-w-C:\Program Files (x86)\QTOControl.dll
    2011-10-24 07:02:20821096----a-w-C:\Program Files (x86)\QTOLibrary.dll
    2011-10-24 06:28:52421888----a-w-C:\Program Files (x86)\QTTask.exe
    2011-10-24 06:28:38561152----a-w-C:\Program Files (x86)\PictureViewer.exe
    2011-03-11 01:30:541572864----a-w-C:\Program Files (x86)\ResDLL.dll
    2011-03-10 07:53:0298304----a-w-C:\Program Files (x86)\EIO.dll
    2011-02-25 11:22:5877824----a-w-C:\Program Files (x86)\ASUSRC.dll
    2010-11-11 14:30:5053760----a-w-C:\Program Files (x86)\ResetDiver.exe
    2010-04-27 12:55:4228672----a-w-C:\Program Files (x86)\InitSD.exe
    2010-03-04 10:49:5833280----a-w-C:\Program Files (x86)\IOMap.sys
    2010-02-22 07:46:3623680----a-w-C:\Program Files (x86)\IOMap64.sys
    2009-08-21 01:48:1244032----a-w-C:\Program Files (x86)\2dpainting.exe
    2009-07-30 03:16:5216384----a-w-C:\Program Files (x86)\EIO64_xp.sys
    2009-07-30 03:15:5414336----a-w-C:\Program Files (x86)\EIO_xp.sys
    2009-07-22 02:34:5414336----a-w-C:\Program Files (x86)\EIO.sys
    2009-07-22 02:34:4416384----a-w-C:\Program Files (x86)\EIO64.sys
    2009-06-30 15:35:262741248----a-w-C:\Program Files (x86)\QtCore4.dll
    2009-02-26 08:31:20613376----a-w-C:\Program Files (x86)\QtOpenGL4.dll
    2009-02-26 08:23:2611448320----a-w-C:\Program Files (x86)\QtGui4.dll
    2008-11-12 14:08:42188416----a-w-C:\Program Files (x86)\atipdlxx2543.dll
    2007-10-05 07:53:3257344----a-w-C:\Program Files (x86)\xgctl.dll
    2007-05-24 13:53:14139264----a-w-C:\Program Files (x86)\atipdlxx.dll
    2006-02-22 07:11:12163840----a-w-C:\Program Files (x86)\atistclk.dll
    2006-01-04 07:01:52110592----a-w-C:\Program Files (x86)\R5ClkLib.dll
    2005-12-22 08:34:1298304----a-w-C:\Program Files (x86)\AiPanelUtilityDLL.dll
    2005-12-07 23:23:1620480----a-w-C:\Program Files (x86)\HyperDrive.exe
    2005-10-20 01:35:1015872----a-w-C:\Program Files (x86)\atikia64.sys
    2005-10-20 01:34:027680----a-w-C:\Program Files (x86)\atillk64.sys
    2005-10-20 01:29:025376----a-w-C:\Program Files (x86)\atidgllk.sys
    2005-09-09 00:32:1853248----a-w-C:\Program Files (x86)\nvgpio.dll
    2004-10-28 09:23:3812451----a-w-C:\Program Files (x86)\EIO.VXD
    2003-06-23 05:17:5865536----a-w-C:\Program Files (x86)\2DTEST.EXE
    2003-03-19 03:14:00499712----a-w-C:\Program Files (x86)\msvcp71.dll
    2003-02-21 12:42:22348160----a-w-C:\Program Files (x86)\msvcr71.dll
    2002-08-28 18:41:08401462----a-w-C:\Program Files (x86)\msvcp60.dll
    2002-01-05 23:43:501310720----a-w-C:\Program Files (x86)\SmartDoctor.exe
    1999-08-21 04:21:007869----a-w-C:\Program Files (x86)\Idlehlt.vxd
    .
    ============= FINISH: 16:16:15.60 ===============
  3. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    Seems there is a problem posting my gmer file... may I upload it.
  4. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    If GMER log is huge...
    Upload the file(s) here: http://uploadmb.com/
    Copy the link inside the Direct Link box and post it in your next reply.

    I still need Attach.txt part of DDS.

    You're running two AV programs, Avast and Kaspersky.
    You must uninstall one of them.
  5. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    http://www.uploadmb.com/dw.php?id=1344578211 - gmer log

    I'll get back on the attach.txt part of the dds as I'm running on safe mode right now.

    The kaspersky I can't uninstall or repair for some reason and it's no longer working. Should I uninstall avast instead?
  6. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    Attach.txt from dds

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/11/2012 12:56:24 PM
    System Uptime: 8/10/2012 2:02:11 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | MAXIMUS IV GENE-Z/GEN3
    Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | LGA1155 | 3001/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 247 GiB total, 70.013 GiB free.
    E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.
    K: is FIXED (NTFS) - 219 GiB total, 150.932 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&108ABD8A&0&00E4
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&108ABD8A&0&00E4
    Service:
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&87D54EE&0&00E5
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&87D54EE&0&00E5
    Service:
    .
    Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
    Description: Standard VGA Graphics Adapter
    Device ID: PCI\VEN_8086&DEV_0102&SUBSYS_844D1043&REV_09\3&11583659&0&10
    Manufacturer: (Standard display types)
    Name: Standard VGA Graphics Adapter
    PNP Device ID: PCI\VEN_8086&DEV_0102&SUBSYS_844D1043&REV_09\3&11583659&0&10
    Service: vga
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe After Effects CS5.5
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Illustrator CS5.1
    Adobe Photoshop CS5
    Apple Application Support
    Apple Software Update
    ASUS Smart Doctor
    Autodesk Backburner 2011.0.0
    Autodesk Material Library 2011
    Autodesk Material Library 2011 Base Image library
    Autodesk Material Library 2011 Medium Image library
    avast! Free Antivirus
    Batman Arkham City version 1.0
    CBR Reader
    Geeks3D.com FurMark 1.10.0
    Google Chrome
    Kaspersky Anti-Virus 2011
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    PDF Settings CS5
    Pen Tablet
    QuickTime
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Trapcode Suite 64-bit
    VLC media player 1.1.11
    Wings 3D 1.4.1
    WinRAR archiver
    ZBrush 4R2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/9/2012 2:24:16 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/9/2012 1:46:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    8/9/2012 1:24:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    8/9/2012 1:07:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    8/8/2012 9:50:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    8/8/2012 7:28:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    8/8/2012 7:28:25 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/8/2012 4:47:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    8/8/2012 4:47:11 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/8/2012 4:47:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    8/8/2012 4:40:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kaspersky Anti-Virus Service service to connect.
    8/8/2012 4:40:13 PM, Error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/8/2012 4:38:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit service to connect.
    8/8/2012 12:38:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
    8/8/2012 12:35:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    8/8/2012 12:35:20 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/8/2012 12:16:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache KLIF spldr Wanarpv6
    8/8/2012 12:11:26 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
    8/8/2012 12:06:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
    8/8/2012 12:04:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
    8/8/2012 10:53:49 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/8/2012 10:43:47 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/8/2012 1:33:01 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: Error performing inpage operation.
    8/7/2012 7:57:41 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    8/7/2012 7:56:04 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    8/7/2012 7:54:19 PM, Error: Service Control Manager [7023] - The Network Connections service terminated with the following error: Network Connections is not a valid Win32 application.
    8/7/2012 7:46:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.
    8/7/2012 7:44:24 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    8/7/2012 7:42:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    8/7/2012 7:42:19 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: Error performing inpage operation.
    8/7/2012 7:41:38 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
    8/7/2012 7:40:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.
    8/7/2012 7:40:42 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/7/2012 7:40:39 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The request could not be performed because of an I/O device error.
    8/7/2012 7:39:49 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
    8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/7/2012 7:14:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2012 7:14:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/7/2012 7:14:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/7/2012 6:40:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {8F5DF053-3013-4DD8-B5F4-88214E81C0CF}
    8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/7/2012 6:30:32 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 6:30:32 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/7/2012 6:30:32 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/7/2012 6:27:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
    8/7/2012 6:27:47 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/7/2012 5:24:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
    8/7/2012 5:24:13 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/7/2012 5:23:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    8/7/2012 4:48:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    8/7/2012 4:47:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
    8/7/2012 4:46:08 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 4:46:08 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    8/7/2012 4:46:08 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/7/2012 4:46:08 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/7/2012 4:45:56 PM, Error: Service Control Manager [7023] - The Windows Font Cache Service service terminated with the following error: Error performing inpage operation.
    8/7/2012 4:42:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    8/7/2012 12:00:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.
    8/7/2012 11:29:08 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    8/7/2012 11:05:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Stereoscopic 3D Driver Service service to connect.
    8/7/2012 11:05:22 PM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/6/2012 6:03:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    8/4/2012 2:35:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    8/4/2012 2:35:24 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/4/2012 2:35:24 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    8/3/2012 5:44:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    8/3/2012 5:44:23 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/10/2012 2:11:18 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
    8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/10/2012 2:07:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
    8/10/2012 2:07:51 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/10/2012 2:04:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    8/10/2012 2:04:37 PM, Error: Service Control Manager [7022] - The Kaspersky Anti-Virus Service service hung on starting.
    8/10/2012 1:54:09 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/10/2012 1:54:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/10/2012 1:54:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/10/2012 1:54:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/10/2012 1:54:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/10/2012 1:53:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/10/2012 1:52:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache KLIF spldr Wanarpv6
    .
    ==== End Of File ===========================
  7. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    As for Kaspersky try this uninstaller: http://support.kaspersky.com/faq/?qid=208279463

    Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

    There are 2 different versions. If one of them won't run then download and try to run the other one.

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  8. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    Hi, I have a new problem. After uninstalling kaspersky I'm always booting up with system recovery repair then it says it can't repair it. The log says kdcom is corrupted or something in the log. I can't go past it. I also can't access safe mode. :( I'm using a laptop right now.
  9. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  10. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    This is frst.txt

    Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02
    Ran by SYSTEM at 13-08-2012 21:25:17
    Running from F:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)
    HKU\Paolo\...\Run: [AdobeBridge] [x]
    HKU\Paolo\...\Run: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-03] (Google Inc.)
    HKLM-x32\...\RunOnce: [UnKIS] wscript.exe //b C:\Users\Paolo\AppData\Local\Temp\UnKIS.vbs [4326 2012-08-10] ()
    Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 124.106.4.2 124.106.5.2

    ==================== Services (Whitelisted) ======

    2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-26] ()
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
    2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
    2 PSI_SVC_2_x64; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [336824 2010-11-29] (arvato digital services llc)

