1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

search-results.com due to ilivid

Discussion in 'Virus & Other Malware Removal' started by cevee, Feb 7, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. cevee

    cevee Thread Starter

    Joined:
    Nov 5, 2010
    Messages:
    5
    I really appreciate this forum and all the people that help us newbies out. Thanks for your time and knowledge.
    I had installed ilivid (I know now it was a mistake) and since then my laptop especially the google search results redirect to the search-results.com. I read threads that others have posted and were solved so am hoping for similar results.
    I followed the instructions (hijackthis all the way thru the gmer tool) the gmer tool came back with only three lines so maybe I did not understand something?

    just saw the system info stuff
    here it is
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57, x64 Family 15 Model 104 Stepping 2
    Processor Count: 2
    RAM: 1789 Mb
    Graphics Card: ATI Radeon Xpress 1250, 256 Mb
    Hard Drives: C: Total - 52237 MB, Free - 10169 MB; D: Total - 52232 MB, Free - 46074 MB;
    Motherboard: Acer, Extensa 4420
    Antivirus: avast! Antivirus, Updated and Enabled

    here are the other results- thanks
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:46:47 AM, on 2/7/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\PLFSetL.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Users\Brian\Downloads\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Brian\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Update Service (gupdate1c99399fb181f62) (gupdate1c99399fb181f62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 9906 bytes

    now the dds.txt
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by Brian at 9:39:35 on 2013-02-07
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.379 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\PLFSetL.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Users\Brian\Downloads\HijackThis.exe
    C:\Users\Brian\Desktop\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://en.us.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [PLFSetL] c:\windows\PLFSetL.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [eRecoveryService] <no file>
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{EE5E185D-5CA1-42D4-951E-BEBA7049533F} : DHCPNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    AppInit_DLLs=
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-6-18 39680]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-18 35712]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-6 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-6 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-6 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-6 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-6 44808]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2011-4-24 214880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c99399fb181f62;Google Update Service (gupdate1c99399fb181f62);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\msrs10_50.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [2011-4-24 1177952]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
    S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-15 21520]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
    .
    =============== Created Last 30 ================
    .
    2013-02-07 11:14:11 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-02-07 11:13:30 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-02-07 11:13:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-02-06 23:21:27 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-02-06 23:21:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-02-06 23:20:36 41224 ----a-w- c:\windows\avastSS.scr
    2013-02-06 23:20:00 -------- d-----w- c:\programdata\AVAST Software
    2013-02-06 23:20:00 -------- d-----w- c:\program files\AVAST Software
    2013-02-06 22:20:55 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2013-02-06 22:18:08 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-02-06 22:18:08 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2013-02-06 22:18:08 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2013-02-06 22:18:07 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-02-06 22:18:07 519680 ----a-w- c:\windows\system32\d3d11.dll
    2013-02-06 22:18:07 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2013-02-06 22:18:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2013-02-06 21:36:25 -------- d-----w- c:\windows\system32\eu-ES
    2013-02-06 21:36:25 -------- d-----w- c:\windows\system32\ca-ES
    2013-02-06 21:36:21 -------- d-----w- c:\windows\system32\vi-VN
    2013-02-06 19:19:25 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-05 13:18:24 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{07827c7a-995c-46d4-b0ba-964dcf907d45}\mpengine.dll
    2013-01-29 17:24:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2013-01-29 17:24:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2013-01-29 17:24:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-01-29 17:24:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-01-29 17:24:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-01-29 17:24:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-01-29 17:24:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2013-01-28 16:23:31 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-01-28 16:21:51 -------- d-----w- c:\program files\iPod
    2013-01-28 16:21:48 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-28 16:21:48 -------- d-----w- c:\program files\iTunes
    2013-01-28 15:39:42 98304 ----a-w- c:\windows\system32\CNC620I.DLL
    2013-01-28 15:39:42 270336 ----a-w- c:\windows\system32\CNC620L.DLL
    2013-01-28 15:39:42 188416 ----a-w- c:\windows\system32\CNC620O.DLL
    2013-01-28 15:39:41 1339392 ----a-w- c:\windows\system32\CNC620C.DLL
    .
    ==================== Find3M ====================
    .
    2013-02-06 22:20:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2013-02-06 22:18:10 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2013-02-06 19:19:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 9:41:02.19 ===============
    now the attach
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/18/2008 2:13:43 PM
    System Uptime: 2/7/2013 6:07:25 AM (3 hours ago)
    .
    Motherboard: Acer | | Extensa 4420
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57 | Socket M2/S1G1 | 1900/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 51 GiB total, 9.94 GiB free.
    D: is FIXED (NTFS) - 51 GiB total, 44.994 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP813: 2/7/2013 6:13:09 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acer Assist
    Acer Crystal Eye Webcam 2.0.8
    Acer Crystal Eye Webcam Video Class Camera
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer Registration
    Acer ScreenSaver
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Agere Systems HDA Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft TotalMedia Backup & Record
    ATI Catalyst Install Manager
    avast! Free Antivirus
    Bonjour
    Button Manager v1.836
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP620 series MP Drivers
    Canon MP620 series User Registration
    Canon Utilities My Printer
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Light
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCleaner
    GDR 1617 for SQL Server 2008 R2 (KB2494088)
    Google Chrome
    Google Drive
    Google Photos Screensaver
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    iCloud
    iTunes
    Launch Manager
    LightScribe 1.4.142.1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 6.2
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Books Online
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 8.0 Support DLLs
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    NTI Shadow
    Picasa 3
    PowerDVD
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    SQL Server 2008 R2 Analysis Services
    SQL Server 2008 R2 BI Development Studio
    SQL Server 2008 R2 Client Tools
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Database Engine Services
    SQL Server 2008 R2 Database Engine Shared
    SQL Server 2008 R2 Integration Services
    SQL Server 2008 R2 Management Studio
    SQL Server 2008 R2 Reporting Services
    Sql Server Customer Experience Improvement Program
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live ID Sign-in Assistant
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
    2/7/2013 6:15:17 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
    2/7/2013 6:08:36 AM, Error: Service Control Manager [7024] - The SQL Server (MSSQLSERVER) service terminated with service-specific error 17051 (0x429B).
    2/7/2013 6:08:36 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/6/2013 6:10:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    2/6/2013 6:10:01 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    and the one I think i may have screwed up ark.txt

    GMER 2.0.18454 - http://www.gmer.net
    Rootkit quick scan 2013-02-07 09:52:23
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542512K9SA00 rev.BB2OC31P 111.79GB
    Running: relsokdt.exe; Driver: C:\Users\Brian\AppData\Local\Temp\pwdyypob.sys


    ---- System - GMER 2.0 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8CD44E56]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- EOF - GMER 2.0 ----

    thank you - I will be away for a couple of hours but will check as soon as I get home
     
  2. cevee

    cevee Thread Starter

    Joined:
    Nov 5, 2010
    Messages:
    5
    bump
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    step 1

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  4. cevee

    cevee Thread Starter

    Joined:
    Nov 5, 2010
    Messages:
    5

    Thank you Derek. I downloaded the Kapersky tdsskiller utility and ran it and it says " no threats found" - it scanned only 424 objects - here is the log. since I posted my original request for help I ran the adwcleaner - sorry if that messed things up- should I re-do all the log files above and repost them?

