TechSpot

Win64/Patched.A in Services.exe

Solved
By ForceTrooper
Oct 20, 2012
  1. I got a notification today from AVG that trojan virus Win64/Patched.A in services.exe could not be removed because the original file had been replaced with malware. I've run AVG, McAfee, and MalwareBytes with no success. AVG keeps saying it can only be removed manually. I've done some reading on this and seen what other people have done to fix the problem. I've run FRST on my system and I've pasted the logs below. I'm pretty much lost as to what to do next. I'd appreciate any help you can give.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
    Ran by User at 20-10-2012 21:26:54
    Running from I:\
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.The operation completed successfully.
    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

    ==================== One Month Created Files and Folders ========
    2012-10-20 20:07 - 2012-10-20 21:26 - 00000000 ____D C:\FRST
    2012-10-20 17:55 - 2012-10-20 19:11 - 00002396 ____A C:\Users\Grover\Desktop\avgrep.txt
    2012-10-20 11:45 - 2012-08-23 11:31 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
    2012-10-20 11:45 - 2012-08-23 11:31 - 00021880 ____A (AVG) C:\Windows\System32\authuitu.dll
    2012-10-20 11:44 - 2012-10-20 11:44 - 00000000 ____D C:\Users\Grover\AppData\Roaming\AVG
    2012-10-20 11:43 - 2012-10-20 11:45 - 00000000 ____D C:\Users\All Users\AVG
    2012-10-20 11:43 - 2012-10-20 11:43 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
    2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
    2012-10-20 10:53 - 2012-10-20 11:43 - 58674136 ____A (AVG) C:\Users\Grover\Desktop\avg_tuh_stf_all_2013_2_24c4.exe
    2012-10-20 10:42 - 2012-10-20 10:43 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-10-19 22:29 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-19 22:29 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-10-19 22:29 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-19 22:29 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-19 22:29 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-19 22:29 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-19 22:29 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-19 22:29 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\setup16.exe
    2012-10-19 22:29 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-19 22:29 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-19 22:29 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-19 22:29 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-19 22:29 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-19 22:29 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wow32.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-19 22:29 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\instnm.exe
    2012-10-19 22:29 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-19 22:29 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\user.exe
    2012-10-19 22:29 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-19 22:28 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-19 22:28 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-19 22:27 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-19 22:27 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-19 22:27 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-19 22:27 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-19 20:54 - 2012-10-20 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\Grover\AppData\Roaming\Malwarebytes
    2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-19 19:47 - 2012-10-19 19:55 - 92121088 ____A C:\Users\Grover\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-16 20:41 - 2012-10-19 21:09 - 00000000 __SHD C:\Users\Grover\AppData\Roaming\System
    2012-10-13 17:13 - 2012-10-13 17:17 - 47740019 ____A C:\Users\Grover\Desktop\mister_rogers_remixed_garden_of_your_mind_pbs_digital_studios_youtube.wmv
    2012-10-13 17:04 - 2012-10-13 17:06 - 11259964 ____A C:\Users\Grover\Downloads\PBS' autotuned 'Mister Rogers' remix that will blow your mind Guyism.mp4
    2012-10-12 11:43 - 1994-12-31 19:00 - 00000044 ____A C:\Users\Grover\Desktop\Track05.cda
    2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\AppData\Local\rx_image32.Cache
    2012-10-12 10:29 - 2012-10-19 22:06 - 00000000 ____D C:\Users\Grover\Documents\e-Sword
    2012-10-12 00:19 - 2012-10-19 22:07 - 00000000 ____D C:\Program Files (x86)\e-Sword
    2012-10-10 17:20 - 2012-10-19 22:17 - 00000000 ____D C:\Users\Grover\Documents\Fax
    2012-10-05 16:37 - 2012-10-19 22:07 - 00000000 ___DC C:\Users\All Users\{5EB42881-1E29-48E3-9E86-E4B71E83A651}
    2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Users\All Users\Transparent
    2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Program Files (x86)\Transparent
    2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\ImportReports
    2012-10-05 16:25 - 2012-10-05 16:37 - 00005430 ____A C:\Users\Grover\BykiDownloader.log
    2012-09-23 03:00 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-23 03:00 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-23 03:00 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-23 03:00 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-23 03:00 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-23 03:00 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-23 03:00 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(14752).dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet(14752).dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(14747).dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(14747).dll
    2012-09-23 03:00 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-23 03:00 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-23 03:00 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-23 03:00 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-23 03:00 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-23 03:00 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-23 03:00 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-23 03:00 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-23 03:00 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-23 03:00 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-23 03:00 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-23 03:00 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(14721).dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(14721).dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-23 03:00 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-23 03:00 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-23 03:00 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-23 03:00 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-22 20:05 - 2012-09-10 15:25 - 00002693 ____A C:\Users\Grover\Desktop\Microsoft Office Word 2007.lnk
    2012-09-21 22:37 - 2012-09-21 22:38 - 00000000 ____D C:\Windows\SysWOW64\Adobe
    2012-09-21 22:37 - 2012-09-21 22:38 - 00000000 ____D C:\Windows\System32\Adobe
    2012-09-20 13:45 - 2012-09-20 13:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-09-20 13:45 - 2012-09-20 13:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

    ==================== 3 Months Modified Files ==================
    2012-10-21 00:20 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-21 00:20 - 2009-07-13 23:51 - 00038918 ____A C:\Windows\setupact.log
    2012-10-20 23:13 - 2012-02-13 19:06 - 01796178 ____A C:\Windows\WindowsUpdate.log
    2012-10-20 23:10 - 2010-11-20 22:47 - 00034810 ____A C:\Windows\PFRO.log
    2012-10-20 19:11 - 2012-10-20 17:55 - 00002396 ____A C:\Users\Grover\Desktop\avgrep.txt
    2012-10-20 17:43 - 2012-09-17 09:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-20 11:43 - 2012-10-20 10:53 - 58674136 ____A (AVG) C:\Users\Grover\Desktop\avg_tuh_stf_all_2013_2_24c4.exe
    2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
    2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
    2012-10-19 22:44 - 2012-09-17 09:25 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-19 22:44 - 2012-09-17 09:25 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-10-19 22:44 - 2012-02-13 19:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-19 22:44 - 2012-02-13 19:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-10-19 22:31 - 2012-09-09 01:21 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-10-19 22:19 - 2012-09-08 23:49 - 00084712 ____A C:\Users\Grover\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-10-19 19:55 - 2012-10-19 19:47 - 92121088 ____A C:\Users\Grover\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-13 17:17 - 2012-10-13 17:13 - 47740019 ____A C:\Users\Grover\Desktop\mister_rogers_remixed_garden_of_your_mind_pbs_digital_studios_youtube.wmv
    2012-10-13 17:06 - 2012-10-13 17:04 - 11259964 ____A C:\Users\Grover\Downloads\PBS' autotuned 'Mister Rogers' remix that will blow your mind Guyism.mp4
    2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\AppData\Local\rx_image32.Cache
    2012-10-05 16:37 - 2012-10-05 16:25 - 00005430 ____A C:\Users\Grover\BykiDownloader.log
    2012-09-14 13:28 - 2012-10-19 22:27 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-14 13:28 - 2012-10-19 22:27 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-10 15:25 - 2012-09-22 20:05 - 00002693 ____A C:\Users\Grover\Desktop\Microsoft Office Word 2007.lnk
    2012-09-09 09:08 - 2012-09-09 09:07 - 00295164 ____A C:\Windows\msxml4-KB973688-enu.LOG
    2012-09-09 09:06 - 2012-09-09 09:05 - 00296626 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2012-09-09 08:54 - 2011-02-10 11:10 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-09 08:54 - 2011-02-10 11:10 - 00772558 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-09 01:00 - 2012-09-09 01:00 - 04411392 ____A (AVG Technologies) C:\Users\Grover\Downloads\avg_free_stb_all_2013_2667_cnet.exe
    2012-09-08 23:53 - 2012-02-13 19:34 - 34665846 ____A C:\Windows\RPSETUP.EXE.LOG
    2012-09-08 23:47 - 2012-09-08 23:47 - 00000020 ___SH C:\Users\Grover\ntuser.ini
    2012-08-30 12:12 - 2012-10-19 22:29 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 12:12 - 2012-10-19 22:29 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-08-30 12:12 - 2012-10-19 22:29 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-30 12:12 - 2012-10-19 22:29 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-24 11:57 - 2012-10-19 22:28 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 11:57 - 2012-10-19 22:28 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 02:27 - 2012-09-23 03:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-24 02:27 - 2012-09-23 03:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:03 - 2012-09-23 03:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-24 02:03 - 2012-09-23 03:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 01:59 - 2012-09-23 03:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-24 01:59 - 2012-09-23 03:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-24 01:51 - 2012-09-23 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(14752).dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet(14752).dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(14747).dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(14747).dll
    2012-08-24 01:49 - 2012-09-23 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-24 01:49 - 2012-09-23 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 01:48 - 2012-09-23 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-24 01:48 - 2012-09-23 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 01:47 - 2012-09-23 03:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-24 01:47 - 2012-09-23 03:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 01:47 - 2012-09-23 03:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-24 01:47 - 2012-09-23 03:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 01:47 - 2012-09-23 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-24 01:47 - 2012-09-23 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 01:45 - 2012-09-23 03:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-24 01:45 - 2012-09-23 03:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(14721).dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(14721).dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 01:43 - 2012-09-23 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-24 01:43 - 2012-09-23 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 01:40 - 2012-09-23 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-24 01:40 - 2012-09-23 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 11:31 - 2012-10-20 11:45 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
    2012-08-23 11:31 - 2012-10-20 11:45 - 00021880 ____A (AVG) C:\Windows\System32\authuitu.dll
    2012-08-20 12:40 - 2012-10-19 22:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 12:40 - 2012-10-19 22:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 12:38 - 2012-10-19 22:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 12:38 - 2012-10-19 22:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\setup16.exe
    2012-08-20 12:37 - 2012-10-19 22:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 12:37 - 2012-10-19 22:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 12:37 - 2012-10-19 22:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 12:37 - 2012-10-19 22:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 12:37 - 2012-10-19 22:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 12:37 - 2012-10-19 22:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wow32.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-19 22:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 10:38 - 2012-10-19 22:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\instnm.exe
    2012-08-20 10:38 - 2012-10-19 22:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 10:38 - 2012-10-19 22:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\user.exe
    2012-08-20 10:33 - 2012-10-19 22:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-10 18:56 - 2012-10-19 22:27 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-10 18:56 - 2012-10-19 22:27 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-02 11:57 - 2012-09-12 09:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-08-02 11:57 - 2012-09-12 09:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