    ========================== Drivers (Whitelisted) =============

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
    1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2012-05-07] (ASUSTeK Computer Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-02] (Malwarebytes Corporation)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    4 xsherlock; C:\Windows\system32\xsherlock.xem [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-13 21:25 - 2012-08-13 21:25 - 00000000 ____D C:\FRST
    2012-08-10 08:45 - 2012-08-10 09:13 - 01813429 ____A C:\Users\Paolo\Desktop\kavremvr 2012-08-11 00-45-03 (pid 1980).log
    2012-08-10 08:44 - 2012-07-31 06:28 - 03887544 ____A (Kaspersky Lab ZAO) C:\Users\Paolo\Desktop\kavremover.exe
    2012-08-10 08:42 - 2012-08-10 08:43 - 04731392 ____A (AVAST Software) C:\Users\Paolo\Desktop\aswMBR.exe
    2012-08-10 08:39 - 2012-08-10 08:40 - 01845728 ____A C:\Users\Paolo\Desktop\kavremover.zip
    2012-08-10 08:39 - 2012-08-10 08:39 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Paolo\Desktop\rkill.exe
    2012-08-09 00:35 - 2012-08-09 00:35 - 01439705 ____A (Farbar) C:\Users\Paolo\Downloads\FRST64.exe
    2012-08-09 00:31 - 2012-08-09 00:33 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Paolo\Downloads\tdsskiller.exe
    2012-08-08 21:23 - 2012-08-08 21:23 - 00007748 ____A C:\Users\Paolo\Desktop\FIRST STEP TO FREE YOURSELF.txt
    2012-08-08 21:20 - 2012-08-08 21:20 - 00066677 ____A C:\Users\Paolo\Downloads\ECC9.tmp
    2012-08-08 21:17 - 2012-08-08 21:18 - 02721168 ____A (Microsoft Corporation) C:\Users\Paolo\Downloads\Windows7-USB-DVD-tool.exe
    2012-08-08 21:16 - 2012-08-08 21:16 - 00004143 ____A C:\Users\Paolo\Downloads\JeffsBrowser.zip
    2012-08-08 21:16 - 2010-01-28 22:27 - 00020480 ____A (McKesson Corp) C:\Users\Paolo\Desktop\JeffsBrowser.exe
    2012-08-08 21:15 - 2012-08-08 21:15 - 00066783 ____A C:\Users\Paolo\Downloads\9E68.tmp
    2012-08-08 21:08 - 2012-08-08 21:08 - 00607260 ____R (Swearware) C:\Users\Paolo\Desktop\dds.com
    2012-08-08 21:07 - 2012-08-08 22:05 - 00000000 ____D C:\Users\Paolo\Desktop\gmer
    2012-08-07 23:36 - 2012-08-07 23:36 - 00183158 ____A C:\Users\Paolo\Downloads\lspfix.zip
    2012-08-07 21:15 - 2012-08-10 09:17 - 00000000 ____D C:\Users\Paolo\Desktop\hjt
    2012-08-07 21:10 - 2012-08-07 21:10 - 01402880 ____A C:\Users\Paolo\Downloads\HiJackThis.msi
    2012-08-07 20:04 - 2012-08-08 00:34 - 00001518 ____A C:\Windows\PFRO.log
    2012-08-07 08:42 - 2012-08-07 08:42 - 00001122 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-07 08:42 - 2012-08-07 08:42 - 00000000 ____D C:\Users\Paolo\AppData\Roaming\Malwarebytes
    2012-08-07 08:42 - 2012-08-07 08:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-07 08:42 - 2012-08-07 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 08:42 - 2012-07-02 21:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-07 08:38 - 2012-08-07 08:38 - 00000000 ____D C:\Program Files (x86)\Siber Systems
    2012-08-07 08:37 - 2012-08-07 08:41 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Paolo\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-07 08:37 - 2012-08-07 08:37 - 00001931 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-08-07 08:37 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-07 08:37 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-07 08:36 - 2012-08-07 08:36 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2012-08-07 08:36 - 2012-08-07 08:36 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-08-07 08:36 - 2012-08-07 08:36 - 00000000 ____D C:\Program Files\AVAST Software
    2012-08-07 08:36 - 2012-08-07 08:36 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-08-07 08:36 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-07 08:36 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-07 08:36 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-08-07 08:36 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-07 08:36 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-08-07 08:36 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-08-07 08:36 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-07 08:21 - 2012-08-07 08:36 - 89340632 ____A C:\Users\Paolo\Downloads\avast_free_antivirus_setup.exe
    2012-08-07 07:40 - 2012-08-07 07:40 - 00000000 ____A C:\Users\Paolo\Downloads\E670.tmp
    2012-08-07 07:04 - 2012-08-07 07:04 - 00292344 ____A C:\Windows\Minidump\080712-82742-01.dmp
    2012-08-07 03:50 - 2012-08-07 07:04 - 324444527 ____A C:\Windows\MEMORY.DMP
    2012-08-07 03:50 - 2012-08-07 03:50 - 00304592 ____A C:\Windows\Minidump\080712-112632-01.dmp
    2012-08-07 02:32 - 2012-08-10 02:04 - 00000728 ____A C:\Windows\setupact.log
    2012-08-07 02:32 - 2012-08-07 02:32 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-03 07:36 - 2012-08-03 08:06 - 224712607 ____A C:\Users\Paolo\Downloads\FL Studio 10.7z
    2012-08-02 17:00 - 2012-08-02 17:00 - 00002463 ____A C:\Users\Paolo\Desktop\Google Chrome.lnk
    2012-08-02 08:57 - 2012-08-02 08:57 - 00654944 ____A (Wellbia.com Co., Ltd.) C:\Windows\SysWOW64\xsherlock.xem
    2012-08-02 08:21 - 2012-08-07 01:36 - 00000000 ____D C:\Program Files (x86)\Overwolf
    2012-08-02 08:14 - 2012-08-02 08:29 - 00000000 ____D C:\Users\Paolo\AppData\Local\Overwolf
    2012-08-02 08:14 - 2012-08-02 08:14 - 00000000 ____D C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
    2012-07-30 02:51 - 2012-07-30 02:51 - 00001101 ____A C:\Users\Public\Desktop\Autodesk Maya 2011 64-bit.lnk
    2012-07-27 04:41 - 2012-07-27 08:13 - 1608371797 ____A C:\Users\Paolo\Downloads\autodesk_maya_2011_hotfix3_win_64bit.exe
    2012-07-27 04:36 - 2012-07-30 02:41 - 00000000 ____D C:\Windows\System32\appmgmt
    2012-07-26 18:07 - 2012-07-26 18:09 - 06054881 ____A C:\Users\Paolo\Downloads\My_Brush_Pack_by_adonihs.zip
    2012-07-26 02:12 - 2012-07-26 02:12 - 00000000 ____A C:\Users\Paolo\Downloads\LATHE.JPG.crdownload
    2012-07-23 19:09 - 2012-08-02 04:09 - 00000000 ____D C:\Users\Paolo\AppData\Local\dxhr
    2012-07-23 19:00 - 2012-07-23 19:00 - 00000000 ____D C:\Users\Paolo\AppData\Local\28050
    2012-07-23 04:48 - 2012-07-23 08:45 - 00000000 ____D C:\Users\Paolo\AppData\Roaming\IrfanView
    2012-07-23 04:46 - 2012-07-23 04:46 - 01539072 ____A (Irfan Skiljan) C:\Users\Paolo\Downloads\iview433_setup.exe
    2012-07-19 22:49 - 2012-07-19 22:50 - 02032703 ____A C:\Users\Paolo\Downloads\iPod ad - Technologic.mp4
    2012-07-19 22:46 - 2012-07-19 23:10 - 02386941 ____A C:\Users\Paolo\Downloads\06 - iPod 4G - Walkie Talkie Man.mp4
    2012-07-19 07:25 - 2012-07-19 07:25 - 00030459 ____A C:\Users\Paolo\Downloads\ufonts.com_gill_sans-bold.ttf
    2012-07-19 07:21 - 2012-07-19 07:21 - 00052367 ____A C:\Users\Paolo\Downloads\ufonts.com_gillsans.ttf
    2012-07-19 07:09 - 2012-07-19 07:09 - 00000000 ____D C:\Users\Paolo\Desktop\Marvel Comics - Infinity Sagas (Guantlet, War, Crusade, Abyss & The End) - Complete
    2012-07-19 03:40 - 2012-07-30 06:52 - 00000000 ____D C:\Users\Paolo\AppData\Roaming\Media Player Classic
    2012-07-18 22:15 - 2012-07-18 22:19 - 00000000 ____D C:\Program Files\Adobe Premiere Pro CS6
    2012-07-18 22:09 - 2012-07-18 22:09 - 00000000 ____D C:\Users\Paolo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-07-18 22:09 - 2012-07-18 22:09 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
    2012-07-18 22:07 - 2012-07-18 22:07 - 02500792 ____A C:\Users\Paolo\Downloads\AdobeDownloadAssistant.exe
    2012-07-16 07:46 - 2012-07-16 07:47 - 02077226 ____A C:\Users\Paolo\Downloads\pap.rar
    2012-07-16 01:00 - 2012-07-16 01:00 - 00000000 ____D C:\Program Files\MPC-HC
    2012-07-16 01:00 - 2012-05-25 20:36 - 00204800 ____A C:\Windows\System32\unrar64.dll
    2012-07-16 00:57 - 2012-07-16 00:58 - 06401754 ____A (MPC-HC Team ) C:\Users\Paolo\Downloads\mplayerc_homecinema.1.6.2.4902.x64.exe