    10:03:23.0383 4840 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    10:03:23.0820 4840 ============================================================
    10:03:23.0820 4840 Current date / time: 2013/02/11 10:03:23.0820
    10:03:23.0820 4840 SystemInfo:
    10:03:23.0820 4840
    10:03:23.0820 4840 OS Version: 6.0.6002 ServicePack: 2.0
    10:03:23.0820 4840 Product type: Workstation
    10:03:23.0820 4840 ComputerName: BRIAN-LAPTOP
    10:03:23.0820 4840 UserName: Brian
    10:03:23.0820 4840 Windows directory: C:\Windows
    10:03:23.0820 4840 System windows directory: C:\Windows
    10:03:23.0820 4840 Processor architecture: Intel x86
    10:03:23.0820 4840 Number of processors: 2
    10:03:23.0820 4840 Page size: 0x1000
    10:03:23.0820 4840 Boot type: Normal boot
    10:03:23.0820 4840 ============================================================
    10:03:25.0287 4840 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    10:03:25.0333 4840 ============================================================
    10:03:25.0333 4840 \Device\Harddisk0\DR0:
    10:03:25.0333 4840 MBR partitions:
    10:03:25.0333 4840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x6607000
    10:03:25.0333 4840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x798F800, BlocksNum 0x6604800
    10:03:25.0333 4840 ============================================================
    10:03:25.0489 4840 C: <-> \Device\Harddisk0\DR0\Partition1
    10:03:25.0552 4840 D: <-> \Device\Harddisk0\DR0\Partition2
    10:03:25.0552 4840 ============================================================
    10:03:25.0552 4840 Initialize success
    10:03:25.0552 4840 ============================================================
    10:03:51.0931 7192 ============================================================
    10:03:51.0931 7192 Scan started
    10:03:51.0931 7192 Mode: Manual;
    10:03:51.0931 7192 ============================================================
    10:03:53.0491 7192 ================ Scan system memory ========================
    10:03:53.0491 7192 System memory - ok
    10:03:53.0491 7192 ================ Scan services =============================
    10:03:53.0694 7192 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    10:03:53.0694 7192 ACPI - ok
    10:03:53.0788 7192 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:03:53.0788 7192 AdobeFlashPlayerUpdateSvc - ok
    10:03:53.0835 7192 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    10:03:53.0835 7192 adp94xx - ok
    10:03:53.0881 7192 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
    10:03:53.0881 7192 adpahci - ok
    10:03:53.0897 7192 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    10:03:53.0913 7192 adpu160m - ok
    10:03:53.0928 7192 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    10:03:53.0928 7192 adpu320 - ok
    10:03:53.0975 7192 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    10:03:53.0975 7192 AeLookupSvc - ok
    10:03:54.0037 7192 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys
    10:03:54.0037 7192 Afc - ok
    10:03:54.0084 7192 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    10:03:54.0084 7192 AFD - ok
    10:03:54.0115 7192 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
    10:03:54.0115 7192 AgereModemAudio - ok
    10:03:54.0162 7192 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
    10:03:54.0178 7192 AgereSoftModem - ok
    10:03:54.0209 7192 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
    10:03:54.0209 7192 agp440 - ok
    10:03:54.0240 7192 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    10:03:54.0240 7192 aic78xx - ok
    10:03:54.0271 7192 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    10:03:54.0271 7192 ALG - ok
    10:03:54.0287 7192 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
    10:03:54.0287 7192 aliide - ok
    10:03:54.0303 7192 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    10:03:54.0318 7192 amdagp - ok
    10:03:54.0318 7192 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
    10:03:54.0318 7192 amdide - ok
    10:03:54.0349 7192 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    10:03:54.0349 7192 AmdK7 - ok
    10:03:54.0365 7192 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    10:03:54.0365 7192 AmdK8 - ok
    10:03:54.0396 7192 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    10:03:54.0396 7192 Appinfo - ok
    10:03:54.0537 7192 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    10:03:54.0537 7192 Apple Mobile Device - ok
    10:03:54.0568 7192 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
    10:03:54.0568 7192 arc - ok
    10:03:54.0599 7192 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    10:03:54.0599 7192 arcsas - ok
    10:03:54.0646 7192 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    10:03:54.0646 7192 aswFsBlk - ok
    10:03:54.0693 7192 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    10:03:54.0693 7192 aswMonFlt - ok
    10:03:54.0724 7192 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
    10:03:54.0724 7192 AswRdr - ok
    10:03:54.0755 7192 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    10:03:54.0771 7192 aswSnx - ok
    10:03:54.0849 7192 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    10:03:54.0849 7192 aswSP - ok
    10:03:54.0911 7192 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    10:03:54.0911 7192 aswTdi - ok
    10:03:54.0942 7192 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    10:03:54.0942 7192 AsyncMac - ok
    10:03:54.0973 7192 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    10:03:54.0973 7192 atapi - ok
    10:03:55.0051 7192 [ B886D349AFAD502DE4F6EA0C64B1CC4D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    10:03:55.0051 7192 Ati External Event Utility - ok
    10:03:55.0192 7192 [ 8AE1745BFC7D383DAA3F82FE8D7BE7C0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    10:03:55.0223 7192 atikmdag - ok
    10:03:55.0270 7192 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    10:03:55.0270 7192 AtiPcie - ok
    10:03:55.0317 7192 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    10:03:55.0317 7192 AudioEndpointBuilder - ok
    10:03:55.0332 7192 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    10:03:55.0332 7192 Audiosrv - ok
    10:03:55.0363 7192 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    10:03:55.0363 7192 avast! Antivirus - ok
    10:03:55.0426 7192 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    10:03:55.0426 7192 b57nd60x - ok
    10:03:55.0488 7192 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
    10:03:55.0504 7192 BCM43XX - ok
    10:03:55.0535 7192 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    10:03:55.0535 7192 Beep - ok
    10:03:55.0582 7192 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    10:03:55.0582 7192 BFE - ok
    10:03:55.0644 7192 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
    10:03:55.0660 7192 BITS - ok
    10:03:55.0675 7192 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    10:03:55.0675 7192 blbdrive - ok
    10:03:55.0753 7192 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    10:03:55.0753 7192 Bonjour Service - ok
    10:03:55.0785 7192 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    10:03:55.0785 7192 bowser - ok
    10:03:55.0847 7192 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    10:03:55.0863 7192 BrFiltLo - ok
    10:03:55.0878 7192 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    10:03:55.0878 7192 BrFiltUp - ok
    10:03:55.0925 7192 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    10:03:55.0941 7192 Browser - ok
    10:03:55.0956 7192 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    10:03:55.0956 7192 Brserid - ok
    10:03:55.0987 7192 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    10:03:55.0987 7192 BrSerWdm - ok
    10:03:56.0019 7192 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    10:03:56.0019 7192 BrUsbMdm - ok
    10:03:56.0034 7192 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    10:03:56.0034 7192 BrUsbSer - ok
    10:03:56.0081 7192 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    10:03:56.0081 7192 BTHMODEM - ok
    10:03:56.0112 7192 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    10:03:56.0112 7192 cdfs - ok
    10:03:56.0159 7192 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    10:03:56.0159 7192 cdrom - ok