    ZeroAccess:
    C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}
    C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}\L
    C:\Windows\Installer\{97c7df4b-dbf1-bd74-1c25-6de286f718ee}\U
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe
    [2012-02-13 20:57] - [2012-02-13 20:57] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
    C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\User32.dll
    [2010-11-20 22:24] - [2010-11-20 22:24] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
    ==================== Memory info ===========================
    Percentage of memory in use: 37%
    Total physical RAM: 5886.98 MB
    Available physical RAM: 3684.29 MB
    Total Pagefile: 11772.14 MB
    Available Pagefile: 9076.04 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3991.61 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:869.59 GB) NTFS
    2 Drive d: (AVG Restore Disc) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF
    7 Drive I: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
    8 Drive j: () (Removable) (Total:7.47 GB) (Free:2.59 GB) FAT32
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 7667 MB 0 B
    Disk 6 Online 3819 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 916 GB 14 GB
    =========================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 916 GB Healthy Boot
    =========================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7655 MB 22 KB
    =========================================================
    Disk: 5
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J FAT32 Removable 7655 MB Healthy
    =========================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3818 MB 16 KB
    =========================================================
    Disk: 6
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 I FAT32 Removable 3818 MB Healthy
    =========================================================
    ==================== End Of Log ============================



    Farbar Recovery Scan Tool (x86) Version: 15-10-2012
    Ran by User at 2012-10-20 21:30:21
    Running from I:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    === End Of Search ===
  2. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    You ran FRST from within Windows. That won't work.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe; volsnap.sys; winlogon.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  3. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    Running FRST from within windows was the only way I could get it to run at all. I don't remember the error it was giving me, but it wouldn't run from the command prompt in system recovery. I'll start over and see what happens. Thanks.
  4. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Let me know.
  5. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    I followed those instructions exactly and got this message from the command prompt: "The subsystem needed to support the image is not present".
  6. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    You downloaded wrong version of FRST. Your system is 32-bit so you have to use 32-bit FRST.
  7. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    Okay, I downloaded the x86 FRST from the link you gave above and started over. Same result, "subsystem needed to support the image type is not present."
  8. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    What do I do now?
  9. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    I'm sorry. My mistake.
    Your system is 64-bit:
    You need to get 64-bit FRST.
  10. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    Thanks, I actually just did that just to give it a shot and got it to work, but I'm having trouble posting the results here. The page wants "fewer than 50000 characters.
  11. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2012
    Ran by SYSTEM at 21-10-2012 15:58:53
    Running from I:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-09] (Realtek Semiconductor)
    HKLM\...\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet [2022976 2011-06-27] ()
    HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-14] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
    HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
    HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
    HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-10-20] ()
    HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-10-20] ()
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
    ==================== Services (Whitelisted) ===================
    2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1314720 2012-10-02] (AVG Technologies CZ, s.r.o.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-02] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-02] (AVG Technologies CZ, s.r.o.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
    4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)
    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)
    2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [2148216 2012-08-23] (AVG)
    2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-10-20] ()
    ==================== Drivers (Whitelisted) =====================
    1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-13] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-21] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-10-20] (AVG Technologies)
    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
    3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-10-21] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
    0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
    3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
    3 mfeavfk01; [x]
    3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
    ==================== NetSvcs (Whitelisted) ====================
     
  12. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    ==================== One Month Created Files and Folders ========
    2012-10-21 14:52 - 2012-10-21 14:52 - 00000750 ____A C:\Windows\System32\.crusader
    2012-10-21 14:42 - 2012-10-21 14:52 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-10-21 14:42 - 2012-10-21 14:52 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
    2012-10-20 20:07 - 2012-10-20 21:26 - 00000000 ____D C:\FRST
    2012-10-20 17:55 - 2012-10-20 19:11 - 00002396 ____A C:\Users\Grover\Desktop\avgrep.txt
    2012-10-20 11:45 - 2012-08-23 11:31 - 00035192 ____A (AVG) C:\Windows\System32\TURegOpt.exe
    2012-10-20 11:45 - 2012-08-23 11:31 - 00026488 ____A (AVG) C:\Windows\System32\authuitu.dll
    2012-10-20 11:45 - 2012-08-23 11:31 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
    2012-10-20 11:44 - 2012-10-20 11:44 - 00000000 ____D C:\Users\Grover\Application Data\AVG
    2012-10-20 11:44 - 2012-10-20 11:44 - 00000000 ____D C:\Users\Grover\AppData\Roaming\AVG
    2012-10-20 11:43 - 2012-10-20 11:45 - 00000000 ____D C:\Users\All Users\AVG
    2012-10-20 11:43 - 2012-10-20 11:45 - 00000000 ____D C:\Users\All Users\Application Data\AVG
    2012-10-20 11:43 - 2012-10-20 11:43 - 00000000 __SHD C:\Users\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-20 11:43 - 2012-10-20 11:43 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
    2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk
    2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
    2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\All Users\Desktop\Nero Blu-ray Player.lnk
    2012-10-20 10:53 - 2012-10-20 11:43 - 58674136 ____A (AVG) C:\Users\Grover\Desktop\avg_tuh_stf_all_2013_2_24c4.exe
    2012-10-20 10:42 - 2012-10-20 10:43 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-10-20 10:37 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-19 23:13 - 2012-04-20 16:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
    2012-10-19 22:29 - 2012-08-31 13:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-19 22:29 - 2012-08-30 13:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-19 22:29 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-19 22:29 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-19 22:29 - 2012-08-20 13:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-19 22:29 - 2012-08-20 13:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-19 22:29 - 2012-08-20 13:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-19 22:29 - 2012-08-20 13:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-19 22:29 - 2012-08-20 13:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-19 22:29 - 2012-08-20 13:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-19 22:29 - 2012-08-20 13:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-19 22:29 - 2012-08-20 13:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-19 22:29 - 2012-08-20 13:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-19 22:29 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-19 22:29 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-19 22:29 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-19 22:29 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-19 22:29 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-19 22:29 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-19 22:29 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-19 22:28 - 2012-08-24 13:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-19 22:28 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-19 22:27 - 2012-09-14 14:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-19 22:27 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-19 22:27 - 2012-08-10 19:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-19 22:27 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-19 22:25 - 2012-06-02 00:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-19 22:25 - 2012-06-02 00:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-19 22:25 - 2012-06-02 00:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-19 22:25 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-19 20:54 - 2012-10-20 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\Grover\Application Data\Malwarebytes
    2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\Grover\AppData\Roaming\Malwarebytes
    2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-19 20:54 - 2012-10-19 20:54 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-10-19 19:47 - 2012-10-19 19:55 - 92121088 ____A C:\Users\Grover\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-16 20:41 - 2012-10-19 21:09 - 00000000 __SHD C:\Users\Grover\Application Data\System
    2012-10-16 20:41 - 2012-10-19 21:09 - 00000000 __SHD C:\Users\Grover\AppData\Roaming\System
    2012-10-13 17:04 - 2012-10-13 17:06 - 11259964 ____A C:\Users\Grover\Downloads\PBS' autotuned 'Mister Rogers' remix that will blow your mind Guyism.mp4
    2012-10-12 11:43 - 1994-12-31 19:00 - 00000044 ____A C:\Users\Grover\Desktop\Track05.cda
    2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\Local Settings\rx_image32.Cache
    2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\Local Settings\Application Data\rx_image32.Cache
    2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\AppData\Local\rx_image32.Cache
    2012-10-12 10:29 - 2012-10-19 22:06 - 00000000 ____D C:\Users\Grover\My Documents\e-Sword
    2012-10-12 10:29 - 2012-10-19 22:06 - 00000000 ____D C:\Users\Grover\Documents\e-Sword
    2012-10-12 00:19 - 2012-10-19 22:07 - 00000000 ____D C:\Program Files (x86)\e-Sword
    2012-10-10 17:20 - 2012-10-19 22:17 - 00000000 ____D C:\Users\Grover\My Documents\Fax
    2012-10-10 17:20 - 2012-10-19 22:17 - 00000000 ____D C:\Users\Grover\Documents\Fax
    2012-10-05 16:37 - 2012-10-19 22:07 - 00000000 ___DC C:\Users\All Users\Application Data\{5EB42881-1E29-48E3-9E86-E4B71E83A651}
    2012-10-05 16:37 - 2012-10-19 22:07 - 00000000 ___DC C:\Users\All Users\{5EB42881-1E29-48E3-9E86-E4B71E83A651}
    2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Users\All Users\Transparent
    2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Users\All Users\Application Data\Transparent
    2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\Program Files (x86)\Transparent
    2012-10-05 16:37 - 2012-10-05 16:37 - 00000000 ____D C:\ImportReports
    2012-10-05 16:25 - 2012-10-05 16:37 - 00005430 ____A C:\Users\Grover\BykiDownloader.log
    2012-10-05 03:26 - 2012-10-05 03:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-02 03:30 - 2012-10-02 03:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-25 17:04 - 2012-08-21 16:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-23 03:01 - 2012-08-24 05:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-23 03:00 - 2012-08-24 06:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-23 03:00 - 2012-08-24 05:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-23 03:00 - 2012-08-24 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-23 03:00 - 2012-08-24 05:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-23 03:00 - 2012-08-24 05:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(14625).dll
    2012-09-23 03:00 - 2012-08-24 05:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-23 03:00 - 2012-08-24 05:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet(14662).dll
    2012-09-23 03:00 - 2012-08-24 05:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-23 03:00 - 2012-08-24 05:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-23 03:00 - 2012-08-24 05:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-23 03:00 - 2012-08-24 05:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-23 03:00 - 2012-08-24 05:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-23 03:00 - 2012-08-24 05:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-23 03:00 - 2012-08-24 05:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-23 03:00 - 2012-08-24 05:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(14478).dll
    2012-09-23 03:00 - 2012-08-24 05:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-23 03:00 - 2012-08-24 05:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-23 03:00 - 2012-08-24 05:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-23 03:00 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-23 03:00 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-23 03:00 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(14752).dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-23 03:00 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(14747).dll
    2012-09-23 03:00 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-23 03:00 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-23 03:00 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-23 03:00 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-23 03:00 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-23 03:00 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(14721).dll
    2012-09-23 03:00 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-23 03:00 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-23 03:00 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-22 20:05 - 2012-09-10 15:25 - 00002693 ____A C:\Users\Grover\Desktop\Microsoft Office Word 2007.lnk
    2012-09-21 22:37 - 2012-09-21 22:38 - 00000000 ____D C:\Windows\SysWOW64\Adobe
    2012-09-21 03:46 - 2012-09-21 03:46 - 00225120 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
    2012-09-21 03:46 - 2012-09-21 03:46 - 00200032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-09-21 03:45 - 2012-09-21 03:45 - 00061792 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys

    ==================== 3 Months Modified Files ==================
    2012-10-21 14:57 - 2012-02-13 19:06 - 01842082 ____A C:\Windows\WindowsUpdate.log
    2012-10-21 14:57 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-21 14:57 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-21 14:54 - 2012-10-21 14:54 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
    2012-10-21 14:54 - 2010-11-20 22:47 - 00044842 ____A C:\Windows\PFRO.log
    2012-10-21 14:54 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-21 14:54 - 2009-07-13 23:51 - 00039254 ____A C:\Windows\setupact.log
    2012-10-21 14:52 - 2012-10-21 14:52 - 00000750 ____A C:\Windows\System32\.crusader
    2012-10-21 14:43 - 2012-09-17 09:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-21 14:29 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-20 19:11 - 2012-10-20 17:55 - 00002396 ____A C:\Users\Grover\Desktop\avgrep.txt
    2012-10-20 11:43 - 2012-10-20 10:53 - 58674136 ____A (AVG) C:\Users\Grover\Desktop\avg_tuh_stf_all_2013_2_24c4.exe
    2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
    2012-10-20 11:01 - 2012-10-20 11:01 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk
    2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
    2012-10-20 10:59 - 2012-10-20 10:59 - 00002148 ____A C:\Users\All Users\Desktop\Nero Blu-ray Player.lnk
    2012-10-20 10:42 - 2012-09-09 01:21 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-10-19 22:44 - 2012-09-17 09:25 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-19 22:44 - 2012-02-13 19:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-19 22:31 - 2012-09-09 01:21 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-10-19 22:31 - 2012-09-09 01:21 - 00000967 ____A C:\Users\All Users\Desktop\AVG 2013.lnk
    2012-10-19 22:19 - 2012-09-08 23:49 - 00084712 ____A C:\Users\Grover\Local Settings\GDIPFONTCACHEV1.DAT
    2012-10-19 22:19 - 2012-09-08 23:49 - 00084712 ____A C:\Users\Grover\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-10-19 22:19 - 2012-09-08 23:49 - 00084712 ____A C:\Users\Grover\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-10-19 19:55 - 2012-10-19 19:47 - 92121088 ____A C:\Users\Grover\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-13 17:06 - 2012-10-13 17:04 - 11259964 ____A C:\Users\Grover\Downloads\PBS' autotuned 'Mister Rogers' remix that will blow your mind Guyism.mp4
    2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\Local Settings\rx_image32.Cache
    2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\Local Settings\Application Data\rx_image32.Cache
    2012-10-12 11:18 - 2012-10-12 11:18 - 00000000 ____A C:\Users\Grover\AppData\Local\rx_image32.Cache
    2012-10-05 16:37 - 2012-10-05 16:25 - 00005430 ____A C:\Users\Grover\BykiDownloader.log
    2012-10-05 03:26 - 2012-10-05 03:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-02 03:30 - 2012-10-02 03:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-29 19:54 - 2012-10-20 10:37 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-21 03:46 - 2012-09-21 03:46 - 00225120 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
    2012-09-21 03:46 - 2012-09-21 03:46 - 00200032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-09-21 03:45 - 2012-09-21 03:45 - 00061792 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
    2012-09-17 09:21 - 2009-07-13 23:45 - 00361872 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-14 14:19 - 2012-10-19 22:27 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 13:28 - 2012-10-19 22:27 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-14 03:05 - 2012-09-14 03:05 - 00040800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
    2012-09-13 03:11 - 2012-09-13 03:11 - 00151904 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-09-10 15:25 - 2012-09-22 20:05 - 00002693 ____A C:\Users\Grover\Desktop\Microsoft Office Word 2007.lnk
    2012-09-09 09:08 - 2012-09-09 09:07 - 00295164 ____A C:\Windows\msxml4-KB973688-enu.LOG
    2012-09-09 09:06 - 2012-09-09 09:05 - 00296626 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2012-09-09 08:54 - 2011-02-10 11:10 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-09 01:00 - 2012-09-09 01:00 - 04411392 ____A (AVG Technologies) C:\Users\Grover\Downloads\avg_free_stb_all_2013_2667_cnet.exe
    2012-09-08 23:53 - 2012-02-13 19:34 - 34665846 ____A C:\Windows\RPSETUP.EXE.LOG
    2012-09-08 23:47 - 2012-09-08 23:47 - 00000020 ___SH C:\Users\Grover\ntuser.ini
    2012-09-04 10:39 - 2012-09-04 10:39 - 00050296 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgfwd6a.sys
    2012-08-31 13:19 - 2012-10-19 22:29 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 13:03 - 2012-10-19 22:29 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 12:12 - 2012-10-19 22:29 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 12:12 - 2012-10-19 22:29 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-24 13:05 - 2012-10-19 22:28 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 11:57 - 2012-10-19 22:28 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 06:15 - 2012-09-23 03:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 05:39 - 2012-09-23 03:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 05:31 - 2012-09-23 03:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 05:22 - 2012-09-23 03:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 05:22 - 2012-09-23 03:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(14625).dll
    2012-08-24 05:21 - 2012-09-23 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 05:21 - 2012-09-23 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet(14662).dll
    2012-08-24 05:20 - 2012-09-23 03:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 05:18 - 2012-09-23 03:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 05:17 - 2012-09-23 03:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 05:14 - 2012-09-23 03:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 05:14 - 2012-09-23 03:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 05:13 - 2012-09-23 03:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 05:12 - 2012-09-23 03:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 05:12 - 2012-09-23 03:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(14478).dll
    2012-08-24 05:11 - 2012-09-23 03:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 05:10 - 2012-09-23 03:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 05:09 - 2012-09-23 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 05:04 - 2012-09-23 03:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-24 02:27 - 2012-09-23 03:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-24 02:03 - 2012-09-23 03:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-24 01:59 - 2012-09-23 03:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(14752).dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-24 01:51 - 2012-09-23 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(14747).dll
    2012-08-24 01:49 - 2012-09-23 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-24 01:48 - 2012-09-23 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-24 01:47 - 2012-09-23 03:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-24 01:47 - 2012-09-23 03:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-24 01:47 - 2012-09-23 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-24 01:45 - 2012-09-23 03:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(14721).dll
    2012-08-24 01:44 - 2012-09-23 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-24 01:43 - 2012-09-23 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-24 01:40 - 2012-09-23 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-23 11:31 - 2012-10-20 11:45 - 00035192 ____A (AVG) C:\Windows\System32\TURegOpt.exe
    2012-08-23 11:31 - 2012-10-20 11:45 - 00026488 ____A (AVG) C:\Windows\System32\authuitu.dll
    2012-08-23 11:31 - 2012-10-20 11:45 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
    2012-08-22 13:12 - 2012-09-12 09:33 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 13:12 - 2012-09-12 09:33 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 13:12 - 2012-09-12 09:33 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 13:12 - 2012-09-12 09:33 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 16:01 - 2012-09-25 17:04 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 13:48 - 2012-10-19 22:29 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 13:48 - 2012-10-19 22:29 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 13:48 - 2012-10-19 22:29 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 13:48 - 2012-10-19 22:29 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 13:48 - 2012-10-19 22:29 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 13:48 - 2012-10-19 22:29 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 13:48 - 2012-10-19 22:29 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 13:46 - 2012-10-19 22:29 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 13:38 - 2012-10-19 22:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 13:38 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 12:40 - 2012-10-19 22:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 12:38 - 2012-10-19 22:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 12:37 - 2012-10-19 22:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 12:37 - 2012-10-19 22:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 12:37 - 2012-10-19 22:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 12:32 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-19 22:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 10:38 - 2012-10-19 22:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 10:33 - 2012-10-19 22:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:33 - 2012-10-19 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-10 19:56 - 2012-10-19 22:27 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 18:56 - 2012-10-19 22:27 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-02 12:58 - 2012-09-12 09:33 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 11:57 - 2012-09-12 09:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-10-12 10:28:30
    Restore point made on: 2012-10-19 21:18:44
    Restore point made on: 2012-10-20 03:00:51
    Restore point made on: 2012-10-20 11:44:00
    ==================== Memory info ===========================
    Percentage of memory in use: 11%
    Total physical RAM: 5886.98 MB
    Available physical RAM: 5194.85 MB
    Total Pagefile: 5885.18 MB
    Available Pagefile: 5199.99 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:869.14 GB) NTFS
    2 Drive d: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    7 Drive I: () (Removable) (Total:3.73 GB) (Free:3.62 GB) FAT32
    8 Drive j: () (Removable) (Total:7.47 GB) (Free:2.5 GB) FAT32
    9 Drive k: (AVG Restore Disc) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 7667 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 Online 3819 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 916 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 FAT Partition 39 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 14 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 916 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7655 MB 22 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 J FAT32 Removable 7655 MB Healthy
    =========================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3818 MB 16 KB
    ==================================================================================
    Disk: 6
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 I FAT32 Removable 3818 MB Healthy
    =========================================================
    Last Boot: 2012-10-16 16:26
    ==================== End Of Log =============================
  13. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    Okay, that's the FRST.txt, here's the Search.txt:

    Farbar Recovery Scan Tool (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-10-21 16:01:30
    Running from I:\
    ================== Search: "services.exe; volsnap.sys; winlogon.exe" ===================
    C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
    [2010-11-20 22:23] - [2010-11-20 22:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2010-11-20 22:24] - [2010-11-20 22:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC
    C:\Windows\System32\winlogon.exe
    [2010-11-20 22:24] - [2010-11-20 22:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
    C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010-11-20 22:23] - [2010-11-20 22:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
    C:\Windows\System32\drivers\volsnap.sys
    [2010-11-20 22:23] - [2010-11-20 22:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2012-10-20 10:37] - [2012-09-29 19:54] - 0218184 ____A () 8846E87210AD131CF71E3E2E49F647B0
    ====== End Of Search ======
  14. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Good job :)

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    ======================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Attached Files:

  15. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-10-21 17:55:21 Run:1
    Running from I:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  16. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    TDSS log part 1

    18:07:24.0700 6168 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    18:07:26.0041 6168 ============================================================
    18:07:26.0041 6168 Current date / time: 2012/10/21 18:07:26.0041
    18:07:26.0057 6168 SystemInfo:
    18:07:26.0057 6168
    18:07:26.0057 6168 OS Version: 6.1.7601 ServicePack: 1.0
    18:07:26.0057 6168 Product type: Workstation
    18:07:26.0057 6168 ComputerName: GROVER-PC
    18:07:26.0057 6168 UserName: Grover
    18:07:26.0057 6168 Windows directory: C:\Windows
    18:07:26.0057 6168 System windows directory: C:\Windows
    18:07:26.0057 6168 Running under WOW64
    18:07:26.0057 6168 Processor architecture: Intel x64
    18:07:26.0057 6168 Number of processors: 2
    18:07:26.0057 6168 Page size: 0x1000
    18:07:26.0057 6168 Boot type: Normal boot
  17. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    That's incomplete.
  18. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    TDSSKILLER log file attached. It's too log to post and I'm having trouble with this website crashing repeatedly.
  19. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    Well, I'm not sure that worked either.