    ============ 3 Months Modified Files ========================

    2012-08-10 09:13 - 2012-08-10 08:45 - 01813429 ____A C:\Users\Paolo\Desktop\kavremvr 2012-08-11 00-45-03 (pid 1980).log
    2012-08-10 08:43 - 2012-08-10 08:42 - 04731392 ____A (AVAST Software) C:\Users\Paolo\Desktop\aswMBR.exe
    2012-08-10 08:40 - 2012-08-10 08:39 - 01845728 ____A C:\Users\Paolo\Desktop\kavremover.zip
    2012-08-10 08:39 - 2012-08-10 08:39 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Paolo\Desktop\rkill.exe
    2012-08-10 05:12 - 2012-06-26 07:55 - 01161101 ____A C:\Windows\WindowsUpdate.log
    2012-08-10 04:59 - 2012-05-03 02:49 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717066741-4032231883-1466426073-1000UA.job
    2012-08-10 02:16 - 2009-07-13 20:45 - 00017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-10 02:15 - 2009-07-13 20:45 - 00017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-10 02:04 - 2012-08-07 02:32 - 00000728 ____A C:\Windows\setupact.log
    2012-08-10 02:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-09 22:11 - 2009-07-13 21:08 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-09 00:35 - 2012-08-09 00:35 - 01439705 ____A (Farbar) C:\Users\Paolo\Downloads\FRST64.exe
    2012-08-09 00:33 - 2012-08-09 00:31 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Paolo\Downloads\tdsskiller.exe
    2012-08-08 21:23 - 2012-08-08 21:23 - 00007748 ____A C:\Users\Paolo\Desktop\FIRST STEP TO FREE YOURSELF.txt
    2012-08-08 21:20 - 2012-08-08 21:20 - 00066677 ____A C:\Users\Paolo\Downloads\ECC9.tmp
    2012-08-08 21:18 - 2012-08-08 21:17 - 02721168 ____A (Microsoft Corporation) C:\Users\Paolo\Downloads\Windows7-USB-DVD-tool.exe
    2012-08-08 21:16 - 2012-08-08 21:16 - 00004143 ____A C:\Users\Paolo\Downloads\JeffsBrowser.zip
    2012-08-08 21:15 - 2012-08-08 21:15 - 00066783 ____A C:\Users\Paolo\Downloads\9E68.tmp
    2012-08-08 21:08 - 2012-08-08 21:08 - 00607260 ____R (Swearware) C:\Users\Paolo\Desktop\dds.com
    2012-08-08 00:34 - 2012-08-07 20:04 - 00001518 ____A C:\Windows\PFRO.log
    2012-08-07 23:36 - 2012-08-07 23:36 - 00183158 ____A C:\Users\Paolo\Downloads\lspfix.zip
    2012-08-07 21:10 - 2012-08-07 21:10 - 01402880 ____A C:\Users\Paolo\Downloads\HiJackThis.msi
    2012-08-07 20:01 - 2012-05-03 02:49 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717066741-4032231883-1466426073-1000Core.job
    2012-08-07 08:42 - 2012-08-07 08:42 - 00001122 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-07 08:41 - 2012-08-07 08:37 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Paolo\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-07 08:37 - 2012-08-07 08:37 - 00001931 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-08-07 08:36 - 2012-08-07 08:36 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2012-08-07 08:36 - 2012-08-07 08:36 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-08-07 08:36 - 2012-08-07 08:21 - 89340632 ____A C:\Users\Paolo\Downloads\avast_free_antivirus_setup.exe
    2012-08-07 07:40 - 2012-08-07 07:40 - 00000000 ____A C:\Users\Paolo\Downloads\E670.tmp
    2012-08-07 07:04 - 2012-08-07 07:04 - 00292344 ____A C:\Windows\Minidump\080712-82742-01.dmp
    2012-08-07 07:04 - 2012-08-07 03:50 - 324444527 ____A C:\Windows\MEMORY.DMP
    2012-08-07 03:50 - 2012-08-07 03:50 - 00304592 ____A C:\Windows\Minidump\080712-112632-01.dmp
    2012-08-07 02:32 - 2012-08-07 02:32 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-05 14:07 - 2009-07-13 21:13 - 00778730 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-03 08:06 - 2012-08-03 07:36 - 224712607 ____A C:\Users\Paolo\Downloads\FL Studio 10.7z
    2012-08-02 17:00 - 2012-08-02 17:00 - 00002463 ____A C:\Users\Paolo\Desktop\Google Chrome.lnk
    2012-08-02 08:57 - 2012-08-02 08:57 - 00654944 ____A (Wellbia.com Co., Ltd.) C:\Windows\SysWOW64\xsherlock.xem
    2012-07-31 06:28 - 2012-08-10 08:44 - 03887544 ____A (Kaspersky Lab ZAO) C:\Users\Paolo\Desktop\kavremover.exe
    2012-07-30 21:02 - 2012-05-06 08:39 - 00001456 ____A C:\Users\Paolo\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-07-30 02:51 - 2012-07-30 02:51 - 00001101 ____A C:\Users\Public\Desktop\Autodesk Maya 2011 64-bit.lnk
    2012-07-27 08:13 - 2012-07-27 04:41 - 1608371797 ____A C:\Users\Paolo\Downloads\autodesk_maya_2011_hotfix3_win_64bit.exe
    2012-07-27 04:24 - 2012-05-29 23:26 - 00007603 ____A C:\Users\Paolo\AppData\Local\Resmon.ResmonCfg
    2012-07-26 18:09 - 2012-07-26 18:07 - 06054881 ____A C:\Users\Paolo\Downloads\My_Brush_Pack_by_adonihs.zip
    2012-07-26 02:12 - 2012-07-26 02:12 - 00000000 ____A C:\Users\Paolo\Downloads\LATHE.JPG.crdownload
    2012-07-23 04:46 - 2012-07-23 04:46 - 01539072 ____A (Irfan Skiljan) C:\Users\Paolo\Downloads\iview433_setup.exe
    2012-07-19 23:10 - 2012-07-19 22:46 - 02386941 ____A C:\Users\Paolo\Downloads\06 - iPod 4G - Walkie Talkie Man.mp4
    2012-07-19 22:50 - 2012-07-19 22:49 - 02032703 ____A C:\Users\Paolo\Downloads\iPod ad - Technologic.mp4
    2012-07-19 20:18 - 2009-07-13 20:45 - 04920432 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-19 14:48 - 2012-02-11 04:36 - 00090808 ____A C:\Users\Paolo\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-19 07:25 - 2012-07-19 07:25 - 00030459 ____A C:\Users\Paolo\Downloads\ufonts.com_gill_sans-bold.ttf
    2012-07-19 07:21 - 2012-07-19 07:21 - 00052367 ____A C:\Users\Paolo\Downloads\ufonts.com_gillsans.ttf
    2012-07-18 22:07 - 2012-07-18 22:07 - 02500792 ____A C:\Users\Paolo\Downloads\AdobeDownloadAssistant.exe
    2012-07-16 07:47 - 2012-07-16 07:46 - 02077226 ____A C:\Users\Paolo\Downloads\pap.rar
    2012-07-16 00:58 - 2012-07-16 00:57 - 06401754 ____A (MPC-HC Team ) C:\Users\Paolo\Downloads\mplayerc_homecinema.1.6.2.4902.x64.exe
    2012-07-06 00:16 - 2012-07-06 00:15 - 08698259 ____A C:\Users\Paolo\Downloads\Zbrush(Fixing symmetry) (1).mp4
    2012-07-03 08:21 - 2012-08-07 08:37 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-03 08:21 - 2012-08-07 08:37 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-03 08:21 - 2012-08-07 08:36 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-03 08:21 - 2012-08-07 08:36 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-03 08:21 - 2012-08-07 08:36 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-07-03 08:21 - 2012-08-07 08:36 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-03 08:21 - 2012-08-07 08:36 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-03 08:21 - 2012-08-07 08:36 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-07-03 08:21 - 2012-08-07 08:36 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-02 21:46 - 2012-08-07 08:42 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-28 01:44 - 2012-05-28 09:05 - 00000132 ____A C:\Users\Paolo\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-06-24 18:55 - 2012-06-24 18:55 - 00729143 ____A C:\Users\Paolo\Downloads\bolted trusses.3ds
    2012-06-19 20:57 - 2012-06-19 20:57 - 00000132 ____A C:\Users\Paolo\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
    2012-06-16 06:19 - 2012-06-16 06:19 - 01072102 ____A (cbrreader.com ) C:\Users\Paolo\Downloads\cbrreader_setup.exe
    2012-06-14 08:47 - 2012-06-14 08:25 - 160713285 ____A C:\Users\Paolo\Downloads\Adobe Audition CS5.5.exe
    2012-06-05 05:31 - 2012-06-05 05:31 - 00000108 ____A C:\VRSpawner.log
    2012-06-05 05:31 - 2012-06-05 05:18 - 00000015 ____A C:\Program Files\plugin.ini
    2012-06-05 04:56 - 2012-06-05 04:56 - 00001983 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2011 64-bit.lnk
    2012-06-05 04:52 - 2009-07-13 18:34 - 00017588 ____A C:\Windows\System32\Drivers\etc\services
    2012-06-02 14:19 - 2012-06-20 17:41 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-20 17:41 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-20 17:41 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-20 17:41 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-20 17:41 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-20 17:41 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-20 17:41 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-01 23:19 - 2012-06-20 17:41 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 23:15 - 2012-06-20 17:41 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 19:18 - 2012-06-01 18:04 - 180640053 ____A C:\Users\Paolo\Desktop\Phase 1 -- Start It Up.mp4
    2012-05-31 20:59 - 2012-05-31 20:58 - 08420980 ____A C:\Users\Paolo\Downloads\2.rar
    2012-05-31 20:57 - 2012-05-31 20:56 - 08195341 ____A C:\Users\Paolo\Downloads\1.rar
    2012-05-30 20:25 - 2012-05-05 07:48 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-30 07:25 - 2012-05-30 07:08 - 111941779 ____A C:\Users\Paolo\Downloads\TCSuite_Win_Full.zip
    2012-05-30 06:12 - 2012-05-30 06:11 - 02480268 ____A C:\Users\Paolo\Downloads\opticalflares.rar
    2012-05-28 07:43 - 2012-05-28 07:43 - 00154572 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-05-28 01:38 - 2012-05-28 01:36 - 18644826 ____A C:\Users\Paolo\Downloads\UVMaster_WIN_4.0.zip
    2012-05-25 20:36 - 2012-07-16 01:00 - 00204800 ____A C:\Windows\System32\unrar64.dll
    2012-05-24 22:06 - 2012-05-23 19:57 - 975385425 ____A C:\Users\Paolo\Downloads\Zbrush For Character Artists.7z
    2012-05-23 01:19 - 2012-05-23 01:17 - 09098180 ____A C:\Users\Paolo\Downloads\wings-1.4.1.exe
    2012-05-22 20:35 - 2012-05-22 20:35 - 00252912 ____A C:\Users\Paolo\Downloads\RT_Industr_033.zip
    2012-05-22 20:34 - 2012-05-22 20:34 - 01322008 ____A C:\Users\Paolo\Downloads\RT_Industr_006.zip
    2012-05-22 20:29 - 2012-05-22 20:29 - 01258050 ____A C:\Users\Paolo\Downloads\InkComic_material.zip
    2012-05-22 19:29 - 2012-05-22 19:29 - 00436687 ____A C:\Users\Paolo\Downloads\TransposeMaster_4_12-04.zip
    2012-05-19 03:35 - 2012-05-19 03:35 - 00001171 ____A C:\Users\Paolo\Desktop\TLR.exe.lnk
    2012-05-17 02:22 - 2012-05-17 02:20 - 08698259 ____A C:\Users\Paolo\Downloads\Zbrush(Fixing symmetry).mp4
    2012-05-16 23:40 - 2012-05-14 02:09 - 00002170 ____A C:\Users\Public\Desktop\ZBrush 4R3.lnk


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8096.39 MB
    Available physical RAM: 7298.34 MB
    Total Pagefile: 8094.54 MB
    Available Pagefile: 7295 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Caldereta) (Fixed) (Total:246.66 GB) (Free:70.03 GB) NTFS
    2 Drive e: (Karekare) (Fixed) (Total:219 GB) (Free:150.93 GB) NTFS
    3 Drive f: (FLASH DRIVE) (Removable) (Total:14.42 GB) (Free:13.89 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 246 GB 101 MB
    Partition 3 Primary 218 GB 246 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Caldereta NTFS Partition 246 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E Karekare NTFS Partition 218 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FLASH DRIVE FAT32 Removable 14 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-23 22:03

    ======================= End Of Log ==========================

    search.txt

    Farbar Recovery Scan Tool Version: 08-08-2012 02
    Ran by SYSTEM at 2012-08-13 21:31:13
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  11. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.

    Attached Files:

     
  12. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    It's still not booting up right... before the fix though, it booted up normally but it's really slow.
  13. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Are you getting any error message?
    Can you boot to safe mode?
  14. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    I managed to get by to normal mode again after three or so tries. It's very slow, minutes in booting and while it's running it's very erratic. Usually when it says it's broken and repairing something I see kdcom.dll is broken in the logs. I ran the rkill and am now running aswmbr right now cause I'm exploiting the chance it's running. I have yet to check to check if I can go back to safe mode. Should I still post those logs from rkill and aswmbr?
  15. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Go ahead....
  16. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    ++Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/14/2012 11:47:08 PM in x64 mode.
    Windows Version: Windows 7

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * C:\Windows\System32\svchost.exe (PID: 932) [WD-HEUR]
    * C:\Windows\System32\svchost.exe (PID: 964) [WD-HEUR]
    * C:\Windows\System32\spoolsv.exe (PID: 1620) [WD-HEUR]

    3 proccesses terminated!

    Checking Registry for malware related settings.

    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

    Backup Registry file created at:
    C:\Users\Paolo\Desktop\rkill-backup\rkill-08-15-2012-12-29-42.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * No issues found.

    Searching for Missing Digital Signatures:

    * C:\Windows\explorer.exe [NoSig]
    * C:\Windows\System32\appmgmts.dll [NoSig]
    * C:\Windows\System32\browser.dll [NoSig]
    * C:\Windows\System32\cngaudit.dll [NoSig]
    * C:\Windows\System32\comctl32.dll [NoSig]
    * C:\Windows\System32\comres.dll [NoSig]
    * C:\Windows\System32\conhost.exe [NoSig]
    * C:\Windows\System32\cryptsvc.dll [NoSig]
    * C:\Windows\System32\csrss.exe [NoSig]
    * C:\Windows\System32\ctfmon.exe [NoSig]
    * C:\Windows\System32\d3d9.dll [NoSig]
    * C:\Windows\System32\ddraw.dll [NoSig]
    * C:\Windows\System32\dllhost.exe [NoSig]
    * C:\Windows\System32\dsound.dll [NoSig]
    * C:\Windows\System32\dwm.exe [NoSig]
    * C:\Windows\System32\es.dll [NoSig]
    * C:\Windows\System32\hnetcfg.dll [NoSig]
    * C:\Windows\System32\ias.dll [NoSig]
    * C:\Windows\System32\imm32.dll [NoSig]
    * C:\Windows\System32\kernel32.dll [NoSig]
    * C:\Windows\System32\ksuser.dll [NoSig]
    * C:\Windows\System32\linkinfo.dll [NoSig]
    * C:\Windows\System32\lpk.dll [NoSig]
    * C:\Windows\System32\lsass.exe [NoSig]
    * C:\Windows\System32\lsm.exe [NoSig]
    * C:\Windows\System32\midimap.dll [NoSig]
    * C:\Windows\System32\mshtml.dll [NoSig]
    * C:\Windows\System32\msvcrt.dll [NoSig]
    * C:\Windows\System32\mswsock.dll [NoSig]
    * C:\Windows\System32\netlogon.dll [NoSig]
    * C:\Windows\System32\netman.dll [NoSig]
    * C:\Windows\System32\ole32.dll [NoSig]
    * C:\Windows\System32\perfctrs.dll [NoSig]
    * C:\Windows\System32\powrprof.dll [NoSig]
    * C:\Windows\System32\qmgr.dll [NoSig]
    * C:\Windows\System32\rasadhlp.dll [NoSig]
    * C:\Windows\System32\regsvc.dll [NoSig]
    * C:\Windows\System32\rpcss.dll [NoSig]
    * C:\Windows\System32\scecli.dll [NoSig]
    * C:\Windows\System32\schedsvc.dll [NoSig]
    * C:\Windows\System32\services.exe [NoSig]
    * C:\Windows\System32\sfc.dll [NoSig]
    * C:\Windows\System32\shsvcs.dll [NoSig]
    * C:\Windows\System32\smss.exe [NoSig]
    * C:\Windows\System32\spoolsv.exe [NoSig]
    * C:\Windows\System32\ssdpsrv.dll [NoSig]
    * C:\Windows\System32\svchost.exe [NoSig]
    * C:\Windows\System32\tapisrv.dll [NoSig]
    * C:\Windows\System32\taskeng.exe [NoSig]
    * C:\Windows\System32\taskhost.exe [NoSig]
    * C:\Windows\System32\termsrv.dll [NoSig]
    * C:\Windows\System32\upnphost.dll [NoSig]
    * C:\Windows\System32\user32.dll [NoSig]
    * C:\Windows\System32\userinit.exe [NoSig]
    * C:\Windows\System32\usp10.dll [NoSig]
    * C:\Windows\System32\version.dll [NoSig]
    * C:\Windows\System32\w32time.dll [NoSig]
    * C:\Windows\System32\wiaservc.dll [NoSig]
    * C:\Windows\System32\wininet.dll [NoSig]
    * C:\Windows\System32\wininit.exe [NoSig]
    * C:\Windows\System32\winlogon.exe [NoSig]
    * C:\Windows\System32\ws2_32.dll [NoSig]
    * C:\Windows\System32\ws2help.dll [NoSig]
    * C:\Windows\System32\drivers\asyncmac.sys [NoSig]
    * C:\Windows\System32\Drivers\asyncmac.sys [NoSig]
    * C:\Windows\System32\drivers\beep.sys [NoSig]
    * C:\Windows\System32\Drivers\beep.sys [NoSig]
    * C:\Windows\System32\drivers\null.sys [NoSig]
    * C:\Windows\System32\Drivers\null.sys [NoSig]
    * C:\Windows\System32\drivers\tdx.sys [NoSig]
    * C:\Windows\System32\wbem\wmiprvse.exe [NoSig]

