Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Account privileges messed up


  • This topic is locked This topic is locked
10 replies to this topic

#1 Blastphemist

Blastphemist

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 05 November 2013 - 05:08 PM

My sister's computer just arrived laden with "why doesn't this work" postit notes. Norton Internet Security was installed but disabled, AVG 2013 was installed but disabled. Ran the removal tools for both. Ran AdwCleaner, removed 24x7 and others. Malwarebytes removed more parts of 24x7. System appears clear now, accepting java/Win7 updates. This was all done on the Admin account.

 

Once I moved back to check the standard user account that she uses, I was faced with a dramatic change in access. Any time I try to directly access a feature of Windows 7 that involved a file, rather than a program, I get an explorer.exe error "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item." I attempted to regain control by re-entering admin account and adjusting the properties of C:\ to allow read/execute for standard users. This was something I read on teh internet. Didn't have to change anything though as all appeared "normal".

 

So, One option is to create new user accounts, move files to them, and erase the broken ones. This is likely the fastest solution. The other is to apply a magic fix which will replace the bad permissions with good.

 

The odd thing is that while I can't open "My Computer" to view files, I can open MS Word, Open Document, and browse through places until I find the file I want and it opens. So, it's not the file itself which is denied to me, it is explorer.exe which not happy.

 

sfc /scannow (as Admin) shows no problems.

 

Thanks for reading this, apologies for running cleanup tools before being asked to do so, and I look forward to your responses.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:01 AM

Posted 05 November 2013 - 05:33 PM

Hello -

First EDIT - Click Follow this Topic at the Top Right side ......

 

Please start with these instructions >

24x7 Help Removal Guide - Bleeping Computer This page contains free removal instructions for the 24x7 Help Adware computer infection. Just change the Quick Scan with Malwarebytes to a Full Scan -

 

Copy / Paste back any scan results and how the problem is after 1 day -

 

Thank You -


Edited by noknojon, 05 November 2013 - 05:35 PM.