    Attached Files:

  20. Broni

    Broni Malware Annihilator Posts: 46,447   +252

  21. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    I'm trying to do that, but every time I try to break it up, the webpage locks or crashes and I have to start over. I'll try my best to make it work.
  22. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    18:07:24.0700 6168 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    18:07:26.0041 6168 ============================================================
    18:07:26.0041 6168 Current date / time: 2012/10/21 18:07:26.0041
    18:07:26.0057 6168 SystemInfo:
    18:07:26.0057 6168
    18:07:26.0057 6168 OS Version: 6.1.7601 ServicePack: 1.0
    18:07:26.0057 6168 Product type: Workstation
    18:07:26.0057 6168 ComputerName: GROVER-PC
    18:07:26.0057 6168 UserName: Grover
    18:07:26.0057 6168 Windows directory: C:\Windows
    18:07:26.0057 6168 System windows directory: C:\Windows
    18:07:26.0057 6168 Running under WOW64
    18:07:26.0057 6168 Processor architecture: Intel x64
    18:07:26.0057 6168 Number of processors: 2
    18:07:26.0057 6168 Page size: 0x1000
    18:07:26.0057 6168 Boot type: Normal boot
    18:07:26.0057 6168 ============================================================
    18:07:28.0412 6168 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:07:28.0428 6168 Drive \Device\Harddisk1\DR1 - Size: 0x1DF3FFE00 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:07:28.0444 6168 Drive \Device\Harddisk6\DR6 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:07:28.0444 6168 ============================================================
    18:07:28.0444 6168 \Device\Harddisk0\DR0:
    18:07:28.0444 6168 MBR partitions:
    18:07:28.0444 6168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
    18:07:28.0444 6168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x72952000
    18:07:28.0444 6168 \Device\Harddisk1\DR1:
    18:07:28.0444 6168 MBR partitions:
    18:07:28.0444 6168 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
    18:07:28.0444 6168 \Device\Harddisk6\DR6:
    18:07:28.0444 6168 MBR partitions:
    18:07:28.0444 6168 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
    18:07:28.0444 6168 ============================================================
    18:07:28.0506 6168 C: <-> \Device\Harddisk0\DR0\Partition2
    18:07:28.0506 6168 ============================================================
    18:07:28.0506 6168 Initialize success
    18:07:28.0506 6168 ============================================================
    18:07:33.0467 7860 ============================================================
    18:07:33.0467 7860 Scan started
    18:07:33.0467 7860 Mode: Manual;
    18:07:33.0467 7860 ============================================================
    18:07:35.0744 7860 ================ Scan system memory ========================
    18:07:35.0744 7860 System memory - ok
    18:07:35.0744 7860 ================ Scan services =============================
    18:07:36.0306 7860 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    18:07:36.0322 7860 1394ohci - ok
    18:07:36.0353 7860 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:07:36.0353 7860 ACPI - ok
    18:07:36.0368 7860 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:07:36.0368 7860 AcpiPmi - ok
    18:07:36.0478 7860 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:07:36.0493 7860 AdobeFlashPlayerUpdateSvc - ok
    18:07:36.0649 7860 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    18:07:36.0649 7860 adp94xx - ok
    18:07:36.0665 7860 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    18:07:36.0665 7860 adpahci - ok
    18:07:36.0680 7860 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    18:07:36.0680 7860 adpu320 - ok
    18:07:36.0712 7860 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:07:36.0712 7860 AeLookupSvc - ok
    18:07:36.0743 7860 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    18:07:36.0790 7860 AFD - ok
    18:07:36.0821 7860 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:07:36.0821 7860 agp440 - ok
    18:07:36.0852 7860 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    18:07:36.0852 7860 ALG - ok
    18:07:36.0852 7860 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:07:36.0868 7860 aliide - ok
    18:07:36.0883 7860 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    18:07:36.0883 7860 AMD External Events Utility - ok
    18:07:36.0899 7860 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    18:07:36.0899 7860 amdide - ok
    18:07:36.0914 7860 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    18:07:36.0914 7860 AmdK8 - ok
    18:07:36.0930 7860 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    18:07:36.0930 7860 AmdPPM - ok
    18:07:36.0946 7860 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:07:36.0946 7860 amdsata - ok
    18:07:36.0961 7860 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    18:07:37.0008 7860 amdsbs - ok
    18:07:37.0024 7860 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:07:37.0024 7860 amdxata - ok
    18:07:37.0039 7860 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    18:07:37.0086 7860 AppID - ok
    18:07:37.0102 7860 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:07:37.0117 7860 AppIDSvc - ok
    18:07:37.0133 7860 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    18:07:37.0133 7860 Appinfo - ok
    18:07:37.0133 7860 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    18:07:37.0148 7860 arc - ok
    18:07:37.0148 7860 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    18:07:37.0148 7860 arcsas - ok
    18:07:37.0211 7860 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:07:37.0273 7860 aspnet_state - ok
    18:07:37.0289 7860 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:07:37.0289 7860 AsyncMac - ok
    18:07:37.0289 7860 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    18:07:37.0289 7860 atapi - ok
    18:07:37.0320 7860 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    18:07:37.0367 7860 AtiHdmiService - ok
    18:07:37.0492 7860 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    18:07:37.0570 7860 atikmdag - ok
    18:07:37.0585 7860 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\drivers\AtiPcie.sys
    18:07:37.0585 7860 AtiPcie - ok
    18:07:37.0601 7860 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:07:37.0616 7860 AudioEndpointBuilder - ok
    18:07:37.0616 7860 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    18:07:37.0616 7860 AudioSrv - ok
    18:07:37.0663 7860 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
    18:07:37.0663 7860 Avgfwfd - ok
    18:07:37.0757 7860 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    18:07:37.0772 7860 avgfws - ok
    18:07:37.0928 7860 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    18:07:37.0960 7860 AVGIDSAgent - ok
    18:07:38.0006 7860 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    18:07:38.0053 7860 AVGIDSDriver - ok
    18:07:38.0084 7860 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    18:07:38.0084 7860 AVGIDSHA - ok
    18:07:38.0100 7860 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    18:07:38.0100 7860 Avgldx64 - ok
    18:07:38.0116 7860 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    18:07:38.0162 7860 Avgloga - ok
    18:07:38.0209 7860 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    18:07:38.0209 7860 Avgmfx64 - ok
    18:07:38.0225 7860 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    18:07:38.0225 7860 Avgrkx64 - ok
    18:07:38.0240 7860 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    18:07:38.0240 7860 Avgtdia - ok
    18:07:38.0256 7860 [ 9DE4C26D54EBF21091F7CCFB6AB41995 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    18:07:38.0256 7860 avgtp - ok
    18:07:38.0287 7860 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    18:07:38.0287 7860 avgwd - ok
    18:07:38.0334 7860 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:07:38.0365 7860 AxInstSV - ok
    18:07:38.0396 7860 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    18:07:38.0428 7860 b06bdrv - ok
    18:07:38.0459 7860 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:07:38.0459 7860 b57nd60a - ok
    18:07:38.0552 7860 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    18:07:38.0552 7860 BBSvc - ok
    18:07:38.0552 7860 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    18:07:38.0552 7860 BBUpdate - ok
    18:07:38.0568 7860 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:07:38.0568 7860 BDESVC - ok
    18:07:38.0568 7860 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:07:38.0568 7860 Beep - ok
    18:07:38.0599 7860 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    18:07:38.0615 7860 BFE - ok
    18:07:38.0630 7860 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    18:07:38.0708 7860 BITS - ok
    18:07:38.0771 7860 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:07:38.0771 7860 blbdrive - ok
    18:07:38.0802 7860 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:07:38.0802 7860 bowser - ok
    18:07:38.0818 7860 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    18:07:38.0818 7860 BrFiltLo - ok
    18:07:38.0818 7860 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    18:07:38.0833 7860 BrFiltUp - ok
    18:07:38.0880 7860 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    18:07:38.0880 7860 Browser - ok
    18:07:38.0911 7860 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:07:38.0927 7860 Brserid - ok
    18:07:38.0927 7860 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:07:38.0927 7860 BrSerWdm - ok
    18:07:38.0942 7860 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:07:38.0942 7860 BrUsbMdm - ok
    18:07:38.0942 7860 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:07:38.0958 7860 BrUsbSer - ok
    18:07:38.0958 7860 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    18:07:38.0958 7860 BTHMODEM - ok
    18:07:38.0974 7860 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    18:07:38.0974 7860 bthserv - ok
    18:07:38.0974 7860 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:07:38.0989 7860 cdfs - ok
    18:07:39.0005 7860 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    18:07:39.0005 7860 cdrom - ok
    18:07:39.0020 7860 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    18:07:39.0036 7860 CertPropSvc - ok
    18:07:39.0052 7860 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
    18:07:39.0052 7860 cfwids - ok
    18:07:39.0083 7860 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    18:07:39.0083 7860 circlass - ok
    18:07:39.0098 7860 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    18:07:39.0114 7860 CLFS - ok
    18:07:39.0176 7860 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:07:39.0192 7860 clr_optimization_v2.0.50727_32 - ok
    18:07:39.0223 7860 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:07:39.0223 7860 clr_optimization_v2.0.50727_64 - ok
    18:07:39.0270 7860 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:07:39.0270 7860 clr_optimization_v4.0.30319_32 - ok
    18:07:39.0301 7860 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:07:39.0332 7860 clr_optimization_v4.0.30319_64 - ok
    18:07:39.0332 7860 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    18:07:39.0348 7860 CmBatt - ok
    18:07:39.0348 7860 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:07:39.0348 7860 cmdide - ok
    18:07:39.0364 7860 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    18:07:39.0364 7860 CNG - ok
    18:07:39.0379 7860 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    18:07:39.0379 7860 Compbatt - ok
    18:07:39.0379 7860 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    18:07:39.0395 7860 CompositeBus - ok
    18:07:39.0395 7860 COMSysApp - ok
    18:07:39.0395 7860 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    18:07:39.0410 7860 crcdisk - ok
    18:07:39.0442 7860 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:07:39.0473 7860 CryptSvc - ok
    18:07:39.0504 7860 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:07:39.0520 7860 DcomLaunch - ok
    18:07:39.0551 7860 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    18:07:39.0551 7860 defragsvc - ok
    18:07:39.0566 7860 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:07:39.0566 7860 DfsC - ok
    18:07:39.0582 7860 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:07:39.0582 7860 Dhcp - ok