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 08/15/2012 12:58:47 AM
    Execution time: 1 hours(s), 11 minute(s), and 39 seconds(s)
  17. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-15 01:23:35
    -----------------------------
    01:23:35.951 OS Version: Windows x64 6.1.7601 Service Pack 1
    01:23:35.951 Number of processors: 4 586 0x2A07
    01:23:35.951 ComputerName: PAOLO-PC UserName: Paolo
    01:23:38.244 Initialze error C0000043 - driver not loaded
    01:23:41.676 AVAST engine defs: 12080801
    01:35:20.182 Service scanning
    01:36:11.615 Modules scanning
    01:36:11.615 Disk 0 trace - called modules:
    01:36:11.615
    01:36:12.364 AVAST engine scan C:\Windows
    01:36:13.908 AVAST engine scan C:\Windows\system32
    01:46:05.493 AVAST engine scan C:\Windows\system32\drivers
    01:46:15.524 AVAST engine scan C:\Users\Paolo
    03:14:36.647 AVAST engine scan C:\ProgramData
    04:05:20.743 Scan finished successfully
    11:19:37.359 The log file has been saved successfully to "C:\Users\Paolo\Desktop\aswMBR.txt"
  18. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  19. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    14:18:40.0435 1960 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
    14:18:40.0513 1960 ============================================================
    14:18:40.0513 1960 Current date / time: 2012/08/15 14:18:40.0513
    14:18:40.0513 1960 SystemInfo:
    14:18:40.0513 1960
    14:18:40.0513 1960 OS Version: 6.1.7601 ServicePack: 1.0
    14:18:40.0513 1960 Product type: Workstation
    14:18:40.0513 1960 ComputerName: PAOLO-PC
    14:18:40.0513 1960 UserName: Paolo
    14:18:40.0513 1960 Windows directory: C:\Windows
    14:18:40.0513 1960 System windows directory: C:\Windows
    14:18:40.0513 1960 Running under WOW64
    14:18:40.0513 1960 Processor architecture: Intel x64
    14:18:40.0513 1960 Number of processors: 4
    14:18:40.0513 1960 Page size: 0x1000
    14:18:40.0513 1960 Boot type: Normal boot
    14:18:40.0513 1960 ============================================================
    14:18:41.0824 1960 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    14:18:41.0824 1960 ============================================================
    14:18:41.0824 1960 \Device\Harddisk0\DR0:
    14:18:41.0824 1960 MBR partitions:
    14:18:41.0824 1960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    14:18:41.0824 1960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1ED53000
    14:18:41.0824 1960 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1ED85800, BlocksNum 0x1B5FF800
    14:18:41.0824 1960 ============================================================
    14:18:41.0855 1960 C: <-> \Device\Harddisk0\DR0\Partition2
    14:18:41.0870 1960 E: <-> \Device\Harddisk0\DR0\Partition1
    14:18:42.0104 1960 K: <-> \Device\Harddisk0\DR0\Partition3
    14:18:42.0104 1960 ============================================================
    14:18:42.0104 1960 Initialize success
    14:18:42.0104 1960 ============================================================
    14:19:03.0024 3152 ============================================================
    14:19:03.0024 3152 Scan started
    14:19:03.0024 3152 Mode: Manual;
    14:19:03.0024 3152 ============================================================
    14:19:32.0009 3152 ================ Scan services =============================
    14:19:32.0586 3152 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    14:19:32.0586 3152 1394ohci - ok
    14:19:32.0617 3152 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    14:19:32.0617 3152 ACPI - ok
    14:19:32.0695 3152 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    14:19:32.0727 3152 AcpiPmi - ok
    14:19:32.0851 3152 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    14:19:32.0898 3152 adp94xx - ok
    14:19:32.0929 3152 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    14:19:32.0929 3152 adpahci - ok
    14:19:32.0961 3152 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    14:19:32.0961 3152 adpu320 - ok
    14:19:32.0992 3152 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    14:19:32.0992 3152 AeLookupSvc - ok
    14:19:33.0070 3152 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
    14:19:33.0085 3152 AFD - ok
    14:19:33.0117 3152 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    14:19:33.0132 3152 agp440 - ok
    14:19:33.0148 3152 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
    14:19:33.0148 3152 ALG - ok
    14:19:33.0163 3152 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
    14:19:33.0163 3152 aliide - ok
    14:19:33.0179 3152 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
    14:19:33.0179 3152 amdide - ok
    14:19:33.0195 3152 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    14:19:33.0195 3152 AmdK8 - ok
    14:19:33.0195 3152 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    14:19:33.0195 3152 AmdPPM - ok
    14:19:33.0257 3152 [ 6ec6d772eae38dc17c14aed9b178d24b ] amdsata C:\Windows\system32\drivers\amdsata.sys
    14:19:33.0257 3152 amdsata - ok
    14:19:33.0319 3152 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    14:19:33.0319 3152 amdsbs - ok
    14:19:33.0335 3152 [ 1142a21db581a84ea5597b03a26ebaa0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    14:19:33.0335 3152 amdxata - ok
    14:19:33.0413 3152 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
    14:19:33.0413 3152 AppID - ok
    14:19:33.0444 3152 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    14:19:33.0444 3152 AppIDSvc - ok
    14:19:33.0569 3152 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    14:19:33.0569 3152 Appinfo - ok
    14:19:33.0709 3152 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    14:19:33.0709 3152 AppMgmt - ok
    14:19:33.0772 3152 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
    14:19:33.0772 3152 arc - ok
    14:19:33.0787 3152 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    14:19:33.0787 3152 arcsas - ok
    14:19:33.0928 3152 [ 4b720cc508b4fb999a7bf0e6d84f73e1 ] ASDR C:\Windows\SysWOW64\ASDR.exe
    14:19:34.0084 3152 ASDR - ok
    14:19:34.0162 3152 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    14:19:34.0240 3152 aspnet_state - ok
    14:19:34.0333 3152 [ df59b8e8df0bd2e0e303778a3806a17d ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    14:19:34.0333 3152 aswFsBlk - ok
    14:19:34.0521 3152 [ f8e6ab4f876feff69250f2e0c29ef004 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    14:19:34.0521 3152 aswMonFlt - ok
    14:19:34.0536 3152 [ aa92bc4bcba40ca3aa3ffd1be24f0c09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    14:19:34.0536 3152 aswRdr - ok
    14:19:34.0942 3152 [ f06e230e1e8ca9437a6474b7b551cd37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    14:19:34.0957 3152 aswSnx - ok
    14:19:35.0020 3152 [ 3610ca74a69e380424f0452dec5c1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    14:19:35.0020 3152 aswSP - ok
    14:19:35.0020 3152 [ 87de3e31cb0091d22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    14:19:35.0020 3152 aswTdi - ok
    14:19:35.0051 3152 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    14:19:35.0051 3152 AsyncMac - ok
    14:19:35.0254 3152 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
    14:19:35.0254 3152 atapi - ok
    14:19:35.0441 3152 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    14:19:35.0457 3152 AudioEndpointBuilder - ok
    14:19:35.0457 3152 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    14:19:35.0472 3152 AudioSrv - ok
    14:19:35.0753 3152 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    14:19:35.0753 3152 avast! Antivirus - ok
    14:19:35.0893 3152 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
    14:19:35.0893 3152 AxInstSV - ok
    14:19:36.0003 3152 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    14:19:36.0003 3152 b06bdrv - ok
    14:19:36.0143 3152 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:19:36.0143 3152 b57nd60a - ok
    14:19:36.0221 3152 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
    14:19:36.0221 3152 BDESVC - ok
    14:19:36.0299 3152 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    14:19:36.0299 3152 Beep - ok
    14:19:36.0814 3152 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
    14:19:36.0829 3152 BFE - ok
    14:19:37.0219 3152 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
    14:19:37.0235 3152 BITS - ok
    14:19:37.0313 3152 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    14:19:37.0329 3152 blbdrive - ok
    14:19:37.0453 3152 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    14:19:37.0453 3152 bowser - ok
    14:19:37.0500 3152 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:19:37.0609 3152 BrFiltLo - ok
    14:19:37.0609 3152 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:19:37.0625 3152 BrFiltUp - ok
    14:19:37.0719 3152 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
    14:19:37.0719 3152 Browser - ok
    14:19:37.0890 3152 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    14:19:37.0906 3152 Brserid - ok
    14:19:37.0968 3152 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    14:19:37.0984 3152 BrSerWdm - ok
    14:19:37.0999 3152 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:19:37.0999 3152 BrUsbMdm - ok
    14:19:37.0999 3152 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    14:19:37.0999 3152 BrUsbSer - ok
    14:19:38.0015 3152 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    14:19:38.0015 3152 BTHMODEM - ok
    14:19:38.0062 3152 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
    14:19:38.0062 3152 bthserv - ok
    14:19:38.0093 3152 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    14:19:38.0093 3152 cdfs - ok
    14:19:38.0171 3152 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    14:19:38.0171 3152 cdrom - ok
    14:19:38.0280 3152 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
    14:19:38.0280 3152 CertPropSvc - ok
    14:19:38.0296 3152 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    14:19:38.0296 3152 circlass - ok
    14:19:40.0168 3152 CLFS - ok
    14:19:43.0272 3152 clr_optimization_v2.0.50727_32 - ok
    14:19:50.0885 3152 clr_optimization_v2.0.50727_64 - ok
    14:20:11.0976 3152 clr_optimization_v4.0.30319_32 - ok
    14:20:14.0441 3152 clr_optimization_v4.0.30319_64 - ok
    14:20:18.0403 3152 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    14:20:18.0403 3152 CmBatt - ok
    14:20:20.0759 3152 cmdide - ok
    14:20:40.0041 3152 CNG - ok
    14:20:42.0942 3152 Compbatt - ok
    14:20:57.0934 3152 [ 31e14c04c60244fdc3737cc73a13aacd ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    14:21:08.0105 3152 Suspicious file (Forged): C:\Windows\system32\drivers\CompositeBus.sys. Real md5: 31e14c04c60244fdc3737cc73a13aacd, Fake md5: 03edb043586cceba243d689bdda370a8
    14:21:08.0105 3152 CompositeBus ( ForgedFile.Multi.Generic ) - warning
    14:21:08.0105 3152 CompositeBus - detected ForgedFile.Multi.Generic (1)
    14:21:08.0152 3152 COMSysApp - ok
    14:21:57.0370 3152 [ 89920a916e12e88179ead52e34eb71af ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    14:22:01.0395 3152 Suspicious file (Forged): C:\Windows\system32\DRIVERS\crcdisk.sys. Real md5: 89920a916e12e88179ead52e34eb71af, Fake md5: 1c827878a998c18847245fe1f34ee597
    14:22:01.0395 3152 crcdisk ( ForgedFile.Multi.Generic ) - warning
    14:22:01.0395 3152 crcdisk - detected ForgedFile.Multi.Generic (1)
    14:22:03.0314 3152 CryptSvc - ok
    14:22:06.0184 3152 CSC - ok
    14:22:09.0554 3152 CscService - ok
    14:22:22.0595 3152 DcomLaunch - ok
    14:22:27.0275 3152 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
    14:22:31.0206 3152 defragsvc - ok
    14:22:31.0409 3152 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    14:22:31.0409 3152 DfsC - ok
    14:22:31.0612 3152 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
    14:22:31.0628 3152 Dhcp - ok
    14:22:31.0721 3152 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
    14:22:31.0721 3152 discache - ok
    14:22:31.0815 3152 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
    14:22:31.0815 3152 Disk - ok
    14:22:31.0893 3152 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    14:22:31.0908 3152 Dnscache - ok
    14:22:32.0018 3152 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
    14:22:32.0018 3152 dot3svc - ok
    14:22:32.0158 3152 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
    14:22:32.0158 3152 DPS - ok
    14:22:32.0205 3152 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    14:22:32.0205 3152 drmkaud - ok
    14:22:32.0470 3152 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    14:22:32.0486 3152 DXGKrnl - ok
    14:22:32.0626 3152 [ eafcb4551836ff44ee775ceddfa7a77e ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
    14:22:32.0626 3152 e1cexpress - ok
    14:22:32.0751 3152 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
    14:22:32.0751 3152 EapHost - ok
    14:22:33.0141 3152 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    14:22:33.0281 3152 ebdrv - ok
    14:22:33.0390 3152 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
    14:22:33.0390 3152 EFS - ok
    14:22:33.0500 3152 ehRecvr - ok
    14:22:33.0578 3152 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
    14:22:33.0578 3152 ehSched - ok
    14:22:33.0796 3152 [ 343ada10d948db29251f2d9c809af204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
    14:22:33.0796 3152 EIO64 - ok
    14:22:34.0404 3152 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    14:22:34.0420 3152 elxstor - ok
    14:22:34.0498 3152 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
    14:22:34.0498 3152 ErrDev - ok