    10:03:56.0206 7192 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    10:03:56.0206 7192 CertPropSvc - ok
    10:03:56.0221 7192 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
    10:03:56.0221 7192 circlass - ok
    10:03:56.0268 7192 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    10:03:56.0268 7192 CLFS - ok
    10:03:56.0331 7192 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:03:56.0331 7192 clr_optimization_v2.0.50727_32 - ok
    10:03:56.0409 7192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:03:56.0409 7192 clr_optimization_v4.0.30319_32 - ok
    10:03:56.0440 7192 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    10:03:56.0440 7192 CmBatt - ok
    10:03:56.0455 7192 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    10:03:56.0455 7192 cmdide - ok
    10:03:56.0471 7192 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    10:03:56.0471 7192 Compbatt - ok
    10:03:56.0471 7192 COMSysApp - ok
    10:03:56.0518 7192 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    10:03:56.0518 7192 crcdisk - ok
    10:03:56.0533 7192 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    10:03:56.0549 7192 Crusoe - ok
    10:03:56.0596 7192 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    10:03:56.0596 7192 CryptSvc - ok
    10:03:56.0658 7192 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    10:03:56.0674 7192 DcomLaunch - ok
    10:03:56.0705 7192 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    10:03:56.0721 7192 DfsC - ok
    10:03:56.0783 7192 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    10:03:56.0814 7192 DFSR - ok
    10:03:56.0892 7192 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    10:03:56.0892 7192 Dhcp - ok
    10:03:56.0955 7192 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    10:03:56.0955 7192 disk - ok
    10:03:57.0001 7192 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
    10:03:57.0001 7192 DKbFltr - ok
    10:03:57.0033 7192 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    10:03:57.0033 7192 Dnscache - ok
    10:03:57.0064 7192 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    10:03:57.0079 7192 dot3svc - ok
    10:03:57.0126 7192 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    10:03:57.0126 7192 DPS - ok
    10:03:57.0173 7192 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    10:03:57.0173 7192 drmkaud - ok
    10:03:57.0235 7192 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    10:03:57.0235 7192 DXGKrnl - ok
    10:03:57.0267 7192 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    10:03:57.0267 7192 E1G60 - ok
    10:03:57.0313 7192 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    10:03:57.0329 7192 EapHost - ok
    10:03:57.0391 7192 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    10:03:57.0391 7192 Ecache - ok
    10:03:57.0469 7192 [ 668DCA122FFC7F10BECA6055E15FFABD ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    10:03:57.0485 7192 eDataSecurity Service - ok
    10:03:57.0532 7192 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    10:03:57.0547 7192 ehRecvr - ok
    10:03:57.0563 7192 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    10:03:57.0563 7192 ehSched - ok
    10:03:57.0579 7192 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    10:03:57.0579 7192 ehstart - ok
    10:03:57.0641 7192 [ E28516FED46251119ADDAF4CF33BA401 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    10:03:57.0641 7192 eLockService - ok
    10:03:57.0688 7192 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    10:03:57.0688 7192 elxstor - ok
    10:03:57.0750 7192 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    10:03:57.0750 7192 EMDMgmt - ok
    10:03:57.0813 7192 [ 44E8E86CEEB0D9F0F934B5EDC21E0444 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
    10:03:57.0813 7192 eNet Service - ok
    10:03:57.0875 7192 [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    10:03:57.0875 7192 eRecoveryService - ok
    10:03:57.0906 7192 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    10:03:57.0906 7192 ErrDev - ok
    10:03:57.0969 7192 [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    10:03:57.0969 7192 eSettingsService - ok
    10:03:58.0015 7192 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    10:03:58.0015 7192 EventSystem - ok
    10:03:58.0062 7192 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    10:03:58.0062 7192 exfat - ok
    10:03:58.0109 7192 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    10:03:58.0125 7192 fastfat - ok
    10:03:58.0140 7192 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    10:03:58.0140 7192 fdc - ok
    10:03:58.0187 7192 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    10:03:58.0187 7192 fdPHost - ok
    10:03:58.0187 7192 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    10:03:58.0187 7192 FDResPub - ok
    10:03:58.0203 7192 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    10:03:58.0218 7192 FileInfo - ok
    10:03:58.0218 7192 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    10:03:58.0234 7192 Filetrace - ok
    10:03:58.0249 7192 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    10:03:58.0249 7192 flpydisk - ok
    10:03:58.0296 7192 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    10:03:58.0296 7192 FltMgr - ok
    10:03:58.0374 7192 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    10:03:58.0390 7192 FontCache - ok
    10:03:58.0452 7192 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    10:03:58.0452 7192 FontCache3.0.0.0 - ok
    10:03:58.0483 7192 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    10:03:58.0483 7192 Fs_Rec - ok
    10:03:58.0515 7192 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    10:03:58.0515 7192 gagp30kx - ok
    10:03:58.0561 7192 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    10:03:58.0561 7192 GEARAspiWDM - ok
    10:03:58.0608 7192 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    10:03:58.0624 7192 gpsvc - ok
    10:03:58.0717 7192 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c99399fb181f62 C:\Program Files\Google\Update\GoogleUpdate.exe
    10:03:58.0717 7192 gupdate1c99399fb181f62 - ok
    10:03:58.0749 7192 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    10:03:58.0749 7192 gupdatem - ok
    10:03:58.0780 7192 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    10:03:58.0780 7192 gusvc - ok
    10:03:58.0827 7192 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    10:03:58.0827 7192 HdAudAddService - ok
    10:03:58.0889 7192 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:03:58.0889 7192 HDAudBus - ok
    10:03:58.0920 7192 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    10:03:58.0920 7192 HidBth - ok
    10:03:58.0936 7192 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    10:03:58.0936 7192 HidIr - ok
    10:03:58.0983 7192 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    10:03:58.0998 7192 hidserv - ok
    10:03:59.0029 7192 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    10:03:59.0045 7192 HidUsb - ok
    10:03:59.0076 7192 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    10:03:59.0076 7192 hkmsvc - ok
    10:03:59.0107 7192 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    10:03:59.0107 7192 HpCISSs - ok
    10:03:59.0154 7192 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    10:03:59.0154 7192 HTTP - ok
    10:03:59.0185 7192 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    10:03:59.0185 7192 i2omp - ok
    10:03:59.0232 7192 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    10:03:59.0232 7192 i8042prt - ok
    10:03:59.0248 7192 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    10:03:59.0263 7192 iaStorV - ok
    10:03:59.0357 7192 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:03:59.0373 7192 idsvc - ok
    10:03:59.0388 7192 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    10:03:59.0388 7192 iirsp - ok
    10:03:59.0435 7192 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    10:03:59.0451 7192 IKEEXT - ok
    10:03:59.0482 7192 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
    10:03:59.0497 7192 int15 - ok
    10:03:59.0591 7192 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    10:03:59.0653 7192 IntcAzAudAddService - ok
    10:03:59.0685 7192 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