#3 Blastphemist

Blastphemist
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 06 November 2013 - 12:17 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin Account on Tue 11/05/2013 at 14:57:07.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

~~~ Event Viewer Logs were cleared
==================================================
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Admin Account :: CIELOHA-PC [administrator]

11/5/2013 3:12:33 PM
mbam-log-2013-11-05 (15-12-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 509685
Time elapsed: 2 hour(s), 11 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Hayden\Downloads\iTunes_Setup.exe (PUP.Optional.iBryte) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ilivid\uninstall.exe.vir (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.

(end)

After running these, the message "The Recycle Bin in C:\ is corrupted. Do you wish to empty the Recycle Bin for this drive." The error message referring to appropriate permissions remains.

Edited by Blastphemist, 06 November 2013 - 12:20 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:01 AM

Posted 06 November 2013 - 04:37 PM

Hi -

You did remove a few bits of it, but not the main program yet ....

 

First read and follow How To Temporarily Disable Your Anti-virus

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Thanks -


Edited by noknojon, 06 November 2013 - 04:39 PM.


#5 Blastphemist

Blastphemist
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 07 November 2013 - 03:21 AM

RKill-
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/06/2013 09:45:10 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/06/2013 09:48:44 PM
Execution time: 0 hours(s), 3 minute(s), and 34 seconds(s)

AdwCleaner has been run 3 times. 10/28, 11/5, and 11/6. All 3 logs are listed below, chronological order.
# AdwCleaner v3.003 - Report created 28/10/2013 at 22:46:29
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin Account - CIELOHA-PC
# Running from : C:\Users\Cieloha\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 24x7HelpSvc
Service Deleted : FastFreeConverterUpdt

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Cieloha\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Cieloha\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\Cieloha\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Hayden\AppData\Local\Ilivid
Folder Deleted : C:\Users\Hayden\AppData\LocalLow\Fast Free Converter
[!] Folder Deleted : C:\Users\Hayden\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Paige.Cieloha-PC\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Admin Account\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Admin Account\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\Admin Account\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Cieloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : \END
File Deleted : C:\Users\Hayden\Desktop\Play Free Games.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PCFixSpeed]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{304E71B8-633E-4C36-996A-7D21D9D1518F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{304E71B8-633E-4C36-996A-7D21D9D1518F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\24x7help
Key Deleted : HKLM\Software\24x7help
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16464


*************************

AdwCleaner[R0].txt - [7026 octets] - [28/10/2013 22:44:53]
AdwCleaner[S0].txt - [7034 octets] - [28/10/2013 22:46:29]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [7094 octets] ##########
# AdwCleaner v3.011 - Report created 05/11/2013 at 11:51:46
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin Account - CIELOHA-PC
# Running from : C:\Users\Admin Account\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Cieloha\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Cieloha\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Hayden\AppData\Roaming\PCFixSpeed

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\24x7help
Key Deleted : HKLM\Software\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Admin Account\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7026 octets] - [28/10/2013 21:44:53]
AdwCleaner[R1].txt - [2328 octets] - [05/11/2013 11:50:20]
AdwCleaner[S0].txt - [7180 octets] - [28/10/2013 21:46:29]
AdwCleaner[S1].txt - [2234 octets] - [05/11/2013 11:51:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2294 octets] ##########
# AdwCleaner v3.011 - Report created 06/11/2013 at 23:56:47
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin Account - CIELOHA-PC
# Running from : C:\Users\Admin Account\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Hayden\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Admin Account\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7026 octets] - [28/10/2013 21:44:53]
AdwCleaner[R1].txt - [2328 octets] - [05/11/2013 11:50:20]
AdwCleaner[R2].txt - [1118 octets] - [06/11/2013 23:54:35]
AdwCleaner[S0].txt - [7180 octets] - [28/10/2013 21:46:29]
AdwCleaner[S1].txt - [2382 octets] - [05/11/2013 11:51:46]
AdwCleaner[S2].txt - [1040 octets] - [06/11/2013 23:56:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1100 octets] ##########

Security Check log

Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````


#6 Blastphemist

Blastphemist
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 07 November 2013 - 03:36 AM

The standard accounts are still returning a permissions error when trying to access the "My Computer" icons.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:01 AM

Posted 07 November 2013 - 05:08 AM

There is a chance that the 24 x 7 infection was a "side-line", and other problems also exist -

 

Download MiniToolBox, Save it to your desktop to run it.
Checkmark the following boxes:
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
Click Go and copy / paste the result (Result.txt).
 

 

Scan your machine with ESET OnlineScan

You may need to read How To Temporarily Disable Your Anti-virus

Please use Internet Explorer as the scan uses ActiveX - See item 3 - 1 if you will not use I.E.
1. Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the icon on your desktop.

4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

*Scan potentially unwanted applications
*Scan for potentially unsafe applications
*Enable Anti-Stealth technology

9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this Will take quite some time.
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Run a Disk Check on your C: drive in Windows Vista or Windws 7:
• Click the Start button and select Computer

• Right-click on C: and select Properties

• Click on the Tools tab

• Under Error-checking click the Check Now... button and click Continue at the UAC prompt

• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors

• Click on the Start button

• When the message box pops up, click the Schedule disk check button and Restart your computer

• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so.
This will take (on average) 1 to 2 hours depending on your system, so please let it finish.
DO NOT force a reboot once started as you will lose data and may damage the computer
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages -

 

 

Finally -

Download TDSSKiller and save it to your desktop.

* Extract (unzip) its contents to your desktop.
* Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.

Please copy and paste the contents of that file here.

 

Thank You -



#8 Blastphemist

Blastphemist
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 08 November 2013 - 01:04 AM

In the order given,

 

MiniToolBox by Farbar  Version: 25-11-2012
Ran by Admin Account (administrator) on 07-11-2013 at 08:19:23
Running from "C:\Users\Admin Account\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Cieloha-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 68-A3-C4-38-54-66
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 68-A3-C4-38-54-66
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e80f:99bb:e264:3125%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.74(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, November 06, 2013 11:58:06 PM
   Lease Expires . . . . . . . . . . : Thursday, November 07, 2013 5:58:05 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 325624772
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1E-A4-FA-B8-70-F4-4C-91-7A
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : B8-70-F4-4C-91-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.lan:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{796193F4-ACEB-43A7-BAC3-CC34CCE567C4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:a:af2f:596c:ae1b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::a:af2f:596c:ae1b%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{7488F848-EFD8-42E0-9B75-4D9749EBEF7C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  attunite.lan
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4005:800::1002
      74.125.239.97
      74.125.239.100
      74.125.239.101
      74.125.239.98
      74.125.239.104
      74.125.239.110
      74.125.239.96
      74.125.239.105
      74.125.239.102
      74.125.239.103
      74.125.239.99


Pinging google.com [74.125.239.99] with 32 bytes of data:
Reply from 74.125.239.99: bytes=32 time=68ms TTL=51
Reply from 74.125.239.99: bytes=32 time=101ms TTL=51

Ping statistics for 74.125.239.99:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 68ms, Maximum = 101ms, Average = 84ms
Server:  attunite.lan
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=148ms TTL=45
Reply from 98.138.253.109: bytes=32 time=135ms TTL=45

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 135ms, Maximum = 148ms, Average = 141ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...68 a3 c4 38 54 66 ......Microsoft Virtual WiFi Miniport Adapter
 12...68 a3 c4 38 54 66 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
 10...b8 70 f4 4c 91 7a ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.74     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.74    281
     192.168.1.74  255.255.255.255         On-link      192.168.1.74    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.74    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.74    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.74    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:a:af2f:596c:ae1b/128
                                    On-link
 12    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::a:af2f:596c:ae1b/128
                                    On-link
 12    281 fe80::e80f:99bb:e264:3125/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/07/2013 08:16:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xf24