    14:22:34.0701 3152 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
    14:22:34.0716 3152 EventSystem - ok
    14:22:34.0841 3152 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
    14:22:34.0841 3152 exfat - ok
    14:22:34.0888 3152 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
    14:22:34.0888 3152 fastfat - ok
    14:22:35.0028 3152 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
    14:22:35.0044 3152 Fax - ok
    14:22:35.0075 3152 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    14:22:35.0075 3152 fdc - ok
    14:22:35.0138 3152 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
    14:22:35.0138 3152 fdPHost - ok
    14:22:35.0169 3152 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    14:22:35.0184 3152 FDResPub - ok
    14:22:35.0262 3152 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    14:22:35.0262 3152 FileInfo - ok
    14:22:35.0356 3152 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    14:22:35.0356 3152 Filetrace - ok
    14:22:35.0652 3152 [ a4297244d4f817278a6ae45b1899ca9c ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    14:22:35.0668 3152 FLEXnet Licensing Service 64 - ok
    14:22:35.0746 3152 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    14:22:35.0746 3152 flpydisk - ok
    14:22:35.0824 3152 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    14:22:35.0824 3152 FltMgr - ok
    14:22:35.0886 3152 [ b4447f606bb19fd8ad0bafb59b90f5d9 ] FontCache C:\Windows\system32\FntCache.dll
    14:22:35.0902 3152 FontCache - ok
    14:22:36.0042 3152 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    14:22:36.0042 3152 FontCache3.0.0.0 - ok
    14:22:36.0074 3152 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    14:22:36.0074 3152 FsDepends - ok
    14:22:36.0183 3152 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    14:22:36.0183 3152 Fs_Rec - ok
    14:22:36.0339 3152 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    14:22:36.0339 3152 fvevol - ok
    14:22:36.0401 3152 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:22:36.0401 3152 gagp30kx - ok
    14:22:36.0526 3152 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
    14:22:36.0542 3152 gpsvc - ok
    14:22:36.0604 3152 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    14:22:36.0604 3152 hcw85cir - ok
    14:22:36.0760 3152 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    14:22:36.0776 3152 HdAudAddService - ok
    14:22:36.0900 3152 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    14:22:36.0900 3152 HDAudBus - ok
    14:22:36.0932 3152 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    14:22:36.0932 3152 HidBatt - ok
    14:22:36.0978 3152 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    14:22:36.0978 3152 HidBth - ok
    14:22:37.0041 3152 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    14:22:37.0056 3152 HidIr - ok
    14:22:37.0119 3152 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
    14:22:37.0134 3152 hidserv - ok
    14:22:37.0181 3152 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    14:22:37.0181 3152 HidUsb - ok
    14:22:37.0306 3152 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    14:22:37.0306 3152 hkmsvc - ok
    14:22:37.0462 3152 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    14:22:37.0462 3152 HomeGroupListener - ok
    14:22:37.0602 3152 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    14:22:37.0602 3152 HomeGroupProvider - ok
    14:22:37.0665 3152 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    14:22:37.0712 3152 HpSAMD - ok
    14:22:37.0836 3152 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    14:22:37.0836 3152 HTTP - ok
    14:22:37.0914 3152 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    14:22:37.0914 3152 hwpolicy - ok
    14:22:38.0070 3152 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    14:22:38.0070 3152 i8042prt - ok
    14:22:38.0242 3152 [ 3df4395a7cf8b7a72a5f4606366b8c2d ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    14:22:38.0242 3152 iaStorV - ok
    14:22:39.0038 3152 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    14:22:39.0038 3152 IDriverT - ok
    14:22:39.0786 3152 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    14:22:39.0802 3152 idsvc - ok
    14:22:40.0176 3152 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    14:22:40.0286 3152 iirsp - ok
    14:22:41.0222 3152 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
    14:22:41.0237 3152 IKEEXT - ok
    14:22:41.0502 3152 [ d7b978f4504d3da95a21002863d0e7ee ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
    14:22:41.0502 3152 Intel(R) PROSet Monitoring Service - ok
    14:22:41.0518 3152 intelide - ok
    14:22:41.0643 3152 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    14:22:41.0643 3152 intelppm - ok
    14:22:41.0877 3152 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    14:22:41.0877 3152 IPBusEnum - ok
    14:22:42.0064 3152 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:22:42.0064 3152 IpFilterDriver - ok
    14:22:42.0423 3152 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    14:22:42.0438 3152 iphlpsvc - ok
    14:22:44.0388 3152 [ 7e2f5b69bd4b20ac940cddd9852f7e67 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    14:23:01.0174 3152 Suspicious file (Forged): C:\Windows\system32\drivers\IPMIDrv.sys. Real md5: 7e2f5b69bd4b20ac940cddd9852f7e67, Fake md5: 0fc1aea580957aa8817b8f305d18ca3a
    14:23:01.0174 3152 IPMIDRV ( ForgedFile.Multi.Generic ) - warning
    14:23:01.0174 3152 IPMIDRV - detected ForgedFile.Multi.Generic (1)
    14:23:10.0051 3152 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    14:23:10.0051 3152 IPNAT - ok
    14:23:10.0097 3152 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    14:23:10.0097 3152 IRENUM - ok
    14:23:12.0890 3152 [ 4d98c92287b0e09e9fda43228c878de2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    14:23:38.0755 3152 Suspicious file (Forged): C:\Windows\system32\drivers\isapnp.sys. Real md5: 4d98c92287b0e09e9fda43228c878de2, Fake md5: 2f7b28dc3e1183e5eb418df55c204f38
    14:23:38.0755 3152 isapnp ( ForgedFile.Multi.Generic ) - warning
    14:23:38.0755 3152 isapnp - detected ForgedFile.Multi.Generic (1)
    14:23:38.0973 3152 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    14:23:38.0989 3152 iScsiPrt - ok
    14:23:39.0004 3152 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    14:23:39.0004 3152 kbdclass - ok
    14:23:40.0970 3152 kbdhid - ok
    14:23:56.0273 3152 [ 9cc544b7333c1f741765ce8afc8b8f27 ] KeyIso C:\Windows\system32\lsass.exe
    14:23:56.0289 3152 Suspicious file (Forged): C:\Windows\system32\lsass.exe. Real md5: 9cc544b7333c1f741765ce8afc8b8f27, Fake md5: c118a82cd78818c29ab228366ebf81c3
    14:23:56.0289 3152 KeyIso ( ForgedFile.Multi.Generic ) - warning
    14:23:56.0289 3152 KeyIso - detected ForgedFile.Multi.Generic (1)
    14:23:59.0284 3152 KSecDD - ok
    14:24:04.0198 3152 KSecPkg - ok
    14:24:08.0644 3152 ksthunk - ok
    14:24:10.0048 3152 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
    14:24:10.0095 3152 KtmRm - ok
    14:24:10.0657 3152 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    14:24:10.0672 3152 LanmanServer - ok
    14:24:10.0875 3152 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    14:24:10.0875 3152 LanmanWorkstation - ok
    14:24:11.0093 3152 lltdio - ok
    14:24:11.0686 3152 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
    14:24:11.0780 3152 lltdsvc - ok
    14:24:11.0936 3152 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    14:24:12.0029 3152 lmhosts - ok
    14:24:12.0404 3152 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:24:12.0404 3152 LSI_FC - ok
    14:24:12.0435 3152 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:24:12.0451 3152 LSI_SAS - ok
    14:24:12.0497 3152 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:24:12.0513 3152 LSI_SAS2 - ok
    14:24:12.0591 3152 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:24:12.0591 3152 LSI_SCSI - ok
    14:24:12.0638 3152 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
    14:24:12.0638 3152 luafv - ok
    14:24:12.0747 3152 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    14:24:12.0747 3152 MBAMProtector - ok
    14:24:12.0872 3152 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    14:24:12.0872 3152 MBAMService - ok
    14:24:13.0028 3152 [ 79d51e7f5926e8ce1b3ebecebae28cff ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    14:24:13.0028 3152 mcdbus - ok
    14:24:13.0121 3152 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    14:24:13.0121 3152 Mcx2Svc - ok
    14:24:20.0641 3152 [ 5d1b13d4f0ae172eef23c787aecf91e1 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    14:25:32.0838 3152 Suspicious file (Forged): C:\Windows\system32\DRIVERS\megasas.sys. Real md5: 5d1b13d4f0ae172eef23c787aecf91e1, Fake md5: a55805f747c6edb6a9080d7c633bd0f4
    14:25:32.0838 3152 megasas ( ForgedFile.Multi.Generic ) - warning
    14:25:32.0838 3152 megasas - detected ForgedFile.Multi.Generic (1)
    14:25:33.0399 3152 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    14:25:33.0399 3152 MegaSR - ok
    14:25:34.0195 3152 [ 0af89452a8ce3928168f4e5b2208c68b ] mi-raysat_3dsmax2011_64 C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
    14:25:34.0195 3152 mi-raysat_3dsmax2011_64 - ok
    14:25:34.0320 3152 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
    14:25:34.0335 3152 MMCSS - ok
    14:25:34.0398 3152 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
    14:25:34.0398 3152 Modem - ok
    14:25:34.0538 3152 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    14:25:34.0538 3152 monitor - ok
    14:25:34.0585 3152 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    14:25:34.0585 3152 mouclass - ok
    14:25:34.0725 3152 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    14:25:34.0725 3152 mouhid - ok
    14:25:34.0866 3152 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    14:25:34.0866 3152 mountmgr - ok
    14:25:34.0897 3152 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
    14:25:34.0897 3152 mpio - ok
    14:25:34.0944 3152 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    14:25:34.0944 3152 mpsdrv - ok
    14:25:36.0784 3152 MpsSvc - ok
    14:25:39.0624 3152 MRxDAV - ok
    14:25:45.0614 3152 mrxsmb - ok
    14:25:51.0480 3152 mrxsmb10 - ok
    14:25:57.0314 3152 mrxsmb20 - ok
    14:26:01.0510 3152 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    14:26:01.0510 3152 msahci - ok
    14:26:01.0666 3152 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    14:26:01.0666 3152 msdsm - ok
    14:26:01.0776 3152 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
    14:26:01.0776 3152 MSDTC - ok
    14:26:01.0885 3152 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    14:26:01.0885 3152 Msfs - ok
    14:26:02.0056 3152 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    14:26:02.0056 3152 mshidkmdf - ok
    14:26:04.0490 3152 [ bd7e02f254bf869488fcf8c56a4d87c2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    14:26:05.0504 3152 Suspicious file (Forged): C:\Windows\system32\drivers\msisadrv.sys. Real md5: bd7e02f254bf869488fcf8c56a4d87c2, Fake md5: d916874bbd4f8b07bfb7fa9b3ccae29d
    14:26:05.0504 3152 msisadrv ( ForgedFile.Multi.Generic ) - warning
    14:26:05.0504 3152 msisadrv - detected ForgedFile.Multi.Generic (1)
    14:26:05.0629 3152 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    14:26:05.0629 3152 MSiSCSI - ok
    14:26:05.0629 3152 msiserver - ok
    14:26:05.0676 3152 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    14:26:05.0676 3152 MSKSSRV - ok
    14:26:05.0691 3152 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    14:26:05.0691 3152 MSPCLOCK - ok
    14:26:05.0707 3152 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    14:26:05.0707 3152 MSPQM - ok
    14:26:06.0409 3152 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    14:26:06.0409 3152 MsRPC - ok
    14:26:07.0142 3152 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    14:26:07.0142 3152 mssmbios - ok
    14:26:07.0282 3152 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    14:26:07.0282 3152 MSTEE - ok
    14:26:07.0298 3152 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    14:26:07.0298 3152 MTConfig - ok
    14:26:07.0314 3152 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
    14:26:07.0314 3152 Mup - ok
    14:26:11.0338 3152 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
    14:26:13.0632 3152 napagent - ok
    14:26:19.0029 3152 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    14:26:21.0010 3152 NativeWifiP - ok
    14:26:27.0032 3152 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
    14:26:30.0807 3152 NDIS - ok
    14:26:44.0894 3152 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    14:26:49.0012 3152 NdisCap - ok
  20. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    14:26:51.0275 3152 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    14:26:51.0290 3152 NdisTapi - ok
    14:26:58.0622 3152 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    14:26:58.0638 3152 Ndisuio - ok
    14:27:03.0879 3152 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    14:27:03.0879 3152 NdisWan - ok
    14:27:12.0584 3152 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    14:27:12.0600 3152 NDProxy - ok
    14:27:22.0989 3152 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    14:27:30.0228 3152 NetBIOS - ok
    14:27:37.0092 3152 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    14:27:38.0823 3152 NetBT - ok
    14:27:50.0726 3152 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
    14:27:50.0726 3152 Netlogon - ok
    14:28:04.0766 3152 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