    10:03:59.0700 7192 intelide - ok
    10:03:59.0716 7192 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    10:03:59.0731 7192 intelppm - ok
    10:03:59.0763 7192 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    10:03:59.0763 7192 IPBusEnum - ok
    10:03:59.0794 7192 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:03:59.0809 7192 IpFilterDriver - ok
    10:03:59.0841 7192 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    10:03:59.0841 7192 iphlpsvc - ok
    10:03:59.0856 7192 IpInIp - ok
    10:03:59.0872 7192 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    10:03:59.0872 7192 IPMIDRV - ok
    10:03:59.0919 7192 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    10:03:59.0919 7192 IPNAT - ok
    10:03:59.0965 7192 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    10:03:59.0981 7192 iPod Service - ok
    10:04:00.0012 7192 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
    10:04:00.0012 7192 irda - ok
    10:04:00.0028 7192 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    10:04:00.0028 7192 IRENUM - ok
    10:04:00.0059 7192 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
    10:04:00.0059 7192 Irmon - ok
    10:04:00.0075 7192 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    10:04:00.0090 7192 isapnp - ok
    10:04:00.0137 7192 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    10:04:00.0137 7192 iScsiPrt - ok
    10:04:00.0184 7192 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    10:04:00.0184 7192 iteatapi - ok
    10:04:00.0215 7192 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    10:04:00.0215 7192 iteraid - ok
    10:04:00.0231 7192 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    10:04:00.0231 7192 kbdclass - ok
    10:04:00.0246 7192 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    10:04:00.0262 7192 kbdhid - ok
    10:04:00.0293 7192 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    10:04:00.0293 7192 KeyIso - ok
    10:04:00.0324 7192 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    10:04:00.0324 7192 KSecDD - ok
    10:04:00.0387 7192 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    10:04:00.0387 7192 KtmRm - ok
    10:04:00.0433 7192 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    10:04:00.0433 7192 LanmanServer - ok
    10:04:00.0480 7192 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    10:04:00.0480 7192 LanmanWorkstation - ok
    10:04:00.0543 7192 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    10:04:00.0558 7192 LightScribeService - ok
    10:04:00.0574 7192 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    10:04:00.0589 7192 lltdio - ok
    10:04:00.0621 7192 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    10:04:00.0621 7192 lltdsvc - ok
    10:04:00.0636 7192 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    10:04:00.0652 7192 lmhosts - ok
    10:04:00.0667 7192 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    10:04:00.0683 7192 LSI_FC - ok
    10:04:00.0699 7192 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    10:04:00.0699 7192 LSI_SAS - ok
    10:04:00.0730 7192 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    10:04:00.0730 7192 LSI_SCSI - ok
    10:04:00.0745 7192 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    10:04:00.0745 7192 luafv - ok
    10:04:00.0823 7192 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
    10:04:00.0823 7192 McciCMService - ok
    10:04:00.0870 7192 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    10:04:00.0870 7192 Mcx2Svc - ok
    10:04:00.0917 7192 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
    10:04:00.0917 7192 megasas - ok
    10:04:00.0948 7192 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    10:04:00.0948 7192 MegaSR - ok
    10:04:01.0057 7192 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    10:04:01.0073 7192 Microsoft Office Groove Audit Service - ok
    10:04:01.0120 7192 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    10:04:01.0120 7192 MMCSS - ok
    10:04:01.0151 7192 MobilityService - ok
    10:04:01.0182 7192 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    10:04:01.0198 7192 Modem - ok
    10:04:01.0213 7192 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    10:04:01.0213 7192 monitor - ok
    10:04:01.0229 7192 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    10:04:01.0229 7192 mouclass - ok
    10:04:01.0260 7192 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    10:04:01.0260 7192 mouhid - ok
    10:04:01.0276 7192 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    10:04:01.0276 7192 MountMgr - ok
    10:04:01.0307 7192 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
    10:04:01.0307 7192 mpio - ok
    10:04:01.0323 7192 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    10:04:01.0338 7192 mpsdrv - ok
    10:04:01.0385 7192 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    10:04:01.0401 7192 MpsSvc - ok
    10:04:01.0416 7192 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    10:04:01.0416 7192 Mraid35x - ok
    10:04:01.0463 7192 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    10:04:01.0463 7192 MREMP50 - ok
    10:04:01.0463 7192 MREMPR5 - ok
    10:04:01.0479 7192 MRENDIS5 - ok
    10:04:01.0525 7192 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    10:04:01.0525 7192 MRESP50 - ok
    10:04:01.0572 7192 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    10:04:01.0572 7192 MRxDAV - ok
    10:04:01.0619 7192 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:04:01.0619 7192 mrxsmb - ok
    10:04:01.0650 7192 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:04:01.0666 7192 mrxsmb10 - ok
    10:04:01.0681 7192 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:04:01.0681 7192 mrxsmb20 - ok
    10:04:01.0728 7192 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
    10:04:01.0728 7192 msahci - ok
    10:04:01.0744 7192 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    10:04:01.0744 7192 msdsm - ok
    10:04:01.0775 7192 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    10:04:01.0791 7192 MSDTC - ok
    10:04:01.0900 7192 [ 8335DFF2E4C337CCAC2B08B88EA7A763 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    10:04:01.0900 7192 MsDtsServer100 - ok
    10:04:01.0931 7192 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    10:04:01.0931 7192 Msfs - ok
    10:04:01.0993 7192 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    10:04:01.0993 7192 msisadrv - ok
    10:04:02.0025 7192 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    10:04:02.0025 7192 MSiSCSI - ok
    10:04:02.0025 7192 msiserver - ok
    10:04:02.0056 7192 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    10:04:02.0056 7192 MSKSSRV - ok
    10:04:02.0071 7192 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    10:04:02.0087 7192 MSPCLOCK - ok
    10:04:02.0087 7192 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    10:04:02.0087 7192 MSPQM - ok
    10:04:02.0134 7192 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    10:04:02.0134 7192 MsRPC - ok
    10:04:02.0181 7192 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    10:04:02.0181 7192 mssmbios - ok
    10:04:02.0243 7192 MSSQLSERVER - ok
    10:04:02.0290 7192 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    10:04:02.0290 7192 MSSQLServerADHelper100 - ok
    10:04:02.0321 7192 MSSQLServerOLAPService - ok
    10:04:02.0352 7192 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    10:04:02.0352 7192 MSTEE - ok
    10:04:02.0555 7192 [ 70E994D23895DF6B1EE1E70145299FCF ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
    10:04:02.0649 7192 msvsmon90 - ok
    10:04:02.0680 7192 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    10:04:02.0680 7192 Mup - ok
    10:04:02.0727 7192 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    10:04:02.0742 7192 napagent - ok
    10:04:02.0789 7192 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    10:04:02.0789 7192 NativeWifiP - ok
    10:04:02.0820 7192 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    10:04:02.0836 7192 NDIS - ok
    10:04:02.0851 7192 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    10:04:02.0851 7192 NdisTapi - ok
    10:04:02.0883 7192 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    10:04:02.0898 7192 Ndisuio - ok
    10:04:02.0945 7192 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    10:04:02.0945 7192 NdisWan - ok