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (11/07/2013 00:21:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: TosSENotify.exe, version: 1.0.64.16, time stamp: 0x4b6bda0c
Faulting module name: TosSENotify.exe, version: 1.0.64.16, time stamp: 0x4b6bda0c
Exception code: 0xc0000005
Fault offset: 0x0000000000007b1b
Faulting process id: 0xe68
Faulting application start time: 0xTosSENotify.exe0
Faulting application path: TosSENotify.exe1
Faulting module path: TosSENotify.exe2
Report Id: TosSENotify.exe3

Error: (11/07/2013 00:00:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xb88
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (11/06/2013 10:18:54 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE2) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/06/2013 10:18:54 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EE2

Error: (11/06/2013 09:56:26 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (11/06/2013 09:46:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x868
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3


System errors:
=============
Error: (11/07/2013 08:16:28 AM) (Source: Service Control Manager) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (11/07/2013 00:00:52 AM) (Source: DCOM) (User: )
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (11/07/2013 00:00:26 AM) (Source: Service Control Manager) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/06/2013 11:59:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/06/2013 11:58:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (11/06/2013 09:47:02 PM) (Source: DCOM) (User: )
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (11/06/2013 09:46:39 PM) (Source: Service Control Manager) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/06/2013 09:43:48 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/06/2013 09:18:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/06/2013 09:17:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126


Microsoft Office Sessions:
=========================
Error: (11/07/2013 08:16:28 AM) (Source: Application Error)(User: )
Description: TPCHSrv.exe1.0.0.174b83993entdll.dll6.1.7601.1822951fb164ac000037400000000000c4102f2401cedbd4b4d5657aC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dllf42743eb-47c7-11e3-a04a-b870f44c917a

Error: (11/07/2013 00:21:31 AM) (Source: Application Error)(User: )
Description: TosSENotify.exe1.0.64.164b6bda0cTosSENotify.exe1.0.64.164b6bda0cc00000050000000000007b1be6801cedb925caa884dC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe9aab1f0e-4785-11e3-a04a-b870f44c917a

Error: (11/07/2013 00:00:24 AM) (Source: Application Error)(User: )
Description: TPCHSrv.exe1.0.0.174b83993entdll.dll6.1.7601.1822951fb164ac000037400000000000c4102b8801cedb8f685f0437C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dlla77325f1-4782-11e3-a04a-b870f44c917a

Error: (11/06/2013 10:18:54 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE266c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/06/2013 10:18:54 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE200010001(0x00000000, 22:18:31:146 - http://go.microsoft.com/fwlink/?LinkId=151642)
00020001(0x00000000, 22:18:31:146)
00030001(0x00000000, 22:18:31:146 - http://go.microsoft.com)
00030002(0x00000000, 22:18:31:146 - 0)
00040001(0x00000000, 22:18:31:146 - http://go.microsoft.com)
00040002(0x00000000, 22:18:31:146 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:18:33:455 - <NULL>)
00040006(0x00000000, 22:18:33:455 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:18:33:455 - 0)
00020007(0x80072EE2, 22:18:54:484)
00010002(0x80072EE2, 22:18:54:484 - <NULL>)
00010003(0x80072EE2, 22:18:54:484)

Error: (11/06/2013 09:56:26 PM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (11/06/2013 09:46:37 PM) (Source: Application Error)(User: )
Description: TPCHSrv.exe1.0.0.174b83993entdll.dll6.1.7601.1822951fb164ac000037400000000000c410286801cedb7cb68e62ccC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dllf6eadb5b-476f-11e3-9665-b870f44c917a


CodeIntegrity Errors:
===================================
  Date: 2013-01-30 00:06:58.657
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-30 00:06:58.645
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-30 00:06:58.633
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-30 00:06:58.614
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-21 11:17:18.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-21 11:17:18.190
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
C4700 (Version: 140.0.690.000)
Cake Mania - Lights, Camera, Action!™ (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full Existing (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full New (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Light (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Common (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0315.1050.17562)
Catalyst Control Center Localization All (Version: 2010.0315.1050.17562)
ccc-core-static (Version: 2010.0315.1050.17562)
ccc-utility64 (Version: 2010.0315.1050.17562)
CCC Help Chinese Standard (Version: 2010.0315.1049.17562)
CCC Help Chinese Traditional (Version: 2010.0315.1049.17562)
CCC Help Czech (Version: 2010.0315.1049.17562)
CCC Help Danish (Version: 2010.0315.1049.17562)
CCC Help Dutch (Version: 2010.0315.1049.17562)
CCC Help English (Version: 2010.0315.1049.17562)
CCC Help Finnish (Version: 2010.0315.1049.17562)
CCC Help French (Version: 2010.0315.1049.17562)
CCC Help German (Version: 2010.0315.1049.17562)
CCC Help Greek (Version: 2010.0315.1049.17562)
CCC Help Hungarian (Version: 2010.0315.1049.17562)
CCC Help Italian (Version: 2010.0315.1049.17562)
CCC Help Japanese (Version: 2010.0315.1049.17562)
CCC Help Korean (Version: 2010.0315.1049.17562)
CCC Help Norwegian (Version: 2010.0315.1049.17562)
CCC Help Polish (Version: 2010.0315.1049.17562)
CCC Help Portuguese (Version: 2010.0315.1049.17562)
CCC Help Russian (Version: 2010.0315.1049.17562)
CCC Help Spanish (Version: 2010.0315.1049.17562)
CCC Help Swedish (Version: 2010.0315.1049.17562)
CCC Help Thai (Version: 2010.0315.1049.17562)
CCC Help Turkish (Version: 2010.0315.1049.17562)
Chuzzle Deluxe (Version: 2.2.0.95)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DVD Decrypter (Remove Only)
FATE - The Traitor Soul (Version: 2.2.0.95)
Google Chrome (Version: 30.0.1599.101)
Google Earth (Version: 7.1.1.1888)
Google Talk Plugin (Version: 4.8.2.15856)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.165)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
GPBaseService2 (Version: 140.0.211.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.002.002)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
iTunes (Version: 11.1.1.11)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Jewel Quest - Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 140.0.212.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Network64 (Version: 140.0.215.000)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.95)
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.74.80.86)
QuickTransfer (Version: 140.0.98.000)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.13.112.2010)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.5992)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Realtek WLAN Driver (Version: 2.00.0013)
Revo Uninstaller 1.95 (Version: 1.95)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
Skype Launcher (Version: 2.01)
Slingo Supreme (Version: 2.2.0.95)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Status (Version: 140.0.212.000)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toolbox (Version: 140.0.428.000)
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 3.00.11)
Toshiba Book Place (Version: 2.0.5271)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA eco Utility (Version: 1.2.11.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.6C)
TOSHIBA Hardware Setup (Version: 1.63.0.22C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.6.22)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.8.0)
Toshiba Online Backup (Version: 2.0.0.25)
TOSHIBA PC Health Monitor (Version: 1.6.0.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Supervisor Password (Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.19.64)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
TrayApp (Version: 140.0.212.000)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2894)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0463)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 woriper (Version: 011.000.1435)
TurboTax 2011 wrapper (Version: 011.000.0121)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Utility Common Driver (Version: 1.0.52.1C)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VoiceOver Kit (Version: 1.42.128.0)
WebReg (Version: 140.0.212.017)
WildTangent Games (Version: 1.0.1.5)
WildTangent ORB Game Console
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Toolbar

**** End of log ****

 

 

C:\Users\Hayden\Downloads\iTunes_Setup.exe    a variant of Win32/Kryptik.BLXE trojan    
C:\Documents and Settings\Hayden\Downloads\iTunes_Setup.exe    a variant of Win32/Kryptik.BLXE trojan    cleaned by deleting - quarantined

20:30:52.0642 0x12b4  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38
20:30:58.0924 0x12b4  ============================================================
20:30:58.0924 0x12b4  Current date / time: 2013/11/07 20:30:58.0924
20:30:58.0924 0x12b4  SystemInfo:
20:30:58.0924 0x12b4  
20:30:58.0924 0x12b4  OS Version: 6.1.7601 ServicePack: 1.0
20:30:58.0924 0x12b4  Product type: Workstation
20:30:58.0924 0x12b4  ComputerName: CIELOHA-PC
20:30:58.0925 0x12b4  UserName: Admin Account
20:30:58.0925 0x12b4  Windows directory: C:\windows
20:30:58.0925 0x12b4  System windows directory: C:\windows
20:30:58.0925 0x12b4  Running under WOW64
20:30:58.0925 0x12b4  Processor architecture: Intel x64
20:30:58.0925 0x12b4  Number of processors: 2
20:30:58.0925 0x12b4  Page size: 0x1000
20:30:58.0925 0x12b4  Boot type: Normal boot
20:30:58.0925 0x12b4  ============================================================
20:31:03.0079 0x12b4  System UUID: {158BF4F2-FB1E-892E-DBD5-41E413339972}
20:31:03.0950 0x12b4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:31:03.0957 0x12b4  Drive \Device\Harddisk1\DR1 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:31:03.0959 0x12b4  ============================================================
20:31:03.0959 0x12b4  \Device\Harddisk0\DR0:
20:31:03.0959 0x12b4  MBR partitions:
20:31:03.0959 0x12b4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3894F800
20:31:03.0960 0x12b4  \Device\Harddisk1\DR1:
20:31:03.0961 0x12b4  MBR partitions:
20:31:03.0961 0x12b4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
20:31:03.0961 0x12b4  ============================================================