    14:28:06.0779 3152 Netman - ok
    14:28:07.0028 3152 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:28:08.0495 3152 NetMsmqActivator - ok
    14:28:08.0526 3152 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:28:08.0526 3152 NetPipeActivator - ok
    14:28:08.0651 3152 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
    14:28:08.0651 3152 netprofm - ok
    14:28:08.0666 3152 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:28:08.0666 3152 NetTcpActivator - ok
    14:28:08.0666 3152 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:28:08.0666 3152 NetTcpPortSharing - ok
    14:28:08.0744 3152 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    14:28:08.0775 3152 nfrd960 - ok
    14:28:09.0103 3152 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    14:28:09.0103 3152 NlaSvc - ok
    14:28:09.0119 3152 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    14:28:09.0119 3152 Npfs - ok
    14:28:09.0197 3152 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
    14:28:09.0197 3152 nsi - ok
    14:28:09.0243 3152 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    14:28:09.0243 3152 nsiproxy - ok
    14:28:09.0602 3152 [ 05d78aa5cb5f3f5c31160bdb955d0b7c ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    14:28:09.0633 3152 Ntfs - ok
    14:28:09.0665 3152 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
    14:28:09.0680 3152 Null - ok
    14:28:09.0930 3152 [ 10204955027011e08a9dc27737a48a54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    14:28:09.0930 3152 NVHDA - ok
    14:28:10.0616 3152 [ d877fd69e520de8cf2ba831bf76506e9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    14:28:10.0663 3152 nvlddmkm - ok
    14:28:10.0928 3152 [ 5d9fd91f3d38dc9da01e3cb5fa89cd48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    14:28:10.0944 3152 nvraid - ok
    14:28:11.0006 3152 [ f7cd50fe7139f07e77da8ac8033d1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    14:28:11.0022 3152 nvstor - ok
    14:28:11.0303 3152 [ 8d1d42215100566824d2693d7ff4866d ] NVSvc C:\Windows\system32\nvvsvc.exe
    14:28:11.0318 3152 NVSvc - ok
    14:28:11.0989 3152 [ 496bd042f418e2b98a1947f5800e32f0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    14:28:12.0005 3152 nvUpdatusService - ok
    14:28:12.0332 3152 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    14:28:12.0332 3152 nv_agp - ok
    14:28:12.0457 3152 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    14:28:12.0488 3152 ohci1394 - ok
    14:28:13.0050 3152 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:28:13.0050 3152 ose - ok
    14:28:13.0393 3152 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    14:28:13.0471 3152 osppsvc - ok
    14:28:13.0487 3152 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    14:28:13.0502 3152 p2pimsvc - ok
    14:28:13.0549 3152 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
    14:28:13.0565 3152 p2psvc - ok
    14:28:13.0596 3152 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    14:28:13.0596 3152 Parport - ok
    14:28:13.0643 3152 [ 871eadac56b0a4c6512bbe32753ccf79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    14:28:13.0643 3152 partmgr - ok
    14:28:13.0674 3152 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    14:28:13.0674 3152 PcaSvc - ok
    14:28:13.0736 3152 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
    14:28:13.0736 3152 pci - ok
    14:28:13.0752 3152 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
    14:28:13.0752 3152 pciide - ok
    14:28:13.0767 3152 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    14:28:13.0783 3152 pcmcia - ok
    14:28:13.0845 3152 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
    14:28:13.0845 3152 pcw - ok
    14:28:13.0908 3152 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    14:28:13.0908 3152 PEAUTH - ok
    14:28:14.0423 3152 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    14:28:14.0438 3152 PeerDistSvc - ok
    14:28:14.0594 3152 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
    14:28:15.0249 3152 PerfHost - ok
    14:28:15.0405 3152 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
    14:28:15.0468 3152 pla - ok
    14:28:15.0795 3152 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    14:28:15.0795 3152 PlugPlay - ok
    14:28:15.0842 3152 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    14:28:15.0873 3152 PNRPAutoReg - ok
    14:28:15.0936 3152 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    14:28:15.0936 3152 PNRPsvc - ok
    14:28:16.0076 3152 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    14:28:16.0092 3152 PolicyAgent - ok
    14:28:16.0217 3152 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
    14:28:16.0232 3152 Power - ok
    14:28:16.0529 3152 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    14:28:16.0529 3152 PptpMiniport - ok
    14:28:16.0544 3152 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
    14:28:16.0544 3152 Processor - ok
    14:28:16.0841 3152 [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc C:\Windows\system32\profsvc.dll
    14:28:16.0950 3152 ProfSvc - ok
    14:28:16.0997 3152 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    14:28:16.0997 3152 ProtectedStorage - ok
    14:28:17.0168 3152 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    14:28:17.0168 3152 Psched - ok
    14:28:18.0229 3152 [ 788cb65d49d1162c5ee6814afe5b0a70 ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    14:28:18.0245 3152 PSI_SVC_2_x64 - ok
    14:28:18.0806 3152 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    14:28:18.0853 3152 ql2300 - ok
    14:28:18.0884 3152 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    14:28:18.0884 3152 ql40xx - ok
    14:28:18.0931 3152 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
    14:28:18.0947 3152 QWAVE - ok
    14:28:18.0978 3152 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    14:28:18.0978 3152 QWAVEdrv - ok
    14:28:18.0993 3152 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    14:28:18.0993 3152 RasAcd - ok
    14:28:19.0025 3152 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:28:19.0025 3152 RasAgileVpn - ok
    14:28:19.0383 3152 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
    14:28:19.0383 3152 RasAuto - ok
    14:28:19.0477 3152 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:28:19.0477 3152 Rasl2tp - ok
    14:28:19.0742 3152 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
    14:28:19.0773 3152 RasMan - ok
    14:28:19.0883 3152 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    14:28:19.0883 3152 RasPppoe - ok
    14:28:19.0929 3152 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    14:28:19.0929 3152 RasSstp - ok
    14:28:20.0241 3152 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    14:28:20.0241 3152 rdbss - ok
    14:28:20.0304 3152 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    14:28:20.0304 3152 rdpbus - ok
    14:28:20.0397 3152 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:28:20.0397 3152 RDPCDD - ok
    14:28:20.0491 3152 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    14:28:20.0491 3152 RDPDR - ok
    14:28:20.0507 3152 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    14:28:20.0507 3152 RDPENCDD - ok
    14:28:20.0585 3152 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    14:28:20.0585 3152 RDPREFMP - ok
    14:28:20.0741 3152 [ 70cba1a0c98600a2aa1863479b35cb90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    14:28:20.0741 3152 RdpVideoMiniport - ok
    14:28:20.0959 3152 [ 6d76e6433574b058adcb0c50df834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    14:28:20.0959 3152 RDPWD - ok
    14:28:21.0037 3152 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    14:28:21.0037 3152 rdyboost - ok
    14:28:21.0177 3152 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    14:28:21.0177 3152 RemoteAccess - ok
    14:28:21.0318 3152 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    14:28:21.0318 3152 RemoteRegistry - ok
    14:28:21.0489 3152 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    14:28:21.0489 3152 RpcEptMapper - ok
    14:28:21.0692 3152 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
    14:28:21.0708 3152 RpcLocator - ok
    14:28:21.0833 3152 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
    14:28:21.0848 3152 RpcSs - ok
    14:28:21.0895 3152 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    14:28:21.0911 3152 rspndr - ok
    14:28:22.0035 3152 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    14:28:22.0035 3152 s3cap - ok
    14:28:22.0098 3152 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
    14:28:22.0098 3152 SamSs - ok
    14:28:22.0176 3152 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    14:28:22.0176 3152 sbp2port - ok
    14:28:22.0207 3152 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
    14:28:22.0207 3152 SCardSvr - ok
    14:28:22.0238 3152 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    14:28:22.0238 3152 scfilter - ok
    14:28:22.0316 3152 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
    14:28:22.0347 3152 Schedule - ok
    14:28:22.0410 3152 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
    14:28:22.0410 3152 SCPolicySvc - ok
    14:28:22.0472 3152 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    14:28:22.0472 3152 SDRSVC - ok
    14:28:22.0550 3152 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    14:28:22.0550 3152 secdrv - ok
    14:28:22.0597 3152 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
    14:28:22.0597 3152 seclogon - ok
    14:28:22.0706 3152 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
    14:28:22.0722 3152 SENS - ok
    14:28:22.0769 3152 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    14:28:23.0003 3152 SensrSvc - ok
    14:28:23.0096 3152 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    14:28:23.0096 3152 Serenum - ok
    14:28:23.0127 3152 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    14:28:23.0283 3152 Serial - ok
    14:28:23.0408 3152 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    14:28:23.0424 3152 sermouse - ok
    14:28:23.0471 3152 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    14:28:23.0502 3152 SessionEnv - ok
    14:28:23.0580 3152 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    14:28:23.0580 3152 sffdisk - ok
    14:28:23.0611 3152 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    14:28:23.0611 3152 sffp_mmc - ok
    14:28:23.0658 3152 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    14:28:23.0658 3152 sffp_sd - ok
    14:28:23.0658 3152 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    14:28:23.0658 3152 sfloppy - ok
    14:28:23.0861 3152 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
    14:28:23.0876 3152 SharedAccess - ok
    14:28:24.0017 3152 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    14:28:24.0017 3152 ShellHWDetection - ok
    14:28:24.0095 3152 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:28:24.0095 3152 SiSRaid2 - ok
    14:28:24.0141 3152 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    14:28:24.0141 3152 SiSRaid4 - ok
    14:28:24.0235 3152 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    14:28:24.0235 3152 Smb - ok
    14:28:24.0375 3152 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    14:28:24.0375 3152 SNMPTRAP - ok
    14:28:24.0407 3152 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
    14:28:24.0407 3152 spldr - ok
    14:28:24.0516 3152 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
    14:28:24.0531 3152 Spooler - ok
    14:28:24.0828 3152 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
    14:28:24.0859 3152 sppsvc - ok
    14:28:24.0937 3152 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    14:28:24.0937 3152 sppuinotify - ok
    14:28:25.0155 3152 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
    14:28:25.0155 3152 srv - ok
    14:28:25.0327 3152 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    14:28:25.0327 3152 srv2 - ok
    14:28:25.0467 3152 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    14:28:25.0467 3152 srvnet - ok
    14:28:25.0530 3152 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    14:28:25.0545 3152 SSDPSRV - ok
    14:28:25.0545 3152 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
    14:28:25.0561 3152 SstpSvc - ok
    14:28:25.0951 3152 [ 37e909075c910b37779dbe1dbe7f180b ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    14:28:25.0951 3152 Stereo Service - ok
    14:28:26.0060 3152 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    14:28:26.0060 3152 stexstor - ok
    14:28:26.0419 3152 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
    14:28:26.0435 3152 stisvc - ok
    14:28:26.0513 3152 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    14:28:26.0513 3152 storflt - ok
    14:28:26.0622 3152 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    14:28:26.0622 3152 storvsc - ok
    14:28:26.0669 3152 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
    14:28:26.0669 3152 swenum - ok
    14:28:26.0887 3152 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    14:28:26.0949 3152 SwitchBoard - ok
    14:28:27.0261 3152 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
    14:28:27.0277 3152 swprv - ok
    14:28:27.0277 3152 Synth3dVsc - ok
    14:28:27.0573 3152 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
    14:28:27.0605 3152 SysMain - ok
    14:28:27.0714 3152 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    14:28:27.0729 3152 TabletInputService - ok
    14:28:28.0057 3152 [ 37bea19dbd43301fd987f5d277dfbea5 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