    10:04:02.0976 7192 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    10:04:02.0992 7192 NDProxy - ok
    10:04:03.0007 7192 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    10:04:03.0007 7192 NetBIOS - ok
    10:04:03.0070 7192 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    10:04:03.0117 7192 netbt - ok
    10:04:03.0132 7192 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    10:04:03.0163 7192 Netlogon - ok
    10:04:03.0195 7192 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    10:04:03.0210 7192 Netman - ok
    10:04:03.0241 7192 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    10:04:03.0241 7192 netprofm - ok
    10:04:03.0288 7192 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:04:03.0288 7192 NetTcpPortSharing - ok
    10:04:03.0319 7192 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    10:04:03.0319 7192 nfrd960 - ok
    10:04:03.0335 7192 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    10:04:03.0351 7192 NlaSvc - ok
    10:04:03.0382 7192 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    10:04:03.0397 7192 Npfs - ok
    10:04:03.0413 7192 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
    10:04:03.0413 7192 NSCIRDA - ok
    10:04:03.0444 7192 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    10:04:03.0444 7192 nsi - ok
    10:04:03.0460 7192 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    10:04:03.0460 7192 nsiproxy - ok
    10:04:03.0522 7192 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    10:04:03.0553 7192 Ntfs - ok
    10:04:03.0585 7192 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
    10:04:03.0585 7192 NTIDrvr - ok
    10:04:03.0616 7192 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    10:04:03.0616 7192 ntrigdigi - ok
    10:04:03.0647 7192 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    10:04:03.0647 7192 NuidFltr - ok
    10:04:03.0647 7192 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    10:04:03.0663 7192 Null - ok
    10:04:03.0678 7192 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    10:04:03.0678 7192 nvraid - ok
    10:04:03.0694 7192 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    10:04:03.0709 7192 nvstor - ok
    10:04:03.0725 7192 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    10:04:03.0725 7192 nv_agp - ok
    10:04:03.0725 7192 NwlnkFlt - ok
    10:04:03.0741 7192 NwlnkFwd - ok
    10:04:03.0772 7192 [ 36ED541FF0AD27D7F1C1E8F86F026309 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
    10:04:03.0772 7192 O2MDRDR - ok
    10:04:03.0803 7192 [ F3D467025D365A96B5E51C6229562716 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys
    10:04:03.0803 7192 O2SDRDR - ok
    10:04:03.0881 7192 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    10:04:03.0897 7192 odserv - ok
    10:04:03.0943 7192 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    10:04:03.0959 7192 ohci1394 - ok
    10:04:04.0006 7192 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    10:04:04.0006 7192 ose - ok
    10:04:04.0068 7192 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    10:04:04.0084 7192 p2pimsvc - ok
    10:04:04.0099 7192 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    10:04:04.0115 7192 p2psvc - ok
    10:04:04.0146 7192 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    10:04:04.0146 7192 Parport - ok
    10:04:04.0209 7192 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    10:04:04.0209 7192 partmgr - ok
    10:04:04.0255 7192 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    10:04:04.0255 7192 Parvdm - ok
    10:04:04.0287 7192 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    10:04:04.0302 7192 PcaSvc - ok
    10:04:04.0333 7192 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    10:04:04.0333 7192 pci - ok
    10:04:04.0349 7192 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
    10:04:04.0349 7192 pciide - ok
    10:04:04.0396 7192 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    10:04:04.0396 7192 pcmcia - ok
    10:04:04.0458 7192 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    10:04:04.0474 7192 PEAUTH - ok
    10:04:04.0567 7192 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    10:04:04.0614 7192 pla - ok
    10:04:04.0645 7192 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    10:04:04.0661 7192 PlugPlay - ok
    10:04:04.0692 7192 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    10:04:04.0708 7192 PNRPAutoReg - ok
    10:04:04.0723 7192 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    10:04:04.0723 7192 PNRPsvc - ok
    10:04:04.0770 7192 [ 437827D69040C0C2565D47B024ED5372 ] Point32 C:\Windows\system32\DRIVERS\point32k.sys
    10:04:04.0770 7192 Point32 - ok
    10:04:04.0817 7192 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    10:04:04.0833 7192 PolicyAgent - ok
    10:04:04.0879 7192 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    10:04:04.0879 7192 PptpMiniport - ok
    10:04:04.0895 7192 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
    10:04:04.0895 7192 Processor - ok
    10:04:04.0926 7192 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    10:04:04.0942 7192 ProfSvc - ok
    10:04:04.0973 7192 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    10:04:04.0973 7192 ProtectedStorage - ok
    10:04:05.0004 7192 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    10:04:05.0004 7192 PSched - ok
    10:04:05.0051 7192 [ 18DE162F9B83079C24CD96F59292F5ED ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
    10:04:05.0051 7192 PSDFilter - ok
    10:04:05.0067 7192 [ BC1457A28E76AB3106D43802AC22A627 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
    10:04:05.0067 7192 PSDNServ - ok
    10:04:05.0082 7192 [ AC151E5B0943304E368C98EC78B5FC4F ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
    10:04:05.0098 7192 psdvdisk - ok
    10:04:05.0129 7192 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
    10:04:05.0129 7192 PxHelp20 - ok
    10:04:05.0191 7192 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    10:04:05.0223 7192 ql2300 - ok
    10:04:05.0238 7192 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    10:04:05.0238 7192 ql40xx - ok
    10:04:05.0269 7192 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    10:04:05.0269 7192 QWAVE - ok
    10:04:05.0301 7192 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    10:04:05.0301 7192 QWAVEdrv - ok
    10:04:05.0410 7192 [ DD3E4610DE9252A957C5BD19BDF47AC4 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
    10:04:05.0410 7192 RapportIaso - ok
    10:04:05.0425 7192 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    10:04:05.0425 7192 RasAcd - ok
    10:04:05.0457 7192 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    10:04:05.0472 7192 RasAuto - ok
    10:04:05.0488 7192 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:04:05.0488 7192 Rasl2tp - ok
    10:04:05.0535 7192 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    10:04:05.0550 7192 RasMan - ok
    10:04:05.0581 7192 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    10:04:05.0581 7192 RasPppoe - ok
    10:04:05.0613 7192 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    10:04:05.0628 7192 RasSstp - ok
    10:04:05.0659 7192 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    10:04:05.0675 7192 rdbss - ok
    10:04:05.0675 7192 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:04:05.0691 7192 RDPCDD - ok
    10:04:05.0722 7192 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    10:04:05.0737 7192 rdpdr - ok
    10:04:05.0737 7192 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    10:04:05.0737 7192 RDPENCDD - ok
    10:04:05.0784 7192 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    10:04:05.0784 7192 RDPWD - ok
    10:04:05.0831 7192 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    10:04:05.0847 7192 RemoteAccess - ok
    10:04:05.0893 7192 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    10:04:05.0893 7192 RemoteRegistry - ok
    10:04:06.0003 7192 [ 3C1BC535FEBF70793A74A5FBF3096132 ] ReportServer C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    10:04:06.0034 7192 ReportServer - ok
    10:04:06.0065 7192 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    10:04:06.0065 7192 RpcLocator - ok
    10:04:06.0127 7192 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    10:04:06.0127 7192 RpcSs - ok