    18:07:39.0582 7860 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    18:07:39.0582 7860 discache - ok
    18:07:39.0598 7860 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    18:07:39.0598 7860 Disk - ok
    18:07:39.0629 7860 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:07:39.0629 7860 Dnscache - ok
    18:07:39.0644 7860 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:07:39.0644 7860 dot3svc - ok
    18:07:39.0660 7860 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    18:07:39.0660 7860 DPS - ok
    18:07:39.0691 7860 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:07:39.0691 7860 drmkaud - ok
    18:07:39.0707 7860 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:07:39.0722 7860 DXGKrnl - ok
    18:07:39.0754 7860 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    18:07:39.0754 7860 EapHost - ok
    18:07:39.0847 7860 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    18:07:39.0941 7860 ebdrv - ok
    18:07:39.0988 7860 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    18:07:39.0988 7860 EFS - ok
    18:07:40.0112 7860 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:07:40.0128 7860 ehRecvr - ok
    18:07:40.0175 7860 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    18:07:40.0175 7860 ehSched - ok
    18:07:40.0206 7860 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    18:07:40.0206 7860 elxstor - ok
    18:07:40.0222 7860 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:07:40.0222 7860 ErrDev - ok
    18:07:40.0268 7860 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    18:07:40.0284 7860 EventSystem - ok
    18:07:40.0300 7860 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    18:07:40.0300 7860 exfat - ok
    18:07:40.0315 7860 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:07:40.0315 7860 fastfat - ok
    18:07:40.0346 7860 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    18:07:40.0346 7860 Fax - ok
    18:07:40.0362 7860 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    18:07:40.0378 7860 fdc - ok
    18:07:40.0409 7860 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    18:07:40.0409 7860 fdPHost - ok
    18:07:40.0424 7860 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    18:07:40.0424 7860 FDResPub - ok
    18:07:40.0440 7860 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:07:40.0440 7860 FileInfo - ok
    18:07:40.0456 7860 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:07:40.0456 7860 Filetrace - ok
    18:07:40.0456 7860 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    18:07:40.0456 7860 flpydisk - ok
    18:07:40.0471 7860 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:07:40.0502 7860 FltMgr - ok
    18:07:40.0534 7860 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    18:07:40.0565 7860 FontCache - ok
    18:07:40.0627 7860 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:07:40.0627 7860 FontCache3.0.0.0 - ok
    18:07:40.0658 7860 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:07:40.0658 7860 FsDepends - ok
    18:07:40.0674 7860 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:07:40.0674 7860 Fs_Rec - ok
    18:07:40.0690 7860 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:07:40.0690 7860 fvevol - ok
    18:07:40.0690 7860 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    18:07:40.0705 7860 gagp30kx - ok
    18:07:40.0783 7860 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    18:07:40.0799 7860 GamesAppService - ok
    18:07:40.0877 7860 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    18:07:40.0908 7860 gpsvc - ok
    18:07:40.0924 7860 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:07:40.0939 7860 hcw85cir - ok
    18:07:40.0955 7860 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    18:07:40.0955 7860 HDAudBus - ok
    18:07:40.0986 7860 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    18:07:40.0986 7860 HidBatt - ok
    18:07:41.0002 7860 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    18:07:41.0002 7860 HidBth - ok
    18:07:41.0017 7860 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    18:07:41.0017 7860 HidIr - ok
    18:07:41.0048 7860 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    18:07:41.0048 7860 hidserv - ok
    18:07:41.0080 7860 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:07:41.0095 7860 HidUsb - ok
    18:07:41.0158 7860 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
    18:07:41.0158 7860 HipShieldK - ok
    18:07:41.0204 7860 [ 44F92C1F913E582BEF9CAC66443C6230 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
    18:07:41.0251 7860 hitmanpro36 - ok
    18:07:41.0282 7860 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:07:41.0282 7860 hkmsvc - ok
  23. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    18:07:41.0329 7860 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:07:41.0360 7860 HomeGroupListener - ok
    18:07:41.0438 7860 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:07:41.0438 7860 HomeGroupProvider - ok
    18:07:41.0438 7860 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:07:41.0454 7860 HpSAMD - ok
    18:07:41.0470 7860 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:07:41.0470 7860 HTTP - ok
    18:07:41.0501 7860 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:07:41.0501 7860 hwpolicy - ok
    18:07:41.0516 7860 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    18:07:41.0516 7860 i8042prt - ok
    18:07:41.0548 7860 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:07:41.0548 7860 iaStorV - ok
    18:07:41.0657 7860 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:07:41.0688 7860 idsvc - ok
    18:07:41.0704 7860 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    18:07:41.0719 7860 iirsp - ok
    18:07:41.0828 7860 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    18:07:41.0875 7860 IKEEXT - ok
    18:07:42.0109 7860 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    18:07:42.0109 7860 IntcAzAudAddService - ok
    18:07:42.0125 7860 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    18:07:42.0125 7860 intelide - ok
    18:07:42.0125 7860 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    18:07:42.0140 7860 intelppm - ok
    18:07:42.0156 7860 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:07:42.0156 7860 IPBusEnum - ok
    18:07:42.0187 7860 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:07:42.0250 7860 IpFilterDriver - ok
    18:07:42.0281 7860 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    18:07:42.0312 7860 iphlpsvc - ok
    18:07:42.0328 7860 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:07:42.0328 7860 IPMIDRV - ok
    18:07:42.0343 7860 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:07:42.0343 7860 IPNAT - ok
    18:07:42.0359 7860 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:07:42.0359 7860 IRENUM - ok
    18:07:42.0374 7860 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:07:42.0374 7860 isapnp - ok
    18:07:42.0390 7860 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:07:42.0390 7860 iScsiPrt - ok
    18:07:42.0421 7860 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    18:07:42.0421 7860 k57nd60a - ok
    18:07:42.0437 7860 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    18:07:42.0437 7860 kbdclass - ok
    18:07:42.0452 7860 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    18:07:42.0452 7860 kbdhid - ok
    18:07:42.0452 7860 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    18:07:42.0468 7860 KeyIso - ok
    18:07:42.0468 7860 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:07:42.0499 7860 KSecDD - ok
    18:07:42.0515 7860 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:07:42.0515 7860 KSecPkg - ok
    18:07:42.0515 7860 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    18:07:42.0515 7860 ksthunk - ok
    18:07:42.0546 7860 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:07:42.0562 7860 KtmRm - ok
    18:07:42.0608 7860 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    18:07:42.0624 7860 LanmanServer - ok
    18:07:42.0640 7860 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:07:42.0640 7860 LanmanWorkstation - ok
    18:07:42.0671 7860 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:07:42.0686 7860 lltdio - ok
    18:07:42.0718 7860 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:07:42.0718 7860 lltdsvc - ok
    18:07:42.0749 7860 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:07:42.0749 7860 lmhosts - ok
    18:07:42.0764 7860 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    18:07:42.0780 7860 LSI_FC - ok
    18:07:42.0780 7860 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    18:07:42.0780 7860 LSI_SAS - ok
    18:07:42.0796 7860 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    18:07:42.0796 7860 LSI_SAS2 - ok
    18:07:42.0811 7860 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    18:07:42.0827 7860 LSI_SCSI - ok
    18:07:42.0827 7860 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    18:07:42.0827 7860 luafv - ok
    18:07:42.0874 7860 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    18:07:42.0920 7860 MBAMProtector - ok
    18:07:42.0967 7860 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    18:07:42.0983 7860 MBAMScheduler - ok
    18:07:43.0030 7860 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    18:07:43.0045 7860 MBAMService - ok
    18:07:43.0123 7860 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    18:07:43.0139 7860 McAWFwk - ok
    18:07:43.0217 7860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    18:07:43.0217 7860 McMPFSvc - ok
    18:07:43.0248 7860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    18:07:43.0248 7860 mcmscsvc - ok
    18:07:43.0248 7860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    18:07:43.0264 7860 McNaiAnn - ok
    18:07:43.0264 7860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    18:07:43.0264 7860 McNASvc - ok
    18:07:43.0295 7860 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
    18:07:43.0310 7860 McODS - ok
    18:07:43.0326 7860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    18:07:43.0342 7860 McOobeSv - ok
    18:07:43.0342 7860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    18:07:43.0342 7860 McProxy - ok
    18:07:43.0404 7860 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    18:07:43.0404 7860 McShield - ok
    18:07:43.0451 7860 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:07:43.0513 7860 Mcx2Svc - ok
    18:07:43.0529 7860 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    18:07:43.0529 7860 megasas - ok
    18:07:43.0544 7860 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    18:07:43.0544 7860 MegaSR - ok
    18:07:43.0560 7860 [ C73B93FED17829F11273459DA05E1976 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    18:07:43.0576 7860 mfeapfk - ok
    18:07:43.0591 7860 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    18:07:43.0654 7860 mfeavfk - ok
    18:07:43.0685 7860 mfeavfk01 - ok
    18:07:43.0700 7860 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    18:07:43.0700 7860 mfefire - ok
    18:07:43.0716 7860 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    18:07:43.0716 7860 mfefirek - ok
    18:07:43.0763 7860 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    18:07:43.0763 7860 mfehidk - ok
    18:07:43.0778 7860 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    18:07:43.0825 7860 mferkdet - ok
    18:07:43.0888 7860 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
    18:07:43.0903 7860 mfevtp - ok
    18:07:43.0919 7860 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    18:07:43.0934 7860 mfewfpk - ok
    18:07:43.0966 7860 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    18:07:43.0966 7860 MMCSS - ok
    18:07:43.0981 7860 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    18:07:43.0981 7860 Modem - ok
    18:07:44.0012 7860 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:07:44.0012 7860 monitor - ok
    18:07:44.0044 7860 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    18:07:44.0044 7860 mouclass - ok
    18:07:44.0044 7860 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:07:44.0044 7860 mouhid - ok
    18:07:44.0059 7860 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:07:44.0059 7860 mountmgr - ok
    18:07:44.0059 7860 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:07:44.0122 7860 mpio - ok
    18:07:44.0122 7860 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:07:44.0122 7860 mpsdrv - ok
    18:07:44.0153 7860 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:07:44.0153 7860 MpsSvc - ok
    18:07:44.0153 7860 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:07:44.0168 7860 MRxDAV - ok
    18:07:44.0184 7860 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:07:44.0262 7860 mrxsmb - ok
    18:07:44.0262 7860 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:07:44.0278 7860 mrxsmb10 - ok
    18:07:44.0278 7860 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:07:44.0278 7860 mrxsmb20 - ok
    18:07:44.0278 7860 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    18:07:44.0293 7860 msahci - ok
    18:07:44.0293 7860 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:07:44.0293 7860 msdsm - ok
    18:07:44.0324 7860 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    18:07:44.0324 7860 MSDTC - ok
    18:07:44.0340 7860 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:07:44.0340 7860 Msfs - ok
    18:07:44.0356 7860 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:07:44.0371 7860 mshidkmdf - ok
    18:07:44.0387 7860 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:07:44.0387 7860 msisadrv - ok
    18:07:44.0418 7860 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:07:44.0434 7860 MSiSCSI - ok
    18:07:44.0449 7860 msiserver - ok
    18:07:44.0480 7860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    18:07:44.0480 7860 MSK80Service - ok
    18:07:44.0512 7860 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:07:44.0512 7860 MSKSSRV - ok
    18:07:44.0527 7860 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:07:44.0543 7860 MSPCLOCK - ok
    18:07:44.0543 7860 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:07:44.0543 7860 MSPQM - ok
    18:07:44.0558 7860 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:07:44.0558 7860 MsRPC - ok
    18:07:44.0558 7860 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    18:07:44.0558 7860 mssmbios - ok
    18:07:44.0574 7860 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:07:44.0574 7860 MSTEE - ok
    18:07:44.0574 7860 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    18:07:44.0574 7860 MTConfig - ok
    18:07:44.0590 7860 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:07:44.0590 7860 Mup - ok
    18:07:44.0621 7860 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    18:07:44.0636 7860 napagent - ok
    18:07:44.0668 7860 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:07:44.0668 7860 NativeWifiP - ok
    18:07:44.0761 7860 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
    18:07:44.0777 7860 NAUpdate - ok
    18:07:44.0824 7860 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:07:44.0855 7860 NDIS - ok
    18:07:44.0870 7860 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:07:44.0870 7860 NdisCap - ok
    18:07:44.0902 7860 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:07:44.0917 7860 NdisTapi - ok
    18:07:44.0917 7860 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:07:44.0917 7860 Ndisuio - ok
    18:07:44.0933 7860 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:07:44.0933 7860 NdisWan - ok
    18:07:44.0933 7860 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:07:44.0980 7860 NDProxy - ok
    18:07:44.0995 7860 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:07:44.0995 7860 NetBIOS - ok
    18:07:44.0995 7860 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:07:44.0995 7860 NetBT - ok
    18:07:45.0011 7860 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    18:07:45.0011 7860 Netlogon - ok
    18:07:45.0058 7860 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    18:07:45.0058 7860 Netman - ok
    18:07:45.0104 7860 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:07:45.0198 7860 NetMsmqActivator - ok
    18:07:45.0198 7860 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:07:45.0198 7860 NetPipeActivator - ok
    18:07:45.0214 7860 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    18:07:45.0214 7860 netprofm - ok
    18:07:45.0214 7860 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:07:45.0214 7860 NetTcpActivator - ok
    18:07:45.0229 7860 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:07:45.0229 7860 NetTcpPortSharing - ok
    18:07:45.0245 7860 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    18:07:45.0245 7860 nfrd960 - ok
    18:07:45.0260 7860 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:07:45.0276 7860 NlaSvc - ok
    18:07:45.0479 7860 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    18:07:45.0526 7860 NOBU - ok
    18:07:45.0557 7860 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:07:45.0557 7860 Npfs - ok
    18:07:45.0572 7860 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    18:07:45.0588 7860 nsi - ok
    18:07:45.0588 7860 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:07:45.0588 7860 nsiproxy - ok
    18:07:45.0635 7860 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:07:45.0666 7860 Ntfs - ok
    18:07:45.0682 7860 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    18:07:45.0682 7860 Null - ok
    18:07:45.0713 7860 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:07:45.0713 7860 nvraid - ok
    18:07:45.0728 7860 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:07:45.0775 7860 nvstor - ok
    18:07:45.0806 7860 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:07:45.0822 7860 nv_agp - ok
    18:07:45.0962 7860 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:07:45.0978 7860 odserv - ok
    18:07:45.0978 7860 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:07:45.0994 7860 ohci1394 - ok
    18:07:46.0056 7860 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:07:46.0118 7860 ose - ok
    18:07:46.0150 7860 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:07:46.0165 7860 p2pimsvc - ok
    18:07:46.0212 7860 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:07:46.0228 7860 p2psvc - ok
    18:07:46.0259 7860 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    18:07:46.0259 7860 Parport - ok
    18:07:46.0274 7860 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:07:46.0337 7860 partmgr - ok
    18:07:46.0368 7860 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:07:46.0368 7860 PcaSvc - ok
    18:07:46.0430 7860 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
    18:07:46.0493 7860 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
    18:07:46.0493 7860 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    18:07:46.0493 7860 pci - ok
    18:07:46.0508 7860 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    18:07:46.0508 7860 pciide - ok
    18:07:46.0540 7860 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    18:07:46.0555 7860 pcmcia - ok
    18:07:46.0555 7860 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    18:07:46.0555 7860 pcw - ok
    18:07:46.0586 7860 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:07:46.0586 7860 PEAUTH - ok
    18:07:46.0664 7860 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    18:07:46.0664 7860 PerfHost - ok
    18:07:47.0226 7860 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    18:07:47.0304 7860 pla - ok
    18:07:47.0351 7860 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:07:47.0351 7860 PlugPlay - ok
    18:07:47.0366 7860 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:07:47.0366 7860 PNRPAutoReg - ok
    18:07:47.0382 7860 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:07:47.0398 7860 PNRPsvc - ok
    18:07:47.0476 7860 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:07:47.0538 7860 PolicyAgent - ok
    18:07:47.0710 7860 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
    18:07:47.0710 7860 Power - ok
    18:07:47.0772 7860 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:07:47.0772 7860 PptpMiniport - ok
    18:07:47.0788 7860 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    18:07:47.0788 7860 Processor - ok
    18:07:47.0834 7860 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    18:07:47.0834 7860 ProfSvc - ok
    18:07:47.0866 7860 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:07:47.0866 7860 ProtectedStorage - ok
    18:07:47.0881 7860 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:07:47.0881 7860 Psched - ok
    18:07:47.0881 7860 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    18:07:47.0897 7860 PxHlpa64 - ok
    18:07:47.0975 7860 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    18:07:48.0006 7860 ql2300 - ok
  24. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    18:07:48.0022 7860 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    18:07:48.0022 7860 ql40xx - ok
    18:07:48.0053 7860 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    18:07:48.0053 7860 QWAVE - ok
    18:07:48.0068 7860 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:07:48.0084 7860 QWAVEdrv - ok
    18:07:48.0100 7860 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:07:48.0115 7860 RasAcd - ok
    18:07:48.0146 7860 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:07:48.0146 7860 RasAgileVpn - ok
    18:07:48.0178 7860 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    18:07:48.0178 7860 RasAuto - ok
    18:07:48.0193 7860 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:07:48.0224 7860 Rasl2tp - ok
    18:07:48.0256 7860 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    18:07:48.0365 7860 RasMan - ok
    18:07:48.0380 7860 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:07:48.0380 7860 RasPppoe - ok
    18:07:48.0380 7860 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:07:48.0380 7860 RasSstp - ok
    18:07:48.0396 7860 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:07:48.0396 7860 rdbss - ok
    18:07:48.0396 7860 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    18:07:48.0412 7860 rdpbus - ok
    18:07:48.0427 7860 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:07:48.0427 7860 RDPCDD - ok
    18:07:48.0443 7860 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:07:48.0458 7860 RDPENCDD - ok
    18:07:48.0474 7860 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:07:48.0474 7860 RDPREFMP - ok
    18:07:48.0490 7860 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:07:48.0568 7860 RDPWD - ok
    18:07:48.0583 7860 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:07:48.0583 7860 rdyboost - ok
    18:07:48.0599 7860 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:07:48.0614 7860 RemoteAccess - ok
    18:07:48.0630 7860 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:07:48.0630 7860 RemoteRegistry - ok
    18:07:49.0036 7860 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    18:07:49.0098 7860 RoxMediaDB12OEM - ok
    18:07:49.0129 7860 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    18:07:49.0129 7860 RoxWatch12 - ok
    18:07:49.0160 7860 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:07:49.0160 7860 RpcEptMapper - ok
    18:07:49.0192 7860 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    18:07:49.0192 7860 RpcLocator - ok
    18:07:49.0270 7860 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    18:07:49.0285 7860 RpcSs - ok
    18:07:49.0332 7860 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:07:49.0332 7860 rspndr - ok
    18:07:49.0348 7860 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    18:07:49.0363 7860 SamSs - ok
    18:07:49.0394 7860 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:07:49.0394 7860 sbp2port - ok
    18:07:49.0426 7860 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:07:49.0441 7860 SCardSvr - ok
    18:07:49.0472 7860 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:07:49.0472 7860 scfilter - ok
    18:07:49.0504 7860 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    18:07:49.0550 7860 Schedule - ok
    18:07:49.0582 7860 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:07:49.0582 7860 SCPolicySvc - ok
    18:07:49.0597 7860 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:07:49.0613 7860 SDRSVC - ok
    18:07:49.0613 7860 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:07:49.0613 7860 secdrv - ok
    18:07:49.0628 7860 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    18:07:49.0675 7860 seclogon - ok
    18:07:49.0691 7860 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    18:07:49.0691 7860 SENS - ok
    18:07:49.0706 7860 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:07:49.0706 7860 SensrSvc - ok
    18:07:49.0722 7860 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    18:07:49.0722 7860 Serenum - ok
    18:07:49.0738 7860 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    18:07:49.0738 7860 Serial - ok
    18:07:49.0738 7860 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    18:07:49.0753 7860 sermouse - ok
    18:07:49.0769 7860 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:07:49.0769 7860 SessionEnv - ok
    18:07:49.0769 7860 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:07:49.0769 7860 sffdisk - ok
    18:07:49.0784 7860 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:07:49.0784 7860 sffp_mmc - ok
    18:07:49.0784 7860 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:07:49.0784 7860 sffp_sd - ok
    18:07:49.0800 7860 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    18:07:49.0800 7860 sfloppy - ok
    18:07:49.0925 7860 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    18:07:49.0940 7860 SftService - ok
    18:07:50.0003 7860 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    18:07:50.0018 7860 SharedAccess - ok
    18:07:50.0034 7860 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:07:50.0034 7860 ShellHWDetection - ok
    18:07:50.0065 7860 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    18:07:50.0065 7860 SiSRaid2 - ok
    18:07:50.0065 7860 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    18:07:50.0065 7860 SiSRaid4 - ok
    18:07:50.0128 7860 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:07:50.0128 7860 SkypeUpdate - ok
    18:07:50.0143 7860 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:07:50.0159 7860 Smb - ok
    18:07:50.0206 7860 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:07:50.0206 7860 SNMPTRAP - ok
    18:07:50.0237 7860 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:07:50.0237 7860 spldr - ok
    18:07:50.0315 7860 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    18:07:50.0315 7860 Spooler - ok
    18:07:50.0486 7860 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    18:07:50.0533 7860 sppsvc - ok
    18:07:50.0549 7860 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:07:50.0549 7860 sppuinotify - ok
    18:07:50.0564 7860 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:07:50.0564 7860 srv - ok
    18:07:50.0611 7860 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:07:50.0611 7860 srv2 - ok
    18:07:50.0627 7860 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:07:50.0674 7860 srvnet - ok
    18:07:50.0720 7860 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:07:50.0720 7860 SSDPSRV - ok
    18:07:50.0767 7860 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:07:50.0767 7860 SstpSvc - ok
    18:07:50.0783 7860 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    18:07:50.0783 7860 stexstor - ok
    18:07:50.0830 7860 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    18:07:50.0861 7860 stisvc - ok
    18:07:50.0923 7860 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    18:07:50.0923 7860 stllssvr - ok
    18:07:50.0939 7860 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    18:07:50.0939 7860 swenum - ok
    18:07:50.0986 7860 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    18:07:50.0986 7860 swprv - ok
    18:07:51.0110 7860 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    18:07:51.0126 7860 SysMain - ok
    18:07:51.0142 7860 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:07:51.0142 7860 TabletInputService - ok
    18:07:51.0157 7860 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:07:51.0157 7860 TapiSrv - ok
    18:07:51.0173 7860 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    18:07:51.0173 7860 TBS - ok
    18:07:51.0220 7860 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:07:51.0313 7860 Tcpip - ok
    18:07:51.0360 7860 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:07:51.0376 7860 TCPIP6 - ok
    18:07:51.0391 7860 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:07:51.0391 7860 tcpipreg - ok
    18:07:51.0422 7860 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:07:51.0469 7860 TDPIPE - ok
    18:07:51.0500 7860 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:07:51.0563 7860 TDTCP - ok
    18:07:51.0594 7860 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:07:51.0594 7860 tdx - ok
    18:07:51.0594 7860 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    18:07:51.0594 7860 TermDD - ok
    18:07:51.0625 7860 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    18:07:51.0641 7860 TermService - ok
    18:07:51.0656 7860 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    18:07:51.0656 7860 Themes - ok
    18:07:51.0688 7860 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    18:07:51.0688 7860 THREADORDER - ok
    18:07:51.0719 7860 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    18:07:51.0719 7860 TrkWks - ok
    18:07:51.0781 7860 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:07:51.0781 7860 TrustedInstaller - ok
    18:07:51.0797 7860 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:07:51.0797 7860 tssecsrv - ok
    18:07:51.0844 7860 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:07:51.0844 7860 TsUsbFlt - ok
    18:07:51.0859 7860 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    18:07:51.0906 7860 TsUsbGD - ok
    18:07:52.0062 7860 [ DD296C78B0D2C3F5E42DC0D2972CD992 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    18:07:52.0093 7860 TuneUp.UtilitiesSvc - ok
    18:07:52.0109 7860 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
    18:07:52.0109 7860 TuneUpUtilitiesDrv - ok
    18:07:52.0140 7860 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:07:52.0140 7860 tunnel - ok
    18:07:52.0140 7860 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    18:07:52.0140 7860 uagp35 - ok
    18:07:52.0156 7860 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:07:52.0156 7860 udfs - ok
    18:07:52.0218 7860 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:07:52.0234 7860 UI0Detect - ok
    18:07:52.0249 7860 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:07:52.0249 7860 uliagpkx - ok
    18:07:52.0249 7860 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    18:07:52.0265 7860 umbus - ok
    18:07:52.0281 7860 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    18:07:52.0281 7860 UmPass - ok
    18:07:52.0312 7860 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    18:07:52.0312 7860 upnphost - ok
    18:07:52.0327 7860 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:07:52.0343 7860 usbccgp - ok
    18:07:52.0374 7860 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:07:52.0390 7860 usbcir - ok
    18:07:52.0390 7860 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    18:07:52.0390 7860 usbehci - ok
    18:07:52.0405 7860 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:07:52.0405 7860 usbhub - ok
    18:07:52.0421 7860 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    18:07:52.0421 7860 usbohci - ok
    18:07:52.0437 7860 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:07:52.0452 7860 usbprint - ok
    18:07:52.0452 7860 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    18:07:52.0452 7860 usbscan - ok
    18:07:52.0452 7860 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:07:52.0515 7860 USBSTOR - ok
    18:07:52.0530 7860 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    18:07:52.0577 7860 usbuhci - ok
    18:07:52.0593 7860 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    18:07:52.0593 7860 UxSms - ok
    18:07:52.0624 7860 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    18:07:52.0624 7860 VaultSvc - ok
    18:07:52.0624 7860 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:07:52.0639 7860 vdrvroot - ok
    18:07:52.0686 7860 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    18:07:52.0733 7860 vds - ok
    18:07:52.0749 7860 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:07:52.0749 7860 vga - ok
    18:07:52.0749 7860 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:07:52.0749 7860 VgaSave - ok
    18:07:52.0764 7860 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:07:52.0764 7860 vhdmp - ok
    18:07:52.0764 7860 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    18:07:52.0780 7860 viaide - ok
    18:07:52.0795 7860 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:07:52.0795 7860 volmgr - ok
    18:07:52.0811 7860 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:07:52.0811 7860 volmgrx - ok
    18:07:52.0827 7860 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:07:52.0827 7860 volsnap - ok
    18:07:52.0858 7860 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    18:07:52.0858 7860 vsmraid - ok
    18:07:52.0889 7860 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    18:07:52.0998 7860 VSS - ok
    18:07:53.0107 7860 [ FD04978FF1DBCB748956D1AB4F694629 ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    18:07:53.0123 7860 vToolbarUpdater13.2.0 - ok
    18:07:53.0139 7860 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    18:07:53.0139 7860 vwifibus - ok
    18:07:53.0154 7860 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    18:07:53.0154 7860 W32Time - ok
    18:07:53.0170 7860 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    18:07:53.0170 7860 WacomPen - ok
    18:07:53.0185 7860 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:07:53.0185 7860 WANARP - ok
    18:07:53.0185 7860 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:07:53.0185 7860 Wanarpv6 - ok
    18:07:53.0248 7860 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:07:53.0357 7860 WatAdminSvc - ok
    18:07:53.0388 7860 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    18:07:53.0466 7860 wbengine - ok
    18:07:53.0482 7860 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:07:53.0482 7860 WbioSrvc - ok
    18:07:53.0497 7860 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:07:53.0529 7860 wcncsvc - ok
    18:07:53.0544 7860 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:07:53.0544 7860 WcsPlugInService - ok
    18:07:53.0560 7860 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    18:07:53.0560 7860 Wd - ok
    18:07:53.0575 7860 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:07:53.0575 7860 Wdf01000 - ok
    18:07:53.0607 7860 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:07:53.0607 7860 WdiServiceHost - ok
    18:07:53.0622 7860 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:07:53.0622 7860 WdiSystemHost - ok
    18:07:53.0653 7860 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    18:07:53.0669 7860 WebClient - ok
    18:07:53.0700 7860 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:07:53.0716 7860 Wecsvc - ok
    18:07:53.0716 7860 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:07:53.0731 7860 wercplsupport - ok
    18:07:53.0763 7860 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:07:53.0763 7860 WerSvc - ok
    18:07:53.0763 7860 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:07:53.0778 7860 WfpLwf - ok
    18:07:53.0841 7860 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    18:07:53.0841 7860 WimFltr - ok
    18:07:53.0841 7860 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:07:53.0856 7860 WIMMount - ok
    18:07:53.0872 7860 WinDefend - ok
    18:07:53.0887 7860 WinHttpAutoProxySvc - ok
    18:07:54.0028 7860 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:07:54.0043 7860 Winmgmt - ok
    18:07:54.0262 7860 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    18:07:54.0293 7860 WinRM - ok
    18:07:54.0418 7860 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:07:54.0480 7860 Wlansvc - ok
    18:07:54.0543 7860 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    18:07:54.0543 7860 wlcrasvc - ok
    18:07:54.0730 7860 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:07:54.0745 7860 wlidsvc - ok
    18:07:54.0777 7860 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:07:54.0777 7860 WmiAcpi - ok
    18:07:54.0823 7860 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:07:54.0839 7860 wmiApSrv - ok
    18:07:54.0855 7860 WMPNetworkSvc - ok
    18:07:54.0886 7860 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:07:54.0886 7860 WPCSvc - ok
    18:07:54.0933 7860 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:07:54.0948 7860 WPDBusEnum - ok
  25. ForceTrooper