20:31:03.0995 0x12b4  C: <-> \Device\Harddisk0\DR0\Partition1
20:31:03.0995 0x12b4  ============================================================
20:31:03.0995 0x12b4  Initialize success
20:31:03.0995 0x12b4  ============================================================
20:31:19.0910 0x09bc  ============================================================
20:31:19.0910 0x09bc  Scan started
20:31:19.0910 0x09bc  Mode: Manual; SigCheck; TDLFS;
20:31:19.0911 0x09bc  ============================================================
20:31:19.0911 0x09bc  KSN ping started
20:31:22.0843 0x09bc  KSN ping finished: true
20:31:23.0278 0x09bc  ================ Scan system memory ========================
20:31:23.0278 0x09bc  System memory - ok
20:31:23.0284 0x09bc  ================ Scan services =============================
20:31:23.0493 0x09bc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
20:31:23.0695 0x09bc  1394ohci - ok
20:31:23.0807 0x09bc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
20:31:23.0890 0x09bc  ACPI - ok
20:31:23.0985 0x09bc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
20:31:24.0085 0x09bc  AcpiPmi - ok
20:31:24.0187 0x09bc  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:31:24.0222 0x09bc  AdobeARMservice - ok
20:31:24.0381 0x09bc  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:31:24.0437 0x09bc  AdobeFlashPlayerUpdateSvc - ok
20:31:24.0518 0x09bc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
20:31:24.0588 0x09bc  adp94xx - ok
20:31:24.0630 0x09bc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
20:31:24.0685 0x09bc  adpahci - ok
20:31:24.0709 0x09bc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
20:31:24.0753 0x09bc  adpu320 - ok
20:31:24.0794 0x09bc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
20:31:24.0943 0x09bc  AeLookupSvc - ok
20:31:25.0026 0x09bc  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\windows\system32\drivers\afd.sys
20:31:25.0162 0x09bc  AFD - ok
20:31:25.0213 0x09bc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
20:31:25.0246 0x09bc  agp440 - ok
20:31:25.0295 0x09bc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
20:31:25.0375 0x09bc  ALG - ok
20:31:25.0428 0x09bc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
20:31:25.0458 0x09bc  aliide - ok
20:31:25.0512 0x09bc  [ 57B773D82E8CC3C6D7E02CC8A6632043, 8E3BEF76976E884E9E68BEC34963E4C6C0D523630D5FB1325B3A622B6369FF4E ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
20:31:25.0609 0x09bc  AMD External Events Utility - ok
20:31:25.0664 0x09bc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
20:31:25.0695 0x09bc  amdide - ok
20:31:25.0747 0x09bc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
20:31:25.0825 0x09bc  AmdK8 - ok
20:31:26.0351 0x09bc  [ AEFAF27F1B7E52C705DF4FB6C96732F6, 83F8A4EB3B0EA02E4F6F648F93014A3BC10A25CB0557DE2D50A26F338B278165 ] amdkmdag        C:\windows\system32\DRIVERS\atipmdag.sys
20:31:27.0076 0x09bc  amdkmdag - ok
20:31:27.0174 0x09bc  [ 8149DB73BE27950EC72767A1193153A6, 2EE3E241695C6EEE0C013E6E5DC2C0D71B0474032D138E9958E6A191C691B481 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
20:31:27.0256 0x09bc  amdkmdap - ok
20:31:27.0314 0x09bc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
20:31:27.0368 0x09bc  AmdPPM - ok
20:31:27.0417 0x09bc  [ 53D8D46D51D390ABDB54ECA623165CB7, D16A3604412D0DC3EA68320FB6980D146ED60D587AAB6B65810C038AFF1EC237 ] amdsata         C:\windows\system32\DRIVERS\amdsata.sys
20:31:27.0464 0x09bc  amdsata - ok
20:31:27.0509 0x09bc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
20:31:27.0553 0x09bc  amdsbs - ok
20:31:27.0582 0x09bc  [ 75C51148154E34EB3D7BB84749A758D5, 8865F223CBAE166A9BF6CBCDA66F63369F151CCB449A28E95560C36AD45D0C85 ] amdxata         C:\windows\system32\DRIVERS\amdxata.sys
20:31:27.0607 0x09bc  amdxata - ok
20:31:27.0665 0x09bc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
20:31:27.0861 0x09bc  AppID - ok
20:31:27.0890 0x09bc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
20:31:27.0997 0x09bc  AppIDSvc - ok
20:31:28.0058 0x09bc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
20:31:28.0125 0x09bc  Appinfo - ok
20:31:28.0223 0x09bc  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:31:28.0251 0x09bc  Apple Mobile Device - ok
20:31:28.0319 0x09bc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
20:31:28.0355 0x09bc  arc - ok
20:31:28.0372 0x09bc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
20:31:28.0409 0x09bc  arcsas - ok
20:31:28.0443 0x09bc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
20:31:28.0552 0x09bc  AsyncMac - ok
20:31:28.0602 0x09bc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
20:31:28.0631 0x09bc  atapi - ok
20:31:28.0689 0x09bc  [ 7C5D273E29DCC5505469B299C6F29163, 206CAB85CE12A3953F0861C811575DC7FD000147436219EEE334584A33370B3A ] AtiPcie         C:\windows\system32\DRIVERS\AtiPcie.sys
20:31:28.0712 0x09bc  AtiPcie - ok
20:31:28.0807 0x09bc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:31:28.0988 0x09bc  AudioEndpointBuilder - ok
20:31:29.0074 0x09bc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
20:31:29.0220 0x09bc  AudioSrv - ok
20:31:29.0282 0x09bc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
20:31:29.0379 0x09bc  AxInstSV - ok
20:31:29.0452 0x09bc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
20:31:29.0556 0x09bc  b06bdrv - ok
20:31:29.0611 0x09bc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
20:31:29.0690 0x09bc  b57nd60a - ok
20:31:29.0739 0x09bc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
20:31:29.0812 0x09bc  BDESVC - ok
20:31:29.0836 0x09bc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
20:31:29.0944 0x09bc  Beep - ok
20:31:30.0064 0x09bc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
20:31:30.0239 0x09bc  BFE - ok
20:31:30.0341 0x09bc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
20:31:30.0522 0x09bc  BITS - ok
20:31:30.0562 0x09bc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
20:31:30.0614 0x09bc  blbdrive - ok
20:31:30.0758 0x09bc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:31:30.0817 0x09bc  Bonjour Service - ok
20:31:30.0873 0x09bc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
20:31:30.0941 0x09bc  bowser - ok
20:31:30.0977 0x09bc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
20:31:31.0070 0x09bc  BrFiltLo - ok
20:31:31.0095 0x09bc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
20:31:31.0133 0x09bc  BrFiltUp - ok
20:31:31.0195 0x09bc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
20:31:31.0297 0x09bc  BridgeMP - ok
20:31:31.0336 0x09bc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
20:31:31.0400 0x09bc  Browser - ok
20:31:31.0443 0x09bc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
20:31:31.0538 0x09bc  Brserid - ok
20:31:31.0579 0x09bc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
20:31:31.0630 0x09bc  BrSerWdm - ok
20:31:31.0648 0x09bc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
20:31:31.0718 0x09bc  BrUsbMdm - ok
20:31:31.0767 0x09bc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
20:31:31.0811 0x09bc  BrUsbSer - ok
20:31:31.0830 0x09bc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
20:31:31.0875 0x09bc  BTHMODEM - ok
20:31:31.0921 0x09bc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
20:31:32.0040 0x09bc  bthserv - ok
20:31:32.0065 0x09bc  catchme - ok
20:31:32.0098 0x09bc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
20:31:32.0214 0x09bc  cdfs - ok
20:31:32.0285 0x09bc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
20:31:32.0356 0x09bc  cdrom - ok
20:31:32.0412 0x09bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
20:31:32.0520 0x09bc  CertPropSvc - ok
20:31:32.0557 0x09bc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
20:31:32.0622 0x09bc  circlass - ok
20:31:32.0685 0x09bc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
20:31:32.0748 0x09bc  CLFS - ok
20:31:32.0828 0x09bc  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:32.0859 0x09bc  clr_optimization_v2.0.50727_32 - ok
20:31:32.0930 0x09bc  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:31:32.0962 0x09bc  clr_optimization_v2.0.50727_64 - ok
20:31:33.0057 0x09bc  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:33.0091 0x09bc  clr_optimization_v4.0.30319_32 - ok
20:31:33.0177 0x09bc  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:31:33.0211 0x09bc  clr_optimization_v4.0.30319_64 - ok
20:31:33.0253 0x09bc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
20:31:33.0308 0x09bc  CmBatt - ok
20:31:33.0341 0x09bc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
20:31:33.0372 0x09bc  cmdide - ok
20:31:33.0443 0x09bc  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\windows\system32\Drivers\cng.sys
20:31:33.0526 0x09bc  CNG - ok
20:31:33.0561 0x09bc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
20:31:33.0591 0x09bc  Compbatt - ok
20:31:33.0652 0x09bc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
20:31:33.0711 0x09bc  CompositeBus - ok
20:31:33.0742 0x09bc  COMSysApp - ok
20:31:33.0773 0x09bc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
20:31:33.0804 0x09bc  crcdisk - ok
20:31:33.0866 0x09bc  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
20:31:33.0922 0x09bc  CryptSvc - ok
20:31:34.0003 0x09bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
20:31:34.0159 0x09bc  DcomLaunch - ok
20:31:34.0209 0x09bc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
20:31:34.0342 0x09bc  defragsvc - ok
20:31:34.0408 0x09bc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
20:31:34.0529 0x09bc  DfsC - ok
20:31:34.0617 0x09bc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
20:31:34.0774 0x09bc  Dhcp - ok
20:31:34.0813 0x09bc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
20:31:34.0930 0x09bc  discache - ok
20:31:34.0989 0x09bc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
20:31:35.0023 0x09bc  Disk - ok
20:31:35.0075 0x09bc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
20:31:35.0147 0x09bc  Dnscache - ok
20:31:35.0205 0x09bc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
20:31:35.0329 0x09bc  dot3svc - ok
20:31:35.0389 0x09bc  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
20:31:35.0454 0x09bc  Dot4 - ok
20:31:35.0504 0x09bc  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\windows\system32\drivers\Dot4Prt.sys
20:31:35.0561 0x09bc  Dot4Print - ok
20:31:35.0590 0x09bc  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
20:31:35.0658 0x09bc  dot4usb - ok
20:31:35.0710 0x09bc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
20:31:35.0823 0x09bc  DPS - ok
20:31:35.0861 0x09bc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
20:31:35.0911 0x09bc  drmkaud - ok
20:31:36.0016 0x09bc  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