    10:04:06.0174 7192 [ A95840A95A9FF74B0009E5D848CDDB39 ] RsFx0150 C:\Windows\system32\DRIVERS\RsFx0150.sys
    10:04:06.0190 7192 RsFx0150 - ok
    10:04:06.0221 7192 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    10:04:06.0221 7192 rspndr - ok
    10:04:06.0237 7192 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    10:04:06.0237 7192 SamSs - ok
    10:04:06.0252 7192 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    10:04:06.0252 7192 sbp2port - ok
    10:04:06.0283 7192 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    10:04:06.0299 7192 SCardSvr - ok
    10:04:06.0346 7192 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    10:04:06.0361 7192 Schedule - ok
    10:04:06.0393 7192 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    10:04:06.0393 7192 SCPolicySvc - ok
    10:04:06.0424 7192 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    10:04:06.0424 7192 sdbus - ok
    10:04:06.0455 7192 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    10:04:06.0455 7192 SDRSVC - ok
    10:04:06.0486 7192 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    10:04:06.0486 7192 secdrv - ok
    10:04:06.0517 7192 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    10:04:06.0517 7192 seclogon - ok
    10:04:06.0533 7192 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    10:04:06.0549 7192 SENS - ok
    10:04:06.0549 7192 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    10:04:06.0549 7192 Serenum - ok
    10:04:06.0580 7192 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    10:04:06.0580 7192 Serial - ok
    10:04:06.0595 7192 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    10:04:06.0595 7192 sermouse - ok
    10:04:06.0642 7192 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    10:04:06.0642 7192 SessionEnv - ok
    10:04:06.0673 7192 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    10:04:06.0673 7192 sffdisk - ok
    10:04:06.0689 7192 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    10:04:06.0689 7192 sffp_mmc - ok
    10:04:06.0705 7192 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    10:04:06.0705 7192 sffp_sd - ok
    10:04:06.0736 7192 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    10:04:06.0736 7192 sfloppy - ok
    10:04:06.0783 7192 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    10:04:06.0783 7192 SharedAccess - ok
    10:04:06.0829 7192 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    10:04:06.0845 7192 ShellHWDetection - ok
    10:04:06.0876 7192 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    10:04:06.0876 7192 sisagp - ok
    10:04:06.0876 7192 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    10:04:06.0876 7192 SiSRaid2 - ok
    10:04:06.0907 7192 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    10:04:06.0907 7192 SiSRaid4 - ok
    10:04:07.0032 7192 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    10:04:07.0141 7192 slsvc - ok
    10:04:07.0173 7192 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    10:04:07.0173 7192 SLUINotify - ok
    10:04:07.0204 7192 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    10:04:07.0219 7192 Smb - ok
    10:04:07.0251 7192 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    10:04:07.0266 7192 SNMPTRAP - ok
    10:04:07.0344 7192 [ 0302BC619D4A723317E7F8EB0C362BD3 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
    10:04:07.0375 7192 SNP2UVC - ok
    10:04:07.0407 7192 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    10:04:07.0407 7192 spldr - ok
    10:04:07.0453 7192 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    10:04:07.0453 7192 Spooler - ok
    10:04:07.0531 7192 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    10:04:07.0531 7192 SQLBrowser - ok
    10:04:07.0578 7192 [ D39B8DEE1566C30858216521998F382F ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
    10:04:07.0578 7192 SQLSERVERAGENT - ok
    10:04:07.0609 7192 [ 8E6E5CFA06769A417B03FD6FAA29E010 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    10:04:07.0609 7192 SQLWriter - ok
    10:04:07.0656 7192 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    10:04:07.0656 7192 srv - ok
    10:04:07.0703 7192 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    10:04:07.0703 7192 srv2 - ok
    10:04:07.0719 7192 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    10:04:07.0719 7192 srvnet - ok
    10:04:07.0750 7192 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    10:04:07.0765 7192 SSDPSRV - ok
    10:04:07.0797 7192 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    10:04:07.0797 7192 SstpSvc - ok
    10:04:07.0843 7192 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    10:04:07.0843 7192 StillCam - ok
    10:04:07.0906 7192 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    10:04:07.0921 7192 stisvc - ok
    10:04:07.0953 7192 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    10:04:07.0953 7192 swenum - ok
    10:04:08.0015 7192 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    10:04:08.0015 7192 swprv - ok
    10:04:08.0031 7192 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    10:04:08.0031 7192 Symc8xx - ok
    10:04:08.0046 7192 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    10:04:08.0046 7192 Sym_hi - ok
    10:04:08.0077 7192 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    10:04:08.0077 7192 Sym_u3 - ok
    10:04:08.0124 7192 [ C5F25D490D0915732508FD421BF76D93 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    10:04:08.0124 7192 SynTP - ok
    10:04:08.0171 7192 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    10:04:08.0187 7192 SysMain - ok
    10:04:08.0218 7192 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    10:04:08.0233 7192 TabletInputService - ok
    10:04:08.0265 7192 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    10:04:08.0280 7192 TapiSrv - ok
    10:04:08.0311 7192 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    10:04:08.0311 7192 TBS - ok
    10:04:08.0374 7192 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    10:04:08.0389 7192 Tcpip - ok
    10:04:08.0421 7192 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    10:04:08.0421 7192 Tcpip6 - ok
    10:04:08.0467 7192 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    10:04:08.0467 7192 tcpipreg - ok
    10:04:08.0499 7192 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    10:04:08.0499 7192 TDPIPE - ok
    10:04:08.0514 7192 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    10:04:08.0514 7192 TDTCP - ok
    10:04:08.0545 7192 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    10:04:08.0561 7192 tdx - ok
    10:04:08.0561 7192 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    10:04:08.0577 7192 TermDD - ok
    10:04:08.0623 7192 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    10:04:08.0639 7192 TermService - ok
    10:04:08.0670 7192 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    10:04:08.0670 7192 Themes - ok
    10:04:08.0686 7192 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    10:04:08.0686 7192 THREADORDER - ok
    10:04:08.0717 7192 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    10:04:08.0733 7192 TrkWks - ok
    10:04:08.0795 7192 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    10:04:08.0795 7192 TrustedInstaller - ok
    10:04:08.0826 7192 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:04:08.0826 7192 tssecsrv - ok
    10:04:08.0857 7192 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    10:04:08.0857 7192 tunmp - ok
    10:04:08.0904 7192 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    10:04:08.0904 7192 tunnel - ok
    10:04:08.0935 7192 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    10:04:08.0935 7192 uagp35 - ok
    10:04:08.0982 7192 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    10:04:08.0998 7192 udfs - ok
    10:04:09.0029 7192 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    10:04:09.0045 7192 UI0Detect - ok
    10:04:09.0060 7192 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    10:04:09.0060 7192 uliagpkx - ok
    10:04:09.0091 7192 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
    10:04:09.0091 7192 uliahci - ok
    10:04:09.0123 7192 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    10:04:09.0138 7192 UlSata - ok
    10:04:09.0154 7192 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    10:04:09.0154 7192 ulsata2 - ok