    ForceTrooper Newcomer, in training Topic Starter Posts: 36

    18:07:54.0995 7860 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:07:54.0995 7860 ws2ifsl - ok
    18:07:55.0011 7860 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    18:07:55.0089 7860 wscsvc - ok
    18:07:55.0089 7860 WSearch - ok
    18:07:55.0182 7860 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    18:07:55.0229 7860 wuauserv - ok
    18:07:55.0245 7860 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:07:55.0245 7860 WudfPf - ok
    18:07:55.0276 7860 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:07:55.0323 7860 WUDFRd - ok
    18:07:55.0354 7860 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:07:55.0354 7860 wudfsvc - ok
    18:07:55.0385 7860 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:07:55.0385 7860 WwanSvc - ok
    18:07:55.0401 7860 ================ Scan global ===============================
    18:07:55.0447 7860 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    18:07:55.0479 7860 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    18:07:55.0494 7860 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    18:07:55.0525 7860 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    18:07:55.0603 7860 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    18:07:55.0619 7860 [Global] - ok
    18:07:55.0619 7860 ================ Scan MBR ==================================
    18:07:55.0635 7860 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    18:07:56.0446 7860 \Device\Harddisk0\DR0 - ok
    18:07:56.0446 7860 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    18:07:56.0461 7860 \Device\Harddisk1\DR1 - ok
    18:07:56.0461 7860 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
    18:07:56.0493 7860 \Device\Harddisk6\DR6 - ok
    18:07:56.0493 7860 ================ Scan VBR ==================================
    18:07:56.0493 7860 [ 58DC82D54356AF7346F5271B5138A099 ] \Device\Harddisk0\DR0\Partition1
    18:07:56.0493 7860 \Device\Harddisk0\DR0\Partition1 - ok
    18:07:56.0508 7860 [ E8D69E461D74BE3FBF99AAD5EA3950E3 ] \Device\Harddisk0\DR0\Partition2
    18:07:56.0524 7860 \Device\Harddisk0\DR0\Partition2 - ok
    18:07:56.0524 7860 [ 6E639E484BB42A7719794484A94C4065 ] \Device\Harddisk1\DR1\Partition1
    18:07:56.0524 7860 \Device\Harddisk1\DR1\Partition1 - ok
    18:07:56.0539 7860 [ AAC7749404A222BA23AE0E299988B042 ] \Device\Harddisk6\DR6\Partition1
    18:07:56.0539 7860 \Device\Harddisk6\DR6\Partition1 - ok
    18:07:56.0539 7860 ============================================================
    18:07:56.0539 7860 Scan finished
    18:07:56.0539 7860 ============================================================
    18:07:56.0555 1088 Detected object count: 0
    18:07:56.0555 1088 Actual detected object count: 0
    15:09:14.0814 5784 ============================================================
    15:09:14.0814 5784 Scan started
    15:09:14.0814 5784 Mode: Manual;
    15:09:14.0814 5784 ============================================================
    15:09:15.0609 5784 ================ Scan system memory ========================
    15:09:15.0609 5784 System memory - ok
    15:09:15.0625 5784 ================ Scan services =============================
    15:09:15.0952 5784 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    15:09:15.0968 5784 1394ohci - ok
    15:09:15.0999 5784 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    15:09:15.0999 5784 ACPI - ok
    15:09:15.0999 5784 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    15:09:15.0999 5784 AcpiPmi - ok
    15:09:16.0576 5784 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    15:09:16.0576 5784 AdobeFlashPlayerUpdateSvc - ok
    15:09:16.0810 5784 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    15:09:16.0810 5784 adp94xx - ok
    15:09:16.0826 5784 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    15:09:16.0842 5784 adpahci - ok
    15:09:16.0842 5784 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    15:09:16.0842 5784 adpu320 - ok
    15:09:16.0888 5784 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    15:09:16.0888 5784 AeLookupSvc - ok
    15:09:16.0966 5784 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    15:09:16.0966 5784 AFD - ok
    15:09:16.0982 5784 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    15:09:16.0982 5784 agp440 - ok
    15:09:16.0998 5784 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    15:09:16.0998 5784 ALG - ok
    15:09:17.0013 5784 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    15:09:17.0013 5784 aliide - ok
    15:09:17.0029 5784 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    15:09:17.0044 5784 AMD External Events Utility - ok
    15:09:17.0044 5784 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    15:09:17.0044 5784 amdide - ok
    15:09:17.0044 5784 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    15:09:17.0060 5784 AmdK8 - ok
    15:09:17.0060 5784 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    15:09:17.0060 5784 AmdPPM - ok
    15:09:17.0076 5784 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    15:09:17.0076 5784 amdsata - ok
    15:09:17.0107 5784 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    15:09:17.0107 5784 amdsbs - ok
    15:09:17.0107 5784 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    15:09:17.0107 5784 amdxata - ok
    15:09:17.0122 5784 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    15:09:17.0122 5784 AppID - ok
    15:09:17.0138 5784 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    15:09:17.0138 5784 AppIDSvc - ok
    15:09:17.0185 5784 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    15:09:17.0185 5784 Appinfo - ok
    15:09:17.0216 5784 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    15:09:17.0216 5784 arc - ok
    15:09:17.0216 5784 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    15:09:17.0216 5784 arcsas - ok
    15:09:17.0310 5784 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    15:09:17.0310 5784 aspnet_state - ok
    15:09:17.0310 5784 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    15:09:17.0310 5784 AsyncMac - ok
    15:09:17.0310 5784 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    15:09:17.0310 5784 atapi - ok
    15:09:17.0325 5784 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    15:09:17.0325 5784 AtiHdmiService - ok
    15:09:17.0528 5784 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    15:09:17.0559 5784 atikmdag - ok
    15:09:17.0559 5784 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\drivers\AtiPcie.sys
    15:09:17.0559 5784 AtiPcie - ok
    15:09:17.0590 5784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    15:09:17.0590 5784 AudioEndpointBuilder - ok
    15:09:17.0606 5784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    15:09:17.0622 5784 AudioSrv - ok
    15:09:17.0637 5784 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
    15:09:17.0637 5784 Avgfwfd - ok
    15:09:17.0824 5784 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    15:09:17.0840 5784 avgfws - ok
    15:09:18.0105 5784 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    15:09:18.0136 5784 AVGIDSAgent - ok
    15:09:18.0168 5784 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    15:09:18.0168 5784 AVGIDSDriver - ok
    15:09:18.0183 5784 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    15:09:18.0183 5784 AVGIDSHA - ok
    15:09:18.0199 5784 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    15:09:18.0199 5784 Avgldx64 - ok
    15:09:18.0214 5784 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    15:09:18.0214 5784 Avgloga - ok
    15:09:18.0230 5784 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    15:09:18.0230 5784 Avgmfx64 - ok
    15:09:18.0230 5784 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    15:09:18.0230 5784 Avgrkx64 - ok
    15:09:18.0292 5784 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    15:09:18.0292 5784 Avgtdia - ok
    15:09:18.0324 5784 [ 9DE4C26D54EBF21091F7CCFB6AB41995 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    15:09:18.0324 5784 avgtp - ok
    15:09:18.0339 5784 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    15:09:18.0355 5784 avgwd - ok
    15:09:18.0386 5784 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    15:09:18.0386 5784 AxInstSV - ok
    15:09:18.0433 5784 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    15:09:18.0433 5784 b06bdrv - ok
    15:09:18.0448 5784 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:09:18.0464 5784 b57nd60a - ok
    15:09:18.0558 5784 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    15:09:18.0558 5784 BBSvc - ok
    15:09:18.0604 5784 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    15:09:18.0604 5784 BBUpdate - ok
    15:09:18.0620 5784 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    15:09:18.0620 5784 BDESVC - ok
    15:09:18.0636 5784 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    15:09:18.0636 5784 Beep - ok
    15:09:18.0698 5784 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    15:09:18.0714 5784 BFE - ok
    15:09:18.0745 5784 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    15:09:18.0760 5784 BITS - ok
    15:09:18.0760 5784 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    15:09:18.0760 5784 blbdrive - ok
    15:09:18.0776 5784 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    15:09:18.0776 5784 bowser - ok
    15:09:18.0776 5784 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    15:09:18.0776 5784 BrFiltLo - ok
    15:09:18.0776 5784 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    15:09:18.0792 5784 BrFiltUp - ok
    15:09:18.0823 5784 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    15:09:18.0823 5784 Browser - ok
    15:09:18.0916 5784 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    15:09:18.0916 5784 Brserid - ok
    15:09:18.0932 5784 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    15:09:18.0932 5784 BrSerWdm - ok
    15:09:18.0932 5784 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:09:18.0932 5784 BrUsbMdm - ok
    15:09:18.0948 5784 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    15:09:18.0948 5784 BrUsbSer - ok
    15:09:18.0948 5784 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    15:09:18.0948 5784 BTHMODEM - ok
    15:09:18.0963 5784 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    15:09:18.0963 5784 bthserv - ok
    15:09:18.0963 5784 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    15:09:18.0963 5784 cdfs - ok
    15:09:18.0979 5784 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    15:09:18.0979 5784 cdrom - ok
    15:09:18.0994 5784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    15:09:18.0994 5784 CertPropSvc - ok
    15:09:19.0010 5784 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
    15:09:19.0010 5784 cfwids - ok
    15:09:19.0104 5784 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    15:09:19.0104 5784 circlass - ok
    15:09:19.0150 5784 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    15:09:19.0166 5784 CLFS - ok
    15:09:19.0291 5784 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:09:19.0306 5784 clr_optimization_v2.0.50727_32 - ok
    15:09:19.0353 5784 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:09:19.0353 5784 clr_optimization_v2.0.50727_64 - ok
    15:09:19.0509 5784 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:09:19.0509 5784 clr_optimization_v4.0.30319_32 - ok
    15:09:19.0556 5784 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:09:19.0556 5784 clr_optimization_v4.0.30319_64 - ok
    15:09:19.0572 5784 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    15:09:19.0587 5784 CmBatt - ok
    15:09:19.0587 5784 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    15:09:19.0587 5784 cmdide - ok
    15:09:19.0634 5784 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    15:09:19.0634 5784 CNG - ok
    15:09:19.0634 5784 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    15:09:19.0634 5784 Compbatt - ok
    15:09:19.0650 5784 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    15:09:19.0650 5784 CompositeBus - ok
    15:09:19.0650 5784 COMSysApp - ok
    15:09:19.0650 5784 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    15:09:19.0665 5784 crcdisk - ok
    15:09:19.0696 5784 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    15:09:19.0696 5784 CryptSvc - ok
    15:09:19.0852 5784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    15:09:19.0868 5784 DcomLaunch - ok
    15:09:19.0915 5784 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    15:09:19.0915 5784 defragsvc - ok
    15:09:19.0946 5784 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    15:09:19.0946 5784 DfsC - ok
    15:09:19.0962 5784 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    15:09:19.0962 5784 Dhcp - ok
    15:09:19.0962 5784 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    15:09:19.0962 5784 discache - ok
    15:09:19.0977 5784 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    15:09:19.0977 5784 Disk - ok
    15:09:20.0008 5784 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    15:09:20.0008 5784 Dnscache - ok
    15:09:20.0024 5784 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    15:09:20.0024 5784 dot3svc - ok
    15:09:20.0040 5784 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    15:09:20.0040 5784 DPS - ok
    15:09:20.0055 5784 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    15:09:20.0055 5784 drmkaud - ok
    15:09:20.0133 5784 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    15:09:20.0149 5784 DXGKrnl - ok
    15:09:20.0180 5784 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    15:09:20.0196 5784 EapHost - ok
    15:09:20.0492 5784 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    15:09:20.0508 5784 ebdrv - ok
    15:09:20.0539 5784 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    15:09:20.0539 5784 EFS - ok
    15:09:20.0695 5784 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    15:09:20.0710 5784 ehRecvr - ok
    15:09:20.0726 5784 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    15:09:20.0726 5784 ehSched - ok
    15:09:20.0804 5784 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    15:09:20.0804 5784 elxstor - ok
    15:09:20.0835 5784 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    15:09:20.0835 5784 ErrDev - ok
    15:09:20.0866 5784 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    15:09:20.0866 5784 EventSystem - ok
    15:09:20.0866 5784 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    15:09:20.0866 5784 exfat - ok
    15:09:20.0898 5784 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    15:09:20.0913 5784 fastfat - ok
    15:09:21.0022 5784 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    15:09:21.0022 5784 Fax - ok
    15:09:21.0022 5784 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    15:09:21.0022 5784 fdc - ok
    15:09:21.0038 5784 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    15:09:21.0038 5784 fdPHost - ok
    15:09:21.0069 5784 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    15:09:21.0069 5784 FDResPub - ok
    15:09:21.0085 5784 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    15:09:21.0085 5784 FileInfo - ok
    15:09:21.0100 5784 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    15:09:21.0100 5784 Filetrace - ok
    15:09:21.0116 5784 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    15:09:21.0116 5784 flpydisk - ok
    15:09:21.0116 5784 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    15:09:21.0132 5784 FltMgr - ok
    15:09:21.0241 5784 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    15:09:21.0241 5784 FontCache - ok
    15:09:21.0288 5784 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:09:21.0288 5784 FontCache3.0.0.0 - ok
    15:09:21.0288 5784 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    15:09:21.0288 5784 FsDepends - ok
    15:09:21.0303 5784 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    15:09:21.0303 5784 Fs_Rec - ok
    15:09:21.0319 5784 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    15:09:21.0319 5784 fvevol - ok
    15:09:21.0334 5784 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    15:09:21.0334 5784 gagp30kx - ok
    15:09:21.0444 5784 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    15:09:21.0459 5784 GamesAppService - ok
    15:09:21.0506 5784 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    15:09:21.0522 5784 gpsvc - ok
    15:09:21.0568 5784 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    15:09:21.0568 5784 hcw85cir - ok
    15:09:21.0584 5784 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:09:21.0600 5784 HDAudBus - ok
    15:09:21.0615 5784 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    15:09:21.0615 5784 HidBatt - ok
    15:09:21.0646 5784 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    15:09:21.0646 5784 HidBth - ok
    15:09:21.0646 5784 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    15:09:21.0646 5784 HidIr - ok
    15:09:21.0693 5784 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    15:09:21.0693 5784 hidserv - ok
    15:09:21.0709 5784 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    15:09:21.0709 5784 HidUsb - ok


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.