    14:28:28.0197 3152 TabletServicePen - ok
    14:28:28.0322 3152 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    14:28:28.0322 3152 TapiSrv - ok
    14:28:28.0385 3152 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
    14:28:28.0385 3152 TBS - ok
    14:28:28.0509 3152 [ fc62769e7bff2896035aeed399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    14:28:28.0587 3152 Tcpip - ok
    14:28:28.0681 3152 [ fc62769e7bff2896035aeed399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    14:28:28.0697 3152 TCPIP6 - ok
    14:28:28.0837 3152 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    14:28:28.0837 3152 tcpipreg - ok
    14:28:28.0868 3152 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    14:28:28.0868 3152 TDPIPE - ok
    14:28:28.0993 3152 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    14:28:29.0009 3152 TDTCP - ok
    14:28:29.0118 3152 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    14:28:29.0118 3152 tdx - ok
    14:28:29.0133 3152 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    14:28:29.0133 3152 TermDD - ok
    14:28:29.0165 3152 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
    14:28:29.0180 3152 TermService - ok
    14:28:29.0227 3152 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
    14:28:29.0227 3152 Themes - ok
    14:28:29.0274 3152 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
    14:28:29.0289 3152 THREADORDER - ok
    14:28:29.0305 3152 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
    14:28:29.0305 3152 TrkWks - ok
    14:28:29.0477 3152 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    14:28:29.0477 3152 TrustedInstaller - ok
    14:28:29.0555 3152 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:28:29.0555 3152 tssecsrv - ok
    14:28:29.0679 3152 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    14:28:29.0679 3152 TsUsbFlt - ok
    14:28:29.0679 3152 tsusbhub - ok
    14:28:29.0804 3152 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    14:28:29.0835 3152 tunnel - ok
    14:28:29.0867 3152 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    14:28:29.0867 3152 uagp35 - ok
    14:28:29.0882 3152 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    14:28:29.0882 3152 udfs - ok
    14:28:30.0007 3152 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    14:28:30.0007 3152 UI0Detect - ok
    14:28:30.0085 3152 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    14:28:30.0085 3152 uliagpkx - ok
    14:28:30.0116 3152 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    14:28:30.0116 3152 umbus - ok
    14:28:30.0147 3152 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    14:28:30.0147 3152 UmPass - ok
    14:28:30.0210 3152 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll
    14:28:30.0210 3152 UmRdpService - ok
    14:28:30.0303 3152 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
    14:28:30.0319 3152 upnphost - ok
    14:28:30.0366 3152 [ 481dff26b4dca8f4cbac1f7dce1d6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
    14:28:30.0366 3152 usbccgp - ok
    14:28:30.0428 3152 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    14:28:30.0444 3152 usbcir - ok
    14:28:30.0491 3152 [ 74ee782b1d9c241efe425565854c661c ] usbehci C:\Windows\system32\drivers\usbehci.sys
    14:28:30.0491 3152 usbehci - ok
    14:28:30.0584 3152 [ dc96bd9ccb8403251bcf25047573558e ] usbhub C:\Windows\system32\drivers\usbhub.sys
    14:28:30.0584 3152 usbhub - ok
    14:28:30.0631 3152 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    14:28:30.0647 3152 usbohci - ok
    14:28:30.0678 3152 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    14:28:30.0678 3152 usbprint - ok
    14:28:30.0725 3152 [ d76510cfa0fc09023077f22c2f979d86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:28:30.0725 3152 USBSTOR - ok
    14:28:30.0756 3152 [ 81fb2216d3a60d1284455d511797db3d ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    14:28:30.0803 3152 usbuhci - ok
    14:28:30.0818 3152 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
    14:28:30.0834 3152 UxSms - ok
    14:28:30.0849 3152 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
    14:28:30.0849 3152 VaultSvc - ok
    14:28:30.0865 3152 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    14:28:30.0865 3152 vdrvroot - ok
    14:28:31.0271 3152 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
    14:28:31.0286 3152 vds - ok
    14:28:31.0317 3152 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    14:28:31.0333 3152 vga - ok
    14:28:31.0349 3152 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
    14:28:31.0349 3152 VgaSave - ok
    14:28:31.0349 3152 VGPU - ok
    14:28:31.0395 3152 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    14:28:31.0395 3152 vhdmp - ok
    14:28:31.0442 3152 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
    14:28:31.0458 3152 viaide - ok
    14:28:31.0614 3152 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys
    14:28:31.0614 3152 vmbus - ok
    14:28:31.0629 3152 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    14:28:31.0629 3152 VMBusHID - ok
    14:28:31.0676 3152 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    14:28:31.0676 3152 volmgr - ok
    14:28:31.0910 3152 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    14:28:31.0910 3152 volmgrx - ok
    14:28:31.0941 3152 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    14:28:31.0941 3152 volsnap - ok
    14:28:32.0097 3152 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    14:28:32.0113 3152 vsmraid - ok
    14:28:32.0316 3152 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
    14:28:32.0331 3152 VSS - ok
    14:28:32.0347 3152 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    14:28:32.0347 3152 vwifibus - ok
    14:28:32.0378 3152 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
    14:28:32.0394 3152 W32Time - ok
    14:28:32.0565 3152 [ f39fc224758290a3193c68c091e6f11a ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    14:28:32.0565 3152 wacmoumonitor - ok
    14:28:32.0675 3152 [ e04d43c7d1641e95d35cae6086c7e350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
    14:28:32.0675 3152 wacommousefilter - ok
    14:28:32.0690 3152 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    14:28:32.0768 3152 WacomPen - ok
    14:28:32.0893 3152 [ 53b03e71e88109a5c3c074a33889258a ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
    14:28:32.0893 3152 wacomvhid - ok
    14:28:33.0018 3152 [ 8b4255329edfba3ecfbd0714476fad38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
    14:28:33.0018 3152 WacomVKHid - ok
    14:28:33.0127 3152 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    14:28:33.0158 3152 WANARP - ok
    14:28:33.0174 3152 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    14:28:33.0174 3152 Wanarpv6 - ok
    14:28:33.0267 3152 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    14:28:33.0299 3152 WatAdminSvc - ok
    14:28:33.0938 3152 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
    14:28:34.0812 3152 wbengine - ok
    14:28:34.0983 3152 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    14:28:34.0999 3152 WbioSrvc - ok
    14:28:35.0077 3152 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
    14:28:35.0077 3152 wcncsvc - ok
    14:28:35.0108 3152 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    14:28:35.0108 3152 WcsPlugInService - ok
    14:28:35.0155 3152 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
    14:28:35.0155 3152 Wd - ok
    14:28:35.0217 3152 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    14:28:35.0217 3152 Wdf01000 - ok
    14:28:35.0233 3152 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    14:28:35.0249 3152 WdiServiceHost - ok
    14:28:35.0249 3152 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    14:28:35.0249 3152 WdiSystemHost - ok
    14:28:35.0327 3152 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
    14:28:35.0327 3152 WebClient - ok
    14:28:35.0373 3152 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    14:28:35.0373 3152 Wecsvc - ok
    14:28:35.0405 3152 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    14:28:35.0405 3152 wercplsupport - ok
    14:28:35.0467 3152 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
    14:28:35.0467 3152 WerSvc - ok
    14:28:35.0483 3152 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    14:28:35.0498 3152 WfpLwf - ok
    14:28:35.0514 3152 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    14:28:35.0514 3152 WIMMount - ok
    14:28:35.0514 3152 WinDefend - ok
    14:28:35.0529 3152 WinHttpAutoProxySvc - ok
    14:28:35.0607 3152 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    14:28:35.0607 3152 Winmgmt - ok
    14:28:35.0810 3152 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
    14:28:35.0873 3152 WinRM - ok
    14:28:35.0919 3152 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    14:28:35.0919 3152 WinUsb - ok
    14:28:36.0029 3152 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
    14:28:36.0044 3152 Wlansvc - ok
    14:28:36.0216 3152 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    14:28:36.0231 3152 wlidsvc - ok
    14:28:36.0309 3152 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    14:28:36.0309 3152 WmiAcpi - ok
    14:28:36.0387 3152 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    14:28:36.0387 3152 wmiApSrv - ok
    14:28:36.0434 3152 WMPNetworkSvc - ok
    14:28:36.0481 3152 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
    14:28:36.0481 3152 WPCSvc - ok
    14:28:36.0543 3152 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    14:28:36.0543 3152 WPDBusEnum - ok
    14:28:36.0606 3152 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    14:28:36.0606 3152 ws2ifsl - ok
    14:28:36.0637 3152 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
    14:28:36.0637 3152 wscsvc - ok
    14:28:36.0637 3152 WSearch - ok
    14:28:36.0793 3152 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
    14:28:36.0933 3152 wuauserv - ok
    14:28:36.0949 3152 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    14:28:36.0949 3152 WudfPf - ok
    14:28:37.0011 3152 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:28:37.0011 3152 WUDFRd - ok
    14:28:37.0058 3152 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    14:28:37.0074 3152 wudfsvc - ok
    14:28:37.0089 3152 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
    14:28:37.0089 3152 WwanSvc - ok
    14:28:37.0152 3152 xsherlock - ok
    14:28:37.0167 3152 ================ Scan global ===============================
    14:28:37.0183 3152 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
    14:28:37.0277 3152 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
    14:28:37.0277 3152 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
    14:28:37.0323 3152 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
    14:28:37.0417 3152 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
    14:28:37.0417 3152 [Global] - ok
    14:28:37.0417 3152 ================ Scan MBR ==================================
    14:28:37.0448 3152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    14:28:37.0854 3152 \Device\Harddisk0\DR0 - ok
    14:28:37.0854 3152 ================ Scan VBR ==================================
    14:28:37.0885 3152 Boot (0x1200) (5d2ec72b470746c00219353f106fc8e4) \Device\Harddisk0\DR0\Partition1
    14:28:37.0916 3152 \Device\Harddisk0\DR0\Partition1 - ok
    14:28:37.0932 3152 Boot (0x1200) (4e1e751a8df3974421cf721548f82476) \Device\Harddisk0\DR0\Partition2
    14:28:37.0932 3152 \Device\Harddisk0\DR0\Partition2 - ok
    14:28:38.0010 3152 Boot (0x1200) (1a481a24f624f43aabe5baefc40abd37) \Device\Harddisk0\DR0\Partition3
    14:28:38.0010 3152 \Device\Harddisk0\DR0\Partition3 - ok
    14:28:38.0010 3152 ============================================================
    14:28:38.0010 3152 Scan finished
    14:28:38.0010 3152 ============================================================
    14:28:38.0025 3132 Detected object count: 7
    14:28:38.0025 3132 Actual detected object count: 7
    14:29:34.0981 3132 CompositeBus ( ForgedFile.Multi.Generic ) - skipped by user
    14:29:34.0981 3132 CompositeBus ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:29:34.0981 3132 crcdisk ( ForgedFile.Multi.Generic ) - skipped by user
    14:29:34.0981 3132 crcdisk ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:29:34.0981 3132 IPMIDRV ( ForgedFile.Multi.Generic ) - skipped by user
    14:29:34.0981 3132 IPMIDRV ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:29:34.0981 3132 isapnp ( ForgedFile.Multi.Generic ) - skipped by user
    14:29:34.0981 3132 isapnp ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:29:34.0981 3132 KeyIso ( ForgedFile.Multi.Generic ) - skipped by user
    14:29:34.0981 3132 KeyIso ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:29:34.0981 3132 megasas ( ForgedFile.Multi.Generic ) - skipped by user
    14:29:34.0981 3132 megasas ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:29:34.0997 3132 msisadrv ( ForgedFile.Multi.Generic ) - skipped by user
    14:29:34.0997 3132 msisadrv ( ForgedFile.Multi.Generic ) - User select action: Skip
    14:29:42.0500 2980 Deinitialize success
  21. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  22. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    if there's an error in one of the files being written/installed by combofix should I download a new one?
  23. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    You may as well.
  24. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    I'm trying to open my combofix.txt for pasting, it says
    "Illegal operation attempted on a registry key that has been marked for deletion"