    10:04:09.0169 7192 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    10:04:09.0185 7192 umbus - ok
    10:04:09.0216 7192 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    10:04:09.0232 7192 upnphost - ok
    10:04:09.0247 7192 USBAAPL - ok
    10:04:09.0294 7192 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    10:04:09.0294 7192 usbaudio - ok
    10:04:09.0341 7192 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    10:04:09.0341 7192 usbccgp - ok
    10:04:09.0357 7192 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    10:04:09.0357 7192 usbcir - ok
    10:04:09.0388 7192 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    10:04:09.0388 7192 usbehci - ok
    10:04:09.0419 7192 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    10:04:09.0419 7192 usbhub - ok
    10:04:09.0435 7192 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    10:04:09.0435 7192 usbohci - ok
    10:04:09.0481 7192 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    10:04:09.0481 7192 usbprint - ok
    10:04:09.0513 7192 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    10:04:09.0513 7192 usbscan - ok
    10:04:09.0544 7192 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:04:09.0559 7192 USBSTOR - ok
    10:04:09.0575 7192 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    10:04:09.0575 7192 usbuhci - ok
    10:04:09.0591 7192 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    10:04:09.0606 7192 usbvideo - ok
    10:04:09.0637 7192 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    10:04:09.0653 7192 UxSms - ok
    10:04:09.0700 7192 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    10:04:09.0715 7192 vds - ok
    10:04:09.0747 7192 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    10:04:09.0747 7192 vga - ok
    10:04:09.0762 7192 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    10:04:09.0762 7192 VgaSave - ok
    10:04:09.0778 7192 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
    10:04:09.0793 7192 viaagp - ok
    10:04:09.0809 7192 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    10:04:09.0809 7192 ViaC7 - ok
    10:04:09.0825 7192 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
    10:04:09.0825 7192 viaide - ok
    10:04:09.0840 7192 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    10:04:09.0840 7192 volmgr - ok
    10:04:09.0887 7192 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    10:04:09.0887 7192 volmgrx - ok
    10:04:09.0934 7192 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
    10:04:09.0949 7192 volsnap - ok
    10:04:09.0981 7192 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    10:04:09.0981 7192 vsmraid - ok
    10:04:10.0027 7192 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    10:04:10.0043 7192 VSS - ok
    10:04:10.0090 7192 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    10:04:10.0105 7192 W32Time - ok
    10:04:10.0137 7192 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    10:04:10.0137 7192 WacomPen - ok
    10:04:10.0152 7192 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    10:04:10.0152 7192 Wanarp - ok
    10:04:10.0168 7192 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    10:04:10.0168 7192 Wanarpv6 - ok
    10:04:10.0199 7192 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    10:04:10.0215 7192 wcncsvc - ok
    10:04:10.0246 7192 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    10:04:10.0246 7192 WcsPlugInService - ok
    10:04:10.0293 7192 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
    10:04:10.0293 7192 Wd - ok
    10:04:10.0339 7192 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
    10:04:10.0339 7192 WDC_SAM - ok
    10:04:10.0371 7192 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    10:04:10.0386 7192 Wdf01000 - ok
    10:04:10.0417 7192 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    10:04:10.0417 7192 WdiServiceHost - ok
    10:04:10.0433 7192 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    10:04:10.0433 7192 WdiSystemHost - ok
    10:04:10.0480 7192 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    10:04:10.0480 7192 WebClient - ok
    10:04:10.0511 7192 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    10:04:10.0527 7192 Wecsvc - ok
    10:04:10.0542 7192 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    10:04:10.0558 7192 wercplsupport - ok
    10:04:10.0589 7192 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    10:04:10.0605 7192 WerSvc - ok
    10:04:10.0636 7192 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    10:04:10.0651 7192 WinDefend - ok
    10:04:10.0651 7192 WinHttpAutoProxySvc - ok
    10:04:10.0714 7192 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    10:04:10.0729 7192 Winmgmt - ok
    10:04:10.0792 7192 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    10:04:10.0823 7192 WinRM - ok
    10:04:10.0885 7192 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    10:04:10.0901 7192 Wlansvc - ok
    10:04:10.0995 7192 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:04:11.0010 7192 wlidsvc - ok
    10:04:11.0057 7192 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    10:04:11.0073 7192 WmiAcpi - ok
    10:04:11.0119 7192 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    10:04:11.0135 7192 wmiApSrv - ok
    10:04:11.0229 7192 [ C8F8AAC50B5B0BF821AB7D7126056B30 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    10:04:11.0244 7192 WMIService - ok
    10:04:11.0322 7192 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    10:04:11.0338 7192 WMPNetworkSvc - ok
    10:04:11.0369 7192 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    10:04:11.0385 7192 WPCSvc - ok
    10:04:11.0447 7192 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    10:04:11.0463 7192 WPDBusEnum - ok
    10:04:11.0509 7192 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    10:04:11.0509 7192 WpdUsb - ok
    10:04:11.0619 7192 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    10:04:11.0634 7192 WPFFontCache_v0400 - ok
    10:04:11.0665 7192 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    10:04:11.0665 7192 ws2ifsl - ok
    10:04:11.0697 7192 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
    10:04:11.0712 7192 wscsvc - ok
    10:04:11.0712 7192 WSearch - ok
    10:04:11.0806 7192 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    10:04:11.0853 7192 wuauserv - ok
    10:04:11.0899 7192 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    10:04:11.0899 7192 WudfPf - ok
    10:04:11.0931 7192 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:04:11.0931 7192 WUDFRd - ok
    10:04:11.0962 7192 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    10:04:11.0962 7192 wudfsvc - ok
    10:04:12.0009 7192 [ 7927E830ECDE6DB3682CC319BAD26984 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
    10:04:12.0024 7192 yukonwlh - ok
    10:04:12.0024 7192 ================ Scan global ===============================
    10:04:12.0055 7192 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    10:04:12.0087 7192 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    10:04:12.0118 7192 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    10:04:12.0149 7192 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    10:04:12.0165 7192 [Global] - ok
    10:04:12.0165 7192 ================ Scan MBR ==================================
    10:04:12.0180 7192 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
    10:04:15.0753 7192 \Device\Harddisk0\DR0 - ok
    10:04:15.0753 7192 ================ Scan VBR ==================================
    10:04:15.0753 7192 [ BBCE2F9E2DB1CA9032E08BCDDFDB6D97 ] \Device\Harddisk0\DR0\Partition1
    10:04:15.0753 7192 \Device\Harddisk0\DR0\Partition1 - ok
    10:04:15.0784 7192 [ C29F84568B8C1599D108EBFE7DF25393 ] \Device\Harddisk0\DR0\Partition2
    10:04:15.0784 7192 \Device\Harddisk0\DR0\Partition2 - ok
    10:04:15.0784 7192 ============================================================
    10:04:15.0784 7192 Scan finished
    10:04:15.0784 7192 ============================================================
    10:04:15.0799 7280 Detected object count: 0
    10:04:15.0799 7280 Actual detected object count: 0
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that is OK adwcleaner was going to be the next step so post the log it made please
     