20:31:36.0123 0x09bc  DXGKrnl - ok
20:31:36.0182 0x09bc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
20:31:36.0297 0x09bc  EapHost - ok
20:31:36.0569 0x09bc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
20:31:36.0948 0x09bc  ebdrv - ok
20:31:37.0004 0x09bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\windows\System32\lsass.exe
20:31:37.0076 0x09bc  EFS - ok
20:31:37.0180 0x09bc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
20:31:37.0302 0x09bc  ehRecvr - ok
20:31:37.0348 0x09bc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
20:31:37.0413 0x09bc  ehSched - ok
20:31:37.0495 0x09bc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
20:31:37.0567 0x09bc  elxstor - ok
20:31:37.0594 0x09bc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
20:31:37.0634 0x09bc  ErrDev - ok
20:31:37.0717 0x09bc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
20:31:37.0870 0x09bc  EventSystem - ok
20:31:37.0925 0x09bc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
20:31:38.0048 0x09bc  exfat - ok
20:31:38.0078 0x09bc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
20:31:38.0201 0x09bc  fastfat - ok
20:31:38.0296 0x09bc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
20:31:38.0409 0x09bc  Fax - ok
20:31:38.0455 0x09bc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
20:31:38.0503 0x09bc  fdc - ok
20:31:38.0541 0x09bc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
20:31:38.0643 0x09bc  fdPHost - ok
20:31:38.0670 0x09bc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
20:31:38.0772 0x09bc  FDResPub - ok
20:31:38.0792 0x09bc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
20:31:38.0810 0x09bc  FileInfo - ok
20:31:38.0829 0x09bc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
20:31:38.0915 0x09bc  Filetrace - ok
20:31:38.0957 0x09bc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
20:31:38.0986 0x09bc  flpydisk - ok
20:31:39.0043 0x09bc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
20:31:39.0096 0x09bc  FltMgr - ok
20:31:39.0233 0x09bc  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
20:31:39.0379 0x09bc  FontCache - ok
20:31:39.0439 0x09bc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:39.0466 0x09bc  FontCache3.0.0.0 - ok
20:31:39.0501 0x09bc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
20:31:39.0534 0x09bc  FsDepends - ok
20:31:39.0574 0x09bc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
20:31:39.0604 0x09bc  Fs_Rec - ok
20:31:39.0672 0x09bc  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
20:31:39.0726 0x09bc  fvevol - ok
20:31:39.0762 0x09bc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
20:31:39.0796 0x09bc  gagp30kx - ok
20:31:39.0889 0x09bc  [ 1FDA0DF739234C4023851A282DD28704, 993187336366C53B125A989DD264506B000AA65789C1B6907DF85CFC64E894C7 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
20:31:39.0931 0x09bc  GameConsoleService - ok
20:31:39.0983 0x09bc  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:31:40.0010 0x09bc  GEARAspiWDM - ok
20:31:40.0104 0x09bc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
20:31:40.0263 0x09bc  gpsvc - ok
20:31:40.0364 0x09bc  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:31:40.0396 0x09bc  gupdate - ok
20:31:40.0413 0x09bc  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:31:40.0443 0x09bc  gupdatem - ok
20:31:40.0492 0x09bc  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:31:40.0528 0x09bc  gusvc - ok
20:31:40.0562 0x09bc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
20:31:40.0631 0x09bc  hcw85cir - ok
20:31:40.0703 0x09bc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:31:40.0802 0x09bc  HdAudAddService - ok
20:31:40.0866 0x09bc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
20:31:40.0928 0x09bc  HDAudBus - ok
20:31:40.0964 0x09bc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
20:31:41.0017 0x09bc  HidBatt - ok
20:31:41.0033 0x09bc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
20:31:41.0094 0x09bc  HidBth - ok
20:31:41.0137 0x09bc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
20:31:41.0194 0x09bc  HidIr - ok
20:31:41.0232 0x09bc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
20:31:41.0346 0x09bc  hidserv - ok
20:31:41.0390 0x09bc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
20:31:41.0437 0x09bc  HidUsb - ok
20:31:41.0476 0x09bc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
20:31:41.0584 0x09bc  hkmsvc - ok
20:31:41.0640 0x09bc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:31:41.0718 0x09bc  HomeGroupListener - ok
20:31:41.0774 0x09bc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:31:41.0837 0x09bc  HomeGroupProvider - ok
20:31:41.0993 0x09bc  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:31:42.0037 0x09bc  hpqcxs08 - ok
20:31:42.0064 0x09bc  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:31:42.0093 0x09bc  hpqddsvc - ok
20:31:42.0132 0x09bc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
20:31:42.0168 0x09bc  HpSAMD - ok
20:31:42.0284 0x09bc  [ D4F91CF4DE215D6F14A06087D46725E4, 656E78AB0CD5B3DA396F937CF05863F80C9E430EDED6F68A88F39604A052921B ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:31:42.0383 0x09bc  HPSLPSVC - ok
20:31:42.0487 0x09bc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
20:31:42.0660 0x09bc  HTTP - ok
20:31:42.0695 0x09bc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
20:31:42.0724 0x09bc  hwpolicy - ok
20:31:42.0787 0x09bc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
20:31:42.0826 0x09bc  i8042prt - ok
20:31:42.0899 0x09bc  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
20:31:42.0960 0x09bc  iaStorV - ok
20:31:43.0074 0x09bc  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:43.0166 0x09bc  idsvc - ok
20:31:43.0199 0x09bc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
20:31:43.0232 0x09bc  iirsp - ok
20:31:43.0339 0x09bc  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\windows\System32\ikeext.dll
20:31:43.0520 0x09bc  IKEEXT - ok
20:31:43.0746 0x09bc  [ 490947A9AFF7CA31EF2E08F5776105EB, C817D60DBA6B276AD4EF2E0FDF5547F152294AFEF6264C28B8F4DC20B3A85515 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:31:43.0968 0x09bc  IntcAzAudAddService - ok
20:31:44.0025 0x09bc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
20:31:44.0055 0x09bc  intelide - ok
20:31:44.0100 0x09bc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
20:31:44.0142 0x09bc  intelppm - ok
20:31:44.0225 0x09bc  [ 1663A135865F0BA6E853353E98E67F2A, 700D383F964EBF38D9B66A6C7966700F0DBE7C7AF77AAE2F67AF703E36C8116B ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:31:44.0247 0x09bc  IntuitUpdateServiceV4 - ok
20:31:44.0307 0x09bc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
20:31:44.0423 0x09bc  IPBusEnum - ok
20:31:44.0465 0x09bc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
20:31:44.0570 0x09bc  IpFilterDriver - ok
20:31:44.0670 0x09bc  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
20:31:44.0825 0x09bc  iphlpsvc - ok
20:31:44.0864 0x09bc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
20:31:44.0903 0x09bc  IPMIDRV - ok
20:31:44.0957 0x09bc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
20:31:45.0075 0x09bc  IPNAT - ok
20:31:45.0182 0x09bc  [ 6660920D05A32DF2DC1260CEF0B6D172, 2C4361B59CD9F41519FDF14EC69F2E37E1B0635ACA476E4BEF2152C925E35F9F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:31:45.0261 0x09bc  iPod Service - ok
20:31:45.0300 0x09bc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
20:31:45.0386 0x09bc  IRENUM - ok
20:31:45.0431 0x09bc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
20:31:45.0462 0x09bc  isapnp - ok
20:31:45.0497 0x09bc  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
20:31:45.0548 0x09bc  iScsiPrt - ok
20:31:45.0576 0x09bc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
20:31:45.0624 0x09bc  kbdclass - ok
20:31:45.0679 0x09bc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
20:31:45.0724 0x09bc  kbdhid - ok
20:31:45.0749 0x09bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\windows\system32\lsass.exe
20:31:45.0782 0x09bc  KeyIso - ok
20:31:45.0824 0x09bc  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
20:31:45.0860 0x09bc  KSecDD - ok
20:31:45.0894 0x09bc  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
20:31:45.0935 0x09bc  KSecPkg - ok
20:31:45.0982 0x09bc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
20:31:46.0091 0x09bc  ksthunk - ok
20:31:46.0157 0x09bc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
20:31:46.0296 0x09bc  KtmRm - ok
20:31:46.0361 0x09bc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
20:31:46.0483 0x09bc  LanmanServer - ok
20:31:46.0537 0x09bc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:31:46.0639 0x09bc  LanmanWorkstation - ok
20:31:46.0672 0x09bc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
20:31:46.0771 0x09bc  lltdio - ok
20:31:46.0832 0x09bc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
20:31:46.0971 0x09bc  lltdsvc - ok
20:31:46.0992 0x09bc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
20:31:47.0088 0x09bc  lmhosts - ok
20:31:47.0129 0x09bc  [ 41E122F6D1448C94CC05196BC41D6BFB, DC027B897A14359669C6C93CCC7FCEEA2FDCEE281489589DDAEE008FAD0B15E2 ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
20:31:47.0153 0x09bc  LPCFilter - ok
20:31:47.0203 0x09bc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
20:31:47.0241 0x09bc  LSI_FC - ok
20:31:47.0258 0x09bc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
20:31:47.0295 0x09bc  LSI_SAS - ok
20:31:47.0309 0x09bc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
20:31:47.0343 0x09bc  LSI_SAS2 - ok
20:31:47.0360 0x09bc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
20:31:47.0398 0x09bc  LSI_SCSI - ok
20:31:47.0433 0x09bc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
20:31:47.0548 0x09bc  luafv - ok
20:31:47.0598 0x09bc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
20:31:47.0655 0x09bc  Mcx2Svc - ok
20:31:47.0677 0x09bc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
20:31:47.0709 0x09bc  megasas - ok
20:31:47.0752 0x09bc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
20:31:47.0803 0x09bc  MegaSR - ok
20:31:47.0841 0x09bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
20:31:47.0963 0x09bc  MMCSS - ok
20:31:47.0997 0x09bc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
20:31:48.0098 0x09bc  Modem - ok
20:31:48.0134 0x09bc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
20:31:48.0187 0x09bc  monitor - ok
20:31:48.0237 0x09bc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\drivers\mouclass.sys
20:31:48.0270 0x09bc  mouclass - ok
20:31:48.0309 0x09bc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
20:31:48.0359 0x09bc  mouhid - ok
20:31:48.0410 0x09bc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
20:31:48.0445 0x09bc  mountmgr - ok
20:31:48.0528 0x09bc  [ FC1D590039EF06A381768710E6C07E75, 2F8B4D5232C4848A423A4E647102F3EDFD9B3D55D0D14AC04FD6D60D9212106F ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
20:31:48.0588 0x09bc  MpFilter - ok
20:31:48.0642 0x09bc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
20:31:48.0700 0x09bc  mpio - ok
20:31:48.0738 0x09bc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
20:31:48.0837 0x09bc  mpsdrv - ok
20:31:48.0954 0x09bc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
20:31:49.0130 0x09bc  MpsSvc - ok
20:31:49.0175 0x09bc  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
20:31:49.0241 0x09bc  MRxDAV - ok
20:31:49.0289 0x09bc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
20:31:49.0353 0x09bc  mrxsmb - ok
20:31:49.0396 0x09bc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
20:31:49.0469 0x09bc  mrxsmb10 - ok
20:31:49.0521 0x09bc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
20:31:49.0562 0x09bc  mrxsmb20 - ok
20:31:49.0597 0x09bc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
20:31:49.0628 0x09bc  msahci - ok
20:31:49.0658 0x09bc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
20:31:49.0698 0x09bc  msdsm - ok
20:31:49.0725 0x09bc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
20:31:49.0796 0x09bc  MSDTC - ok
20:31:49.0850 0x09bc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
20:31:49.0945 0x09bc  Msfs - ok
20:31:49.0979 0x09bc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
20:31:50.0084 0x09bc  mshidkmdf - ok
20:31:50.0115 0x09bc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
20:31:50.0145 0x09bc  msisadrv - ok
20:31:50.0214 0x09bc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
20:31:50.0336 0x09bc  MSiSCSI - ok
20:31:50.0345 0x09bc  msiserver - ok
20:31:50.0384 0x09bc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
20:31:50.0491 0x09bc  MSKSSRV - ok
20:31:50.0572 0x09bc  [ 52D60E642263719B37F1E4A785E676EB, 1ECCB557FC26F120852E02142EDE60A91F1E53EBD6BF3A15676AF2A286B986E6 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:31:50.0610 0x09bc  MsMpSvc - ok
20:31:50.0661 0x09bc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
20:31:50.0765 0x09bc  MSPCLOCK - ok
20:31:50.0785 0x09bc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
20:31:50.0895 0x09bc  MSPQM - ok
20:31:50.0953 0x09bc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
20:31:51.0011 0x09bc  MsRPC - ok
20:31:51.0052 0x09bc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
20:31:51.0094 0x09bc  mssmbios - ok
20:31:51.0122 0x09bc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
20:31:51.0225 0x09bc  MSTEE - ok
20:31:51.0242 0x09bc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
20:31:51.0286 0x09bc  MTConfig - ok
20:31:51.0327 0x09bc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
20:31:51.0360 0x09bc  Mup - ok
20:31:51.0438 0x09bc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
20:31:51.0588 0x09bc  napagent - ok
20:31:51.0648 0x09bc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
20:31:51.0727 0x09bc  NativeWifiP - ok
20:31:51.0838 0x09bc  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\windows\system32\drivers\ndis.sys
20:31:51.0941 0x09bc  NDIS - ok
20:31:51.0971 0x09bc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
20:31:52.0084 0x09bc  NdisCap - ok
20:31:52.0117 0x09bc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
20:31:52.0222 0x09bc  NdisTapi - ok
20:31:52.0266 0x09bc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
20:31:52.0367 0x09bc  Ndisuio - ok
20:31:52.0417 0x09bc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
20:31:52.0537 0x09bc  NdisWan - ok
20:31:52.0573 0x09bc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
20:31:52.0667 0x09bc  NDProxy - ok
20:31:52.0724 0x09bc  [ DC6530A291D4BDF6DF399F1F128E7F8F, 85123D802063383646EEBC60F4ABBCDBA2AE3180E99A8A99C024B1EBB0C6690E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:31:52.0742 0x09bc  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:31:55.0653 0x09bc  Detect skipped due to KSN trusted
20:31:55.0653 0x09bc  Net Driver HPZ12 - ok
20:31:55.0732 0x09bc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
20:31:55.0830 0x09bc  NetBIOS - ok
20:31:55.0883 0x09bc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
20:31:55.0992 0x09bc  NetBT - ok
20:31:56.0016 0x09bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\windows\system32\lsass.exe
20:31:56.0048 0x09bc  Netlogon - ok
20:31:56.0107 0x09bc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
20:31:56.0242 0x09bc  Netman - ok
20:31:56.0293 0x09bc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
20:31:56.0435 0x09bc  netprofm - ok
20:31:56.0475 0x09bc  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:56.0508 0x09bc  NetTcpPortSharing - ok
20:31:56.0545 0x09bc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
20:31:56.0579 0x09bc  nfrd960 - ok
20:31:56.0656 0x09bc  [ 8FB3C853E886E1E4D57271672486111C, 2D2954740BF2046FC4C0F1C00FBA9627C356792C0636A51078116876E4886FC6 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:31:56.0703 0x09bc  NisDrv - ok
20:31:56.0760 0x09bc  [ 506BAA292F60C2AB637B9AEA3325D7D0, 5535FA9DD208CDBE70999866FAD422F2D9B6F59C33617675867F2B8C923F108E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:31:56.0829 0x09bc  NisSrv - ok
20:31:56.0888 0x09bc  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\windows\System32\nlasvc.dll
20:31:57.0026 0x09bc  NlaSvc - ok
20:31:57.0071 0x09bc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
20:31:57.0166 0x09bc  Npfs - ok
20:31:57.0192 0x09bc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
20:31:57.0300 0x09bc  nsi - ok
20:31:57.0323 0x09bc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
20:31:57.0430 0x09bc  nsiproxy - ok
20:31:57.0599 0x09bc  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
20:31:57.0765 0x09bc  Ntfs - ok
20:31:57.0801 0x09bc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
20:31:57.0905 0x09bc  Null - ok
20:31:57.0958 0x09bc  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\windows\system32\drivers\nvraid.sys
20:31:57.0998 0x09bc  nvraid - ok
20:31:58.0042 0x09bc  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\windows\system32\drivers\nvstor.sys
20:31:58.0086 0x09bc  nvstor - ok
20:31:58.0115 0x09bc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
20:31:58.0154 0x09bc  nv_agp - ok
20:31:58.0205 0x09bc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
20:31:58.0249 0x09bc  ohci1394 - ok
20:31:58.0314 0x09bc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:58.0350 0x09bc  ose - ok
20:31:58.0791 0x09bc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:31:59.0332 0x09bc  osppsvc - ok
20:31:59.0413 0x09bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
20:31:59.0493 0x09bc  p2pimsvc - ok
20:31:59.0544 0x09bc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
20:31:59.0619 0x09bc  p2psvc - ok
20:31:59.0662 0x09bc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
20:31:59.0701 0x09bc  Parport - ok
20:31:59.0742 0x09bc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
20:31:59.0776 0x09bc  partmgr - ok
20:31:59.0822 0x09bc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
20:31:59.0889 0x09bc  PcaSvc - ok
20:31:59.0965 0x09bc  [ 2F86BE1818C2D7AC90478E3323EE7FCB, CE721FCFFDC9D24483DEB6BB77DAFEBE79BA143CA2EE68BF28E2A9297AADB2D4 ] PCCUJobMgr      C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
20:32:00.0000 0x09bc  PCCUJobMgr - ok
20:32:00.0053 0x09bc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
20:32:00.0095 0x09bc  pci - ok
20:32:00.0115 0x09bc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
20:32:00.0145 0x09bc  pciide - ok
20:32:00.0195 0x09bc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
20:32:00.0241 0x09bc  pcmcia - ok
20:32:00.0263 0x09bc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
20:32:00.0295 0x09bc  pcw - ok
20:32:00.0363 0x09bc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
20:32:00.0516 0x09bc  PEAUTH - ok
20:32:00.0621 0x09bc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
20:32:00.0671 0x09bc  PerfHost - ok
20:32:00.0727 0x09bc  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
20:32:00.0754 0x09bc  PGEffect - ok
20:32:00.0895 0x09bc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
20:32:01.0128 0x09bc  pla - ok
20:32:01.0220 0x09bc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
20:32:01.0307 0x09bc  PlugPlay - ok
20:32:01.0356 0x09bc  [ 71F62C51DFDFBC04C83C5C64B2B8058E, CAB12E6D27BE421BD5A3CB04066EA50303A3210332ECC4B5C03B5F19735FC857 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:32:01.0375 0x09bc  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:32:04.0327 0x09bc  Detect skipped due to KSN trusted
20:32:04.0327 0x09bc  Pml Driver HPZ12 - ok
20:32:04.0440 0x09bc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
20:32:04.0497 0x09bc  PNRPAutoReg - ok
20:32:04.0547 0x09bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
20:32:04.0606 0x09bc  PNRPsvc - ok
20:32:04.0673 0x09bc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
20:32:04.0817 0x09bc  PolicyAgent - ok
20:32:04.0859 0x09bc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
20:32:04.0973 0x09bc  Power - ok
20:32:05.0022 0x09bc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
20:32:05.0132 0x09bc  PptpMiniport - ok
20:32:05.0172 0x09bc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
20:32:05.0218 0x09bc  Processor - ok
20:32:05.0272 0x09bc  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
20:32:05.0355 0x09bc  ProfSvc - ok
20:32:05.0383 0x09bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\windows\system32\lsass.exe
20:32:05.0415 0x09bc  ProtectedStorage - ok
20:32:05.0469 0x09bc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
20:32:05.0583 0x09bc  Psched - ok
20:32:05.0723 0x09bc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
20:32:05.0873 0x09bc  ql2300 - ok
20:32:05.0909 0x09bc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
20:32:05.0948 0x09bc  ql40xx - ok
20:32:05.0989 0x09bc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
20:32:06.0059 0x09bc  QWAVE - ok
20:32:06.0082 0x09bc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
20:32:06.0142 0x09bc  QWAVEdrv - ok
20:32:06.0169 0x09bc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
20:32:06.0262 0x09bc  RasAcd - ok
20:32:06.0315 0x09bc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
20:32:06.0413 0x09bc  RasAgileVpn - ok
20:32:06.0450 0x09bc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
20:32:06.0567 0x09bc  RasAuto - ok
20:32:06.0635 0x09bc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
20:32:06.0744 0x09bc  Rasl2tp - ok
20:32:06.0797 0x09bc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
20:32:06.0917 0x09bc  RasMan - ok
20:32:06.0978 0x09bc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
20:32:07.0079 0x09bc  RasPppoe - ok
20:32:07.0100 0x09bc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
20:32:07.0212 0x09bc  RasSstp - ok
20:32:07.0275 0x09bc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
20:32:07.0400 0x09bc  rdbss - ok
20:32:07.0434 0x09bc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
20:32:07.0485 0x09bc  rdpbus - ok
20:32:07.0509 0x09bc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
20:32:07.0612 0x09bc  RDPCDD - ok
20:32:07.0661 0x09bc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
20:32:07.0753 0x09bc  RDPENCDD - ok
20:32:07.0778 0x09bc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
20:32:07.0870 0x09bc  RDPREFMP - ok
20:32:07.0930 0x09bc  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
20:32:08.0002 0x09bc  RDPWD - ok
20:32:08.0061 0x09bc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
20:32:08.0105 0x09bc  rdyboost - ok
20:32:08.0149 0x09bc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
20:32:08.0253 0x09bc  RemoteAccess - ok
20:32:08.0299 0x09bc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
20:32:08.0424 0x09bc  RemoteRegistry - ok
20:32:08.0454 0x09bc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
20:32:08.0562 0x09bc  RpcEptMapper - ok
20:32:08.0598 0x09bc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
20:32:08.0651 0x09bc  RpcLocator - ok
20:32:08.0726 0x09bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\System32\rpcss.dll
20:32:08.0860 0x09bc  RpcSs - ok
20:32:08.0915 0x09bc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
20:32:09.0015 0x09bc  rspndr - ok
20:32:09.0071 0x09bc  [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
20:32:09.0111 0x09bc  RSUSBSTOR - ok
20:32:09.0178 0x09bc  [ 4E821C740A675F6D040BE41D59A62B1D, F09A0247DD21580AEE268FB88371D581B6383FC354B5FBBD147E5338BF7681A4 ] RTHDMIAzAudService C:\windows\system32\drivers\RtHDMIVX.sys
20:32:09.0226 0x09bc  RTHDMIAzAudService - ok
20:32:09.0288 0x09bc  [ FD978B2BF8A9B2390DCBEF435E9C1F9F, 52CFFE354006CCF087D3651D9D2AF201FD8A8FE8FB7D9CAAC8A527E91838ACE6 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
20:32:09.0338 0x09bc  RTL8167 - ok
20:32:09.0436 0x09bc  [ FFC748D848740D1BC8F330A8879C2674, 1D6DF95585D742329FF32E45E9A53EF80DE8E17F46BF12408638CCFC1576EB90 ] RTL8192Ce       C:\windows\system32\DRIVERS\rtl8192Ce.sys
20:32:09.0533 0x09bc  RTL8192Ce - ok
20:32:09.0700 0x09bc  [ F84917461BDB7C51B2ED7FF062B3A64A, 0DC81BA49BDDB4F425F526A21357E1CF70C94D67E99B3020E9FF14B680851EEC ] RTWlanE         C:\windows\system32\DRIVERS\rtwlane.sys
20:32:09.0854 0x09bc  RTWlanE - ok
20:32:09.0883 0x09bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\windows\system32\lsass.exe
20:32:09.0915 0x09bc  SamSs - ok
20:32:09.0959 0x09bc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
20:32:09.0995 0x09bc  sbp2port - ok
20:32:10.0031 0x09bc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
20:32:10.0164 0x09bc  SCardSvr - ok
20:32:10.0209 0x09bc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
20:32:10.0314 0x09bc  scfilter - ok
20:32:10.0430 0x09bc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
20:32:10.0619 0x09bc  Schedule - ok
20:32:10.0724 0x09bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
20:32:10.0817 0x09bc  SCPolicySvc - ok
20:32:10.0856 0x09bc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
20:32:10.0937 0x09bc  SDRSVC - ok
20:32:10.0979 0x09bc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
20:32:11.0094 0x09bc  secdrv - ok
20:32:11.0140 0x09bc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
20:32:11.0248 0x09bc  seclogon - ok
20:32:11.0285 0x09bc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
20:32:11.0406 0x09bc  SENS - ok
20:32:11.0433 0x09bc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
20:32:11.0483 0x09bc  SensrSvc - ok
20:32:11.0510 0x09bc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
20:32:11.0549 0x09bc  Serenum - ok
20:32:11.0574 0x09bc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
20:32:11.0613 0x09bc  Serial - ok
20:32:11.0637 0x09bc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
20:32:11.0689 0x09bc  sermouse - ok
20:32:11.0754 0x09bc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
20:32:11.0863 0x09bc  SessionEnv - ok
20:32:11.0904 0x09bc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
20:32:11.0954 0x09bc  sffdisk - ok
20:32:11.0978 0x09bc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
20:32:12.0016 0x09bc  sffp_mmc - ok
20:32:12.0036 0x09bc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
20:32:12.0095 0x09bc  sffp_sd - ok
20:32:12.0127 0x09bc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
20:32:12.0159 0x09bc  sfloppy - ok
20:32:12.0247 0x09bc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
20:32:12.0371 0x09bc  SharedAccess - ok
20:32:12.0439 0x09bc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:32:12.0579 0x09bc  ShellHWDetection - ok
20:32:12.0618 0x09bc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
20:32:12.0651 0x09bc  SiSRaid2 - ok
20:32:12.0666 0x09bc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
20:32:12.0702 0x09bc  SiSRaid4 - ok
20:32:12.0731 0x09bc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
20:32:12.0831 0x09bc  Smb - ok
20:32:12.0869 0x09bc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
20:32:12.0905 0x09bc  SNMPTRAP - ok
20:32:12.0932 0x09bc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
20:32:12.0962 0x09bc  spldr - ok
20:32:13.0041 0x09bc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
20:32:13.0156 0x09bc  Spooler - ok
20:32:13.0460 0x09bc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
20:32:13.0944 0x09bc  sppsvc - ok
20:32:13.0994 0x09bc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
20:32:14.0109 0x09bc  sppuinotify - ok
20:32:14.0185 0x09bc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
20:32:14.0271 0x09bc  srv - ok
20:32:14.0345 0x09bc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
20:32:14.0435 0x09bc  srv2 - ok
20:32:14.0470 0x09bc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
20:32:14.0513 0x09bc  srvnet - ok
20:32:14.0560 0x09bc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
20:32:14.0694 0x09bc  SSDPSRV - ok
20:32:14.0731 0x09bc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
20:32:14.0831 0x09bc  SstpSvc - ok
20:32:14.0861 0x09bc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
20:32:14.0892 0x09bc  stexstor - ok
20:32:14.0947 0x09bc  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
20:32:15.0004 0x09bc  StillCam - ok
20:32:15.0092 0x09bc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
20:32:15.0189 0x09bc  stisvc - ok
20:32:15.0234 0x09bc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
20:32:15.0264 0x09bc  swenum - ok
20:32:15.0333 0x09bc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
20:32:15.0480 0x09bc  swprv - ok
20:32:15.0548 0x09bc  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
20:32:15.0598 0x09bc  SynTP - ok
20:32:15.0772 0x09bc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
20:32:15.0992 0x09bc  SysMain - ok
20:32:16.0037 0x09bc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
20:32:16.0113 0x09bc  TabletInputService - ok
20:32:16.0180 0x09bc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
20:32:16.0308 0x09bc  TapiSrv - ok
20:32:16.0347 0x09bc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
20:32:16.0445 0x09bc  TBS - ok
20:32:16.0651 0x09bc  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
20:32:16.0830 0x09bc  Tcpip - ok
20:32:17.0091 0x09bc  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
20:32:17.0268 0x09bc  TCPIP6 - ok
20:32:17.0315 0x09bc  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
20:32:17.0407 0x09bc  tcpipreg - ok
20:32:17.0460 0x09bc  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
20:32:17.0487 0x09bc  tdcmdpst - ok
20:32:17.0528 0x09bc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
20:32:17.0577 0x09bc  TDPIPE - ok
20:32:17.0607 0x09bc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
20:32:17.0649 0x09bc  TDTCP - ok
20:32:17.0702 0x09bc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
20:32:17.0802 0x09bc  tdx - ok
20:32:17.0848 0x09bc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
20:32:17.0882 0x09bc  TermDD - ok
20:32:17.0981 0x09bc  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
20:32:18.0132 0x09bc  TermService - ok
20:32:18.0166 0x09bc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
20:32:18.0213 0x09bc  Themes - ok
20:32:18.0230 0x09bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
20:32:18.0326 0x09bc  THREADORDER - ok
20:32:18.0386 0x09bc  [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:32:18.0410 0x09bc  TMachInfo - ok
20:32:18.0465 0x09bc  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
20:32:18.0499 0x09bc  TODDSrv - ok
20:32:18.0612 0x09bc  [ DB9719688C08F42705FEB3F6A0C98B91, D8E837F2F5C3838312001CCDD37448ABAE3DD6452CE6DC26241678E0F3A584CE ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:32:18.0669 0x09bc  TosCoSrv - ok
20:32:18.0747 0x09bc  [ 2AB7A4697462EDB0C9DFAFC529746BA9, 4EAF4839CA35C8FCE9C086D43E7417E52F0714A2227AE983C0B5C88A66A1B554 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:32:18.0789 0x09bc  TOSHIBA eco Utility Service - ok
20:32:18.0870 0x09bc  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:32:18.0900 0x09bc  TOSHIBA HDD SSD Alert Service - ok
20:32:19.0012 0x09bc  [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:32:19.0097 0x09bc  TPCHSrv - ok
20:32:19.0140 0x09bc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
20:32:19.0258 0x09bc  TrkWks - ok
20:32:19.0328 0x09bc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:32:19.0453 0x09bc  TrustedInstaller - ok
20:32:19.0504 0x09bc  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
20:32:19.0551 0x09bc  tssecsrv - ok
20:32:19.0615 0x09bc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
20:32:19.0665 0x09bc  TsUsbFlt - ok
20:32:19.0721 0x09bc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
20:32:19.0818 0x09bc  tunnel - ok
20:32:19.0860 0x09bc  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:32:19.0886 0x09bc  TVALZ - ok
20:32:19.0924 0x09bc  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
20:32:19.0949 0x09bc  TVALZFL - ok
20:32:19.0980 0x09bc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
20:32:20.0014 0x09bc  uagp35 - ok
20:32:20.0077 0x09bc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
20:32:20.0229 0x09bc  udfs - ok
20:32:20.0280 0x09bc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
20:32:20.0318 0x09bc  UI0Detect - ok
20:32:20.0344 0x09bc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
20:32:20.0379 0x09bc  uliagpkx - ok
20:32:20.0435 0x09bc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\drivers\umbus.sys
20:32:20.0470 0x09bc  umbus - ok
20:32:20.0506 0x09bc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
20:32:20.0555 0x09bc  UmPass - ok
20:32:20.0612 0x09bc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
20:32:20.0756 0x09bc  upnphost - ok
20:32:20.0793 0x09bc  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
20:32:20.0864 0x09bc  USBAAPL64 - ok
20:32:20.0900 0x09bc  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp         C:\windows\system32\drivers\usbccgp.sys
20:32:20.0957 0x09bc  usbccgp - ok
20:32:21.0011 0x09bc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
20:32:21.0071 0x09bc  usbcir - ok
20:32:21.0112 0x09bc  [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci         C:\windows\system32\drivers\usbehci.sys
20:32:21.0157 0x09bc  usbehci - ok
20:32:21.0205 0x09bc  [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub          C:\windows\system32\drivers\usbhub.sys
20:32:21.0279 0x09bc  usbhub - ok
20:32:21.0309 0x09bc  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\windows\system32\drivers\usbohci.sys
20:32:21.0350 0x09bc  usbohci - ok
20:32:21.0395 0x09bc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
20:32:21.0444 0x09bc  usbprint - ok
20:32:21.0488 0x09bc  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
20:32:21.0537 0x09bc  usbscan - ok
20:32:21.0583 0x09bc  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
20:32:21.0629 0x09bc  USBSTOR - ok
20:32:21.0651 0x09bc  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
20:32:21.0684 0x09bc  usbuhci - ok
20:32:21.0751 0x09bc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
20:32:21.0813 0x09bc  usbvideo - ok
20:32:21.0855 0x09bc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
20:32:21.0953 0x09bc  UxSms - ok
20:32:21.0973 0x09bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\windows\system32\lsass.exe
20:32:22.0005 0x09bc  VaultSvc - ok
20:32:22.0033 0x09bc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
20:32:22.0065 0x09bc  vdrvroot - ok
20:32:22.0142 0x09bc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
20:32:22.0280 0x09bc  vds - ok
20:32:22.0313 0x09bc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
20:32:22.0353 0x09bc  vga - ok
20:32:22.0374 0x09bc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
20:32:22.0482 0x09bc  VgaSave - ok
20:32:22.0539 0x09bc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
20:32:22.0588 0x09bc  vhdmp - ok
20:32:22.0615 0x09bc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
20:32:22.0645 0x09bc  viaide - ok
20:32:22.0666 0x09bc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
20:32:22.0699 0x09bc  volmgr - ok
20:32:22.0766 0x09bc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
20:32:22.0837 0x09bc  volmgrx - ok
20:32:22.0884 0x09bc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
20:32:22.0985 0x09bc  volsnap - ok
20:32:23.0075 0x09bc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
20:32:23.0142 0x09bc  vsmraid - ok
20:32:23.0354 0x09bc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
20:32:23.0692 0x09bc  VSS - ok
20:32:23.0725 0x09bc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
20:32:23.0820 0x09bc  vwifibus - ok
20:32:23.0901 0x09bc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
20:32:24.0088 0x09bc  vwififlt - ok
20:32:24.0175 0x09bc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
20:32:24.0218 0x09bc  vwifimp - ok
20:32:24.0313 0x09bc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
20:32:24.0440 0x09bc  W32Time - ok
20:32:24.0494 0x09bc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
20:32:24.0526 0x09bc  WacomPen - ok
20:32:24.0581 0x09bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
20:32:24.0692 0x09bc  WANARP - ok
20:32:24.0725 0x09bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
20:32:24.0820 0x09bc  Wanarpv6 - ok
20:32:25.0140 0x09bc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
20:32:25.0298 0x09bc  WatAdminSvc - ok
20:32:25.0561 0x09bc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
20:32:25.0799 0x09bc  wbengine - ok
20:32:25.0864 0x09bc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
20:32:25.0928 0x09bc  WbioSrvc - ok
20:32:26.0026 0x09bc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
20:32:26.0127 0x09bc  wcncsvc - ok
20:32:26.0179 0x09bc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:32:26.0233 0x09bc  WcsPlugInService - ok
20:32:26.0264 0x09bc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
20:32:26.0295 0x09bc  Wd - ok
20:32:26.0397 0x09bc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
20:32:26.0517 0x09bc  Wdf01000 - ok
20:32:26.0568 0x09bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
20:32:26.0695 0x09bc  WdiServiceHost - ok
20:32:26.0734 0x09bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
20:32:26.0777 0x09bc  WdiSystemHost - ok
20:32:26.0862 0x09bc  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\windows\System32\webclnt.dll
20:32:26.0910 0x09bc  WebClient - ok
20:32:26.0947 0x09bc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
20:32:27.0064 0x09bc  Wecsvc - ok
20:32:27.0093 0x09bc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
20:32:27.0213 0x09bc  wercplsupport - ok
20:32:27.0281 0x09bc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
20:32:27.0385 0x09bc  WerSvc - ok
20:32:27.0423 0x09bc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
20:32:27.0517 0x09bc  WfpLwf - ok
20:32:27.0552 0x09bc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
20:32:27.0583 0x09bc  WIMMount - ok
20:32:27.0612 0x09bc  WinDefend - ok
20:32:27.0639 0x09bc  WinHttpAutoProxySvc - ok
20:32:27.0722 0x09bc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
20:32:27.0844 0x09bc  Winmgmt - ok
20:32:28.0260 0x09bc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
20:32:28.0581 0x09bc  WinRM - ok
20:32:28.0693 0x09bc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
20:32:28.0734 0x09bc  WinUsb - ok
20:32:28.0928 0x09bc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
20:32:29.0106 0x09bc  Wlansvc - ok
20:32:29.0189 0x09bc  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:32:29.0216 0x09bc  wlcrasvc - ok
20:32:29.0578 0x09bc  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:32:29.0828 0x09bc  wlidsvc - ok
20:32:29.0885 0x09bc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
20:32:29.0941 0x09bc  WmiAcpi - ok
20:32:30.0019 0x09bc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
20:32:30.0085 0x09bc  wmiApSrv - ok
20:32:30.0130 0x09bc  WMPNetworkSvc - ok
20:32:30.0170 0x09bc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
20:32:30.0220 0x09bc  WPCSvc - ok
20:32:30.0276 0x09bc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
20:32:30.0323 0x09bc  WPDBusEnum - ok
20:32:30.0355 0x09bc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
20:32:30.0462 0x09bc  ws2ifsl - ok
20:32:30.0513 0x09bc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
20:32:30.0583 0x09bc  wscsvc - ok
20:32:30.0624 0x09bc  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
20:32:30.0679 0x09bc  WSDPrintDevice - ok
20:32:30.0688 0x09bc  WSearch - ok
20:32:31.0073 0x09bc  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
20:32:31.0352 0x09bc  wuauserv - ok
20:32:31.0407 0x09bc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
20:32:31.0460 0x09bc  WudfPf - ok
20:32:31.0505 0x09bc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
20:32:31.0559 0x09bc  wudfsvc - ok
20:32:31.0620 0x09bc  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\windows\System32\wwansvc.dll
20:32:31.0698 0x09bc  WwanSvc - ok
20:32:31.0739 0x09bc  ================ Scan global ===============================
20:32:31.0762 0x09bc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
20:32:31.0833 0x09bc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
20:32:31.0871 0x09bc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
20:32:31.0943 0x09bc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
20:32:32.0044 0x09bc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
20:32:32.0068 0x09bc  [ Global ] - ok
20:32:32.0070 0x09bc  ================ Scan MBR ==================================
20:32:32.0086 0x09bc  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
20:32:34.0106 0x09bc  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
20:32:34.0106 0x09bc  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:32:36.0766 0x09bc  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
20:32:36.0978 0x09bc  \Device\Harddisk1\DR1 - ok
20:32:36.0979 0x09bc  ================ Scan VBR ==================================
20:32:37.0018 0x09bc  [ 268816EC0510F4FF90356811325A6EA8 ] \Device\Harddisk0\DR0\Partition1
20:32:37.0022 0x09bc  \Device\Harddisk0\DR0\Partition1 - ok
20:32:37.0030 0x09bc  [ 22103BFEA086682829319B25599536C1 ] \Device\Harddisk1\DR1\Partition1
20:32:37.0034 0x09bc  \Device\Harddisk1\DR1\Partition1 - ok
20:32:37.0047 0x09bc  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.3.219.0 ), 0x61000 ( enabled : updated )
20:32:37.0061 0x09bc  Win FW state via NFP2: enabled
20:32:39.0636 0x09bc  ============================================================
20:32:39.0636 0x09bc  Scan finished
20:32:39.0636 0x09bc  ============================================================
20:32:39.0655 0x1428  Detected object count: 1
20:32:39.0656 0x1428  Actual detected object count: 1
20:33:16.0759 0x1428  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:33:16.0759 0x1428  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:34:10.0109 0x1338  Deinitialize success

 



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:01 AM

Posted 08 November 2013 - 02:14 AM

Hi -

I think we have removed most of the Trojan infection for now, but it is the type that can return.

You also have a Rootkit infection that is not fully removed yet -

 

These are serious infections, so please post to the Experts area for a full clean-up.

 

Please follow the instructions in THIS PREP GUIDE starting at Step #6.
If you cannot complete a step, skip it and continue.

 

Once the proper logs are created, then make a NEW TOPIC and post it to Virus, and Malware Removal Logs. area.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one to prevent others from adding to it while the Experts help you -

 

Thank You -



#10 Blastphemist

Blastphemist
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 08 November 2013 - 03:01 AM

Thank you for your help. I've opened a new thread over in the other forums. Wish me luck!



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,880 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:01 PM

Posted 08 November 2013 - 07:47 AM

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users