    But it finished though
  25. pudgyman

    pudgyman Newcomer, in training Topic Starter Posts: 23

    Sorry was able to open after restarting. On the internet on normal mode again. Thank you so much! :) I feel I'm on the verge of better days for my pc.

    ComboFix 12-08-17.01 - Paolo 08/17/2012 14:37:21.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8096.6767 [GMT 8:00]
    Running from: c:\users\Paolo\Desktop\paoloval.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-17 07:17 . 2012-08-17 07:17--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-08-17 07:17 . 2012-08-17 07:17--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-17 05:58 . 2012-08-17 05:59--------d-----w-C:\paoloval
    2012-08-14 05:25 . 2012-08-14 05:25--------d-----w-C:\FRST
    2012-08-07 16:42 . 2012-08-07 16:42--------d-----w-c:\users\Paolo\AppData\Roaming\Malwarebytes
    2012-08-07 16:42 . 2012-08-07 16:42--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-07 16:42 . 2012-08-07 16:42--------d-----w-c:\programdata\Malwarebytes
    2012-08-07 16:42 . 2012-07-03 05:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-07 16:38 . 2012-08-07 16:38--------d-----w-c:\program files (x86)\Siber Systems
    2012-08-07 16:37 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-08-07 16:37 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-07 16:36 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-08-07 16:36 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-08-07 16:36 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-08-07 16:36 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-07 16:36 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
    2012-08-07 16:36 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
    2012-08-07 16:36 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-08-07 16:36 . 2012-08-07 16:36--------d-----w-c:\programdata\AVAST Software
    2012-08-07 16:36 . 2012-08-07 16:36--------d-----w-c:\program files\AVAST Software
    2012-08-02 16:21 . 2012-08-07 09:36--------d-----w-c:\program files (x86)\Overwolf
    2012-08-02 16:14 . 2012-08-02 16:29--------d-----w-c:\users\Paolo\AppData\Local\Overwolf
    2012-08-02 16:14 . 2012-08-02 16:14--------d-----w-c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
    2012-08-02 16:12 . 2012-08-02 16:12--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-07-27 12:36 . 2012-07-30 10:41--------d-----w-c:\windows\system32\appmgmt
    2012-07-24 03:09 . 2012-08-02 12:09--------d-----w-c:\users\Paolo\AppData\Local\dxhr
    2012-07-24 03:00 . 2012-07-24 03:00--------d-----w-c:\users\Paolo\AppData\Local\28050
    2012-07-23 12:48 . 2012-07-23 16:45--------d-----w-c:\users\Paolo\AppData\Roaming\IrfanView
    2012-07-19 11:40 . 2012-07-30 14:52--------d-----w-c:\users\Paolo\AppData\Roaming\Media Player Classic
    2012-07-19 06:15 . 2012-07-19 06:19--------d-----w-c:\program files\Adobe Premiere Pro CS6
    2012-07-19 06:09 . 2012-07-19 06:09--------d-----w-c:\users\Paolo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-07-19 06:09 . 2012-07-19 06:09--------d-----w-c:\program files (x86)\Adobe Download Assistant
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 16:57 . 2012-08-02 16:57654944----a-w-c:\windows\SysWow64\xsherlock.xem
    2012-06-02 22:19 . 2012-06-21 01:4138424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 01:412428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 01:4157880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 01:4144056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 01:41701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 01:412622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 01:4199840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 07:19 . 2012-06-21 01:41186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 07:15 . 2012-06-21 01:4136864----a-w-c:\windows\system32\wuapp.exe
    2012-05-31 04:25 . 2012-05-05 15:48279656------w-c:\windows\system32\MpSigStub.exe
    2012-05-26 04:36 . 2012-07-16 09:00204800----a-w-c:\windows\system32\unrar64.dll
    2011-10-24 07:30 . 2011-10-24 07:30796520----a-w-c:\program files (x86)\QTPlugin.ocx
    2011-10-24 07:30 . 2011-10-24 07:301234808----a-w-c:\program files (x86)\QuickTimePlayer.exe
    2011-10-24 07:02 . 2011-10-24 07:028120168----a-w-c:\program files (x86)\QuickTimePlayer.dll
    2011-10-24 07:02 . 2011-10-24 07:02370536----a-w-c:\program files (x86)\QTUIPanelControl.dll
    2011-10-24 07:02 . 2011-10-24 07:02894824----a-w-c:\program files (x86)\QTOControl.dll
    2011-10-24 07:02 . 2011-10-24 07:02821096----a-w-c:\program files (x86)\QTOLibrary.dll
    2011-10-24 06:28 . 2011-10-24 06:28421888----a-w-c:\program files (x86)\QTTask.exe
    2011-10-24 06:28 . 2011-10-24 06:28561152----a-w-c:\program files (x86)\PictureViewer.exe
    2011-03-11 01:30 . 2011-03-11 01:301572864----a-w-c:\program files (x86)\ResDLL.dll
    2011-03-10 07:53 . 2011-03-10 07:5398304----a-w-c:\program files (x86)\EIO.dll
    2011-02-25 11:22 . 2011-02-25 11:2277824----a-w-c:\program files (x86)\ASUSRC.dll
    2010-11-11 14:30 . 2010-11-11 14:3053760----a-w-c:\program files (x86)\ResetDiver.exe
    2010-04-27 12:55 . 2010-04-27 12:5528672----a-w-c:\program files (x86)\InitSD.exe
    2010-03-04 10:49 . 2010-03-04 10:4933280----a-w-c:\program files (x86)\IOMap.sys
    2010-02-22 07:46 . 2010-02-22 07:4623680----a-w-c:\program files (x86)\IOMap64.sys
    2009-08-21 01:48 . 2009-08-21 01:4844032----a-w-c:\program files (x86)\2dpainting.exe
    2009-07-30 03:16 . 2009-07-30 03:1616384----a-w-c:\program files (x86)\EIO64_xp.sys
    2009-07-30 03:15 . 2009-07-30 03:1514336----a-w-c:\program files (x86)\EIO_xp.sys
    2009-07-22 02:34 . 2009-07-22 02:3414336----a-w-c:\program files (x86)\EIO.sys
    2009-07-22 02:34 . 2009-07-22 02:3416384----a-w-c:\program files (x86)\EIO64.sys
    2009-06-30 15:35 . 2009-06-30 15:352741248----a-w-c:\program files (x86)\QtCore4.dll
    2009-02-26 08:31 . 2009-02-26 08:31613376----a-w-c:\program files (x86)\QtOpenGL4.dll
    2009-02-26 08:23 . 2009-02-26 08:2311448320----a-w-c:\program files (x86)\QtGui4.dll
    2008-11-12 14:08 . 2008-11-12 14:08188416----a-w-c:\program files (x86)\atipdlxx2543.dll
    2007-10-05 07:53 . 2007-10-05 07:5357344----a-w-c:\program files (x86)\xgctl.dll
    2007-05-24 13:53 . 2007-05-24 13:53139264----a-w-c:\program files (x86)\atipdlxx.dll
    2006-02-22 07:11 . 2006-02-22 07:11163840----a-w-c:\program files (x86)\atistclk.dll
    2006-01-04 07:01 . 2006-01-04 07:01110592----a-w-c:\program files (x86)\R5ClkLib.dll
    2005-12-22 08:34 . 2005-12-22 08:3498304----a-w-c:\program files (x86)\AiPanelUtilityDLL.dll
    2005-12-07 23:23 . 2005-12-07 23:2320480----a-w-c:\program files (x86)\HyperDrive.exe
    2005-10-20 01:35 . 2005-10-20 01:3515872----a-w-c:\program files (x86)\atikia64.sys
    2005-10-20 01:34 . 2005-10-20 01:347680----a-w-c:\program files (x86)\atillk64.sys
    2005-10-20 01:29 . 2005-10-20 01:295376----a-w-c:\program files (x86)\atidgllk.sys
    2005-09-09 00:32 . 2005-09-09 00:3253248----a-w-c:\program files (x86)\nvgpio.dll
    2004-10-28 09:23 . 2004-10-28 09:2312451----a-w-c:\program files (x86)\EIO.VXD
    2003-06-23 05:17 . 2003-06-23 05:1765536----a-w-c:\program files (x86)\2DTEST.EXE
    2003-03-19 03:14 . 2003-03-19 03:14499712----a-w-c:\program files (x86)\msvcp71.dll
    2003-02-21 12:42 . 2003-02-21 12:42348160----a-w-c:\program files (x86)\msvcr71.dll
    2002-08-28 18:41 . 2002-08-28 18:41401462----a-w-c:\program files (x86)\msvcp60.dll
    2002-01-05 23:43 . 2002-01-05 23:431310720----a-w-c:\program files (x86)\SmartDoctor.exe
    1999-08-21 04:21 . 1999-08-21 04:217869----a-w-c:\program files (x86)\Idlehlt.vxd
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
    [7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    .
    [-] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
    .
    [7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys
    [7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
    .
    [7] 2010-11-20 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
    .
    [7] 2010-11-20 . 05D78AA5CB5F3F5C31160BDB955D0B7C . 1659776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
    .
    [-] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
    .
    .
    [-] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
    .
    [-] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
    .
    [-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe
    .
    [7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
    .
    [7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
    .
    [7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
    .
    [7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
    .
    [7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
    [7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
    [7] 2010-08-20 . 8547491BE7086EE317163365D83A37D2 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
    [7] 2009-07-14 . 89E8550C5862999FCF482EA562B0E98E . 558080 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
    [7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
    .
    [7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [7] 2009-10-28 . A93D41A4D4B0D91C072D11DD8AF266DE . 389632 . . [6.1.7600.20560] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [7] 2009-10-28 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16447] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
    [7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
    .
    [7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuauclt.exe
    [7] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
    [7] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuauclt.exe
    [7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\system32\wuauclt.exe
    .
    [7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll
    [7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
    [7] 2010-11-20 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
    [7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_961cb3b90ac4540e\comctl32.dll
    [7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_a6357652551c0c2c\comctl32.dll
    [7] 2010-08-24 . 882C1C473BE598DF08730DA11C5B2B27 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_e3967e4730ab1731\comctl32.dll
    [7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_95a2b509f19be458\comctl32.dll
    [7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
    [7] 2010-08-21 . 113921FC4A80A3DDF646852998B836D0 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
    [7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_959110a7f1a88a21\comctl32.dll
    [7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf\comctl32.dll
    [7] 2009-07-14 . C093E7835C1372D6D70A6675EDAA97B5 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll
    [7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
    .
    [7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
    [7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
    .
    [7] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [7] 2009-07-14 . 8C57411B66282C01533CB776F98AD384 . 175104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
    [7] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
    .
    [7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
    .
    [7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
    [7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
    .
    [7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
    [7] 2009-07-14 . 5F2BDCA5FA0F20A6F452CF0EE2A2B18C . 801280 . . [1.0626.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_08ef6ab5722d66d5\usp10.dll
    [7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll
    .
    [7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
    [7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
    [7] 2011-07-16 . DDBD24DC04DA5FD0EDF45CF72B7C01E2 . 1162240 . . [6.1.7600.16850] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll
    [7] 2011-07-16 . 06835B46D9676BEDD80AF25ACF6845FD . 1162240 . . [6.1.7600.21010] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
    [7] 2010-11-20 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
    .
    [7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
    [7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
    .
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
    [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
    .
    [7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-I..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
    [7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
    .
    [7] 2012-02-28 . D785A16A6F03F76CB862F28C9F8C9672 . 17790976 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
    .
    .
    [7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
    [7] 2009-07-14 . FC76FE3C1E1FDB761244D4F74EF560FD . 320000 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
    [7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
    .
    [7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
    [7] 2009-07-14 . 956D030D375F207B22FB111E06EF9C35 . 692736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
    [7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
    .
    [7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
    [7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
    .
    [7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
    [7] 2009-07-14 . 398712DDDAEFB85EDF61DF6A07B65C79 . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
    [7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
    .
    [7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
    [7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
    .
    [7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
    [7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
    .
    [7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
    [7] 2009-07-14 . 884264AC597B690C5707C89723BB8E7B . 316416 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_3f31ca82fea39f26\tapisrv.dll
    [7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
    .
    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    [7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
    [7] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
    .
    [-] 2012-02-28 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
    .
    [7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
    [7] 2009-07-14 . 7083F463788CB34FCC42F565D56F89E8 . 296448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
    [7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
    .
    [7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
    [7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
    .
    [7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
    [7] 2010-06-29 . AC8F79017C5C1FB316930EDEAD0AF517 . 2085376 . . [6.1.7600.16624] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_08527df30bd29da3\ole32.dll
    [7] 2010-06-29 . 49401892E8305914A9E7F64C7000D6A6 . 2085376 . . [6.1.7600.20744] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_08c67ae62500754f\ole32.dll
    [7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
    .
    [7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
    [7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
    .
    [7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
    .
    [7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
    [7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
    .
    [7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
    [7] 2009-07-14 . 0298AC45D0EFFFB2DB4BAA7DD186E7BF . 369664 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_29254ed1369e9d89\shsvcs.dll
    [7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
    .
    [7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
    [7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
    .
    [7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
    [7] 2010-11-02 . 5269A787C24D968D291B22F7ED4955B1 . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_8bb0c2c5c9ad095d\schedsvc.dll
    [7] 2010-11-02 . 624D0F5FF99428BB90A5B8A4123E918E . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_8aef4726b0b7f821\schedsvc.dll
    [7] 2009-07-14 . EC56B171F85C7E855E7B0588AC503EEA . 1104384 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_8af61038b0b37f5f\schedsvc.dll
    [7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
    .
    [7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
    [7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
    .
    [7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
    [7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
    [7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
    .
    [7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\system32\ntoskrnl.exe
    .
    [7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_43f68e03b0fd4b38\ksuser.dll
    [7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
    [7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.