  6. cevee

    cevee Thread Starter

    Joined:
    Nov 5, 2010
    Messages:
    5
    Here is the file from Adw utility - i noticed it said it removed search-results.com so I ran a search using Google Chrome and it still comes up with the search-results.com . Thanks again Derek!


    # AdwCleaner v2.111 - Logfile created 02/09/2013 at 08:51:17
    # Updated 05/02/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Brian - BRIAN-LAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Brian\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Google Chrome v24.0.1312.57
    File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.48] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=113&systemid=406&sr=0&q={searchT[...]
    *************************
    AdwCleaner[R1].txt - [2371 octets] - [06/02/2013 12:31:27]
    AdwCleaner[S1].txt - [2308 octets] - [06/02/2013 12:31:41]
    AdwCleaner[S2].txt - [885 octets] - [09/02/2013 08:51:17]
    ########## EOF - C:\AdwCleaner[S2].txt - [944 octets] ##########
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  8. cevee

    cevee Thread Starter

    Joined:
    Nov 5, 2010
    Messages:
    5
    That worked! I deleted and reinstalled Chrome and ran a search and did not get the search-results.com. Thanks so much Derek. Is there anything else I should do? who marks this solved- you or me? I will go make another donation - you guys are so nice to help out.
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    you can mark it solved if you are happy. Come back if you find any other problems
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088584

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice