Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

older machine, running vista, MSE says Win32/Alureon.h


  • This topic is locked This topic is locked
12 replies to this topic

#1 aksweeney

aksweeney

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 26 February 2014 - 07:07 PM

MSE has been claiming I've been infected with Alureon.h since I installed the anti-virus software.  However, up until recently I wasn't really experiencing any notable computer issues.  Around a week ago my laptop's screen started randomly going black, acknowledging no input from anything and requiring me to reboot before it will work again.  My laptop does get warm, and when it gets too warm it will shut off in self-preservation and I thought that this was the cause.  However, it's not the same black as when it's shut off and it started happening within 10 minutes of being absolutely off for hours.  

 

This behavior continues, although the time interval for it stopping is pretty random.  Sometimes long, sometimes short.  However, if I boot using Safe Mode, the computer will stay on indefinitely, signaling to me that something is definitely wrong.

 

Please help.

 

Thank you.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 10.45.2
Run by Its Me at 18:50:27 on 2014-02-26
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2941.1543 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\dlcgcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\msiexec.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\SafeConnect\scManager.sys
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Users\Its Me\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyOverride = <local>;*.local
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\its me\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D49A3BB3-7CD3-42FF-ADA6-7C9D7B011730} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\its me\appdata\roaming\mozilla\firefox\profiles\ppmc7flp.default\
FF - prefs.js: browser.startup.homepage - www.fark.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\users\its me\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\users\its me\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\its me\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\its me\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: 2014-02-22 09:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-14 50256]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-29 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-26 418376]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scManager.sys [2012-11-19 176520]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-30 22856]
S1 natnjmde;natnjmde;c:\windows\system32\drivers\natnjmde.sys [2014-2-26 49088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 gupdate1c98d3688abd71;Google Update Service (gupdate1c98d3688abd71);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-30 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-4-19 161384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Apache2.2;Apache2.2;c:\apache2\bin\httpd.exe [2008-1-18 24635]
S3 Apacheds;Apacheds;c:\program files\apacheds-1.0.2\bin\apacheds.exe [2009-3-26 102400]
S3 Network ConnectorService;Network Connector Service;c:\program files\barracuda\network connector\bin\network-connectorserv.exe [2010-5-18 43416]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 pgsql-8.3;PostgreSQL Database Server 8.3;c:\apache2\htdocs\bin\pg_ctl.exe runservice -w -n "pgsql-8.3" -d "c:\apache2\htdocs\data\" --> c:\apache2\htdocs\bin\pg_ctl.exe 
 
runservice -w -N pgsql-8.3 [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
SUnknown mfukglcw;mfukglcw; [x]
.
=============== File Associations ===============
.
FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [UserChoice]
FileExt: .js: Applications\Geany.exe="c:\program files\geany\bin\Geany.exe" "%1" [UserChoice]
ShellExec: BlazeDVD.exe: open=c:\program files\blazevideo\blazedvd 5 professional\BlazeDVD.EXE" "%1
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-02-26 23:42:41 49088 ----a-w- c:\windows\system32\drivers\natnjmde.sys
2014-02-26 22:35:25 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e54c5931-6bfe-4229-8285-795123475c7e}\offreg.dll
2014-02-26 00:14:37 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e54c5931-6bfe-4229-8285-795123475c7e}\mpengine.dll
2014-02-26 00:10:28 -------- d-----w- c:\windows\pss
2014-02-24 22:36:08 7947048 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-22 04:32:32 -------- d-----w- c:\windows\Migration
2014-02-22 03:57:59 -------- d-----w- c:\windows\system32\MRT
2014-02-22 03:42:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-22 03:42:03 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2014-02-22 03:42:03 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-22 03:42:03 149744 ----a-w- c:\program files\internet explorer\sqmapi.dll
2014-02-22 03:42:02 194560 ----a-w- c:\program files\internet explorer\IEShims.dll
2014-02-22 03:42:01 468480 ----a-w- c:\program files\internet explorer\ieinstal.exe
2014-02-22 03:42:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-19 22:30:40 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ae984487-4651-4979-9e4e-21b921e2ca02}\gapaengine.dll
2014-02-12 12:52:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-01-28 23:20:40 -------- d-----w- c:\program files\iPod
2014-01-28 23:20:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-28 23:20:23 -------- d-----w- c:\program files\iTunes
.
==================== Find3M  ====================
.
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:57:10.15 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 27 February 2014 - 03:11 AM

Hello,
 
please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 aksweeney

aksweeney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 27 February 2014 - 06:29 PM

Thank you for your assistance.  Here are the requested logs:
 
18:16:35.0419 0x11cc  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
18:16:46.0866 0x11cc  ============================================================
18:16:46.0866 0x11cc  Current date / time: 2014/02/27 18:16:46.0866
18:16:46.0866 0x11cc  SystemInfo:
18:16:46.0866 0x11cc  
18:16:46.0866 0x11cc  OS Version: 6.0.6002 ServicePack: 2.0
18:16:46.0866 0x11cc  Product type: Workstation
18:16:46.0866 0x11cc  ComputerName: ITSME-PC
18:16:46.0866 0x11cc  UserName: Its Me
18:16:46.0866 0x11cc  Windows directory: C:\Windows
18:16:46.0866 0x11cc  System windows directory: C:\Windows
18:16:46.0866 0x11cc  Processor architecture: Intel x86
18:16:46.0866 0x11cc  Number of processors: 2
18:16:46.0866 0x11cc  Page size: 0x1000
18:16:46.0866 0x11cc  Boot type: Normal boot
18:16:46.0866 0x11cc  ============================================================
18:16:56.0232 0x11cc  KLMD registered as C:\Windows\system32\drivers\67307102.sys
18:16:57.0032 0x11cc  System UUID: {2F10058A-52D4-DC12-4F45-A92071A5A672}
18:16:59.0166 0x11cc  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:16:59.0169 0x11cc  ============================================================
18:16:59.0169 0x11cc  \Device\Harddisk0\DR0:
18:16:59.0288 0x11cc  MBR partitions:
18:16:59.0288 0x11cc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1272B000
18:16:59.0288 0x11cc  ============================================================
18:16:59.0465 0x11cc  C: <-> \Device\Harddisk0\DR0\Partition1
18:16:59.0465 0x11cc  ============================================================
18:16:59.0465 0x11cc  Initialize success
18:16:59.0465 0x11cc  ============================================================
18:17:07.0094 0x12a4  ============================================================
18:17:07.0094 0x12a4  Scan started
18:17:07.0094 0x12a4  Mode: Manual; SigCheck; TDLFS; 
18:17:07.0094 0x12a4  ============================================================
18:17:07.0094 0x12a4  KSN ping started
18:17:07.0381 0x12a4  KSN ping finished: true
18:17:10.0067 0x12a4  ================ Scan system memory ========================
18:17:10.0067 0x12a4  System memory - ok
18:17:10.0068 0x12a4  ================ Scan services =============================
18:17:12.0057 0x12a4  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:17:12.0218 0x12a4  ACPI - ok
18:17:12.0482 0x12a4  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79, FBEE01F2FFDB6854F682B4BE91673462A146927DD333D3C4DE66E6B86D9ED8DB ] adfs            C:\Windows\system32\drivers\adfs.sys
18:17:12.0484 0x12a4  adfs - ok
18:17:12.0903 0x12a4  [ 57A3B9A69F14414ACE12AFD6BA701773, E17FD004315B666E3A880C987A83A2B6C6156C3D6E9550AAC6F686348F7CE7AC ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
18:17:12.0937 0x12a4  Adobe Version Cue CS4 - ok
18:17:13.0207 0x12a4  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:17:13.0236 0x12a4  AdobeARMservice - ok
18:17:13.0452 0x12a4  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:17:13.0573 0x12a4  adp94xx - ok
18:17:13.0832 0x12a4  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:17:13.0945 0x12a4  adpahci - ok
18:17:13.0981 0x12a4  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:17:14.0008 0x12a4  adpu160m - ok
18:17:14.0168 0x12a4  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:17:14.0294 0x12a4  adpu320 - ok
18:17:14.0376 0x12a4  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:17:15.0779 0x12a4  AeLookupSvc - ok
18:17:15.0868 0x12a4  aeuufodf - ok
18:17:16.0204 0x12a4  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
18:17:16.0474 0x12a4  AFD - ok
18:17:17.0422 0x12a4  [ 91637684AFBC847A563654C9B39A642C, 959F26F1118ED61BDDC9F4A0F2BF1BA9AEEFFCD5E591BFF04D3A21285F386AF0 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
18:17:17.0768 0x12a4  AffinegyService - ok
18:17:18.0002 0x12a4  [ 39E435C90C9C4F780FA0ED05CA3C3A1B, 0006CC8CBFB775CA9C4121B4DDC80560DE35CCBB276DEE7A9F5148743529758A ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
18:17:18.0228 0x12a4  AgereModemAudio - ok
18:17:18.0669 0x12a4  [ CE91B158FA490CF4C4D487A4130F4660, C343AEB125B15E6FC8428499E1C48390EF5073FACB0DC9BAB9040EFB170D04A5 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
18:17:19.0447 0x12a4  AgereSoftModem - ok
18:17:19.0597 0x12a4  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:17:19.0665 0x12a4  agp440 - ok
18:17:19.0765 0x12a4  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:17:19.0823 0x12a4  aic78xx - ok
18:17:19.0907 0x12a4  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
18:17:22.0305 0x12a4  ALG - ok
18:17:22.0403 0x12a4  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:17:22.0453 0x12a4  aliide - ok
18:17:22.0509 0x12a4  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:17:22.0536 0x12a4  amdagp - ok
18:17:22.0592 0x12a4  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:17:22.0668 0x12a4  amdide - ok
18:17:22.0790 0x12a4  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:17:25.0333 0x12a4  AmdK7 - ok
18:17:25.0496 0x12a4  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:17:25.0650 0x12a4  AmdK8 - ok
18:17:25.0737 0x12a4  [ 97ED5AA5FBAA105EF614B8C240B62BA1, DE826222F3067C24DE1C853F38AED8042E5C6F649EE7076093B55D8D5E46D4E6 ] Apache2.2       C:\apache2\bin\httpd.exe
18:17:25.0768 0x12a4  Apache2.2 - detected UnsignedFile.Multi.Generic ( 1 )
18:17:26.0484 0x12a4  Detect skipped due to KSN trusted
18:17:26.0484 0x12a4  Apache2.2 - ok
18:17:26.0702 0x12a4  [ C36FEE5D4834C7501C5C1FD105DDCEE4, D88A307014C480ED78C66186ABCADB6A8954C4329821B02F7F9A40EDD24C74B3 ] Apacheds        C:\Program Files\apacheds-1.0.2\bin\apacheds.exe
18:17:26.0757 0x12a4  Apacheds - detected UnsignedFile.Multi.Generic ( 1 )
18:17:27.0470 0x12a4  Detect skipped due to KSN trusted
18:17:27.0470 0x12a4  Apacheds - ok
18:17:27.0792 0x12a4  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
18:17:27.0925 0x12a4  Appinfo - ok
18:17:28.0149 0x12a4  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:17:28.0162 0x12a4  Apple Mobile Device - ok
18:17:28.0308 0x12a4  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
18:17:28.0364 0x12a4  arc - ok
18:17:28.0439 0x12a4  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:17:28.0499 0x12a4  arcsas - ok
18:17:29.0292 0x12a4  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:17:29.0395 0x12a4  aspnet_state - ok
18:17:29.0520 0x12a4  [ EFFC39A1EDF04E83A42279D9DAA696A7, 19BCF4C583AEFD4263411168191E80512C5F554159DAEA0E58EE88F16CE608F7 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:17:29.0538 0x12a4  aswMonFlt - ok
18:17:29.0642 0x12a4  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:17:29.0744 0x12a4  AsyncMac - ok
18:17:29.0780 0x12a4  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
18:17:29.0795 0x12a4  atapi - ok
18:17:30.0021 0x12a4  [ 8BE56F8300E1C37B578DA23C71816B7A, C214C8B070E60ED2C8144D875969DAB3B3999532AE0B7E8732813DCC0408826F ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:17:30.0461 0x12a4  athr - ok
18:17:30.0702 0x12a4  [ 59991B5EC50E106634A16444594C305E, 6749C80A8D08DC1C4161EE3430BE1064ECDA9DDD6074EAAD636B94D96A4CC390 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
18:17:32.0028 0x12a4  Ati External Event Utility - ok
18:17:32.0751 0x12a4  [ FAB37C8E4B55235DE9055026561DCC7F, 8D38A91AA92831E7E20463197AC92751B3D70B9F97F18F12112EDA7587386F3F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:17:33.0141 0x12a4  atikmdag - ok
18:17:33.0167 0x12a4  [ 4AA1EB65481C392955939E735D27118B, 167F91B0F48C13FA4B976EAB2DC0B29C31A2A98E276B2BF80323E051D54934CB ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
18:17:33.0254 0x12a4  AtiPcie - ok
18:17:33.0444 0x12a4  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:17:33.0527 0x12a4  AudioEndpointBuilder - ok
18:17:33.0648 0x12a4  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:17:33.0683 0x12a4  Audiosrv - ok
18:17:33.0852 0x12a4  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:17:33.0953 0x12a4  Beep - ok
18:17:34.0402 0x12a4  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
18:17:34.0869 0x12a4  BFE - ok
18:17:35.0242 0x12a4  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\system32\qmgr.dll
18:17:35.0510 0x12a4  BITS - ok
18:17:35.0525 0x12a4  blbdrive - ok
18:17:35.0543 0x12a4  blqvwcpk - ok
18:17:35.0812 0x12a4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:17:35.0845 0x12a4  Bonjour Service - ok
18:17:35.0915 0x12a4  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:17:36.0058 0x12a4  bowser - ok
18:17:36.0101 0x12a4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:17:36.0160 0x12a4  BrFiltLo - ok
18:17:36.0188 0x12a4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:17:36.0262 0x12a4  BrFiltUp - ok
18:17:36.0326 0x12a4  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
18:17:36.0403 0x12a4  Browser - ok
18:17:36.0492 0x12a4  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:17:36.0640 0x12a4  Brserid - ok
18:17:36.0688 0x12a4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:17:36.0805 0x12a4  BrSerWdm - ok
18:17:36.0893 0x12a4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:17:37.0058 0x12a4  BrUsbMdm - ok
18:17:37.0100 0x12a4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:17:37.0198 0x12a4  BrUsbSer - ok
18:17:37.0241 0x12a4  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:17:37.0310 0x12a4  BTHMODEM - ok
18:17:38.0652 0x12a4  catchme - ok
18:17:38.0722 0x12a4  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:17:38.0793 0x12a4  cdfs - ok
18:17:38.0894 0x12a4  [ D3BA7BF8ACE02CC8AFF8410CB0729898, 05DB3F5516476352AF079032198DC57B625387465611AD39A5F9ED18952D3EBB ] Cdr4_xp         C:\Windows\system32\drivers\Cdr4_xp.sys
18:17:38.0904 0x12a4  Cdr4_xp - ok
18:17:38.0996 0x12a4  [ 5AFC3B4D53788FF23C171C87E1C20747, B2EB4BB40FA4DB15713B06B1FCAB820476101C92A9A596643418AD5470109823 ] Cdralw2k        C:\Windows\system32\drivers\Cdralw2k.sys
18:17:39.0006 0x12a4  Cdralw2k - ok
18:17:39.0113 0x12a4  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:17:39.0187 0x12a4  cdrom - ok
18:17:39.0370 0x12a4  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
18:17:39.0448 0x12a4  CertPropSvc - ok
18:17:39.0470 0x12a4  cfbsbign - ok
18:17:39.0923 0x12a4  [ C82162949BBA6CC5D006C7BD008F3CF1, 635E5B5C5AF3ACECA6115DAC8E576390B258C6590EE9727DB6FA68B13FD85297 ] CFSvcs          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:17:39.0969 0x12a4  CFSvcs - detected UnsignedFile.Multi.Generic ( 1 )
18:17:40.0553 0x12a4  Detect skipped due to KSN trusted
18:17:40.0553 0x12a4  CFSvcs - ok
18:17:40.0612 0x12a4  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:17:40.0755 0x12a4  circlass - ok
18:17:40.0877 0x12a4  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
18:17:41.0008 0x12a4  CLFS - ok
18:17:41.0695 0x12a4  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:17:41.0783 0x12a4  clr_optimization_v2.0.50727_32 - ok
18:17:42.0217 0x12a4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:17:42.0681 0x12a4  clr_optimization_v4.0.30319_32 - ok
18:17:42.0776 0x12a4  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:17:42.0854 0x12a4  CmBatt - ok
18:17:42.0861 0x12a4  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:17:42.0874 0x12a4  cmdide - ok
18:17:42.0942 0x12a4  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:17:42.0955 0x12a4  Compbatt - ok
18:17:42.0966 0x12a4  COMSysApp - ok
18:17:43.0007 0x12a4  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:17:43.0019 0x12a4  crcdisk - ok
18:17:43.0050 0x12a4  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:17:43.0166 0x12a4  Crusoe - ok
18:17:43.0254 0x12a4  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:17:43.0345 0x12a4  CryptSvc - ok
18:17:43.0415 0x12a4  czowflqj - ok
18:17:43.0553 0x12a4  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:17:43.0715 0x12a4  DcomLaunch - ok
18:17:43.0791 0x12a4  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:17:43.0875 0x12a4  DfsC - ok
18:17:44.0050 0x12a4  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
18:17:44.0673 0x12a4  DFSR - ok
18:17:44.0804 0x12a4  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:17:44.0859 0x12a4  Dhcp - ok
18:17:44.0952 0x12a4  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
18:17:44.0967 0x12a4  disk - ok
18:17:45.0068 0x12a4  dlcg_device - ok
18:17:45.0111 0x12a4  dldfrcba - ok
18:17:45.0261 0x12a4  dllezbou - ok
18:17:45.0365 0x12a4  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:17:45.0427 0x12a4  Dnscache - ok
18:17:45.0494 0x12a4  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
18:17:45.0537 0x12a4  dot3svc - ok
18:17:45.0586 0x12a4  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
18:17:45.0693 0x12a4  DPS - ok
18:17:45.0779 0x12a4  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:17:45.0860 0x12a4  drmkaud - ok
18:17:45.0957 0x12a4  [ E6B6DD5A355C432045219FAD8512FB70, 53F7531AB358139EB7D06B3B0B5B3008C7333C32DC01F0A8B76B43C68831157E ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:17:46.0038 0x12a4  dsNcAdpt - ok
18:17:46.0330 0x12a4  [ A1E9235DBA771601CFF84E343EF390AE, BB2246367A3FEF789F22B12C87FAA7DF9316A2FCB6C478488505090FD48E1034 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
18:17:46.0420 0x12a4  dsNcService - ok
18:17:46.0544 0x12a4  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:17:46.0648 0x12a4  DXGKrnl - ok
18:17:46.0752 0x12a4  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:17:46.0898 0x12a4  E1G60 - ok
18:17:46.0953 0x12a4  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
18:17:47.0019 0x12a4  EapHost - ok
18:17:47.0074 0x12a4  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:17:47.0094 0x12a4  Ecache - ok
18:17:47.0324 0x12a4  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:17:47.0483 0x12a4  ehRecvr - ok
18:17:47.0560 0x12a4  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
18:17:47.0724 0x12a4  ehSched - ok
18:17:47.0765 0x12a4  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
18:17:47.0831 0x12a4  ehstart - ok
18:17:48.0016 0x12a4  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:17:48.0133 0x12a4  elxstor - ok
18:17:48.0343 0x12a4  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:17:48.0750 0x12a4  EMDMgmt - ok
18:17:48.0871 0x12a4  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
18:17:48.0936 0x12a4  EventSystem - ok
18:17:49.0058 0x12a4  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:17:49.0201 0x12a4  exfat - ok
18:17:49.0280 0x12a4  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:17:49.0422 0x12a4  fastfat - ok
18:17:49.0503 0x12a4  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:17:49.0612 0x12a4  fdc - ok
18:17:49.0654 0x12a4  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
18:17:49.0709 0x12a4  fdPHost - ok
18:17:49.0799 0x12a4  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:17:49.0944 0x12a4  FDResPub - ok
18:17:50.0060 0x12a4  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:17:50.0101 0x12a4  FileInfo - ok
18:17:50.0174 0x12a4  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:17:50.0236 0x12a4  Filetrace - ok
18:17:50.0244 0x12a4  fkzsukpc - ok
18:17:50.0592 0x12a4  [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:17:50.0688 0x12a4  FLEXnet Licensing Service - ok
18:17:50.0756 0x12a4  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:17:51.0545 0x12a4  flpydisk - ok
18:17:51.0609 0x12a4  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:17:51.0631 0x12a4  FltMgr - ok
18:17:51.0969 0x12a4  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
18:17:52.0182 0x12a4  FontCache - ok
18:17:52.0321 0x12a4  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:17:52.0334 0x12a4  FontCache3.0.0.0 - ok
18:17:52.0410 0x12a4  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:17:52.0482 0x12a4  Fs_Rec - ok
18:17:52.0571 0x12a4  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:17:52.0629 0x12a4  gagp30kx - ok
18:17:52.0744 0x12a4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:17:52.0755 0x12a4  GEARAspiWDM - ok
18:17:52.0821 0x12a4  gixaasll - ok
18:17:53.0006 0x12a4  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
18:17:53.0212 0x12a4  gpsvc - ok
18:17:53.0638 0x12a4  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate1c98d3688abd71 C:\Program Files\Google\Update\GoogleUpdate.exe
18:17:53.0667 0x12a4  gupdate1c98d3688abd71 - ok
18:17:53.0711 0x12a4  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:17:53.0725 0x12a4  gupdatem - ok
18:17:53.0797 0x12a4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:17:53.0842 0x12a4  gusvc - ok
18:17:53.0982 0x12a4  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:17:54.0050 0x12a4  HdAudAddService - ok
18:17:54.0324 0x12a4  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:17:54.0427 0x12a4  HDAudBus - ok
18:17:54.0504 0x12a4  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:17:54.0575 0x12a4  HidBth - ok
18:17:54.0606 0x12a4  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:17:54.0715 0x12a4  HidIr - ok
18:17:54.0875 0x12a4  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
18:17:55.0021 0x12a4  hidserv - ok
18:17:55.0140 0x12a4  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:17:55.0247 0x12a4  HidUsb - ok
18:17:55.0295 0x12a4  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:17:55.0361 0x12a4  hkmsvc - ok
18:17:55.0429 0x12a4  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:17:55.0445 0x12a4  HpCISSs - ok
18:17:55.0488 0x12a4  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:17:55.0568 0x12a4  HTTP - ok
18:17:55.0582 0x12a4  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:17:55.0622 0x12a4  i2omp - ok
18:17:55.0698 0x12a4  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:17:55.0743 0x12a4  i8042prt - ok
18:17:55.0845 0x12a4  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:17:55.0889 0x12a4  iaStorV - ok
18:17:56.0074 0x12a4  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:17:56.0110 0x12a4  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
18:17:56.0678 0x12a4  Detect skipped due to KSN trusted
18:17:56.0678 0x12a4  IDriverT - ok
18:17:57.0323 0x12a4  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:17:57.0745 0x12a4  idsvc - ok
18:17:57.0778 0x12a4  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:17:57.0810 0x12a4  iirsp - ok
18:17:57.0932 0x12a4  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:17:58.0409 0x12a4  IKEEXT - ok
18:17:59.0631 0x12a4  [ 6F62BAFE6150F3952F877051C65786FE, 331E16BF61AC77592CCB02237C807E1B1E7253EB7EF70FC4EBACEFACB72903A3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:17:59.0892 0x12a4  IntcAzAudAddService - ok
18:17:59.0988 0x12a4  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:18:00.0044 0x12a4  intelide - ok
18:18:00.0091 0x12a4  [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:18:00.0162 0x12a4  intelppm - ok
18:18:00.0713 0x12a4  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:18:00.0742 0x12a4  IntuitUpdateServiceV4 - ok
18:18:00.0795 0x12a4  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:18:00.0864 0x12a4  IPBusEnum - ok
18:18:00.0911 0x12a4  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:18:00.0957 0x12a4  IpFilterDriver - ok
18:18:01.0056 0x12a4  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:18:01.0115 0x12a4  iphlpsvc - ok
18:18:01.0127 0x12a4  IpInIp - ok
18:18:01.0173 0x12a4  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:18:01.0270 0x12a4  IPMIDRV - ok
18:18:01.0345 0x12a4  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:18:01.0412 0x12a4  IPNAT - ok
18:18:01.0493 0x12a4  [ 9AE882A67F019CF30E8C9D7D60B05DDA, FB5D71F94529F37C8B45A5B4FBD15C66AECBFABB7E51C3B9BF63AEAFBE89F8BC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:18:01.0535 0x12a4  iPod Service - ok
18:18:01.0569 0x12a4  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:18:01.0613 0x12a4  IRENUM - ok
18:18:01.0757 0x12a4  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:18:01.0862 0x12a4  isapnp - ok
18:18:01.0945 0x12a4  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:18:01.0965 0x12a4  iScsiPrt - ok
18:18:01.0999 0x12a4  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:18:02.0033 0x12a4  iteatapi - ok
18:18:02.0082 0x12a4  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:18:02.0107 0x12a4  iteraid - ok
18:18:02.0170 0x12a4  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:18:02.0184 0x12a4  kbdclass - ok
18:18:02.0399 0x12a4  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:18:02.0549 0x12a4  kbdhid - ok
18:18:02.0825 0x12a4  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
18:18:02.0902 0x12a4  KeyIso - ok
18:18:02.0968 0x12a4  [ E8CA038F51F7761BD6E3A3B0B8014263, CC168838CB56776DC728869278A9F3CCEC215D5AFBE9ACD32D09D0971501EAAF ] KR10I           C:\Windows\system32\drivers\kr10i.sys
18:18:03.0026 0x12a4  KR10I - ok
18:18:03.0110 0x12a4  [ 6A4ADB9186DD0E114E623DAF57E42B31, AECE2412890B1716F5E22ECC62EC09AF4DDD66A642D7B7DC892730D472B7FEAF ] KR10N           C:\Windows\system32\drivers\kr10n.sys
18:18:03.0201 0x12a4  KR10N - ok
18:18:03.0424 0x12a4  [ 485E005CD51FF502FB16483EB4B69C17, 8294524C21C18BA5A32B926BD497C67A4ED49FB3654C93D11681C01D30769998 ] KR3NPXP         C:\Windows\system32\drivers\kr3npxp.sys
18:18:03.0553 0x12a4  KR3NPXP - detected UnsignedFile.Multi.Generic ( 1 )
18:18:04.0112 0x12a4  Detect skipped due to KSN trusted
18:18:04.0112 0x12a4  KR3NPXP - ok
18:18:04.0198 0x12a4  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:18:04.0234 0x12a4  KSecDD - ok
18:18:04.0410 0x12a4  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:18:04.0544 0x12a4  KtmRm - ok
18:18:04.0575 0x12a4  kxrvzdez - ok
18:18:04.0620 0x12a4  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:18:04.0702 0x12a4  LanmanServer - ok
18:18:04.0777 0x12a4  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:18:04.0881 0x12a4  LanmanWorkstation - ok
18:18:04.0886 0x12a4  lboyysxx - ok
18:18:04.0933 0x12a4  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:18:05.0006 0x12a4  lltdio - ok
18:18:05.0119 0x12a4  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:18:05.0221 0x12a4  lltdsvc - ok
18:18:05.0330 0x12a4  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:18:05.0454 0x12a4  lmhosts - ok
18:18:05.0535 0x12a4  [ 515FC18CABEE0158A324B08B1C2667CF, E044C731C795EB27E85DDD09F574D7002BC230D6341340078655892CAB3BA2E6 ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
18:18:05.0564 0x12a4  LPCFilter - ok
18:18:05.0616 0x12a4  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:18:05.0655 0x12a4  LSI_FC - ok
18:18:05.0685 0x12a4  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:18:05.0717 0x12a4  LSI_SAS - ok
18:18:05.0741 0x12a4  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:18:05.0756 0x12a4  LSI_SCSI - ok
18:18:05.0764 0x12a4  lslbmnxb - ok
18:18:05.0831 0x12a4  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:18:05.0937 0x12a4  luafv - ok
18:18:05.0946 0x12a4  lullxmrk - ok
18:18:06.0012 0x12a4  [ AF280405C10F0D20F37670B7432E5C2F, 89EDF1B686CA6FE2516A5771AD80D6E8A6B022BA3D31E7988C2D2078CE45BEBA ] lvpopflt        C:\Windows\system32\DRIVERS\lvpopflt.sys
18:18:06.0062 0x12a4  lvpopflt - ok
18:18:06.0312 0x12a4  [ B6E1CCD6572984ADCAE68439AFD07011, AA9DECB7BDB7425F2CAAE0A161835E8DA23D2D48DE473CB28FBE87680104CE7A ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
18:18:06.0388 0x12a4  LVRS - ok
18:18:09.0683 0x12a4  [ 6C42815DD57E397F0CD988304B5EB4B3, 43706495D0EB4685B05BB13AEC02883F87C1897EF03208C587A4E6A0EF5C83F0 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
18:18:10.0417 0x12a4  LVUVC - ok
18:18:10.0484 0x12a4  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:18:10.0502 0x12a4  MBAMProtector - ok
18:18:10.0598 0x12a4  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:18:10.0651 0x12a4  MBAMScheduler - ok
18:18:10.0827 0x12a4  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:18:10.0924 0x12a4  MBAMService - ok
18:18:10.0983 0x12a4  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:18:11.0057 0x12a4  Mcx2Svc - ok
18:18:11.0094 0x12a4  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:18:11.0109 0x12a4  megasas - ok
18:18:11.0214 0x12a4  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:18:11.0246 0x12a4  Microsoft Office Groove Audit Service - ok
18:18:11.0294 0x12a4  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
18:18:11.0390 0x12a4  MMCSS - ok
18:18:11.0526 0x12a4  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
18:18:11.0651 0x12a4  Modem - ok
18:18:11.0751 0x12a4  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:18:11.0845 0x12a4  monitor - ok
18:18:11.0932 0x12a4  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:18:11.0947 0x12a4  mouclass - ok
18:18:12.0065 0x12a4  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:18:12.0260 0x12a4  mouhid - ok
18:18:12.0350 0x12a4  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:18:12.0432 0x12a4  MountMgr - ok
18:18:12.0527 0x12a4  [ E05FD9D5854A26A13D7F138F02BF2420, 89A6D90B8DB65565C1DAF9A1584C68989A1F4937D705182DA6E3B72E14A30DEA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:18:12.0626 0x12a4  MozillaMaintenance - ok
18:18:12.0737 0x12a4  [ EE728AF83850DDAD9A3FCAC0AAB3AD97, F392EA3B26974593512F7441E8BC4DA91DD771216DB908F005D844C513A2DDB7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:18:12.0793 0x12a4  MpFilter - ok
18:18:12.0883 0x12a4  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:18:12.0925 0x12a4  mpio - ok
18:18:13.0435 0x12a4  MpKsl04a3606b - ok
18:18:13.0546 0x12a4  MpKsl43972dcc - ok
18:18:13.0578 0x12a4  MpKsl4d5fcd8c - ok
18:18:13.0605 0x12a4  MpKsl7939589f - ok
18:18:13.0657 0x12a4  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:18:13.0690 0x12a4  mpsdrv - ok
18:18:14.0038 0x12a4  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:18:14.0142 0x12a4  MpsSvc - ok
18:18:14.0193 0x12a4  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:18:14.0222 0x12a4  Mraid35x - ok
18:18:14.0289 0x12a4  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:18:14.0350 0x12a4  MRxDAV - ok
18:18:14.0409 0x12a4  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:18:14.0488 0x12a4  mrxsmb - ok
18:18:14.0536 0x12a4  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:18:14.0564 0x12a4  mrxsmb10 - ok
18:18:14.0576 0x12a4  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:18:14.0610 0x12a4  mrxsmb20 - ok
18:18:14.0649 0x12a4  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:18:14.0678 0x12a4  msahci - ok
18:18:14.0710 0x12a4  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:18:14.0742 0x12a4  msdsm - ok
18:18:14.0827 0x12a4  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
18:18:14.0993 0x12a4  MSDTC - ok
18:18:15.0135 0x12a4  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:18:15.0314 0x12a4  Msfs - ok
18:18:15.0352 0x12a4  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:18:15.0365 0x12a4  msisadrv - ok
18:18:15.0483 0x12a4  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:18:15.0647 0x12a4  MSiSCSI - ok
18:18:15.0845 0x12a4  msiserver - ok
18:18:15.0881 0x12a4  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:18:15.0949 0x12a4  MSKSSRV - ok
18:18:16.0055 0x12a4  [ E077FCA2A7E79FB9BF67D3E30B5CE593, B01A1C00E6467E1DF5ABA2C6F957BA0E2A3691BB2C5BCDC0F089ED7553BCC235 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:18:16.0127 0x12a4  MsMpSvc - ok
18:18:16.0259 0x12a4  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:18:16.0477 0x12a4  MSPCLOCK - ok
18:18:16.0534 0x12a4  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:18:16.0616 0x12a4  MSPQM - ok
18:18:16.0708 0x12a4  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:18:16.0741 0x12a4  MsRPC - ok
18:18:16.0797 0x12a4  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:18:16.0810 0x12a4  mssmbios - ok
18:18:16.0975 0x12a4  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:18:17.0050 0x12a4  MSTEE - ok
18:18:17.0123 0x12a4  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:18:17.0156 0x12a4  Mup - ok
18:18:17.0217 0x12a4  MySQL - ok
18:18:17.0323 0x12a4  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
18:18:17.0437 0x12a4  napagent - ok
18:18:17.0520 0x12a4  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:18:17.0579 0x12a4  NativeWifiP - ok
18:18:17.0693 0x12a4  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:18:17.0743 0x12a4  NDIS - ok
18:18:17.0793 0x12a4  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:18:17.0865 0x12a4  NdisTapi - ok
18:18:17.0941 0x12a4  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:18:18.0016 0x12a4  Ndisuio - ok
18:18:18.0130 0x12a4  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:18:18.0277 0x12a4  NdisWan - ok
18:18:18.0324 0x12a4  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:18:18.0356 0x12a4  NDProxy - ok
18:18:18.0422 0x12a4  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:18:18.0507 0x12a4  NetBIOS - ok
18:18:18.0690 0x12a4  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:18:18.0773 0x12a4  netbt - ok
18:18:18.0791 0x12a4  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
18:18:18.0805 0x12a4  Netlogon - ok
18:18:19.0060 0x12a4  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
18:18:19.0115 0x12a4  Netman - ok
18:18:19.0174 0x12a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:18:19.0209 0x12a4  NetMsmqActivator - ok
18:18:19.0231 0x12a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:18:19.0251 0x12a4  NetPipeActivator - ok
18:18:19.0381 0x12a4  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
18:18:19.0446 0x12a4  netprofm - ok
18:18:19.0468 0x12a4  netr28u - ok
18:18:19.0507 0x12a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:18:19.0527 0x12a4  NetTcpActivator - ok
18:18:19.0551 0x12a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:18:19.0571 0x12a4  NetTcpPortSharing - ok
18:18:20.0039 0x12a4  [ D81104382162CA98481304216CEE3891, AF19F54F2E0BEF78710666714716C5A3ADCA6F9A506AD14677DBCE86EC30DC47 ] Network ConnectorService C:\Program Files\Barracuda\Network Connector\bin\network-connectorserv.exe
18:18:20.0051 0x12a4  Network ConnectorService - ok
18:18:20.0088 0x12a4  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:18:20.0119 0x12a4  nfrd960 - ok
18:18:20.0195 0x12a4  [ 2CD24A6AF497D0E9B9BF3DA924ED05E6, F192FB62BA2C45D34754B9E9B43AC11396E4AE399B93D02AFE2A66612B78AB20 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:18:20.0236 0x12a4  NisDrv - ok
18:18:20.0604 0x12a4  [ 3B846434055F80D9E89D0742F3ADAD34, 743F9CF0FA2BA847FE5508A37D1787CD652A1B2B83D756AA03B7FC310EB483F7 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
18:18:20.0685 0x12a4  NisSrv - ok
18:18:20.0820 0x12a4  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:18:21.0171 0x12a4  NlaSvc - ok
18:18:21.0908 0x12a4  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:18:22.0045 0x12a4  Npfs - ok
18:18:22.0165 0x12a4  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
18:18:22.0299 0x12a4  nsi - ok
18:18:22.0347 0x12a4  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:18:22.0402 0x12a4  nsiproxy - ok
18:18:22.0977 0x12a4  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:18:23.0128 0x12a4  Ntfs - ok
18:18:23.0205 0x12a4  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:18:23.0298 0x12a4  ntrigdigi - ok
18:18:23.0351 0x12a4  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
18:18:23.0492 0x12a4  Null - ok
18:18:23.0597 0x12a4  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:18:23.0662 0x12a4  nvraid - ok
18:18:23.0699 0x12a4  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:18:23.0720 0x12a4  nvstor - ok
18:18:23.0753 0x12a4  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:18:23.0781 0x12a4  nv_agp - ok
18:18:23.0789 0x12a4  NwlnkFlt - ok
18:18:23.0800 0x12a4  NwlnkFwd - ok
18:18:23.0814 0x12a4  ochfmxiv - ok
18:18:24.0510 0x12a4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:18:24.0817 0x12a4  odserv - ok
18:18:24.0896 0x12a4  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:18:24.0967 0x12a4  ohci1394 - ok
18:18:25.0041 0x12a4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:18:25.0075 0x12a4  ose - ok
18:18:25.0582 0x12a4  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:18:25.0746 0x12a4  p2pimsvc - ok
18:18:25.0779 0x12a4  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:18:25.0827 0x12a4  p2psvc - ok
18:18:25.0919 0x12a4  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
18:18:26.0030 0x12a4  Parport - ok
18:18:26.0189 0x12a4  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:18:26.0229 0x12a4  partmgr - ok
18:18:26.0273 0x12a4  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:18:26.0381 0x12a4  Parvdm - ok
18:18:26.0584 0x12a4  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:18:26.0701 0x12a4  PcaSvc - ok
18:18:26.0784 0x12a4  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
18:18:26.0877 0x12a4  pci - ok
18:18:26.0928 0x12a4  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
18:18:26.0942 0x12a4  pciide - ok
18:18:27.0014 0x12a4  [ 3BB2244F343B610C29C98035504C9B75, DA61EC2600199DFA32020D0484E9BBF5E0742E7C8C952370BF6FAF91C914A999 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:18:27.0077 0x12a4  pcmcia - ok
18:18:27.0904 0x12a4  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:18:28.0171 0x12a4  PEAUTH - ok
18:18:29.0041 0x12a4  pgsql-8.3 - ok
18:18:29.0117 0x12a4  [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1, F2DD39F6B1489276A913FD62D6C068D79EABADC417D404143E3D2FF8C20CDE01 ] pinger          C:\TOSHIBA\IVP\ISM\pinger.exe
18:18:29.0153 0x12a4  pinger - ok
18:18:29.0345 0x12a4  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
18:18:29.0546 0x12a4  pla - ok
18:18:29.0687 0x12a4  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:18:29.0789 0x12a4  PlugPlay - ok
18:18:29.0908 0x12a4  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:18:29.0995 0x12a4  PNRPAutoReg - ok
18:18:30.0063 0x12a4  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:18:30.0145 0x12a4  PNRPsvc - ok
18:18:30.0315 0x12a4  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:18:30.0384 0x12a4  PolicyAgent - ok
18:18:30.0427 0x12a4  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:18:30.0510 0x12a4  PptpMiniport - ok
18:18:30.0657 0x12a4  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
18:18:30.0780 0x12a4  Processor - ok
18:18:30.0927 0x12a4  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
18:18:31.0214 0x12a4  ProfSvc - ok
18:18:31.0257 0x12a4  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
18:18:31.0271 0x12a4  ProtectedStorage - ok
18:18:31.0405 0x12a4  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:18:31.0530 0x12a4  PSched - ok
18:18:31.0554 0x12a4  [ D970470F8F39470BDAE94D313A1CCDCE, C41B314F3A1CD6A747A4578C2A1F20373884C2AD96880A81255E66BA9D886EB4 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
18:18:31.0579 0x12a4  PxHelp20 - ok
18:18:32.0088 0x12a4  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:18:32.0236 0x12a4  ql2300 - ok
18:18:32.0277 0x12a4  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:18:32.0307 0x12a4  ql40xx - ok
18:18:32.0433 0x12a4  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
18:18:32.0502 0x12a4  QWAVE - ok
18:18:32.0604 0x12a4  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:18:32.0788 0x12a4  QWAVEdrv - ok
18:18:32.0827 0x12a4  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:18:32.0889 0x12a4  RasAcd - ok
18:18:32.0926 0x12a4  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
18:18:33.0202 0x12a4  RasAuto - ok
18:18:33.0597 0x12a4  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:18:33.0639 0x12a4  Rasl2tp - ok
18:18:33.0819 0x12a4  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
18:18:34.0092 0x12a4  RasMan - ok
18:18:34.0144 0x12a4  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:18:34.0196 0x12a4  RasPppoe - ok
18:18:34.0277 0x12a4  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:18:34.0365 0x12a4  RasSstp - ok
18:18:34.0484 0x12a4  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:18:34.0757 0x12a4  rdbss - ok
18:18:34.0823 0x12a4  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:18:34.0874 0x12a4  RDPCDD - ok
18:18:35.0020 0x12a4  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:18:35.0152 0x12a4  rdpdr - ok
18:18:35.0261 0x12a4  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:18:35.0392 0x12a4  RDPENCDD - ok
18:18:35.0563 0x12a4  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:18:35.0683 0x12a4  RDPWD - ok
18:18:35.0739 0x12a4  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:18:35.0773 0x12a4  RemoteAccess - ok
18:18:35.0909 0x12a4  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:18:36.0012 0x12a4  RemoteRegistry - ok
18:18:36.0063 0x12a4  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
18:18:36.0133 0x12a4  RpcLocator - ok
18:18:36.0218 0x12a4  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
18:18:36.0271 0x12a4  RpcSs - ok
18:18:36.0343 0x12a4  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:18:36.0435 0x12a4  rspndr - ok
18:18:36.0578 0x12a4  [ A1ADC7B4C074744662207DA6EDCDFBB0, 2FB2C3925F8FB4E060227E7972FC1C3E142BD70C5D1F11193D2176A3A36BD299 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
18:18:36.0693 0x12a4  RTL8169 - ok
18:18:36.0724 0x12a4  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
18:18:36.0738 0x12a4  SamSs - ok
18:18:37.0098 0x12a4  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:18:37.0113 0x12a4  sbp2port - ok
18:18:37.0176 0x12a4  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:18:37.0204 0x12a4  SCardSvr - ok
18:18:37.0253 0x12a4  [ E9BBD87AFD80DC1212ECD762858B45C7, B1B25B34E4ADBABB1CCC5BA2710EEA69797B4E116DD2FAA7E9F49C667BCA09CC ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
18:18:37.0270 0x12a4  SCDEmu - detected UnsignedFile.Multi.Generic ( 1 )
18:18:37.0779 0x12a4  Detect skipped due to KSN trusted
18:18:37.0779 0x12a4  SCDEmu - ok
18:18:38.0207 0x12a4  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
18:18:38.0469 0x12a4  Schedule - ok
18:18:38.0537 0x12a4  [ D2E07BE7F46585319B764E459BD052A1, 0D5FF56037D94D7966233909C7F6DA37DE106E5BCD12A580CEE814AD4E3A9C10 ] SCManager       C:\Program Files\SafeConnect\scManager.sys
18:18:38.0567 0x12a4  SCManager - ok
18:18:38.0636 0x12a4  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:18:38.0660 0x12a4  SCPolicySvc - ok
18:18:38.0815 0x12a4  [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
18:18:38.0870 0x12a4  sdbus - ok
18:18:38.0916 0x12a4  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:18:38.0968 0x12a4  SDRSVC - ok
18:18:39.0015 0x12a4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:18:39.0135 0x12a4  secdrv - ok
18:18:39.0153 0x12a4  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
18:18:39.0219 0x12a4  seclogon - ok
18:18:39.0252 0x12a4  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
18:18:39.0332 0x12a4  SENS - ok
18:18:39.0418 0x12a4  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:18:39.0542 0x12a4  Serenum - ok
18:18:39.0579 0x12a4  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
18:18:39.0680 0x12a4  Serial - ok
18:18:39.0753 0x12a4  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:18:39.0834 0x12a4  sermouse - ok
18:18:39.0931 0x12a4  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:18:40.0012 0x12a4  SessionEnv - ok
18:18:40.0068 0x12a4  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
18:18:40.0115 0x12a4  sffdisk - ok
18:18:40.0192 0x12a4  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:18:40.0271 0x12a4  sffp_mmc - ok
18:18:40.0319 0x12a4  [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
18:18:40.0354 0x12a4  sffp_sd - ok
18:18:40.0380 0x12a4  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:18:40.0483 0x12a4  sfloppy - ok
18:18:40.0751 0x12a4  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:18:40.0849 0x12a4  SharedAccess - ok
18:18:40.0983 0x12a4  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:18:41.0117 0x12a4  ShellHWDetection - ok
18:18:41.0158 0x12a4  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:18:41.0172 0x12a4  sisagp - ok
18:18:41.0230 0x12a4  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:18:41.0261 0x12a4  SiSRaid2 - ok
18:18:41.0294 0x12a4  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:18:41.0323 0x12a4  SiSRaid4 - ok
18:18:41.0452 0x12a4  [ CA355B308AA537C6B9D67CD3A5485AF9, 574072A3A52AF35F6293B082D5A4748CB4465CD0406A7E2AF6B5F86D94DE67AD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:18:41.0542 0x12a4  SkypeUpdate - ok
18:18:43.0607 0x12a4  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
18:18:44.0021 0x12a4  slsvc - ok
18:18:44.0101 0x12a4  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:18:44.0170 0x12a4  SLUINotify - ok
18:18:44.0196 0x12a4  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:18:44.0280 0x12a4  Smb - ok
18:18:44.0397 0x12a4  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:18:44.0621 0x12a4  SNMPTRAP - ok
18:18:44.0670 0x12a4  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:18:44.0683 0x12a4  spldr - ok
18:18:44.0775 0x12a4  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
18:18:45.0220 0x12a4  Spooler - ok
18:18:45.0231 0x12a4  sptd - ok
18:18:45.0565 0x12a4  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:18:45.0659 0x12a4  srv - ok
18:18:45.0800 0x12a4  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:18:46.0034 0x12a4  srv2 - ok
18:18:46.0079 0x12a4  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:18:46.0112 0x12a4  srvnet - ok
18:18:46.0170 0x12a4  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:18:46.0255 0x12a4  SSDPSRV - ok
18:18:46.0310 0x12a4  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:18:46.0331 0x12a4  SstpSvc - ok
18:18:46.0403 0x12a4  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
18:18:46.0501 0x12a4  stisvc - ok
18:18:46.0517 0x12a4  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:18:46.0522 0x12a4  swenum - ok
18:18:46.0676 0x12a4  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
18:18:46.0772 0x12a4  swprv - ok
18:18:46.0839 0x12a4  [ 327786C5D6BCF284FAB14C2B5751F514, BD15ED73BEED860711D414E31BE3853D580A5C10B6001F7102FD260397063D81 ] Swupdtmr        c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
18:18:46.0888 0x12a4  Swupdtmr - ok
18:18:46.0939 0x12a4  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:18:46.0953 0x12a4  Symc8xx - ok
18:18:46.0972 0x12a4  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:18:46.0986 0x12a4  Sym_hi - ok
18:18:47.0014 0x12a4  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:18:47.0047 0x12a4  Sym_u3 - ok
18:18:47.0113 0x12a4  [ 5EFCEDCF3DAF5C8D9E8B77A34A4EEC99, 4F9DFCBB1AAA1C6AD4123ECA4AF6A6F2334D9CED4D3D8945F45744DCDCD100A2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:18:47.0131 0x12a4  SynTP - ok
18:18:47.0558 0x12a4  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
18:18:47.0638 0x12a4  SysMain - ok
18:18:47.0723 0x12a4  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:18:47.0829 0x12a4  TabletInputService - ok
18:18:47.0871 0x12a4  [ 3B45D2674414D1F5400B9C452A7A293F, 7C6869387F0233F130BAFF4446859C1432460B33ABA027FB7C7DBDF124BBDEA3 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
18:18:47.0898 0x12a4  tap0901 - ok
18:18:48.0079 0x12a4  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:18:48.0184 0x12a4  TapiSrv - ok
18:18:48.0262 0x12a4  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
18:18:48.0355 0x12a4  TBS - ok
18:18:48.0943 0x12a4  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:18:49.0058 0x12a4  Tcpip - ok
18:18:49.0650 0x12a4  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:18:49.0800 0x12a4  Tcpip6 - ok
18:18:49.0895 0x12a4  [ 5877A786EF27E42C4E84D1356F922302, 1CDCC7D91086DC0FE80057EE8E1AE609A38DD9D241BC17145E7811C916E662C3 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:18:49.0977 0x12a4  tcpipreg - ok
18:18:50.0019 0x12a4  [ 1825BCEB47BF41C5A9F0E44DE82FC27A, 6E5F2654852060A61728686A1877A1EA93645EEED0D2612842D951B4E83750A3 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:18:50.0048 0x12a4  tdcmdpst - ok
18:18:50.0152 0x12a4  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:18:50.0267 0x12a4  TDPIPE - ok
18:18:50.0312 0x12a4  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:18:50.0399 0x12a4  TDTCP - ok
18:18:50.0506 0x12a4  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:18:50.0544 0x12a4  tdx - ok
18:18:50.0575 0x12a4  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:18:50.0590 0x12a4  TermDD - ok
18:18:50.0838 0x12a4  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
18:18:50.0981 0x12a4  TermService - ok
18:18:51.0028 0x12a4  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
18:18:51.0053 0x12a4  Themes - ok
18:18:51.0138 0x12a4  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:18:51.0170 0x12a4  THREADORDER - ok
18:18:51.0602 0x12a4  [ 28B7F973C36D157A7885B1AE42A4A2A9, BB8EEE9D38F1AFFF0E9667C9DBEB6E9C41AA099FACC7CEABAFE38C0612EAB724 ] tifm21          C:\Windows\system32\drivers\tifm21.sys
18:18:51.0662 0x12a4  tifm21 - ok
18:18:52.0174 0x12a4  [ DDD5D3EABE2E7310A3C15B60998F72E4, E2F65B38D91CB80BDF163382E564A59AD4DF7E0856CEE9F68692C26A6E28527D ] TNaviSrv        C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:18:52.0391 0x12a4  TNaviSrv - detected UnsignedFile.Multi.Generic ( 1 )
18:18:52.0586 0x12a4  Detect skipped due to KSN trusted
18:18:52.0586 0x12a4  TNaviSrv - ok
18:18:52.0813 0x12a4  [ D540858E65BFA6FDED41AD2495ECE344, DB85A860F4C07D1370F34AA7F39FAE5DF7E47C1BE65B4D39954FC37CA703A199 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
18:18:52.0818 0x12a4  TODDSrv - detected UnsignedFile.Multi.Generic ( 1 )
18:18:53.0251 0x12a4  Detect skipped due to KSN trusted
18:18:53.0251 0x12a4  TODDSrv - ok
18:18:53.0606 0x12a4  [ 6A54C28B53C6B50D333C8EE974C6B208, 695DC17A3D69718D1AE512C80357EBCB21C04A0035B9D065D6DA9B7DAEC76620 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
18:18:53.0693 0x12a4  TosCoSrv - ok
18:18:53.0779 0x12a4  [ 87843B2DA99051BC66E2D6C211E3D6A4, B75F3158449FDDCC86C6ACC58B0B3F3518EB623933624D8A975B8E2E378C04F9 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
18:18:53.0835 0x12a4  TOSHIBA Bluetooth Service - ok
18:18:53.0866 0x12a4  Tosrfcom - ok
18:18:54.0215 0x12a4  [ 1EA5F27C29405BF49799FECA77186DA9, 95C2DB739C7128919BBF373B0528D70C3EEC55846850A9D8423C57E21FE59141 ] tos_sps32       C:\Windows\system32\DRIVERS\tos_sps32.sys
18:18:54.0292 0x12a4  tos_sps32 - ok
18:18:54.0312 0x12a4  TpChoice - ok
18:18:54.0351 0x12a4  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
18:18:54.0409 0x12a4  TrkWks - ok
18:18:54.0512 0x12a4  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:18:54.0668 0x12a4  TrustedInstaller - ok
18:18:54.0836 0x12a4  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:18:55.0002 0x12a4  tssecsrv - ok
18:18:55.0062 0x12a4  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:18:55.0109 0x12a4  tunmp - ok
18:18:55.0181 0x12a4  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:18:55.0258 0x12a4  tunnel - ok
18:18:55.0319 0x12a4  [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:18:55.0331 0x12a4  TVALZ - ok
18:18:55.0472 0x12a4  tzwdewvx - ok
18:18:55.0585 0x12a4  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:18:55.0680 0x12a4  uagp35 - ok
18:18:55.0688 0x12a4  ubaqihrb - ok
18:18:55.0855 0x12a4  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:18:56.0092 0x12a4  udfs - ok
18:18:56.0292 0x12a4  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:18:56.0480 0x12a4  UI0Detect - ok
18:18:56.0542 0x12a4  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:18:56.0578 0x12a4  uliagpkx - ok
18:18:56.0637 0x12a4  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:18:56.0696 0x12a4  uliahci - ok
18:18:56.0724 0x12a4  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:18:56.0754 0x12a4  UlSata - ok
18:18:56.0791 0x12a4  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:18:56.0822 0x12a4  ulsata2 - ok
18:18:56.0980 0x12a4  [ 5A5BD0F66E84EB039CB227520D49908C, EB9932B1E10FD38956FC183FE127F10FC560423B98CC7B78D0C20395DE0CEDDE ] UltraMonUtility C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
18:18:56.0980 0x12a4  UltraMonUtility - ok
18:18:57.0138 0x12a4  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:18:57.0218 0x12a4  umbus - ok
18:18:57.0692 0x12a4  [ 8B802B483CBDE06F62DBC04DC7AFAF8E, 92E20096D2953DF8C4812EED2ED1A8AD1AF9CE20740B3ACDA33A1DC5B4D0E00B ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:18:57.0724 0x12a4  UMVPFSrv - ok
18:18:57.0858 0x12a4  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
18:18:57.0987 0x12a4  upnphost - ok
18:18:58.0081 0x12a4  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:18:58.0325 0x12a4  USBAAPL - ok
18:18:58.0396 0x12a4  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:18:58.0455 0x12a4  usbaudio - ok
18:18:58.0509 0x12a4  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:18:58.0586 0x12a4  usbccgp - ok
18:18:58.0713 0x12a4  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:18:58.0873 0x12a4  usbcir - ok
18:18:58.0966 0x12a4  [ 79E96C23A97CE7B8F14D310DA2DB0C9B, EB441D3B93965CD927E0C181031AD1082F59F9885BF35CABFDCA08C6C76B0DAF ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:18:59.0124 0x12a4  usbehci - ok
18:18:59.0194 0x12a4  [ 4673BBCB006AF60E7ABDDBE7A130BA42, 0B7DED0D887A3530AA5497FDBCB69389486FB9E2B6FAE3163E33713256D575BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:18:59.0284 0x12a4  usbhub - ok
18:18:59.0381 0x12a4  [ CE697FEE0D479290D89BEC80DFE793B7, D10F6BAD0467672CCE4F97C7F2E13437CE89AC754C895EAE05F0726B6DC617B1 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:18:59.0474 0x12a4  usbohci - ok
18:18:59.0555 0x12a4  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:18:59.0640 0x12a4  usbprint - ok
18:18:59.0758 0x12a4  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:18:59.0937 0x12a4  usbscan - ok
18:18:59.0997 0x12a4  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:00.0070 0x12a4  USBSTOR - ok
18:19:00.0097 0x12a4  [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:19:00.0152 0x12a4  usbuhci - ok
18:19:00.0547 0x12a4  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:19:00.0620 0x12a4  usbvideo - ok
18:19:00.0638 0x12a4  uwfoxwjp - ok
18:19:00.0761 0x12a4  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
18:19:00.0853 0x12a4  UxSms - ok
18:19:01.0230 0x12a4  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
18:19:01.0326 0x12a4  vds - ok
18:19:01.0368 0x12a4  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:01.0440 0x12a4  vga - ok
18:19:01.0500 0x12a4  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:19:01.0529 0x12a4  VgaSave - ok
18:19:01.0581 0x12a4  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:19:01.0636 0x12a4  viaagp - ok
18:19:01.0656 0x12a4  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:19:01.0736 0x12a4  ViaC7 - ok
18:19:01.0906 0x12a4  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:19:01.0970 0x12a4  viaide - ok
18:19:01.0978 0x12a4  VMnetAdapter - ok
18:19:02.0006 0x12a4  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:19:02.0042 0x12a4  volmgr - ok
18:19:02.0413 0x12a4  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:19:02.0495 0x12a4  volmgrx - ok
18:19:02.0645 0x12a4  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:19:02.0836 0x12a4  volsnap - ok
18:19:02.0905 0x12a4  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:19:02.0931 0x12a4  vsmraid - ok
18:19:03.0082 0x12a4  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
18:19:03.0201 0x12a4  VSS - ok
18:19:03.0264 0x12a4  vwyoogih - ok
18:19:03.0540 0x12a4  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
18:19:03.0634 0x12a4  W32Time - ok
18:19:03.0730 0x12a4  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:19:03.0854 0x12a4  WacomPen - ok
18:19:04.0003 0x12a4  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:19:04.0078 0x12a4  Wanarp - ok
18:19:04.0086 0x12a4  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:19:04.0112 0x12a4  Wanarpv6 - ok
18:19:04.0482 0x12a4  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:19:04.0560 0x12a4  wcncsvc - ok
18:19:04.0658 0x12a4  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:19:04.0723 0x12a4  WcsPlugInService - ok
18:19:04.0858 0x12a4  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
18:19:04.0989 0x12a4  Wd - ok
18:19:05.0502 0x12a4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:19:05.0581 0x12a4  Wdf01000 - ok
18:19:05.0649 0x12a4  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:19:05.0747 0x12a4  WdiServiceHost - ok
18:19:05.0755 0x12a4  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:19:05.0790 0x12a4  WdiSystemHost - ok
18:19:06.0050 0x12a4  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
18:19:06.0104 0x12a4  WebClient - ok
18:19:06.0218 0x12a4  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:19:06.0297 0x12a4  Wecsvc - ok
18:19:06.0325 0x12a4  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:19:06.0352 0x12a4  wercplsupport - ok
18:19:06.0466 0x12a4  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:19:06.0530 0x12a4  WerSvc - ok
18:19:06.0722 0x12a4  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:19:06.0825 0x12a4  WinDefend - ok
18:19:06.0840 0x12a4  WinHttpAutoProxySvc - ok
18:19:07.0555 0x12a4  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:19:07.0585 0x12a4  Winmgmt - ok
18:19:08.0345 0x12a4  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:19:08.0560 0x12a4  WinRM - ok
18:19:08.0983 0x12a4  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:19:09.0129 0x12a4  Wlansvc - ok
18:19:09.0162 0x12a4  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:19:09.0216 0x12a4  WmiAcpi - ok
18:19:09.0453 0x12a4  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:19:09.0617 0x12a4  wmiApSrv - ok
18:19:10.0215 0x12a4  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:19:10.0346 0x12a4  WMPNetworkSvc - ok
18:19:10.0459 0x12a4  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:19:10.0581 0x12a4  WPCSvc - ok
18:19:10.0709 0x12a4  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:19:10.0792 0x12a4  WPDBusEnum - ok
18:19:10.0926 0x12a4  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:19:10.0969 0x12a4  WpdUsb - ok
18:19:12.0347 0x12a4  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:19:12.0484 0x12a4  WPFFontCache_v0400 - ok
18:19:12.0557 0x12a4  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:19:12.0648 0x12a4  ws2ifsl - ok
18:19:12.0746 0x12a4  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
18:19:12.0781 0x12a4  wscsvc - ok
18:19:12.0789 0x12a4  WSearch - ok
18:19:13.0585 0x12a4  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:19:13.0838 0x12a4  wuauserv - ok
18:19:13.0988 0x12a4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:19:14.0073 0x12a4  WudfPf - ok
18:19:14.0147 0x12a4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:14.0222 0x12a4  WUDFRd - ok
18:19:14.0265 0x12a4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:19:14.0305 0x12a4  wudfsvc - ok
18:19:14.0336 0x12a4  ================ Scan global ===============================
18:19:14.0371 0x12a4  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
18:19:14.0481 0x12a4  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:19:14.0530 0x12a4  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:19:14.0601 0x12a4  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
18:19:14.0635 0x12a4  [ Global ] - ok
18:19:14.0638 0x12a4  ================ Scan MBR ==================================
18:19:14.0664 0x12a4  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:19:18.0246 0x12a4  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
18:19:18.0246 0x12a4  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:19:18.0551 0x12a4  ================ Scan VBR ==================================
18:19:18.0645 0x12a4  [ E9795C6F28B53DC3DB9F762D3E716820 ] \Device\Harddisk0\DR0\Partition1
18:19:18.0676 0x12a4  \Device\Harddisk0\DR0\Partition1 - ok
18:19:18.0677 0x12a4  Waiting for KSN requests completion. In queue: 244
18:19:19.0704 0x12a4  Win FW state via NFP2: enabled
18:19:19.0984 0x12a4  ============================================================
18:19:19.0984 0x12a4  Scan finished
18:19:19.0984 0x12a4  ============================================================
18:19:20.0004 0x129c  Detected object count: 1
18:19:20.0004 0x129c  Actual detected object count: 1
18:19:37.0907 0x129c  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:19:37.0907 0x129c  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
18:20:06.0426 0x11a4  Deinitialize success
 


#4 aksweeney

aksweeney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 27 February 2014 - 06:30 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Its Me (administrator) on ITSME-PC on 27-02-2014 18:22:30
Running from C:\Users\Its Me\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
( ) C:\Windows\system32\dlcgcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Impulse Point, LLC) C:\Program Files\SafeConnect\scManager.sys
() c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Impulse Point, LLC) C:\Program Files\SafeConnect\scClient.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Its Me\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [HWSetup] - \HWSetup.exe hwSetUP
HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0ENQBO] - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-1004063365-477754918-742943989-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1004063365-477754918-742943989-1000\...\Run: [Google Update] - C:\Users\Its Me\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-09-04] (Google Inc.)
HKU\S-1-5-21-1004063365-477754918-742943989-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-12] (Google Inc.)
HKU\S-1-5-21-1004063365-477754918-742943989-1000\...\Run: [Logitech Vid HD] - "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
HKU\S-1-5-21-1004063365-477754918-742943989-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1004063365-477754918-742943989-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1004063365-477754918-742943989-1000\...\Policies\Explorer: [DriveConfiguration] 0x93A4468A3213597B261EBEFAE37D20950D53E6A8DC03B7D4C54639AD577A1FB3633D62845F3BCE4F0C44C18C57A230EB7DA9EA8A738F216A857E26243DE874D8861BF06711156FE2F8997941D9824C59E65824087321BAB36F7A0BF25EE65A894665789B1049431A32456D828BC77FC78E871D8BA3608B95CA5F707F821ADAAEE9448387247E52E0016F25B5DB16CE1DBE5F5B7CCCF59BF9E0BADD33702FFB2FB8DF9895155CA51DAF3F2A445A1A4343BE086841B688F2C8F78BDB76F2CBC6F5FB5F3F2CAA8C43B782DF0395D078E521D6A9CC4429C099E85820F1B0CE9741E6FAEB00B4ACB6AB98C374381205DBBC9F4E6A0DEBED4597434B40A849CD3A76EBFCAC6496E48181A6B9295222C1E9D1A66D75B5A0C9C0F4BF171387A9B75C6DED4BC9F238179631CBAE23D82CCB4A2B1C7DEF4CE987D9B94606C0163854A72DD22D6B3303109D4CEEE88D529AECA7D2EBC40358D1ED37EDBF5E70DD5F6CC1BE83EBBAAD5F963DDBF6B08D48D3ECA8CFF98BD7631CC4839812684A6584C65228E9EADDEAB5701EE5CD4E4B433F93F429301993F415D364C2266C7735102B0373EB1AFD726B67E9725A0AF1CB46A834E877B8609423E48374E5B21ED56C637BA8701B41CBEB43468B852CA46650F59C15B5AE66C9AEBD87B6368168CEFE3663CF6219D27F9BCCDC3636FB8E9EC5402EB7D444CC1E1F27198E01237CA7306C63EEA85AD716E5C9547D55C0D7FA0D5238D6BBC2BA18DCEAE1062FDE84F669CC220F2A27791630045568CAC4A70290F3D67A52705A414ECE8625A6FBA51A111F4939D0C7E009E34388FE7E4C243FB7EAB0AC8195D120DD9BB1F34FC109C48F2D7F7582843376684F9547BAA37938E8016D73307B4A3DF2180979127AD86E4DBE6DCA28A49BE626F0234B3E10CC758CFEB6D84768EB21F30E37BED86C39A0B29ABB40AA703FE085EDDA131CDA467F0CAA32E2AEA5DC534AB2E2CA87E155E3268810DFF03048ECED1063A6D74A0EDDCECD8A994D7A465B5D85B3A6091F54BE115214B0E22CDD92C61F660C59A84D173C2F65050D2E51C296965259446E5DBADBBE71BA69ABA65B78E38A4E883C2AB6BD976C2FD40B240F5B4066EB2218985DED95CC056BF74DCE6C2478734E4DCE41B8CF461E8B57E8CA164A976589642F32AD9ED09AD256787408AAD88392246040979D9DF01B5BC47C2E7D8FCE639947BE84A322808411D0D3B53C51873B0A093CC1CA166C6A5FE1AC0BA1F32E97000B8BDA6A6DBF6B6F7C75DCA48B853345F1BC9E1E5BDB62AB66E2157E6E8E0DE1A020A0BD57606DBAA5E2E3A82F88611D3F489660142FEA867CA6B4DBA5F5AD843105A462886A743872A03411E595ADDC1B68115AE871E93A4B815081436B5F30E4C3E821A9E567330C3935A654B6FFE9AFA577D280A8490DFAFA5139EEF80B2EE1E14BC462DA2EF19A35503125F23F2B2086309184DCF148B29A1FC94EA599C751E734115A50B1BB451AEC78FF52554B9994A45F9B15C9329AE722F99B79F1405C5D0DD23A4FD7D8357270458BDC2A7140553C036D5CB915DB6BC393D07DFBE429CC3DCDA9DF8A9291C4465E719AA4E43D535E47A3B8A9379CAE685D42B7A0FAE1BC2CCB5009B22F82D5D58B5894ACEEB91673F1E53281E206377A210831C6C9ABB34293D7D435F82F788596E8D12BD5DC24E4CADAD1295C418E62A5CDF3579AB03BE7EFE549FC35C1E9BE45CB5907E2CD07179A2B9DCFED743B86B2370339B518DB83A5226EEF2E5F74E862A6342A5DB54776297F9E8ADFC7C6500FEE6B56620A1C7E7E374DF62A32A26BB3246B7A8EBB6A683E7FDD127864B827869B3394E9AE8440B1CCEEFA7361FAAF01EA04E1BC08FA54A3D3610B02709972DDE661DD912D9D31B98857E14F15051D13A30A4531C37FA41E22325BC316EF9BDD76FF18A4AFEFBAAA1492950776491BB3F58290339F7FBF781459EC047C44094EF4142C685B0041DF18A7FCE2AB5012A78876A90B26840D7953DDA40CCA1F24F807A903265A5B2F1E3B9C002ADDA26BB805ED78011D15F6E884C66D25290954A258E78425D385ED30257B882533C58CAE14F0E55C23BBE28E521D2E95C18901168F7097AFEF07E2DD7F4C7B1DD643DF515C86D8665FFC393463E9CEA5B927931A53B2240AD66A75ECF115C358EDA4EA6986B73965FA6363A05F32379D396B72774C94137FAF36102722E0471FA16EB7BD398BF0A21B75C89BEF0050C56BDE07F5231D4D56A3F11A54BBB4EFB91A2B0D161E0BE565EBBCD1ECBB5C01BF7407B85B8056B8D7D925FA3C639AA3707F62343CDD3E01F691BFE45D6A4D32C47F6EEE730A453D4A7A591AA7C3984B8AF99C94F71D2D2A9C36066AB4A4DCCB2BB29C12036AF4C5F6AD16E15DCCB9CF50AF60950F86DE49A0021ACCBA1310B4E235188AD4476B36249BE3B7254A02180ACA369F4BC25B474A1C8270375CF1D631316AC0AE4AB1791C6B4804C8C07D0C0071A61A7476AC0AE2ADE8C0F32A87175FCE1B1A581BCD772646CD300F8E319479CD396E524DD77CB0DC6F23B523DB60B633B2029C61CA178A54FBA4BF5C2699BF057603ADEDE684FCD2040046EFF49A7C89B7DF40C5ADB08FBC59C6A3D165011842E6414DFEE0090DB70DC16F37DAABFAF7B3180DEE80DC7EA770FF8296F5B5CDAC0F91FA29CEF52CB212CDF6A3967D78A62D17CB844BD29F3CC6B82352DE9E256A7B59C915B72FA1EB9C8CA3DA2FF63EBDAD434231140A3AA4E5574FAE29A36AA5B203996CA39FB48B32664085AD009365BB04399BE56C97065545CE52DDABE2843AF51CD39B2DADBA5DC3934B1982C1E8E0C27A6AC5E0FE8B9CEB68E502A0D7309D99CCF4A5C1D39FA40B66D57A640E07A3E5CB47BD4EB65B44B0E510A1698FD063557077CC436F638FA67FCAD88DC3518DD6F5DAD39E089DD5FB0C7AE5EE538D1293D204159BC92DA6FCA6D33BE727CB25FBC0CA11B83C79D536A6CC6A176A8F34BAB8418AB129267276A598AC59849EF3BDF3C07F849A19CEC87BADA4CC1EFD5032EBD9326ED7767AC843C032CB20F17F84586324EB69A2471953C678F5B500EF63337215B81A44467147F4D62545ED52B9B55C08D3F33FC991F6BEED7A78BF98B557B53C783CB85FC47ADB9F5039BAF3C2D3523325CA16DB982C3E0B43AF63D3902149AE9783FB4CD9A41E9532447FEA097AEEAECA534F0596BCEEDB38A213285C57D673FB3835951A8D64C0B4B064C0F571D780A8BA13CFF36F75644298F82081C298948EA28DC3EEFC5629BEC393FCED82B6B1A9FA8AC2170D7CAF47DB3942672A7F18370B2C5DBCBA9CD739C731265B73334AB45DDB656A5EAAC231B1FF177657E907DDB93AEBEE90DDD20B0269E8A60DF551B0292E405529A8A7E66372261710ED6A6AF5DEF6EB43C1231EBD60653618A5D187A7ADDC3E381D665038B9F7B01E3348C50740051B9EF1D1593F418A735CEACF201F7EC08F51B205B97AFD12AA4A62A9D63789A0E66815E4A3D232BEC5A16D5563D9C974AE3D0F8EDF6F65006E5A229585CDE14FB468D465E6BC5B8894AED66A381CB78105C4DB08D5611A4863161D15BA106F9BEDC1D75B0946E670484CCC1787326F6EFAADBF7C1F964372F048F8305D495C0BF92DC6CEF4B8F8FE4943F76338611AC3F7C262F1A55709067FB65EEF56C1CF28408248C68E5ABCBBFF5B005633F2F30963C96D6F4EEB948D7729F5588DBDF1782B2E054CC173572ED25B8FF8612DE8C7A58B87FF049C0B8F3F696576EB88EA8520F8A667754DF4E02B0D4B52A8595B8527D059A7AFB09792413E57B65669E1D788AAD320902EB9577037DD6BF1BF60CC505F8A7135705F20E47073EAB7A7FFF4CC0A337EFB5FCE1D0BA2ED4B25A820228802C3657F248CC090C66051F78B6B6652E16F899E285CBABE1622FB2A5AC312377FAC8A751445FBAD0AC78BFC5D4DB584F62E4961D08BB4DF5B2482EA1E7021C59FECE8FF87B357A4024FA1B065CF67C91319C72DA18295E9389CE84B3B4FD99B2A2C8706E8FD5EDB77A19AFAEA170688FED80AE8E16AE4E776323637FB89C11FE81370701A4C98BB30647EC1364D1A2B80121A7CD96A2A43DD8D7395A44661BAA14AAA27C9C88CACF74155EF8F9A291961C400CFD1ABEE643556A74D7FAD42D51C783D111B98C21792E0286B3E26BDBA6999C3CB1154B8B24634DA47D4E7EBD6224632185AE5C262CAE8FE1D8A185D7660356B56E08E1195D8D0156AEB1CF4277B5C9023CCD615F76701E0EDBD9892B50DEE015A88817F75B2D15FA00B73B62EEF615F19BB94423C31D5D5C31ED0E2DF396A8BBE4F548CBA9DE0C1D17D14E85546FDA7E46D46D19BF009E5CEF4E5D85CAC51146A7E30C0CC61A542E38A28020247DA716B2B154A7B6B4818218802F9942E4CA1465C3CA213C6C7EABF78D78D9FBB9DC4963C2936436B387779224DCFF087033C3A33A1BAF8D3EFC14D8F4810936AF1A94DEAA91D5DB881097709EEE1D67E1DEC2E498690E192C4D07519A413461C7C27787BBE85301ACCD704870EB7AFDD42BA0AE814AD3889EF1E205C121E2099E646FF38D1F82459C1E706E2D5DAE46A1CACB6567398634117B334A1BBBA89A8D80ECB6945FDA13C074367636AD1DBEE50CD1ADBCAD9CC82E5989B30C66EE913FA88C256071D0F8C47F30D52F624FE3089A41EC141F9D91401D43B515CC3A8A0F3BBCD46FEDED61128FDE2F7A05CB4FA6DB5AB4E017FF4BE126FFE4CA5402E186CB0D58351CB5F93536BCC9991006412A48DA7CC32F38449C072CB68C86DF4420C6DC053296910DA6F45B582F0987841D7B2FC81FCDEF07EB5E489EFEED230E87CFC77FFAE4252AD259184F8E6AC574FAE2D90B685C6A22296CD22273EF87BD06365E3CE07DD8ED61D5921B29BC56904D0054DB2F83601000E367D59E1662EC36AAEEB0A5DC22A1BFEA474AE366A1628E6421ABF7BB375DFC22682CCFEA4AF8939E176F9D77A9045717B657DE024C68297EDDE2336C76686BCA519CABE3B68EA77056EE59E8C261C1DE5DCFBC07AE1DB8C0C832753F93CBE85BB2A9949B2BFAECC23BA14D9805667ABEAC16EFFF4CFFB6CAAF013F7D15F4FE2719D82C6911E9CE14242CFB1F286F0C292FC1FC41AF8AAE0CC0D2F4CD838011ECE5ACD5E61EC7E5E6AEE5D4E2F207D0BE675563875C5B0907CC2C27A952D9CDEDA49C238A8911AEBA3A608D7FB8BD72DED145B828C9CD423C1FC16A991A7E7CD9E53A97DF174382EF6521675C82FC6D1AFC275CBE7E7DF42A4947100520FAB90215EC954C1FFA2D26ADAD04F2074119F3565ED3B0F0C9A942B811CA762CBB0D26C546BE6A299A27D08267E8E8AC2823E86E70BF98B75CAC260A65FC74945BE39851BD75A1BAA76D8D71E68598F81DF57AA2E172EE3883A734BEC81888DE39D6D769D55D9B59B708ADFABD5D9B519F191AA245996A0AFB150F339CC11B80F141747C02D8BF6D2D53B28B30F3587F280958DAF199B4951F6016076868B5230EDDFFE6EA69768B86D95BB205C968A75540A5BB99E2366D5D22D9A8CF81DE1AEEE6CDA8E092693B5FF3D9FD80524480834991D2931C280A50D7CAA616AF0EFF1E06743079E5FFE3255DEDCC551064814E9EADAE71AA01E286F9797DF242B03608A77E1C3AD6B3195351E7BCD8A6512963CA49ADBA1E4C8C6C02669ED6DF7A665B64586A97E71B44868A583DAF6682F38F27065ED0EB706E7C7D028728F7C5E672A793AA1599A10B1B61CFCD3DF382620D6F54405A84061F34D3EDD58ECE1B6CFAFBA0593850ECC3AE62BEEA08BFC7F21AFDC3E0BB8A860521A189086794F33030DB0F0674BF4704AC279622943DDC3A244CC5CE786168C6DF60547E4D1ED5F6C0C040206F374844810DE5F554E03790D5E6EA5815AB36BAAA9AD0C5A22E4C172745E4456C5B7919E9974EE0EF69529C9C56921C17CA78772FAB9E6D0B25BE17E0C65BC4008E51FB32571163C81BC5B3E4166D8903319C12EB2D1DE2ECB7B48F69DC274AD0626B4EF7C4EDFC5389F98D49A0DD3D4C9319444999CFA5CB36C7D44EF1C748305A0DABA65B25192636767F3970519768418951E77C34442B25508CECA1CC2DD4E7E187CA945758B4A3B510302F7B25FADF6F32214EDC4C9125E72FEF66A680E29E6F69D10B152983444DD6CA18AA7768BF234BA38C381D719B0423A3AAD6E93DD01FD85629BF0A26BA99396AF67FFA26835E24DAAED8356117300EC608EDA21B4F6B49D67AD588F3593FBE99D35C2CD8AE784423312D22C40CE357B2EB4B6A2F4EDA44BE78F9149DB2A9ECE8B9DF8DE3A2FA3039BDB7743EFF7684F6DC70AFDE61053F8A9E9A3B6A49503ABCD47AABDC035C6F7AAEF798165EF21D0E471DC1AD2844B0D766297C0DAFDB2EA2CDAE0516422758627F7E0D0EC04E8665D5836E1007414F016A2C64EC38934F170FFA0846E1E3918DC9AB417CA5146799E241F3AB706340B51524247A962102A615DF43D255098158F81FE3D48FFC271717EA00D416235C4EF1A0A95D2AFCEFBC69DE365D3E11CF50953C62CAE36E5B69C0EBF42E4B19F85B7A1D31F8799F7CE696675E2BEF84DF112B912CB441D35B0E77B86C1E91BF8B57290A5CD0F48120A1061B39D2EBEB29F725BEC0251DD3CC81C6EFD72D4C7CABCE88E8887B4E3A7178435A47E6D5BD358F0E05BB91F9E8264018E2B3E38DE9C02E1448535BC933E5D8D8B516EC2F6388555F068D8F4878EED6084180B1387F7EE255AA3BF707F6043F29AC05374B76A8C6935194719C0E8CCFFF7CCC26FEB62EA7B77EB0E18D094337D5CFB16CCC8F0D7F45478EFD6721867A690504C9532655EAD436308FCAD6395F4270AA0124E52CCBEF88DB672C5DB281FF6AB8FCD8388B081671596633F54CF2013F3D88E7419D58EC75F8537E01B7631D3E5755E065449C08B09A197ADEF4AC9C9C0A5875FCC592E69F6456BECFFB8A3CC07E592E450913256469CDE20BC6EB7F179F1473AF3BF64875ADC5710D8583E8B17C7AF4505F09E71D4C981C044A4B13224A3142B1671F9C99434437530BDCAB82002FE50F9CFCD84BBB8C7B40E528134CBA3375ABED6E1D6AA3377428E4F0FFA2780C72EB694883603C3FA25A2E1EDA075D8F8F172565F57A7C33AA07B76D4FA36285207C4A9952FB5D1603A89BABE1E2B2C9E15BB59C1F390CBD6B77E9AE36054E2E696A974BC18D9CC431C4A43BB55F48673F02047A1536F3391AE1F2302D38A96CC47EF5FC799759BE9F26DE6AEEED8CEBDAA2988C81E4BE2B4AEE679FAFBDF2C4DFF1DD17C5993269BE57B0A5D90F2EDC56B5E85FEFD2DC286DE5C0592815B8CAF52BC31A5013A55A01DFB1792E412C9D35A48A40A981CBA5167082D940D069F3A6753E90838731042C175741392784B2E9F6E4EB69620B25B7072BBC646E94B38676A606EA7453FC7F9718BA841195B206358ECC8A04192EE2223F5F2D50B79EF798AFE9EF5B8CA78EF78C31B99FEE2EFCE8FE4095D884350A5A264DE627412A8C6392B62CBD499D7C8118433432EC6E4079AA04176FCABC920771153942DFCAB75024F80D1A2947EAFC536B7E7B1F1473701863892A6B3A3BB2B6218133D2140AF6AD2C1AE29A462CA1B42702C904960854D00B5BB8C43249F45C1F788AC68AF9CFB1CED0B71AF93419B0E26BBD2B8761A05758276B84496F44D95B69B83B83F633C96CC8F839F573DCD03A03C7F25D31DB14C658D329C3FE1CC461EF3C9FB3A2DE1A625E3665AF7E63A89A856A078BDB7DAEF27470035688F493BF7398618E621EFB5C2AE22CABA63690904B13C987D1007C5904D2CF658264CDE0914C2F78C68712C6999C0D5EADDE2E97DF65BC45B4FC0366747BEC659CD5D961B2D86807329C371E34C4765CD7B2E93DBCD05E49E9C8DAA76DDBC8FB1AC05CBF72BD99BE58D6EEEF86EBF61AD66D46DE6DD43DF9021F78983B53038A9ECCBE5BFB7C43028BCF9096FA831B1D0C55CE166CF1C487703853B577A21A989B5384D28794E2785DDEC2C12A1A43D7FC14F56224A99089C6DC029BAD298C9992ED3690E187F684418D0BEA70220EC01CB3433E3F7C10547852EB973659C82218024A2DC3D5FDBAD972C27F772ADA8A02F93E2717E9C28C07359544CDC35BB68D3B3615C8FF768087F88CFCA9A5459A2F0F5CA948632594E60C9630BDF946B5DB74D090C54B74EF89CFB6C1EE8211CE550EFE05314B78C813A74044C7915474E5619AD0C8D5C6C71B231617C18B00E35F251DFE5B8BAB186CDD694795E27D0778D5D27CACF275ABD9249F85123EF3031D04177E84937A9524CAF015082BD0FC0A44200ADE1C01FC2846C9C05D2858CC131E532C490D57DCB0226D13BAC7D0A12E2EFBF1C8DCEC36AD0C2F200EB1B2ACE5F6597E2523D34F036648EA1A612CB53908DEC8199F94F9CBD7278AA3658103EA0EA2EA85A17D6692F90BFE936225A6DF6430F43CEEBCA3F94A5B66B7DE548FB3D9C807F6F0A6C5C36D3ED7D2556BD465C3AB1CAFB493C3D9E8235AC8669DAEB7EA214CF58BEFC9E93559FC43A55FEC80A99597ED3BEAE7D20327CD31A8DCCF8AA257201DEDC91168E3D5D263FC825D9478990C732EF26E765DC134A01F928090BB5237BC90C30AC6FB4B00BFA5638635D32DD0DDB87AF63B4A983770354F605E740AEA7E1F5E3487DE11EDB35A8414D92BBC8B8942C4ED954C053C4E8463CD687289BECED40B1D201ED31FEB665B37F2F4DD93026870D318E4B0B9877790463332D73B1B794A33243FF71DD463653E17B0F99DD593FF353AA6F345A799255943277BD60059ABF518B4065DEACC36C5BC02A8F27F4FC0828F05655C6B73C3851CE2D0160A0FA0F1521D7956AB2B39AD544C54477C1685596A728F64DF61DB3824D77C819505B9B674CEE89EA1EAEE53751093E338628E186190C9F4D01DDD10FF87F98F3DC656930B9AACAC4B95E56692D1D07C50CE7B5E18C2BD9DC9F2597E1176AFC560EC284568535DF624B69F453202B27931B4BD78D49AD2B62979D0FDEF26379AAAC17F1C322B7502A9C77C8DD745824077BFE517498B91E47B2EC40EFD09099577F0FB95D7457A6867331D8F06FCE8888F3A32B7CC07739F3B8BB32FCFB19E3C54F4FE50EC53E68DD993E2E725BB5DA7D4CE86B8F0B1104CF71B1EEEEB927F25DE4827DBD5B941E96D747D24D7E34A3504E721B94BFAC0741A4777BAB53E21685054E87518080501BF3F4CA6721746A68C1EA42732573CBB21BB4E11D11710FA67C5B0DB4792A87D3B5EC20DC8B9DB72D6DF7E913858BD78B9C11292B3AFD52290F5216CD91BB4A26E7D8DCFD06D613071A42175E271FB332F0365ABC18AD687487DBAB840F5B227C4F5F0447D847045E8F73D43B5255E811F2CA7CBAF1AAD8F1AB9DD3C13A31963DB72AA2724A19149A953128925055FD8F3075980C0E1B2A064541966C5C662ED1E5E1BD65A474CB23F4241C4C67487A13ADE1B49AB729E71D1B6EFC6DBBA372A1A12A5E082E7FB06174F5B74FE056E8071CB3DB4C33FC969DF7CD0EAD9F8BEB13B5B08C4330634BBDDC4C028403A6CDD24696120ACCBBBFEE9F06D31252CC2090E7194FFEF148249DF6D097D31761B4DCF33063BCC88EEB78DBC053851B0B9981010EAF21BA54C46B882AC42566AE228DEA29D54A709FA0A375A497EF4170DF4CC936B594D3B2B28D5B014D6036B6A14DF52A709C0C1369EF3359A6360D25795B083A683F8488766D37FEA46ED0A1B884DADB3D9AE415CB7CDF878944C74FEF1485C1D10B15FF9971E4C9D3357C96F09A62E3432D3FCB50FA3FD846FFB719CAE10A74F6DEEB3EA2032909E29F81BDCFF755EA8B3B675D7FB91CF2E75124A891295DFBE1A1F56E198ACF67D792293FDF037B9A1BAEA2F4E0213D7D73215827CC5447FD9A3DD5B6866D9F8ABCF8BA44A8279CD5FD6C39B8FC9B6C22F35699BC04C990222798B53F72165E1A98B87DF3B1C97F8F395F74D05A8D6F886EDA308FBFF20014929CDD3065ECD7C174BABA758252ED25D56D9A6583610F59EC9465C9CE365F78E33094B2E557D12557E6B9F1A32BAE02DB80F59EFD7D143A766C7F92E4FD74F9203B24ED7CBF13EE4924C1909DBA8AD0527FCBA4524B46D5124AC8115DAF083C53A7D308B18C66C553BC1B7AF66949344352659E09316DD2CB16866F7AB5E3EC835BEA2C0C2692527B7610D6399FB2D8B5E00BB5AB9950D9A6B802D4C375CDAFB93FB08016F65F3CCB5AE6CDEBC48E64B0130411BFEAE290AD198466C1588E2DFC3B6F2D5662952C4BF0E586963FA5803DD29AD9CD8C6DA2E71F5350FBC6ED1054376D5A55D3FBC90221572AC17ABFD2620613355EE637B55CB3B9B8FA28B4FDC91BF4AA99B25ABCF8D382E0F5DCA4052995B84FF962DE7215BEFCC744E4A99E64CF4AD6AC657AAC35EFB0D1B9CD1BBF9A68D14C26672980192665A46364959B2C3BB77516562342C25E272495B5EEA8E367A6576D5EE18770D53C77DF0E3F9C2A4885355DEB1D25A6072F0211FCE36A977A7E9657ADCE3123B1C96A3E4C714864DCFA3D0B8E2FFFE9D11293B60BC3AA338AA3316BBDB82439A453A30ACDF147E4E160B6A7A6237594A616FE0B485513997D5B5131F66708BA94244ACA218842B23DFDC7BA9BBF31AD6D856C991C634AD03DEF1E32C0A386AF6B82880787FEE1D4DA1A99CBD5CCDB3F0DDA04E6EFB3FAE0B0A7BFF58433461F10B68548211BCB549EFE5462BB111A4F70BFEF7C2A0FC9D2C0CA5D03A8E0EF126B08681556A7A93973F31F08B75897E77D1A54E3333D5FAD54A21FE29672A79064BF59F68E69228C403F22433067FA0E1C005CA17405657953752E1CB4B19EA2E3258274312ADF54EC2B869E8F07EACD35B72F405431833EA78CB1396C64F34FD0800816A8B2879961FF73D73A000F2BB088F4483A876005372FD1BF2555D3A01319166559C9C364860310CD9A1A123076BBD33F90D1A5D500
GroupPolicyUsers\S-1-5-21-1004063365-477754918-742943989-1010\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default
FF Homepage: www.fark.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Its Me\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Its Me\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Its Me\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Its Me\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Its Me\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll (CNN)
FF Plugin ProgramFiles/Appdata: C:\Users\Its Me\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Its Me\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Its Me\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\google - Copy.xml
FF Extension: Flashblock - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011-09-22]
FF Extension: Greasemonkey - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012-06-16]
FF Extension: Menu Editor - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2011-03-27]
FF Extension: No Name - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\CookiesIE@yahoo.com.xpi [2012-07-15]
FF Extension: Firebug - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\firebug@software.joehewitt.com.xpi [2011-12-26]
FF Extension: Restart Firefox - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\restart@restart.org.xpi [2012-06-08]
FF Extension: ShareMeNot - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\sharemenot@franziroesner.com.xpi [2011-09-27]
FF Extension: Stylish - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2011-12-22]
FF Extension: Adblock Plus - C:\Users\Its Me\AppData\Roaming\Mozilla\Firefox\Profiles\ppmc7flp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: hxxp://nytimes.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Its Me\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Its Me\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Its Me\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Turner Media Plugin 1.0.0.10) - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll (CNN)
CHR Plugin: (Abacast v2.1b3) - C:\Users\Its Me\AppData\Roaming\Mozilla\plugins\NPAbacheck.dll No File
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (WPI Detector 1.4) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Its Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Adblock Plus) - C:\Users\Its Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-01-31]
CHR Extension: (Google Search) - C:\Users\Its Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Tampermonkey) - C:\Users\Its Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-01-18]
CHR Extension: (New Tab Redirect!) - C:\Users\Its Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-01-16]
CHR Extension: (Netflix Enhancer) - C:\Users\Its Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\Its Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Its Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Its Me\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
S3 Apache2.2; C:\apache2\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)
S3 Apacheds; C:\Program Files\apacheds-1.0.2\bin\apacheds.exe [102400 2007-05-26] (Apache Software Foundation)
R2 dlcg_device; C:\Windows\system32\dlcgcoms.exe [537480 2006-12-08] ( )
S3 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks)
S2 gupdate1c98d3688abd71; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-12] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation)
S3 MySQL; C:\MySQL\my.ini [8887 2009-08-10] ()
S3 Network ConnectorService; C:\Program Files\Barracuda\Network Connector\bin\network-connectorserv.exe [43416 2010-05-18] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [287824 2012-09-12] (Microsoft Corporation)
S3 pgsql-8.3; C:\apache2\htdocs\bin\pg_ctl.exe [77824 2008-03-17] (PostgreSQL Global Development Group)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 SCManager; C:\Program Files\SafeConnect\scManager.sys [176520 2012-11-19] (Impulse Point, LLC)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [50256 2010-06-28] (ALWIL Software)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2007-12-10] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2007-12-10] (Sonic Solutions)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-03-12] (Juniper Networks)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2010-05-18] (The OpenVPN Project)
S1 tzwdewvx; C:\Windows\system32\drivers\tzwdewvx.sys [49088 2014-02-27] (Microsoft Corporation)
R2 UltraMonUtility; C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2008-11-14] (Realtime Soft Ltd)
S1 aeuufodf; \??\C:\Windows\system32\drivers\aeuufodf.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 blqvwcpk; \??\C:\Windows\system32\drivers\blqvwcpk.sys [X]
S3 catchme; \??\C:\Users\ITSME~1\AppData\Local\Temp\catchme.sys [X]
S1 cfbsbign; \??\C:\Windows\system32\drivers\cfbsbign.sys [X]
S1 czowflqj; \??\C:\Windows\system32\drivers\czowflqj.sys [X]
S1 dldfrcba; \??\C:\Windows\system32\drivers\dldfrcba.sys [X]
S1 dllezbou; \??\C:\Windows\system32\drivers\dllezbou.sys [X]
S1 fkzsukpc; \??\C:\Windows\system32\drivers\fkzsukpc.sys [X]
S1 gixaasll; \??\C:\Windows\system32\drivers\gixaasll.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kxrvzdez; \??\C:\Windows\system32\drivers\kxrvzdez.sys [X]
S1 lboyysxx; \??\C:\Windows\system32\drivers\lboyysxx.sys [X]
S1 lslbmnxb; \??\C:\Windows\system32\drivers\lslbmnxb.sys [X]
S1 lullxmrk; \??\C:\Windows\system32\drivers\lullxmrk.sys [X]
S1 MpKsl04a3606b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF10286-9FE2-4152-9D3C-66C221D4B28B}\MpKsl04a3606b.sys [X]
S1 MpKsl43972dcc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF10286-9FE2-4152-9D3C-66C221D4B28B}\MpKsl43972dcc.sys [X]
S1 MpKsl4d5fcd8c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF10286-9FE2-4152-9D3C-66C221D4B28B}\MpKsl4d5fcd8c.sys [X]
S1 MpKsl7939589f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF10286-9FE2-4152-9D3C-66C221D4B28B}\MpKsl7939589f.sys [X]
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 ochfmxiv; \??\C:\Windows\system32\drivers\ochfmxiv.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
S1 ubaqihrb; \??\C:\Windows\system32\drivers\ubaqihrb.sys [X]
S1 uwfoxwjp; \??\C:\Windows\system32\drivers\uwfoxwjp.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S1 vwyoogih; \??\C:\Windows\system32\drivers\vwyoogih.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-27 18:22 - 2014-02-27 18:23 - 00045372 _____ () C:\Users\Its Me\Downloads\FRST.txt
2014-02-27 18:22 - 2014-02-27 18:22 - 00000000 ____D () C:\FRST
2014-02-27 18:21 - 2014-02-27 18:21 - 02155520 _____ (Farbar) C:\Users\Its Me\Downloads\FRST64.exe
2014-02-27 18:21 - 2014-02-27 18:21 - 01143808 _____ (Farbar) C:\Users\Its Me\Downloads\FRST.exe
2014-02-27 18:17 - 2014-02-27 18:17 - 00049088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tzwdewvx.sys
2014-02-27 18:03 - 2014-02-27 18:03 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Its Me\Desktop\bmv.exe
2014-02-26 19:06 - 2014-02-26 19:06 - 00018521 _____ () C:\Users\Its Me\Desktop\post.txt
2014-02-26 18:57 - 2014-02-26 18:58 - 00017619 _____ () C:\Users\Its Me\Desktop\dds.txt
2014-02-26 18:57 - 2014-02-26 18:57 - 00013952 _____ () C:\Users\Its Me\Desktop\attach.txt
2014-02-26 18:49 - 2014-02-26 18:49 - 00688992 ____R (Swearware) C:\Users\Its Me\Downloads\dds.com
2014-02-26 18:05 - 2014-02-26 18:06 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Its Me\Downloads\mmm.exe
2014-02-26 17:30 - 2014-02-26 17:30 - 00000000 _____ () C:\Users\Its Me\Desktop\lko.log
2014-02-26 17:26 - 2014-02-26 17:26 - 00000000 _____ () C:\Users\Its Me\Desktop\lll.log
2014-02-26 17:25 - 2014-02-26 17:25 - 00000000 _____ () C:\Users\Its Me\Desktop\iop.log
2014-02-25 21:10 - 2014-02-25 21:10 - 00005043 _____ () C:\Users\Its Me\Desktop\jkl.log
2014-02-25 20:12 - 2014-02-25 20:12 - 00380416 _____ () C:\Users\Its Me\Desktop\d1tlgnzq.exe
2014-02-25 20:08 - 2014-02-25 20:08 - 00031029 _____ () C:\Users\Its Me\Desktop\sfcdetails.txt
2014-02-25 19:10 - 2014-02-25 19:10 - 00000000 ____D () C:\Windows\pss
2014-02-25 18:10 - 2014-02-25 19:35 - 00002805 _____ () C:\Users\Its Me\Desktop\safemode.txt
2014-02-22 11:22 - 2014-02-22 11:22 - 00000917 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 11:19 - 2014-02-22 11:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Its Me\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-22 11:13 - 2014-02-22 11:13 - 03274299 _____ (Malwarebytes Corporation ) C:\Users\Its Me\Downloads\Unconfirmed 479890.crdownload
2014-02-21 22:57 - 2014-02-21 23:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-21 22:42 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-21 22:42 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-21 22:42 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-21 22:42 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-21 22:42 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-21 22:42 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-21 22:42 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-21 22:41 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-21 22:41 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-21 22:41 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-21 22:41 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-21 22:41 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-21 22:41 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-21 22:41 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-21 22:41 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-21 22:41 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-21 20:49 - 2014-02-21 20:49 - 00380416 _____ () C:\Users\Its Me\Downloads\19zhj9en.exe
2014-02-20 20:28 - 2014-02-20 21:46 - 00000400 _____ () C:\Users\Its Me\Desktop\netflixsuggestions.txt
2014-02-12 07:52 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-02 15:56 - 2014-02-02 15:56 - 00334527 _____ () C:\Users\Its Me\Downloads\hot-vector-punk-girl-art.jpeg
2014-01-28 18:26 - 2014-01-28 18:26 - 00001675 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-28 18:20 - 2014-01-28 18:26 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-28 18:20 - 2014-01-28 18:26 - 00000000 ____D () C:\Program Files\iTunes
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
2014-02-27 18:23 - 2014-02-27 18:22 - 00045372 _____ () C:\Users\Its Me\Downloads\FRST.txt
2014-02-27 18:22 - 2014-02-27 18:22 - 00000000 ____D () C:\FRST
2014-02-27 18:21 - 2014-02-27 18:21 - 02155520 _____ (Farbar) C:\Users\Its Me\Downloads\FRST64.exe
2014-02-27 18:21 - 2014-02-27 18:21 - 01143808 _____ (Farbar) C:\Users\Its Me\Downloads\FRST.exe
2014-02-27 18:19 - 2008-04-29 17:45 - 01732486 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 18:17 - 2014-02-27 18:17 - 00049088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tzwdewvx.sys
2014-02-27 18:14 - 2009-06-30 19:21 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 18:14 - 2009-06-30 19:21 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 18:12 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 18:12 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 18:12 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 18:05 - 2011-02-05 14:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1010UA.job
2014-02-27 18:03 - 2014-02-27 18:03 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Its Me\Desktop\bmv.exe
2014-02-26 21:50 - 2009-06-30 09:28 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1000UA.job
2014-02-26 19:06 - 2014-02-26 19:06 - 00018521 _____ () C:\Users\Its Me\Desktop\post.txt
2014-02-26 18:58 - 2014-02-26 18:57 - 00017619 _____ () C:\Users\Its Me\Desktop\dds.txt
2014-02-26 18:57 - 2014-02-26 18:57 - 00013952 _____ () C:\Users\Its Me\Desktop\attach.txt
2014-02-26 18:49 - 2014-02-26 18:49 - 00688992 ____R (Swearware) C:\Users\Its Me\Downloads\dds.com
2014-02-26 18:06 - 2014-02-26 18:05 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Its Me\Downloads\mmm.exe
2014-02-26 17:41 - 2006-11-02 08:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 17:30 - 2014-02-26 17:30 - 00000000 _____ () C:\Users\Its Me\Desktop\lko.log
2014-02-26 17:26 - 2014-02-26 17:26 - 00000000 _____ () C:\Users\Its Me\Desktop\lll.log
2014-02-26 17:25 - 2014-02-26 17:25 - 00000000 _____ () C:\Users\Its Me\Desktop\iop.log
2014-02-25 21:10 - 2014-02-25 21:10 - 00005043 _____ () C:\Users\Its Me\Desktop\jkl.log
2014-02-25 20:12 - 2014-02-25 20:12 - 00380416 _____ () C:\Users\Its Me\Desktop\d1tlgnzq.exe
2014-02-25 20:08 - 2014-02-25 20:08 - 00031029 _____ () C:\Users\Its Me\Desktop\sfcdetails.txt
2014-02-25 19:35 - 2014-02-25 18:10 - 00002805 _____ () C:\Users\Its Me\Desktop\safemode.txt
2014-02-25 19:10 - 2014-02-25 19:10 - 00000000 ____D () C:\Windows\pss
2014-02-24 19:57 - 2011-08-03 01:02 - 00007944 _____ () C:\Users\Its Me\AppData\Local\d3d9caps.dat
2014-02-22 20:50 - 2009-06-30 09:28 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1000Core.job
2014-02-22 18:29 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-22 11:22 - 2014-02-22 11:22 - 00000917 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 11:22 - 2009-03-30 17:19 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 11:21 - 2014-02-22 11:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Its Me\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-22 11:13 - 2014-02-22 11:13 - 03274299 _____ (Malwarebytes Corporation ) C:\Users\Its Me\Downloads\Unconfirmed 479890.crdownload
2014-02-22 10:57 - 2011-03-31 20:04 - 00089811 _____ () C:\Windows\system32\lvcoinst.log
2014-02-22 09:53 - 2013-01-25 00:15 - 00002113 _____ () C:\Windows\epplauncher.mif
2014-02-22 09:41 - 2006-11-02 05:33 - 00757458 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-22 00:39 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-02-22 00:23 - 2006-11-02 07:47 - 03134096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-22 00:06 - 2007-08-16 13:00 - 00212398 _____ () C:\Windows\PFRO.log
2014-02-22 00:06 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-02-21 23:58 - 2008-09-04 15:09 - 00002058 _____ () C:\Users\Its Me\Desktop\Google Chrome.lnk
2014-02-21 23:54 - 2008-04-29 17:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 23:17 - 2010-03-29 14:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-21 23:03 - 2014-02-21 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-21 22:10 - 2006-11-02 07:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-21 21:05 - 2011-02-05 14:43 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1010Core.job
2014-02-21 20:49 - 2014-02-21 20:49 - 00380416 _____ () C:\Users\Its Me\Downloads\19zhj9en.exe
2014-02-20 21:46 - 2014-02-20 20:28 - 00000400 _____ () C:\Users\Its Me\Desktop\netflixsuggestions.txt
2014-02-13 23:49 - 2012-04-20 19:15 - 00001760 ____H () C:\Users\Its Me\Documents\Default.rdp
2014-02-07 17:35 - 2008-05-18 14:42 - 00000000 ____D () C:\Users\Its Me\AppData\Roaming\Mozilla
2014-02-05 03:58 - 2014-02-21 22:41 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:56 - 2014-02-21 22:41 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:53 - 2014-02-21 22:41 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:51 - 2014-02-21 22:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:50 - 2014-02-21 22:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:49 - 2014-02-21 22:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:49 - 2014-02-21 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:48 - 2014-02-21 22:42 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:48 - 2014-02-21 22:42 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:48 - 2014-02-21 22:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:48 - 2014-02-21 22:41 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:48 - 2014-02-21 22:41 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:47 - 2014-02-21 22:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:47 - 2014-02-21 22:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:47 - 2014-02-21 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:46 - 2014-02-21 22:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-02 15:56 - 2014-02-02 15:56 - 00334527 _____ () C:\Users\Its Me\Downloads\hot-vector-punk-girl-art.jpeg
2014-01-28 18:26 - 2014-01-28 18:26 - 00001675 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-28 18:26 - 2014-01-28 18:20 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-28 18:26 - 2014-01-28 18:20 - 00000000 ____D () C:\Program Files\iTunes
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D () C:\Program Files\iPod
2014-01-28 18:20 - 2008-05-18 16:19 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-28 18:00 - 2008-05-18 16:19 - 00000000 ____D () C:\ProgramData\Apple
2014-01-28 00:31 - 2011-06-25 16:41 - 00198656 _____ () C:\Users\Its Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some content of TEMP:
====================
C:\Users\Hallie\AppData\Local\temp\GUR7909.exe
C:\Users\Its Me\AppData\Local\temp\GUR45C7.exe
C:\Users\Its Me\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Its Me\AppData\Local\temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Its Me\AppData\Local\temp\JuniperSetupClientInstaller.exe
C:\Users\Its Me\AppData\Local\temp\npp.6.3.2.Installer.exe
C:\Users\Its Me\AppData\Local\temp\npp.6.5.1.Installer.exe
C:\Users\Its Me\AppData\Local\temp\npp.6.5.2.Installer.exe
C:\Users\Its Me\AppData\Local\temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Its Me\AppData\Local\temp\xmlUpdater.exe
C:\Users\Its Me\AppData\Local\temp\_is3800.exe
C:\Users\Its Me\AppData\Local\temp\_is4421.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-27 18:19
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by Its Me at 2014-02-27 18:24:57
Running from C:\Users\Its Me\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Active File Compare 2.0 beta 1 (HKLM\...\Active File Compare_is1) (Version:  - Formula Software, Inc.)
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.0.5 - LSoft Technologies)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS4 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (HKLM\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-en (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (HKLM\...\Adobe_5eba9bbdf1514a06b1a4c79a2920188) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (HKLM\...\Adobe_7774cb1e022c49962995a9014500066) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe OnLocation CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (HKLM\...\Adobe_6e02d32c7e5a9d9fc86bc91618cafda) (Version: 4 - Adobe Systems Incorporated)
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Agent Ransack 2010 (HKLM\...\Agent Ransack_is1) (Version:  - )
Alt.Binz 0.25.0 (HKLM\...\Alt.Binz) (Version: 0.25.0 - Rdl)
Apache HTTP Server 2.2.8 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.8 - Apache Software Foundation)
apacheds 1.0.2 (HKLM\...\apacheds_is1) (Version: 1.0.2 - Apache Directory Team)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}) (Version: 3.0.641.0 - ATI Technologies, Inc.)
AutoHotkey 1.0.48.05 (HKLM\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.14(T) - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2, 7, 0, 2 (HKLM\...\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}) (Version: 2, 7, 0, 2 - Jim Willsher)
CalorieKing Nutrition and Exercise Manager (remove only) (HKLM\...\CalorieKing Nutrition and Exercise Manager) (Version:  - )
CameraHelperMsi (Version: 13.25.1010.0 - Logitech) Hidden
Catalyst Control Center - Branding (HKLM\...\{22543949-70E8-45D0-A938-F38143EB8BF8}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0727.2307.39475 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0727.2307.39475 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Czech (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Danish (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Dutch (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help English (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Finnish (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help French (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help German (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Greek (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Italian (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Japanese (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Korean (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Polish (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Russian (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Spanish (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Swedish (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Thai (Version: 2007.0727.2306.39475 - ATI) Hidden
CCC Help Turkish (Version: 2007.0727.2306.39475 - ATI) Hidden
ccc-core-static (Version: 2007.0727.2307.39475 - ATI) Hidden
ccc-utility (Version: 2007.0727.2307.39475 - ATI) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.03 - TOSHIBA)
Combined Community Codec Pack 2008-09-21 16:18 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2008.09.21.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Dell AIO 810 (HKLM\...\Dell AIO 810) (Version:  - Dell, Inc.)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
DeskPins (remove only) (HKLM\...\DeskPins) (Version:  - )
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.6.1 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.8.2 - DivXNetworks, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
Egg Timer Plus v2.5 (HKLM\...\Egg Timer Plus v2.5_is1) (Version:  - Sardine Software)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla (remove only) (HKLM\...\FileZilla) (Version:  - )
FileZilla Client 3.7.1 (HKLM\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
FLVPlayer4Free Free FLV Player 3.8.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale)
FreshView (HKLM\...\FreshDevices - FreshView_is1) (Version:  - )
Geany 0.18 (HKLM\...\Geany) (Version: 0.18 - The Geany developer team)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Talk Plugin (HKLM\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version:  - )
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Juniper Networks Network Connect 7.1.15 (HKLM\...\Juniper Network Connect 7.1.15) (Version: 7.1.15.25271 - Juniper Networks)
Juniper Networks Network Connect 7.1.7 (HKLM\...\Juniper Network Connect 7.1.7) (Version: 7.1.7.20581 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.15.36013 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
K-Lite Codec Pack 7.9.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 7.9.0 - )
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (Version: 13.25.1016.0 - Logitech) Hidden
LWS Launcher (Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.25.1010.0 - Logitech) Hidden
LWS Twitter (Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.20.1166.0 - Logitech) Hidden
Machete 3.8 (HKLM\...\{3BE24392-35A7-4A84-AA82-EF53EFCA2AF8}) (Version: 3.8.22 - MacheteSoft)
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.1.0522.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
mIRC (HKLM\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
Mozilla Firefox 18.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 18.0.1 (x86 en-US)) (Version: 18.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multitrack Stopwatch (HKLM\...\Multitrack Stopwatch) (Version:  - )
MySQL Server 5.1 (HKLM\...\{0E2EE98E-17AE-4798-8F8C-64E49CA86D20}) (Version: 5.1.37 - MySQL AB)
MySQL Tools for 5.0 (HKLM\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
Napster Burn Engine (Version: 3.5.0000 - Roxio) Hidden
Nero ControlCenter (Version: 0.0.0.1 - Nero AG) Hidden
Nero Vision (Version: 0.0.0.1 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network Connector 2.1_rc20 (HKLM\...\Network Connector) (Version: 2.1_rc20 - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NuGet (HKLM\...\{A5630CB0-6D3C-4C93-9A51-03BEB835A982}) (Version: 1.2.103.0 - Microsoft Corporation)
Opera 9.64 (HKLM\...\{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}) (Version: 9.64 - Opera Software ASA)
Orbit Downloader (HKLM\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
Outlook 2007 HTML and CSS Validator (HKLM\...\{59152D0E-DDFE-4769-A746-776457091048}) (Version: 1.0.0 - Microsoft)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
pgAdmin III 1.8 (HKLM\...\{B4A52A73-B0B7-4BDA-BAED-83D054F63FAE}) (Version: 1.8 - The pgAdmin Development Team)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.1 - Google, Inc.)
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
PostgreSQL 8.3 (HKLM\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
Power Video Cutter 5.6 (HKLM\...\{D1839CE2-E7C6-4871-A7FB-ABC37432E99A}_is1) (Version:  - AML SOFT, Inc.)
PowerISO (HKLM\...\PowerISO) (Version:  - )
PTGui Pro 7.8 (HKLM\...\PTGui) (Version:  - New House Internet Services B.V.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RapidSVN-0.9.6 (HKLM\...\RapidSVN-0.9.6_is1) (Version:  - )
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
Riva FLV Player (HKLM\...\Riva FLV Player_is1) (Version: 1.0.0000 - Rothenberger & Partner)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeConnect (HKLM\...\SafeConnect) (Version:  - )
Skins (Version: 2007.0727.2307.39475 - ATI) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Subversion 1.4.6-r28521 (HKLM\...\Subversion_is1) (Version: 1.4.6-r28521 - CollabNet)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
TBS WMP Plug-in (HKLM\...\InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}) (Version: 1.00.676 - CNN)
TBS WMP Plug-in (Version: 1.00.676 - CNN) Hidden
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TortoiseHg-0.7.5 (HKLM\...\TortoiseHg_is1) (Version:  - TK Soh and others)
TortoiseOverlays (HKLM\...\{F18B31E4-E2E3-4F4F-A2C9-BA579D6AF400}) (Version: 1.0.11886 - TortoiseSVN)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.06 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.52.0.2C - TOSHIBA)
TOSHIBA Flash Cards Support Utility (Version: 1.52.0.2C - TOSHIBA) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.52.0.2C - TOSHIBA)
TOSHIBA Hardware Setup (Version: 1.52.0.2C - TOSHIBA) Hidden
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.52.0.2C - TOSHIBA)
TOSHIBA Supervisor Password (Version: 1.52.0.2C - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.0.28 - TOSHIBA Corporation) Hidden
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 wctiper (Version: 011.000.1512 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (Version: 011.000.2783 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0449 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0211 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2011 wwiiper (Version: 011.000.1499 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version:  - Intuit, Inc)
TurboTax 2012 wctiper (Version: 012.000.1346 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wmiiper (Version: 012.000.1409 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
Ultra Video Splitter 6.3.0309 (HKLM\...\Ultra Video Splitter_is1) (Version:  - Aone Software)
UltraISO Premium V9.0 (HKLM\...\UltraISO_is1) (Version:  - )
UltraMon (HKLM\...\{B49673F8-7AB6-4A14-8213-C8A7BE370010}) (Version: 3.0.10 - Realtime Soft Ltd)
Unlocker 1.8.7 (HKLM\...\Unlocker) (Version: 1.8.7 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Utility Common Driver (Version: 0.0.1.1C - TOSHIBA) Hidden
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Essentials Media Codec Pack 2.2c (HKLM\...\Windows Essentials Media Codec Pack) (Version: 2.2c - Media Codec)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.46-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinMerge 2.12.2 (HKLM\...\WinMerge_is1) (Version: 2.12.2 - Thingamahoochie Software)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 5.1.5 (HKLM\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)
WinTin++ (HKLM\...\{F4367109-9D3A-470C-8424-9E9B1361D8A6}) (Version: 2.00.9 - TinTin++ development team)
Xiph QuickTime Components (HKLM\...\XiphQT) (Version:  - )
XY Chart Labeler 7.1 (HKLM\...\XY Chart Labeler 7.1) (Version:  - )
YAMB (HKLM\...\YAMB) (Version:  - )
 
==================== Restore Points  =========================
 
26-02-2014 00:09:42 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 05:23 - 2013-08-22 19:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4144278E-CBF2-47F1-9AF1-D6CB232CD656} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4D476B2D-C1E3-4290-9F5A-92046B7EADF6} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {53216433-CFB9-4371-9473-4BAA31024BB1} - System32\Tasks\WECPUpdate => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25] (MediaCodec.Org)
Task: {60378EFC-8654-4B99-93D7-C4B14B6BD4CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12] (Google Inc.)
Task: {6B0D5654-B364-4074-96F9-C465F576FBD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12] (Google Inc.)
Task: {8FA5F0D1-402D-469D-82B5-855B9424C7EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1010Core => C:\Users\Hallie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {A9C15B25-80AA-4C41-BEF2-714E3F4CAFB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1000Core => C:\Users\Its Me\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04] (Google Inc.)
Task: {C5A281E6-637C-409F-8F10-6BF04AA74707} - System32\Tasks\Microsoft\Windows\RestartManager\{B8B85186-DA0B-4f63-9C83-523A350AD925} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {D7B608CD-847B-48F9-91D0-6CA4DF206F21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1000UA => C:\Users\Its Me\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04] (Google Inc.)
Task: {DE3794AF-204F-431C-B17A-E8051A93D722} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {DF68A08A-82C6-4CEE-8119-1F8989541063} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1010UA => C:\Users\Hallie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E873BA2B-581E-4043-AA40-B5F03E7BD666} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14] (Google)
Task: C:\Windows\Tasks\Google Software Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1000Core.job => C:\Users\Its Me\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1000UA.job => C:\Users\Its Me\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1010Core.job => C:\Users\Hallie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004063365-477754918-742943989-1010UA.job => C:\Users\Hallie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-06-01 12:54 - 2009-05-02 18:27 - 00022016 _____ () C:\Program Files\TortoiseHg\tortoisehg.dll
2009-06-01 12:54 - 2008-07-27 18:23 - 00098304 _____ () C:\Program Files\TortoiseHg\win32api.pyd
2009-06-01 12:54 - 2008-07-27 18:23 - 00114688 _____ () C:\Program Files\TortoiseHg\pywintypes25.dll
2009-06-01 12:54 - 2008-07-27 18:27 - 00339968 _____ () C:\Program Files\TortoiseHg\pythoncom25.dll
2009-06-01 12:54 - 2008-07-27 18:26 - 00012800 _____ () C:\Program Files\TortoiseHg\win32trace.pyd
2009-06-01 12:54 - 2008-07-27 18:29 - 00241664 _____ () C:\Program Files\TortoiseHg\win32com.shell.shell.pyd
2009-06-01 12:54 - 2008-07-27 18:24 - 00045056 _____ () C:\Program Files\TortoiseHg\win32process.pyd
2009-06-01 12:54 - 2008-07-27 18:24 - 00014848 _____ () C:\Program Files\TortoiseHg\win32event.pyd
2009-06-01 12:54 - 2008-07-27 18:30 - 00757760 _____ () C:\Program Files\TortoiseHg\win32ui.pyd
2009-06-01 12:54 - 2008-07-27 18:26 - 00163840 _____ () C:\Program Files\TortoiseHg\win32gui.pyd
2009-06-01 12:54 - 2009-05-02 18:27 - 00009216 _____ () C:\Program Files\TortoiseHg\mercurial.osutil.pyd
2009-06-01 12:54 - 2007-04-18 09:51 - 00475136 _____ () C:\Program Files\TortoiseHg\unicodedata.pyd
2009-06-01 12:54 - 2008-07-27 18:24 - 00102400 _____ () C:\Program Files\TortoiseHg\win32file.pyd
2009-06-01 12:54 - 2007-04-18 09:51 - 00077824 _____ () C:\Program Files\TortoiseHg\bz2.pyd
2009-06-01 12:54 - 2009-05-02 18:27 - 00009216 _____ () C:\Program Files\TortoiseHg\mercurial.bdiff.pyd
2009-06-01 12:54 - 2009-05-02 18:27 - 00008704 _____ () C:\Program Files\TortoiseHg\mercurial.mpatch.pyd
2009-06-01 12:54 - 2009-05-02 18:27 - 00010240 _____ () C:\Program Files\TortoiseHg\mercurial.parsers.pyd
2009-06-01 12:54 - 2007-04-18 09:52 - 00053248 _____ () C:\Program Files\TortoiseHg\_socket.pyd
2009-06-01 12:54 - 2007-04-18 09:52 - 00655360 _____ () C:\Program Files\TortoiseHg\_ssl.pyd
2009-06-01 12:54 - 2009-05-02 18:27 - 00007680 _____ () C:\Program Files\TortoiseHg\mercurial.base85.pyd
2009-06-01 12:54 - 2009-05-02 18:27 - 00007168 _____ () C:\Program Files\TortoiseHg\mercurial.diffhelpers.pyd
2009-06-01 12:54 - 2007-04-18 09:52 - 00323584 _____ () C:\Program Files\TortoiseHg\_hashlib.pyd
2009-06-01 12:54 - 2008-07-27 18:24 - 00077824 _____ () C:\Program Files\TortoiseHg\win32net.pyd
2013-06-18 15:08 - 2013-06-18 15:08 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-08-16 14:44 - 2007-01-25 19:47 - 00136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2007-08-16 14:44 - 2007-01-25 19:50 - 00063096 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2007-07-14 00:52 - 2007-07-14 00:52 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-05-31 12:12 - 2007-05-31 12:12 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-21 23:56 - 2014-02-19 20:02 - 00051016 _____ () C:\Users\Its Me\AppData\Local\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 23:56 - 2014-02-19 20:03 - 04060488 _____ () C:\Users\Its Me\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 23:56 - 2014-02-19 20:03 - 00394568 _____ () C:\Users\Its Me\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 23:56 - 2014-02-19 20:02 - 01647432 _____ () C:\Users\Its Me\AppData\Local\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows\system32\Drivers\tzwdewvx.sys:changelist
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\Windows\pss\Monitor Apache Servers.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupreg: AdobeUpdater => C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Its Me\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
MSCONFIG\startupreg: vmware-tray => C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter #6
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2014 08:49:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569
 
Error: (02/27/2014 08:49:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569
 
Error: (02/27/2014 08:49:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/26/2014 07:25:43 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0xaf4, application start time 0xExplorer.EXE0.
 
Error: (02/25/2014 09:10:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls.Resources,language="&#x2a;",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls.Resources,language="&#x2a;",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/25/2014 09:10:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls.Resources,language="&#x2a;",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls.Resources,language="&#x2a;",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/25/2014 08:37:14 PM) (Source: Application Error) (User: )
Description: Faulting application d1tlgnzq.exe, version 2.1.19357.0, time stamp 0x52e7ea83, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0006773c,
process id 0x6f8, application start time 0xd1tlgnzq.exe0.
 
Error: (02/25/2014 08:17:15 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (02/25/2014 07:47:18 PM) (Source: Application Hang) (User: )
Description: The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1538
Start Time: 01cf328c2820b0d9
Termination Time: 5
 
Error: (02/25/2014 06:50:50 PM) (Source: PostgreSQL) (User: )
Description: 2014-02-25 23:50:49 GMT FATAL:  bogus data in lock file "postmaster.pid": ""
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-27 18:23:41.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-27 18:23:40.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-27 18:23:39.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-27 18:23:39.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 21:46:31.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ITSME~1\AppData\Local\temp\tmp8AD3.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 21:45:46.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ITSME~1\AppData\Local\temp\tmp8AD3.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 21:45:01.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ITSME~1\AppData\Local\temp\tmp8AD3.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 21:44:16.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ITSME~1\AppData\Local\temp\tmp8AD3.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 20:33:13.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ITSME~1\AppData\Local\temp\tmp53F1.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 20:33:12.867
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ITSME~1\AppData\Local\temp\tmp53F0.tmp because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 54%
Total physical RAM: 2941.32 MB
Available physical RAM: 1339.11 MB
Total Pagefile: 5676.45 MB
Available Pagefile: 3955.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1874.97 MB
 
==================== Drives ================================
 
Drive c: (SQ004512V03) (Fixed) (Total:147.58 GB) (Free:2.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 25592117)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=148 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 28 February 2014 - 04:00 AM

Ok, let's get rid of the TDSS File System:


Start TDSSKiller.exe again with administrator privileges.
  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat TDSS File System (and only for that) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.


#6 aksweeney

aksweeney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 28 February 2014 - 09:17 AM

I ran TDSSkiller.exe and deleted the detected threat.  After rebooting I ran TDSSkiller.exe one last time and confirmed that it did not find the threat again.
 
However, at this point I also freshly updated MSE and ran a quick scan and it still found Win32/Aleuron.h
 
The details MSE gave about it is as follows:
 
file:C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.0.6001.18000_none_06cf4b56d5c130dc\RDPENCDD.sys
 
Any idea where this leaves us?  Additionally, from what I've read about TDDSkiller the monitor "turning off" doesn't seem to be a typical behavior.  Could this be something else that you're aware of?
 
Thanks for all of your assistance.
 
 
08:28:50.0887 0x168c  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
08:28:53.0741 0x168c  ============================================================
08:28:53.0741 0x168c  Current date / time: 2014/02/28 08:28:53.0741
08:28:53.0741 0x168c  SystemInfo:
08:28:53.0741 0x168c  
08:28:53.0741 0x168c  OS Version: 6.0.6002 ServicePack: 2.0
08:28:53.0741 0x168c  Product type: Workstation
08:28:53.0741 0x168c  ComputerName: ITSME-PC
08:28:53.0742 0x168c  UserName: Its Me
08:28:53.0742 0x168c  Windows directory: C:\Windows
08:28:53.0742 0x168c  System windows directory: C:\Windows
08:28:53.0742 0x168c  Processor architecture: Intel x86
08:28:53.0742 0x168c  Number of processors: 2
08:28:53.0742 0x168c  Page size: 0x1000
08:28:53.0742 0x168c  Boot type: Normal boot
08:28:53.0742 0x168c  ============================================================
08:28:59.0598 0x168c  KLMD registered as C:\Windows\system32\drivers\72012569.sys
08:28:59.0781 0x168c  System UUID: {2F10058A-52D4-DC12-4F45-A92071A5A672}
08:29:00.0796 0x168c  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:29:00.0799 0x168c  ============================================================
08:29:00.0799 0x168c  \Device\Harddisk0\DR0:
08:29:00.0799 0x168c  MBR partitions:
08:29:00.0799 0x168c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1272B000
08:29:00.0799 0x168c  ============================================================
08:29:01.0007 0x168c  C: <-> \Device\Harddisk0\DR0\Partition1
08:29:01.0007 0x168c  ============================================================
08:29:01.0008 0x168c  Initialize success
08:29:01.0008 0x168c  ============================================================
08:29:07.0594 0x16e8  ============================================================
08:29:07.0594 0x16e8  Scan started
08:29:07.0594 0x16e8  Mode: Manual; SigCheck; TDLFS; 
08:29:07.0594 0x16e8  ============================================================
08:29:07.0595 0x16e8  KSN ping started
08:29:07.0904 0x16e8  KSN ping finished: true
08:29:19.0981 0x16e8  ================ Scan system memory ========================
08:29:19.0981 0x16e8  System memory - ok
08:29:19.0982 0x16e8  ================ Scan services =============================
08:29:31.0587 0x16e8  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
08:29:31.0700 0x16e8  ACPI - ok
08:29:33.0268 0x16e8  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79, FBEE01F2FFDB6854F682B4BE91673462A146927DD333D3C4DE66E6B86D9ED8DB ] adfs            C:\Windows\system32\drivers\adfs.sys
08:29:33.0281 0x16e8  adfs - ok
08:29:35.0183 0x16e8  [ 57A3B9A69F14414ACE12AFD6BA701773, E17FD004315B666E3A880C987A83A2B6C6156C3D6E9550AAC6F686348F7CE7AC ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
08:29:35.0260 0x16e8  Adobe Version Cue CS4 - ok
08:29:35.0638 0x16e8  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:29:35.0727 0x16e8  AdobeARMservice - ok
08:29:36.0077 0x16e8  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:29:36.0249 0x16e8  adp94xx - ok
08:29:36.0305 0x16e8  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:29:36.0331 0x16e8  adpahci - ok
08:29:36.0389 0x16e8  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
08:29:36.0404 0x16e8  adpu160m - ok
08:29:36.0530 0x16e8  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:29:36.0549 0x16e8  adpu320 - ok
08:29:36.0606 0x16e8  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:29:36.0714 0x16e8  AeLookupSvc - ok
08:29:36.0752 0x16e8  aeuufodf - ok
08:29:36.0860 0x16e8  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
08:29:36.0948 0x16e8  AFD - ok
08:29:37.0502 0x16e8  [ 91637684AFBC847A563654C9B39A642C, 959F26F1118ED61BDDC9F4A0F2BF1BA9AEEFFCD5E591BFF04D3A21285F386AF0 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
08:29:37.0591 0x16e8  AffinegyService - ok
08:29:37.0644 0x16e8  [ 39E435C90C9C4F780FA0ED05CA3C3A1B, 0006CC8CBFB775CA9C4121B4DDC80560DE35CCBB276DEE7A9F5148743529758A ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
08:29:37.0733 0x16e8  AgereModemAudio - ok
08:29:38.0446 0x16e8  [ CE91B158FA490CF4C4D487A4130F4660, C343AEB125B15E6FC8428499E1C48390EF5073FACB0DC9BAB9040EFB170D04A5 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
08:29:38.0632 0x16e8  AgereSoftModem - ok
08:29:38.0672 0x16e8  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:29:38.0687 0x16e8  agp440 - ok
08:29:38.0728 0x16e8  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
08:29:38.0767 0x16e8  aic78xx - ok
08:29:38.0862 0x16e8  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
08:29:39.0037 0x16e8  ALG - ok
08:29:39.0077 0x16e8  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:29:39.0090 0x16e8  aliide - ok
08:29:39.0150 0x16e8  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:29:39.0164 0x16e8  amdagp - ok
08:29:39.0200 0x16e8  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:29:39.0232 0x16e8  amdide - ok
08:29:39.0276 0x16e8  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
08:29:39.0687 0x16e8  AmdK7 - ok
08:29:39.0804 0x16e8  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:29:39.0902 0x16e8  AmdK8 - ok
08:29:40.0007 0x16e8  [ 97ED5AA5FBAA105EF614B8C240B62BA1, DE826222F3067C24DE1C853F38AED8042E5C6F649EE7076093B55D8D5E46D4E6 ] Apache2.2       C:\apache2\bin\httpd.exe
08:29:40.0043 0x16e8  Apache2.2 - detected UnsignedFile.Multi.Generic ( 1 )
08:29:40.0397 0x16e8  Detect skipped due to KSN trusted
08:29:40.0397 0x16e8  Apache2.2 - ok
08:29:40.0621 0x16e8  [ C36FEE5D4834C7501C5C1FD105DDCEE4, D88A307014C480ED78C66186ABCADB6A8954C4329821B02F7F9A40EDD24C74B3 ] Apacheds        C:\Program Files\apacheds-1.0.2\bin\apacheds.exe
08:29:40.0687 0x16e8  Apacheds - detected UnsignedFile.Multi.Generic ( 1 )
08:29:43.0719 0x16e8  Detect skipped due to KSN trusted
08:29:43.0719 0x16e8  Apacheds - ok
08:29:44.0610 0x16e8  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
08:29:44.0676 0x16e8  Appinfo - ok
08:29:44.0745 0x16e8  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:29:44.0768 0x16e8  Apple Mobile Device - ok
08:29:44.0827 0x16e8  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
08:29:44.0842 0x16e8  arc - ok
08:29:44.0891 0x16e8  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:29:44.0906 0x16e8  arcsas - ok
08:29:46.0554 0x16e8  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:29:46.0609 0x16e8  aspnet_state - ok
08:29:46.0695 0x16e8  [ EFFC39A1EDF04E83A42279D9DAA696A7, 19BCF4C583AEFD4263411168191E80512C5F554159DAEA0E58EE88F16CE608F7 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
08:29:46.0712 0x16e8  aswMonFlt - ok
08:29:46.0750 0x16e8  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:29:46.0809 0x16e8  AsyncMac - ok
08:29:46.0866 0x16e8  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
08:29:46.0880 0x16e8  atapi - ok
08:29:47.0060 0x16e8  [ 8BE56F8300E1C37B578DA23C71816B7A, C214C8B070E60ED2C8144D875969DAB3B3999532AE0B7E8732813DCC0408826F ] athr            C:\Windows\system32\DRIVERS\athr.sys
08:29:47.0496 0x16e8  athr - ok
08:29:47.0608 0x16e8  [ 59991B5EC50E106634A16444594C305E, 6749C80A8D08DC1C4161EE3430BE1064ECDA9DDD6074EAAD636B94D96A4CC390 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
08:29:47.0735 0x16e8  Ati External Event Utility - ok
08:29:48.0538 0x16e8  [ FAB37C8E4B55235DE9055026561DCC7F, 8D38A91AA92831E7E20463197AC92751B3D70B9F97F18F12112EDA7587386F3F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:29:48.0838 0x16e8  atikmdag - ok
08:29:48.0864 0x16e8  [ 4AA1EB65481C392955939E735D27118B, 167F91B0F48C13FA4B976EAB2DC0B29C31A2A98E276B2BF80323E051D54934CB ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
08:29:48.0896 0x16e8  AtiPcie - ok
08:29:48.0984 0x16e8  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:29:49.0058 0x16e8  AudioEndpointBuilder - ok
08:29:49.0078 0x16e8  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:29:49.0114 0x16e8  Audiosrv - ok
08:29:49.0161 0x16e8  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:29:49.0206 0x16e8  Beep - ok
08:29:49.0313 0x16e8  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
08:29:49.0427 0x16e8  BFE - ok
08:29:49.0565 0x16e8  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\system32\qmgr.dll
08:29:49.0749 0x16e8  BITS - ok
08:29:49.0761 0x16e8  blbdrive - ok
08:29:49.0806 0x16e8  blqvwcpk - ok
08:29:49.0958 0x16e8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:29:50.0346 0x16e8  Bonjour Service - ok
08:29:50.0483 0x16e8  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:29:50.0521 0x16e8  bowser - ok
08:29:50.0564 0x16e8  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
08:29:50.0587 0x16e8  BrFiltLo - ok
08:29:50.0606 0x16e8  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
08:29:50.0648 0x16e8  BrFiltUp - ok
08:29:50.0700 0x16e8  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
08:29:50.0778 0x16e8  Browser - ok
08:29:50.0821 0x16e8  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
08:29:50.0932 0x16e8  Brserid - ok
08:29:51.0062 0x16e8  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
08:29:51.0191 0x16e8  BrSerWdm - ok
08:29:51.0520 0x16e8  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
08:29:51.0601 0x16e8  BrUsbMdm - ok
08:29:51.0897 0x16e8  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
08:29:52.0019 0x16e8  BrUsbSer - ok
08:29:52.0071 0x16e8  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:29:52.0127 0x16e8  BTHMODEM - ok
08:29:54.0699 0x16e8  catchme - ok
08:29:54.0764 0x16e8  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:29:54.0834 0x16e8  cdfs - ok
08:29:54.0913 0x16e8  [ D3BA7BF8ACE02CC8AFF8410CB0729898, 05DB3F5516476352AF079032198DC57B625387465611AD39A5F9ED18952D3EBB ] Cdr4_xp         C:\Windows\system32\drivers\Cdr4_xp.sys
08:29:54.0924 0x16e8  Cdr4_xp - ok
08:29:54.0982 0x16e8  [ 5AFC3B4D53788FF23C171C87E1C20747, B2EB4BB40FA4DB15713B06B1FCAB820476101C92A9A596643418AD5470109823 ] Cdralw2k        C:\Windows\system32\drivers\Cdralw2k.sys
08:29:54.0993 0x16e8  Cdralw2k - ok
08:29:55.0033 0x16e8  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:29:55.0084 0x16e8  cdrom - ok
08:29:55.0156 0x16e8  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
08:29:55.0223 0x16e8  CertPropSvc - ok
08:29:55.0270 0x16e8  cfbsbign - ok
08:29:55.0841 0x16e8  [ C82162949BBA6CC5D006C7BD008F3CF1, 635E5B5C5AF3ACECA6115DAC8E576390B258C6590EE9727DB6FA68B13FD85297 ] CFSvcs          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
08:29:55.0877 0x16e8  CFSvcs - detected UnsignedFile.Multi.Generic ( 1 )
08:29:56.0476 0x16e8  Detect skipped due to KSN trusted
08:29:56.0476 0x16e8  CFSvcs - ok
08:29:56.0576 0x16e8  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
08:29:56.0964 0x16e8  circlass - ok
08:29:57.0229 0x16e8  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
08:29:57.0276 0x16e8  CLFS - ok
08:29:58.0037 0x16e8  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:29:58.0236 0x16e8  clr_optimization_v2.0.50727_32 - ok
08:29:59.0525 0x16e8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:29:59.0638 0x16e8  clr_optimization_v4.0.30319_32 - ok
08:29:59.0728 0x16e8  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:29:59.0804 0x16e8  CmBatt - ok
08:29:59.0936 0x16e8  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:30:00.0033 0x16e8  cmdide - ok
08:30:00.0150 0x16e8  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:30:00.0163 0x16e8  Compbatt - ok
08:30:00.0172 0x16e8  COMSysApp - ok
08:30:00.0190 0x16e8  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:30:00.0204 0x16e8  crcdisk - ok
08:30:00.0347 0x16e8  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
08:30:00.0451 0x16e8  Crusoe - ok
08:30:00.0549 0x16e8  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:30:00.0631 0x16e8  CryptSvc - ok
08:30:00.0656 0x16e8  czowflqj - ok
08:30:00.0893 0x16e8  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:30:01.0002 0x16e8  DcomLaunch - ok
08:30:01.0055 0x16e8  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:30:01.0158 0x16e8  DfsC - ok
08:30:01.0446 0x16e8  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
08:30:01.0815 0x16e8  DFSR - ok
08:30:01.0912 0x16e8  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
08:30:02.0026 0x16e8  Dhcp - ok
08:30:02.0071 0x16e8  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
08:30:02.0086 0x16e8  disk - ok
08:30:02.0131 0x16e8  dlcg_device - ok
08:30:02.0141 0x16e8  dldfrcba - ok
08:30:02.0162 0x16e8  dllezbou - ok
08:30:02.0229 0x16e8  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:30:02.0312 0x16e8  Dnscache - ok
08:30:02.0401 0x16e8  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
08:30:02.0456 0x16e8  dot3svc - ok
08:30:02.0497 0x16e8  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
08:30:02.0534 0x16e8  DPS - ok
08:30:02.0631 0x16e8  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:30:02.0723 0x16e8  drmkaud - ok
08:30:02.0765 0x16e8  [ E6B6DD5A355C432045219FAD8512FB70, 53F7531AB358139EB7D06B3B0B5B3008C7333C32DC01F0A8B76B43C68831157E ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
08:30:02.0835 0x16e8  dsNcAdpt - ok
08:30:03.0123 0x16e8  [ A1E9235DBA771601CFF84E343EF390AE, BB2246367A3FEF789F22B12C87FAA7DF9316A2FCB6C478488505090FD48E1034 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
08:30:03.0344 0x16e8  dsNcService - ok
08:30:03.0858 0x16e8  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:30:04.0016 0x16e8  DXGKrnl - ok
08:30:04.0131 0x16e8  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
08:30:04.0213 0x16e8  E1G60 - ok
08:30:04.0362 0x16e8  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
08:30:04.0515 0x16e8  EapHost - ok
08:30:04.0623 0x16e8  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
08:30:04.0675 0x16e8  Ecache - ok
08:30:05.0205 0x16e8  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:30:05.0514 0x16e8  ehRecvr - ok
08:30:05.0601 0x16e8  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
08:30:05.0800 0x16e8  ehSched - ok
08:30:05.0817 0x16e8  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
08:30:05.0839 0x16e8  ehstart - ok
08:30:05.0894 0x16e8  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:30:05.0921 0x16e8  elxstor - ok
08:30:06.0250 0x16e8  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
08:30:06.0525 0x16e8  EMDMgmt - ok
08:30:06.0615 0x16e8  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
08:30:06.0667 0x16e8  EventSystem - ok
08:30:06.0749 0x16e8  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:30:06.0887 0x16e8  exfat - ok
08:30:07.0000 0x16e8  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:30:07.0141 0x16e8  fastfat - ok
08:30:07.0289 0x16e8  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:30:07.0355 0x16e8  fdc - ok
08:30:07.0440 0x16e8  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
08:30:07.0695 0x16e8  fdPHost - ok
08:30:07.0807 0x16e8  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:30:08.0084 0x16e8  FDResPub - ok
08:30:08.0157 0x16e8  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:30:08.0181 0x16e8  FileInfo - ok
08:30:08.0260 0x16e8  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:30:08.0488 0x16e8  Filetrace - ok
08:30:08.0497 0x16e8  fkzsukpc - ok
08:30:08.0897 0x16e8  [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:30:08.0996 0x16e8  FLEXnet Licensing Service - ok
08:30:09.0042 0x16e8  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:30:09.0119 0x16e8  flpydisk - ok
08:30:09.0402 0x16e8  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:30:09.0425 0x16e8  FltMgr - ok
08:30:09.0670 0x16e8  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
08:30:09.0990 0x16e8  FontCache - ok
08:30:10.0150 0x16e8  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:30:10.0163 0x16e8  FontCache3.0.0.0 - ok
08:30:10.0452 0x16e8  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:30:10.0534 0x16e8  Fs_Rec - ok
08:30:10.0601 0x16e8  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:30:10.0658 0x16e8  gagp30kx - ok
08:30:10.0740 0x16e8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
08:30:10.0751 0x16e8  GEARAspiWDM - ok
08:30:10.0832 0x16e8  gixaasll - ok
08:30:11.0180 0x16e8  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
08:30:11.0309 0x16e8  gpsvc - ok
08:30:11.0880 0x16e8  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate1c98d3688abd71 C:\Program Files\Google\Update\GoogleUpdate.exe
08:30:12.0120 0x16e8  gupdate1c98d3688abd71 - ok
08:30:12.0174 0x16e8  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:30:12.0188 0x16e8  gupdatem - ok
08:30:12.0294 0x16e8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:30:12.0313 0x16e8  gusvc - ok
08:30:12.0423 0x16e8  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:30:12.0531 0x16e8  HdAudAddService - ok
08:30:12.0569 0x16e8  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:30:12.0679 0x16e8  HDAudBus - ok
08:30:12.0779 0x16e8  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:30:13.0031 0x16e8  HidBth - ok
08:30:13.0325 0x16e8  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:30:13.0421 0x16e8  HidIr - ok
08:30:13.0695 0x16e8  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
08:30:13.0730 0x16e8  hidserv - ok
08:30:13.0849 0x16e8  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:30:14.0090 0x16e8  HidUsb - ok
08:30:14.0182 0x16e8  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:30:14.0236 0x16e8  hkmsvc - ok
08:30:14.0285 0x16e8  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
08:30:14.0344 0x16e8  HpCISSs - ok
08:30:14.0418 0x16e8  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:30:14.0520 0x16e8  HTTP - ok
08:30:14.0566 0x16e8  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
08:30:14.0580 0x16e8  i2omp - ok
08:30:14.0653 0x16e8  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:30:14.0684 0x16e8  i8042prt - ok
08:30:14.0797 0x16e8  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
08:30:14.0976 0x16e8  iaStorV - ok
08:30:15.0193 0x16e8  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:30:15.0465 0x16e8  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
08:30:15.0873 0x16e8  Detect skipped due to KSN trusted
08:30:15.0873 0x16e8  IDriverT - ok
08:30:16.0520 0x16e8  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:30:16.0644 0x16e8  idsvc - ok
08:30:16.0674 0x16e8  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:30:16.0723 0x16e8  iirsp - ok
08:30:16.0835 0x16e8  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:30:17.0396 0x16e8  IKEEXT - ok
08:30:18.0291 0x16e8  [ 6F62BAFE6150F3952F877051C65786FE, 331E16BF61AC77592CCB02237C807E1B1E7253EB7EF70FC4EBACEFACB72903A3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:30:18.0708 0x16e8  IntcAzAudAddService - ok
08:30:18.0752 0x16e8  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:30:18.0778 0x16e8  intelide - ok
08:30:18.0838 0x16e8  [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:30:18.0904 0x16e8  intelppm - ok
08:30:19.0454 0x16e8  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:30:19.0464 0x16e8  IntuitUpdateServiceV4 - ok
08:30:19.0536 0x16e8  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:30:19.0594 0x16e8  IPBusEnum - ok
08:30:19.0685 0x16e8  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:30:19.0732 0x16e8  IpFilterDriver - ok
08:30:19.0890 0x16e8  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:30:19.0967 0x16e8  iphlpsvc - ok
08:30:19.0980 0x16e8  IpInIp - ok
08:30:20.0036 0x16e8  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
08:30:20.0139 0x16e8  IPMIDRV - ok
08:30:20.0208 0x16e8  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
08:30:20.0277 0x16e8  IPNAT - ok
08:30:20.0423 0x16e8  [ 9AE882A67F019CF30E8C9D7D60B05DDA, FB5D71F94529F37C8B45A5B4FBD15C66AECBFABB7E51C3B9BF63AEAFBE89F8BC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:30:20.0552 0x16e8  iPod Service - ok
08:30:20.0777 0x16e8  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:30:20.0871 0x16e8  IRENUM - ok
08:30:20.0956 0x16e8  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:30:20.0964 0x16e8  isapnp - ok
08:30:21.0298 0x16e8  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:30:21.0318 0x16e8  iScsiPrt - ok
08:30:21.0352 0x16e8  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
08:30:21.0391 0x16e8  iteatapi - ok
08:30:21.0456 0x16e8  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
08:30:21.0469 0x16e8  iteraid - ok
08:30:21.0567 0x16e8  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:30:21.0581 0x16e8  kbdclass - ok
08:30:21.0673 0x16e8  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:30:21.0704 0x16e8  kbdhid - ok
08:30:21.0754 0x16e8  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
08:30:21.0798 0x16e8  KeyIso - ok
08:30:21.0864 0x16e8  [ E8CA038F51F7761BD6E3A3B0B8014263, CC168838CB56776DC728869278A9F3CCEC215D5AFBE9ACD32D09D0971501EAAF ] KR10I           C:\Windows\system32\drivers\kr10i.sys
08:30:21.0944 0x16e8  KR10I - ok
08:30:22.0052 0x16e8  [ 6A4ADB9186DD0E114E623DAF57E42B31, AECE2412890B1716F5E22ECC62EC09AF4DDD66A642D7B7DC892730D472B7FEAF ] KR10N           C:\Windows\system32\drivers\kr10n.sys
08:30:22.0109 0x16e8  KR10N - ok
08:30:22.0297 0x16e8  [ 485E005CD51FF502FB16483EB4B69C17, 8294524C21C18BA5A32B926BD497C67A4ED49FB3654C93D11681C01D30769998 ] KR3NPXP         C:\Windows\system32\drivers\kr3npxp.sys
08:30:22.0371 0x16e8  KR3NPXP - detected UnsignedFile.Multi.Generic ( 1 )
08:30:22.0833 0x16e8  Detect skipped due to KSN trusted
08:30:22.0833 0x16e8  KR3NPXP - ok
08:30:23.0108 0x16e8  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:30:23.0191 0x16e8  KSecDD - ok
08:30:23.0298 0x16e8  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:30:23.0385 0x16e8  KtmRm - ok
08:30:23.0449 0x16e8  kxrvzdez - ok
08:30:23.0516 0x16e8  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
08:30:23.0643 0x16e8  LanmanServer - ok
08:30:23.0751 0x16e8  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:30:23.0850 0x16e8  LanmanWorkstation - ok
08:30:23.0858 0x16e8  lboyysxx - ok
08:30:23.0930 0x16e8  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:30:23.0991 0x16e8  lltdio - ok
08:30:24.0153 0x16e8  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:30:24.0272 0x16e8  lltdsvc - ok
08:30:24.0406 0x16e8  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:30:24.0460 0x16e8  lmhosts - ok
08:30:24.0533 0x16e8  [ 515FC18CABEE0158A324B08B1C2667CF, E044C731C795EB27E85DDD09F574D7002BC230D6341340078655892CAB3BA2E6 ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
08:30:24.0561 0x16e8  LPCFilter - ok
08:30:24.0647 0x16e8  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:30:24.0685 0x16e8  LSI_FC - ok
08:30:24.0705 0x16e8  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:30:24.0721 0x16e8  LSI_SAS - ok
08:30:24.0750 0x16e8  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:30:24.0783 0x16e8  LSI_SCSI - ok
08:30:24.0791 0x16e8  lslbmnxb - ok
08:30:24.0840 0x16e8  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:30:24.0889 0x16e8  luafv - ok
08:30:24.0897 0x16e8  lullxmrk - ok
08:30:24.0998 0x16e8  [ AF280405C10F0D20F37670B7432E5C2F, 89EDF1B686CA6FE2516A5771AD80D6E8A6B022BA3D31E7988C2D2078CE45BEBA ] lvpopflt        C:\Windows\system32\DRIVERS\lvpopflt.sys
08:30:25.0030 0x16e8  lvpopflt - ok
08:30:25.0108 0x16e8  [ B6E1CCD6572984ADCAE68439AFD07011, AA9DECB7BDB7425F2CAAE0A161835E8DA23D2D48DE473CB28FBE87680104CE7A ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
08:30:25.0155 0x16e8  LVRS - ok
08:30:27.0149 0x16e8  [ 6C42815DD57E397F0CD988304B5EB4B3, 43706495D0EB4685B05BB13AEC02883F87C1897EF03208C587A4E6A0EF5C83F0 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
08:30:28.0579 0x16e8  LVUVC - ok
08:30:28.0659 0x16e8  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
08:30:28.0672 0x16e8  MBAMProtector - ok
08:30:28.0796 0x16e8  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:30:28.0831 0x16e8  MBAMScheduler - ok
08:30:28.0936 0x16e8  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:30:28.0984 0x16e8  MBAMService - ok
08:30:29.0042 0x16e8  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:30:29.0096 0x16e8  Mcx2Svc - ok
08:30:29.0135 0x16e8  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
08:30:29.0148 0x16e8  megasas - ok
08:30:29.0278 0x16e8  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:30:29.0329 0x16e8  Microsoft Office Groove Audit Service - ok
08:30:29.0358 0x16e8  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
08:30:29.0454 0x16e8  MMCSS - ok
08:30:29.0535 0x16e8  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
08:30:29.0592 0x16e8  Modem - ok
08:30:29.0670 0x16e8  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:30:29.0743 0x16e8  monitor - ok
08:30:29.0806 0x16e8  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:30:29.0820 0x16e8  mouclass - ok
08:30:29.0884 0x16e8  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:30:29.0930 0x16e8  mouhid - ok
08:30:29.0959 0x16e8  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
08:30:29.0975 0x16e8  MountMgr - ok
08:30:30.0080 0x16e8  [ E05FD9D5854A26A13D7F138F02BF2420, 89A6D90B8DB65565C1DAF9A1584C68989A1F4937D705182DA6E3B72E14A30DEA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:30:30.0112 0x16e8  MozillaMaintenance - ok
08:30:30.0172 0x16e8  [ EE728AF83850DDAD9A3FCAC0AAB3AD97, F392EA3B26974593512F7441E8BC4DA91DD771216DB908F005D844C513A2DDB7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
08:30:30.0208 0x16e8  MpFilter - ok
08:30:30.0269 0x16e8  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:30:30.0284 0x16e8  mpio - ok
08:30:30.0408 0x16e8  MpKsl04a3606b - ok
08:30:30.0432 0x16e8  MpKsl43972dcc - ok
08:30:30.0441 0x16e8  MpKsl4d5fcd8c - ok
08:30:30.0459 0x16e8  MpKsl7939589f - ok
08:30:30.0521 0x16e8  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:30:30.0546 0x16e8  mpsdrv - ok
08:30:30.0671 0x16e8  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:30:30.0749 0x16e8  MpsSvc - ok
08:30:30.0790 0x16e8  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
08:30:30.0803 0x16e8  Mraid35x - ok
08:30:30.0852 0x16e8  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:30:30.0890 0x16e8  MRxDAV - ok
08:30:30.0950 0x16e8  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:30:31.0017 0x16e8  mrxsmb - ok
08:30:31.0054 0x16e8  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:30:31.0079 0x16e8  mrxsmb10 - ok
08:30:31.0091 0x16e8  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:30:31.0129 0x16e8  mrxsmb20 - ok
08:30:31.0168 0x16e8  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:30:31.0210 0x16e8  msahci - ok
08:30:31.0241 0x16e8  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:30:31.0256 0x16e8  msdsm - ok
08:30:31.0313 0x16e8  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
08:30:31.0430 0x16e8  MSDTC - ok
08:30:31.0477 0x16e8  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:30:31.0566 0x16e8  Msfs - ok
08:30:31.0616 0x16e8  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:30:31.0629 0x16e8  msisadrv - ok
08:30:31.0680 0x16e8  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:30:31.0742 0x16e8  MSiSCSI - ok
08:30:31.0775 0x16e8  msiserver - ok
08:30:31.0822 0x16e8  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:30:31.0867 0x16e8  MSKSSRV - ok
08:30:32.0008 0x16e8  [ E077FCA2A7E79FB9BF67D3E30B5CE593, B01A1C00E6467E1DF5ABA2C6F957BA0E2A3691BB2C5BCDC0F089ED7553BCC235 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:30:32.0025 0x16e8  MsMpSvc - ok
08:30:32.0056 0x16e8  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:30:32.0086 0x16e8  MSPCLOCK - ok
08:30:32.0164 0x16e8  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:30:32.0194 0x16e8  MSPQM - ok
08:30:32.0254 0x16e8  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:30:32.0287 0x16e8  MsRPC - ok
08:30:32.0329 0x16e8  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:30:32.0343 0x16e8  mssmbios - ok
08:30:32.0372 0x16e8  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:30:32.0425 0x16e8  MSTEE - ok
08:30:32.0499 0x16e8  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:30:32.0500 0x16e8  Mup - ok
08:30:32.0559 0x16e8  MySQL - ok
08:30:32.0620 0x16e8  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
08:30:32.0679 0x16e8  napagent - ok
08:30:32.0761 0x16e8  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:30:32.0833 0x16e8  NativeWifiP - ok
08:30:32.0907 0x16e8  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:30:32.0946 0x16e8  NDIS - ok
08:30:32.0991 0x16e8  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:30:33.0029 0x16e8  NdisTapi - ok
08:30:33.0105 0x16e8  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:30:33.0135 0x16e8  Ndisuio - ok
08:30:33.0183 0x16e8  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:30:33.0241 0x16e8  NdisWan - ok
08:30:33.0288 0x16e8  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:30:33.0312 0x16e8  NDProxy - ok
08:30:33.0342 0x16e8  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:30:33.0384 0x16e8  NetBIOS - ok
08:30:33.0453 0x16e8  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
08:30:33.0486 0x16e8  netbt - ok
08:30:33.0548 0x16e8  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
08:30:33.0549 0x16e8  Netlogon - ok
08:30:33.0603 0x16e8  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
08:30:33.0691 0x16e8  Netman - ok
08:30:33.0760 0x16e8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:30:33.0785 0x16e8  NetMsmqActivator - ok
08:30:33.0797 0x16e8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:30:33.0817 0x16e8  NetPipeActivator - ok
08:30:33.0902 0x16e8  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
08:30:33.0987 0x16e8  netprofm - ok
08:30:34.0013 0x16e8  netr28u - ok
08:30:34.0049 0x16e8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:30:34.0069 0x16e8  NetTcpActivator - ok
08:30:34.0081 0x16e8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:30:34.0102 0x16e8  NetTcpPortSharing - ok
08:30:34.0192 0x16e8  [ D81104382162CA98481304216CEE3891, AF19F54F2E0BEF78710666714716C5A3ADCA6F9A506AD14677DBCE86EC30DC47 ] Network ConnectorService C:\Program Files\Barracuda\Network Connector\bin\network-connectorserv.exe
08:30:34.0215 0x16e8  Network ConnectorService - ok
08:30:34.0275 0x16e8  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:30:34.0307 0x16e8  nfrd960 - ok
08:30:34.0370 0x16e8  [ 2CD24A6AF497D0E9B9BF3DA924ED05E6, F192FB62BA2C45D34754B9E9B43AC11396E4AE399B93D02AFE2A66612B78AB20 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:30:34.0392 0x16e8  NisDrv - ok
08:30:34.0488 0x16e8  [ 3B846434055F80D9E89D0742F3ADAD34, 743F9CF0FA2BA847FE5508A37D1787CD652A1B2B83D756AA03B7FC310EB483F7 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
08:30:34.0529 0x16e8  NisSrv - ok
08:30:34.0682 0x16e8  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:30:34.0744 0x16e8  NlaSvc - ok
08:30:34.0794 0x16e8  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:30:34.0864 0x16e8  Npfs - ok
08:30:34.0907 0x16e8  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
08:30:34.0962 0x16e8  nsi - ok
08:30:35.0010 0x16e8  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:30:35.0055 0x16e8  nsiproxy - ok
08:30:35.0320 0x16e8  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:30:35.0562 0x16e8  Ntfs - ok
08:30:35.0647 0x16e8  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
08:30:35.0749 0x16e8  ntrigdigi - ok
08:30:35.0793 0x16e8  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
08:30:35.0848 0x16e8  Null - ok
08:30:35.0895 0x16e8  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:30:35.0911 0x16e8  nvraid - ok
08:30:35.0930 0x16e8  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:30:35.0945 0x16e8  nvstor - ok
08:30:35.0962 0x16e8  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:30:35.0979 0x16e8  nv_agp - ok
08:30:35.0987 0x16e8  NwlnkFlt - ok
08:30:36.0001 0x16e8  NwlnkFwd - ok
08:30:36.0010 0x16e8  ochfmxiv - ok
08:30:36.0332 0x16e8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:30:36.0376 0x16e8  odserv - ok
08:30:36.0482 0x16e8  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:30:36.0520 0x16e8  ohci1394 - ok
08:30:36.0583 0x16e8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:30:36.0600 0x16e8  ose - ok
08:30:36.0797 0x16e8  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
08:30:36.0910 0x16e8  p2pimsvc - ok
08:30:36.0942 0x16e8  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:30:36.0992 0x16e8  p2psvc - ok
08:30:37.0050 0x16e8  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
08:30:37.0114 0x16e8  Parport - ok
08:30:37.0186 0x16e8  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:30:37.0208 0x16e8  partmgr - ok
08:30:37.0248 0x16e8  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
08:30:37.0346 0x16e8  Parvdm - ok
08:30:37.0426 0x16e8  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:30:37.0487 0x16e8  PcaSvc - ok
08:30:37.0530 0x16e8  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
08:30:37.0568 0x16e8  pci - ok
08:30:37.0647 0x16e8  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
08:30:37.0661 0x16e8  pciide - ok
08:30:37.0719 0x16e8  [ 3BB2244F343B610C29C98035504C9B75, DA61EC2600199DFA32020D0484E9BBF5E0742E7C8C952370BF6FAF91C914A999 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:30:37.0736 0x16e8  pcmcia - ok
08:30:37.0947 0x16e8  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:30:38.0073 0x16e8  PEAUTH - ok
08:30:38.0375 0x16e8  pgsql-8.3 - ok
08:30:38.0459 0x16e8  [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1, F2DD39F6B1489276A913FD62D6C068D79EABADC417D404143E3D2FF8C20CDE01 ] pinger          C:\TOSHIBA\IVP\ISM\pinger.exe
08:30:38.0475 0x16e8  pinger - ok
08:30:38.0790 0x16e8  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
08:30:38.0944 0x16e8  pla - ok
08:30:39.0044 0x16e8  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:30:39.0153 0x16e8  PlugPlay - ok
08:30:39.0328 0x16e8  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
08:30:39.0385 0x16e8  PNRPAutoReg - ok
08:30:39.0521 0x16e8  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
08:30:39.0581 0x16e8  PNRPsvc - ok
08:30:39.0679 0x16e8  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:30:39.0771 0x16e8  PolicyAgent - ok
08:30:39.0840 0x16e8  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:30:39.0896 0x16e8  PptpMiniport - ok
08:30:39.0977 0x16e8  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
08:30:40.0056 0x16e8  Processor - ok
08:30:40.0110 0x16e8  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
08:30:40.0143 0x16e8  ProfSvc - ok
08:30:40.0177 0x16e8  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
08:30:40.0191 0x16e8  ProtectedStorage - ok
08:30:40.0247 0x16e8  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
08:30:40.0306 0x16e8  PSched - ok
08:30:40.0351 0x16e8  [ D970470F8F39470BDAE94D313A1CCDCE, C41B314F3A1CD6A747A4578C2A1F20373884C2AD96880A81255E66BA9D886EB4 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
08:30:40.0364 0x16e8  PxHelp20 - ok
08:30:40.0473 0x16e8  [ 3FB47D5AB2DE389888C8DB45D22202E6, 5DBB0E18818329F05F2E19BB44E8E03238C33574AFB09C959F09E46C71E4E3FD ] qhfdxkoa        C:\Windows\system32\drivers\qhfdxkoa.sys
08:30:40.0491 0x16e8  qhfdxkoa - ok
08:30:40.0764 0x16e8  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:30:40.0863 0x16e8  ql2300 - ok
08:30:40.0907 0x16e8  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:30:40.0941 0x16e8  ql40xx - ok
08:30:41.0032 0x16e8  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
08:30:41.0068 0x16e8  QWAVE - ok
08:30:41.0112 0x16e8  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:30:41.0141 0x16e8  QWAVEdrv - ok
08:30:41.0202 0x16e8  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:30:41.0240 0x16e8  RasAcd - ok
08:30:41.0301 0x16e8  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
08:30:41.0360 0x16e8  RasAuto - ok
08:30:41.0416 0x16e8  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:30:41.0458 0x16e8  Rasl2tp - ok
08:30:41.0564 0x16e8  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
08:30:41.0605 0x16e8  RasMan - ok
08:30:41.0652 0x16e8  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:30:41.0693 0x16e8  RasPppoe - ok
08:30:41.0751 0x16e8  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:30:41.0807 0x16e8  RasSstp - ok
08:30:41.0918 0x16e8  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:30:41.0932 0x16e8  rdbss - ok
08:30:41.0965 0x16e8  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:30:42.0016 0x16e8  RDPCDD - ok
08:30:42.0107 0x16e8  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
08:30:42.0228 0x16e8  rdpdr - ok
08:30:42.0281 0x16e8  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:30:42.0333 0x16e8  RDPENCDD - ok
08:30:42.0413 0x16e8  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:30:42.0503 0x16e8  RDPWD - ok
08:30:42.0559 0x16e8  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:30:42.0593 0x16e8  RemoteAccess - ok
08:30:42.0662 0x16e8  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:30:42.0732 0x16e8  RemoteRegistry - ok
08:30:42.0772 0x16e8  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
08:30:42.0819 0x16e8  RpcLocator - ok
08:30:42.0965 0x16e8  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
08:30:43.0003 0x16e8  RpcSs - ok
08:30:43.0040 0x16e8  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:30:43.0088 0x16e8  rspndr - ok
08:30:43.0164 0x16e8  [ A1ADC7B4C074744662207DA6EDCDFBB0, 2FB2C3925F8FB4E060227E7972FC1C3E142BD70C5D1F11193D2176A3A36BD299 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
08:30:43.0235 0x16e8  RTL8169 - ok
08:30:43.0265 0x16e8  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
08:30:43.0280 0x16e8  SamSs - ok
08:30:43.0339 0x16e8  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:30:43.0374 0x16e8  sbp2port - ok
08:30:43.0462 0x16e8  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:30:43.0490 0x16e8  SCardSvr - ok
08:30:43.0572 0x16e8  [ E9BBD87AFD80DC1212ECD762858B45C7, B1B25B34E4ADBABB1CCC5BA2710EEA69797B4E116DD2FAA7E9F49C667BCA09CC ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
08:30:43.0589 0x16e8  SCDEmu - detected UnsignedFile.Multi.Generic ( 1 )
08:30:44.0115 0x16e8  Detect skipped due to KSN trusted
08:30:44.0115 0x16e8  SCDEmu - ok
08:30:44.0257 0x16e8  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
08:30:44.0422 0x16e8  Schedule - ok
08:30:44.0490 0x16e8  [ D2E07BE7F46585319B764E459BD052A1, 0D5FF56037D94D7966233909C7F6DA37DE106E5BCD12A580CEE814AD4E3A9C10 ] SCManager       C:\Program Files\SafeConnect\scManager.sys
08:30:44.0513 0x16e8  SCManager - ok
08:30:44.0589 0x16e8  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:30:44.0613 0x16e8  SCPolicySvc - ok
08:30:44.0679 0x16e8  [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
08:30:44.0727 0x16e8  sdbus - ok
08:30:44.0780 0x16e8  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:30:44.0843 0x16e8  SDRSVC - ok
08:30:44.0935 0x16e8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:30:45.0037 0x16e8  secdrv - ok
08:30:45.0072 0x16e8  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
08:30:45.0116 0x16e8  seclogon - ok
08:30:45.0148 0x16e8  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
08:30:45.0206 0x16e8  SENS - ok
08:30:45.0270 0x16e8  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
08:30:45.0362 0x16e8  Serenum - ok
08:30:45.0398 0x16e8  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
08:30:45.0477 0x16e8  Serial - ok
08:30:45.0516 0x16e8  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:30:45.0555 0x16e8  sermouse - ok
08:30:45.0628 0x16e8  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:30:45.0670 0x16e8  SessionEnv - ok
08:30:45.0709 0x16e8  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
08:30:45.0755 0x16e8  sffdisk - ok
08:30:45.0805 0x16e8  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:30:45.0860 0x16e8  sffp_mmc - ok
08:30:45.0960 0x16e8  [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
08:30:46.0007 0x16e8  sffp_sd - ok
08:30:46.0043 0x16e8  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:30:46.0135 0x16e8  sfloppy - ok
08:30:46.0216 0x16e8  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:30:46.0291 0x16e8  SharedAccess - ok
08:30:46.0385 0x16e8  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:30:46.0469 0x16e8  ShellHWDetection - ok
08:30:46.0543 0x16e8  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:30:46.0559 0x16e8  sisagp - ok
08:30:46.0645 0x16e8  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
08:30:46.0672 0x16e8  SiSRaid2 - ok
08:30:46.0714 0x16e8  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:30:46.0742 0x16e8  SiSRaid4 - ok
08:30:46.0798 0x16e8  [ CA355B308AA537C6B9D67CD3A5485AF9, 574072A3A52AF35F6293B082D5A4748CB4465CD0406A7E2AF6B5F86D94DE67AD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
08:30:46.0838 0x16e8  SkypeUpdate - ok
08:30:47.0371 0x16e8  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
08:30:47.0907 0x16e8  slsvc - ok
08:30:47.0987 0x16e8  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
08:30:48.0045 0x16e8  SLUINotify - ok
08:30:48.0083 0x16e8  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:30:48.0131 0x16e8  Smb - ok
08:30:48.0188 0x16e8  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:30:48.0220 0x16e8  SNMPTRAP - ok
08:30:48.0300 0x16e8  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:30:48.0314 0x16e8  spldr - ok
08:30:48.0360 0x16e8  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
08:30:48.0450 0x16e8  Spooler - ok
08:30:48.0461 0x16e8  sptd - ok
08:30:48.0572 0x16e8  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:30:48.0678 0x16e8  srv - ok
08:30:48.0760 0x16e8  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:30:48.0832 0x16e8  srv2 - ok
08:30:48.0865 0x16e8  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:30:48.0894 0x16e8  srvnet - ok
08:30:48.0938 0x16e8  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:30:49.0019 0x16e8  SSDPSRV - ok
08:30:49.0085 0x16e8  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:30:49.0105 0x16e8  SstpSvc - ok
08:30:49.0200 0x16e8  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
08:30:49.0237 0x16e8  stisvc - ok
08:30:49.0283 0x16e8  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:30:49.0296 0x16e8  swenum - ok
08:30:49.0376 0x16e8  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
08:30:49.0458 0x16e8  swprv - ok
08:30:49.0592 0x16e8  [ 327786C5D6BCF284FAB14C2B5751F514, BD15ED73BEED860711D414E31BE3853D580A5C10B6001F7102FD260397063D81 ] Swupdtmr        c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
08:30:49.0619 0x16e8  Swupdtmr - ok
08:30:49.0680 0x16e8  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
08:30:49.0703 0x16e8  Symc8xx - ok
08:30:49.0736 0x16e8  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
08:30:49.0750 0x16e8  Sym_hi - ok
08:30:49.0767 0x16e8  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
08:30:49.0795 0x16e8  Sym_u3 - ok
08:30:49.0877 0x16e8  [ 5EFCEDCF3DAF5C8D9E8B77A34A4EEC99, 4F9DFCBB1AAA1C6AD4123ECA4AF6A6F2334D9CED4D3D8945F45744DCDCD100A2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
08:30:49.0897 0x16e8  SynTP - ok
08:30:50.0039 0x16e8  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
08:30:50.0107 0x16e8  SysMain - ok
08:30:50.0197 0x16e8  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:30:50.0318 0x16e8  TabletInputService - ok
08:30:50.0424 0x16e8  [ 3B45D2674414D1F5400B9C452A7A293F, 7C6869387F0233F130BAFF4446859C1432460B33ABA027FB7C7DBDF124BBDEA3 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
08:30:50.0551 0x16e8  tap0901 - ok
08:30:50.0598 0x16e8  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:30:50.0648 0x16e8  TapiSrv - ok
08:30:50.0704 0x16e8  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
08:30:50.0763 0x16e8  TBS - ok
08:30:50.0941 0x16e8  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:30:51.0033 0x16e8  Tcpip - ok
08:30:51.0088 0x16e8  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
08:30:51.0186 0x16e8  Tcpip6 - ok
08:30:51.0281 0x16e8  [ 5877A786EF27E42C4E84D1356F922302, 1CDCC7D91086DC0FE80057EE8E1AE609A38DD9D241BC17145E7811C916E662C3 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:30:51.0312 0x16e8  tcpipreg - ok
08:30:51.0338 0x16e8  [ 1825BCEB47BF41C5A9F0E44DE82FC27A, 6E5F2654852060A61728686A1877A1EA93645EEED0D2612842D951B4E83750A3 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
08:30:51.0366 0x16e8  tdcmdpst - ok
08:30:51.0437 0x16e8  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:30:51.0486 0x16e8  TDPIPE - ok
08:30:51.0542 0x16e8  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:30:51.0618 0x16e8  TDTCP - ok
08:30:51.0680 0x16e8  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:30:51.0730 0x16e8  tdx - ok
08:30:51.0772 0x16e8  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:30:51.0786 0x16e8  TermDD - ok
08:30:51.0862 0x16e8  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
08:30:51.0919 0x16e8  TermService - ok
08:30:51.0958 0x16e8  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
08:30:51.0982 0x16e8  Themes - ok
08:30:52.0024 0x16e8  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
08:30:52.0057 0x16e8  THREADORDER - ok
08:30:52.0146 0x16e8  [ 28B7F973C36D157A7885B1AE42A4A2A9, BB8EEE9D38F1AFFF0E9667C9DBEB6E9C41AA099FACC7CEABAFE38C0612EAB724 ] tifm21          C:\Windows\system32\drivers\tifm21.sys
08:30:52.0193 0x16e8  tifm21 - ok
08:30:52.0343 0x16e8  [ DDD5D3EABE2E7310A3C15B60998F72E4, E2F65B38D91CB80BDF163382E564A59AD4DF7E0856CEE9F68692C26A6E28527D ] TNaviSrv        C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
08:30:52.0359 0x16e8  TNaviSrv - detected UnsignedFile.Multi.Generic ( 1 )
08:30:52.0846 0x16e8  Detect skipped due to KSN trusted
08:30:52.0846 0x16e8  TNaviSrv - ok
08:30:52.0911 0x16e8  [ D540858E65BFA6FDED41AD2495ECE344, DB85A860F4C07D1370F34AA7F39FAE5DF7E47C1BE65B4D39954FC37CA703A199 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
08:30:52.0928 0x16e8  TODDSrv - detected UnsignedFile.Multi.Generic ( 1 )
08:30:53.0169 0x16e8  Detect skipped due to KSN trusted
08:30:53.0169 0x16e8  TODDSrv - ok
08:30:53.0301 0x16e8  [ 6A54C28B53C6B50D333C8EE974C6B208, 695DC17A3D69718D1AE512C80357EBCB21C04A0035B9D065D6DA9B7DAEC76620 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
08:30:53.0335 0x16e8  TosCoSrv - ok
08:30:53.0454 0x16e8  [ 87843B2DA99051BC66E2D6C211E3D6A4, B75F3158449FDDCC86C6ACC58B0B3F3518EB623933624D8A975B8E2E378C04F9 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
08:30:53.0469 0x16e8  TOSHIBA Bluetooth Service - ok
08:30:53.0500 0x16e8  Tosrfcom - ok
08:30:53.0625 0x16e8  [ 1EA5F27C29405BF49799FECA77186DA9, 95C2DB739C7128919BBF373B0528D70C3EEC55846850A9D8423C57E21FE59141 ] tos_sps32       C:\Windows\system32\DRIVERS\tos_sps32.sys
08:30:53.0678 0x16e8  tos_sps32 - ok
08:30:53.0698 0x16e8  TpChoice - ok
08:30:53.0770 0x16e8  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
08:30:53.0851 0x16e8  TrkWks - ok
08:30:53.0965 0x16e8  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:30:54.0010 0x16e8  TrustedInstaller - ok
08:30:54.0112 0x16e8  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:30:54.0189 0x16e8  tssecsrv - ok
08:30:54.0248 0x16e8  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
08:30:54.0273 0x16e8  tunmp - ok
08:30:54.0322 0x16e8  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:30:54.0337 0x16e8  tunnel - ok
08:30:54.0413 0x16e8  [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
08:30:54.0417 0x16e8  TVALZ - ok
08:30:54.0493 0x16e8  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:30:54.0517 0x16e8  uagp35 - ok
08:30:54.0525 0x16e8  ubaqihrb - ok
08:30:54.0609 0x16e8  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:30:54.0657 0x16e8  udfs - ok
08:30:54.0721 0x16e8  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:30:54.0764 0x16e8  UI0Detect - ok
08:30:54.0850 0x16e8  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:30:54.0879 0x16e8  uliagpkx - ok
08:30:54.0925 0x16e8  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
08:30:54.0966 0x16e8  uliahci - ok
08:30:54.0999 0x16e8  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
08:30:55.0015 0x16e8  UlSata - ok
08:30:55.0055 0x16e8  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
08:30:55.0085 0x16e8  ulsata2 - ok
08:30:55.0228 0x16e8  [ 5A5BD0F66E84EB039CB227520D49908C, EB9932B1E10FD38956FC183FE127F10FC560423B98CC7B78D0C20395DE0CEDDE ] UltraMonUtility C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
08:30:55.0239 0x16e8  UltraMonUtility - ok
08:30:55.0302 0x16e8  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:30:55.0346 0x16e8  umbus - ok
08:30:55.0581 0x16e8  [ 8B802B483CBDE06F62DBC04DC7AFAF8E, 92E20096D2953DF8C4812EED2ED1A8AD1AF9CE20740B3ACDA33A1DC5B4D0E00B ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
08:30:55.0637 0x16e8  UMVPFSrv - ok
08:30:55.0688 0x16e8  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
08:30:55.0761 0x16e8  upnphost - ok
08:30:55.0856 0x16e8  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
08:30:55.0888 0x16e8  USBAAPL - ok
08:30:55.0949 0x16e8  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
08:30:55.0985 0x16e8  usbaudio - ok
08:30:56.0039 0x16e8  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:30:56.0071 0x16e8  usbccgp - ok
08:30:56.0143 0x16e8  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:30:56.0213 0x16e8  usbcir - ok
08:30:56.0274 0x16e8  [ 79E96C23A97CE7B8F14D310DA2DB0C9B, EB441D3B93965CD927E0C181031AD1082F59F9885BF35CABFDCA08C6C76B0DAF ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:30:56.0310 0x16e8  usbehci - ok
08:30:56.0368 0x16e8  [ 4673BBCB006AF60E7ABDDBE7A130BA42, 0B7DED0D887A3530AA5497FDBCB69389486FB9E2B6FAE3163E33713256D575BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:30:56.0407 0x16e8  usbhub - ok
08:30:56.0500 0x16e8  [ CE697FEE0D479290D89BEC80DFE793B7, D10F6BAD0467672CCE4F97C7F2E13437CE89AC754C895EAE05F0726B6DC617B1 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:30:56.0549 0x16e8  usbohci - ok
08:30:56.0597 0x16e8  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:30:56.0647 0x16e8  usbprint - ok
08:30:56.0688 0x16e8  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:30:56.0734 0x16e8  usbscan - ok
08:30:56.0850 0x16e8  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:30:56.0912 0x16e8  USBSTOR - ok
08:30:56.0983 0x16e8  [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:30:57.0053 0x16e8  usbuhci - ok
08:30:57.0179 0x16e8  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
08:30:57.0261 0x16e8  usbvideo - ok
08:30:57.0282 0x16e8  uwfoxwjp - ok
08:30:57.0324 0x16e8  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
08:30:57.0372 0x16e8  UxSms - ok
08:30:57.0455 0x16e8  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
08:30:57.0537 0x16e8  vds - ok
08:30:57.0587 0x16e8  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:30:57.0641 0x16e8  vga - ok
08:30:57.0674 0x16e8  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:30:57.0705 0x16e8  VgaSave - ok
08:30:57.0744 0x16e8  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:30:57.0777 0x16e8  viaagp - ok
08:30:57.0798 0x16e8  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
08:30:57.0853 0x16e8  ViaC7 - ok
08:30:57.0881 0x16e8  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:30:57.0895 0x16e8  viaide - ok
08:30:57.0906 0x16e8  VMnetAdapter - ok
08:30:57.0947 0x16e8  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:30:57.0979 0x16e8  volmgr - ok
08:30:58.0056 0x16e8  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:30:58.0093 0x16e8  volmgrx - ok
08:30:58.0142 0x16e8  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:30:58.0181 0x16e8  volsnap - ok
08:30:58.0225 0x16e8  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:30:58.0243 0x16e8  vsmraid - ok
08:30:58.0441 0x16e8  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
08:30:58.0550 0x16e8  VSS - ok
08:30:58.0582 0x16e8  vwyoogih - ok
08:30:58.0583 0x16e8  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
08:30:58.0631 0x16e8  W32Time - ok
08:30:58.0695 0x16e8  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:30:58.0784 0x16e8  WacomPen - ok
08:30:58.0834 0x16e8  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:30:58.0887 0x16e8  Wanarp - ok
08:30:58.0895 0x16e8  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:30:58.0923 0x16e8  Wanarpv6 - ok
08:30:58.0988 0x16e8  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:30:59.0057 0x16e8  wcncsvc - ok
08:30:59.0100 0x16e8  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:30:59.0141 0x16e8  WcsPlugInService - ok
08:30:59.0189 0x16e8  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
08:30:59.0215 0x16e8  Wd - ok
08:30:59.0361 0x16e8  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:30:59.0412 0x16e8  Wdf01000 - ok
08:30:59.0480 0x16e8  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:30:59.0544 0x16e8  WdiServiceHost - ok
08:30:59.0554 0x16e8  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:30:59.0608 0x16e8  WdiSystemHost - ok
08:30:59.0647 0x16e8  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
08:30:59.0734 0x16e8  WebClient - ok
08:30:59.0799 0x16e8  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:30:59.0872 0x16e8  Wecsvc - ok
08:30:59.0922 0x16e8  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:30:59.0949 0x16e8  wercplsupport - ok
08:31:00.0006 0x16e8  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:31:00.0045 0x16e8  WerSvc - ok
08:31:00.0131 0x16e8  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:31:00.0158 0x16e8  WinDefend - ok
08:31:00.0177 0x16e8  WinHttpAutoProxySvc - ok
08:31:00.0386 0x16e8  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:31:00.0421 0x16e8  Winmgmt - ok
08:31:00.0719 0x16e8  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:31:00.0830 0x16e8  WinRM - ok
08:31:00.0947 0x16e8  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:31:01.0059 0x16e8  Wlansvc - ok
08:31:01.0137 0x16e8  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:31:01.0198 0x16e8  WmiAcpi - ok
08:31:01.0247 0x16e8  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:31:01.0286 0x16e8  wmiApSrv - ok
08:31:01.0501 0x16e8  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:31:01.0598 0x16e8  WMPNetworkSvc - ok
08:31:01.0677 0x16e8  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:31:01.0723 0x16e8  WPCSvc - ok
08:31:01.0773 0x16e8  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:31:01.0856 0x16e8  WPDBusEnum - ok
08:31:01.0890 0x16e8  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
08:31:01.0906 0x16e8  WpdUsb - ok
08:31:02.0488 0x16e8  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:31:02.0580 0x16e8  WPFFontCache_v0400 - ok
08:31:02.0621 0x16e8  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:31:02.0667 0x16e8  ws2ifsl - ok
08:31:02.0751 0x16e8  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
08:31:02.0789 0x16e8  wscsvc - ok
08:31:02.0797 0x16e8  WSearch - ok
08:31:03.0126 0x16e8  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:31:03.0289 0x16e8  wuauserv - ok
08:31:03.0385 0x16e8  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:31:03.0449 0x16e8  WudfPf - ok
08:31:03.0510 0x16e8  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:31:03.0575 0x16e8  WUDFRd - ok
08:31:03.0618 0x16e8  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:31:03.0680 0x16e8  wudfsvc - ok
08:31:03.0722 0x16e8  ================ Scan global ===============================
08:31:03.0793 0x16e8  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
08:31:03.0922 0x16e8  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
08:31:04.0011 0x16e8  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
08:31:04.0185 0x16e8  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
08:31:04.0224 0x16e8  [ Global ] - ok
08:31:04.0225 0x16e8  ================ Scan MBR ==================================
08:31:04.0373 0x16e8  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:31:11.0442 0x16e8  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
08:31:11.0443 0x16e8  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:31:11.0715 0x16e8  ================ Scan VBR ==================================
08:31:11.0754 0x16e8  [ E9795C6F28B53DC3DB9F762D3E716820 ] \Device\Harddisk0\DR0\Partition1
08:31:11.0930 0x16e8  \Device\Harddisk0\DR0\Partition1 - ok
08:31:11.0970 0x16e8  Win FW state via NFP2: enabled
08:31:12.0246 0x16e8  ============================================================
08:31:12.0246 0x16e8  Scan finished
08:31:12.0246 0x16e8  ============================================================
08:31:12.0265 0x16e0  Detected object count: 1
08:31:12.0265 0x16e0  Actual detected object count: 1
08:31:29.0621 0x16e0  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:31:29.0630 0x16e0  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
08:31:29.0632 0x16e0  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
08:31:29.0634 0x16e0  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
08:31:29.0642 0x16e0  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
08:31:29.0643 0x16e0  \Device\Harddisk0\DR0\TDLFS - deleted
08:31:29.0643 0x16e0  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 
08:31:46.0749 0x1688  Deinitialize success


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 28 February 2014 - 09:51 AM

Let's have a look in Recovery Environment:


Move FRST to a flash drive.
  • Plug the flashdrive into the infected PC.
    • If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Make sure the options List BCD and Drivers MD5 are checked.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#8 aksweeney

aksweeney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 28 February 2014 - 07:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by SYSTEM on MINWINPC on 28-02-2014 18:57:21
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [HWSetup] - \HWSetup.exe hwSetUP
HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0ENQBO] - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] ()
HKU\drupal\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\drupal\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] ()
HKU\Hallie\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] ()
HKU\Hallie\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKU\Hallie\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-12] (Google Inc.)
HKU\Hallie\...\Run: [Google Update] - C:\Users\Hallie\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-14] (Google Inc.)
HKU\Hallie\...\Policies\system: [LogonHoursAction] 2
HKU\Hallie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Its Me\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Its Me\...\Run: [Google Update] - C:\Users\Its Me\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-09-04] (Google Inc.)
HKU\Its Me\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-12] (Google Inc.)
HKU\Its Me\...\Run: [Logitech Vid HD] - "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
HKU\Its Me\...\Policies\system: [LogonHoursAction] 2
HKU\Its Me\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Its Me\...\Policies\Explorer: [DriveConfiguration] 0x93A4468A3213597B261EBEFAE37D20950D53E6A8DC03B7D4C54639AD577A1FB3633D62845F3BCE4F0C44C18C57A230EB7DA9EA8A738F216A857E26243DE874D8861BF06711156FE2F8997941D9824C59E65824087321BAB36F7A0BF25EE65A894665789B1049431A32456D828BC77FC78E871D8BA3608B95CA5F707F821ADAAEE9448387247E52E0016F25B5DB16CE1DBE5F5B7CCCF59BF9E0BADD33702FFB2FB8DF9895155CA51DAF3F2A445A1A4343BE086841B688F2C8F78BDB76F2CBC6F5FB5F3F2CAA8C43B782DF0395D078E521D6A9CC4429C099E85820F1B0CE9741E6FAEB00B4ACB6AB98C374381205DBBC9F4E6A0DEBED4597434B40A849CD3A76EBFCAC6496E48181A6B9295222C1E9D1A66D75B5A0C9C0F4BF171387A9B75C6DED4BC9F238179631CBAE23D82CCB4A2B1C7DEF4CE987D9B94606C0163854A72DD22D6B3303109D4CEEE88D529AECA7D2EBC40358D1ED37EDBF5E70DD5F6CC1BE83EBBAAD5F963DDBF6B08D48D3ECA8CFF98BD7631CC4839812684A6584C65228E9EADDEAB5701EE5CD4E4B433F93F429301993F415D364C2266C7735102B0373EB1AFD726B67E9725A0AF1CB46A834E877B8609423E48374E5B21ED56C637BA8701B41CBEB43468B852CA46650F59C15B5AE66C9AEBD87B6368168CEFE3663CF6219D27F9BCCDC3636FB8E9EC5402EB7D444CC1E1F27198E01237CA7306C63EEA85AD716E5C9547D55C0D7FA0D5238D6BBC2BA18DCEAE1062FDE84F669CC220F2A27791630045568CAC4A70290F3D67A52705A414ECE8625A6FBA51A111F4939D0C7E009E34388FE7E4C243FB7EAB0AC8195D120DD9BB1F34FC109C48F2D7F7582843376684F9547BAA37938E8016D73307B4A3DF2180979127AD86E4DBE6DCA28A49BE626F0234B3E10CC758CFEB6D84768EB21F30E37BED86C39A0B29ABB40AA703FE085EDDA131CDA467F0CAA32E2AEA5DC534AB2E2CA87E155E3268810DFF03048ECED1063A6D74A0EDDCECD8A994D7A465B5D85B3A6091F54BE115214B0E22CDD92C61F660C59A84D173C2F65050D2E51C296965259446E5DBADBBE71BA69ABA65B78E38A4E883C2AB6BD976C2FD40B240F5B4066EB2218985DED95CC056BF74DCE6C2478734E4DCE41B8CF461E8B57E8CA164A976589642F32AD9ED09AD256787408AAD88392246040979D9DF01B5BC47C2E7D8FCE639947BE84A322808411D0D3B53C51873B0A093CC1CA166C6A5FE1AC0BA1F32E97000B8BDA6A6DBF6B6F7C75DCA48B853345F1BC9E1E5BDB62AB66E2157E6E8E0DE1A020A0BD57606DBAA5E2E3A82F88611D3F489660142FEA867CA6B4DBA5F5AD843105A462886A743872A03411E595ADDC1B68115AE871E93A4B815081436B5F30E4C3E821A9E567330C3935A654B6FFE9AFA577D280A8490DFAFA5139EEF80B2EE1E14BC462DA2EF19A35503125F23F2B2086309184DCF148B29A1FC94EA599C751E734115A50B1BB451AEC78FF52554B9994A45F9B15C9329AE722F99B79F1405C5D0DD23A4FD7D8357270458BDC2A7140553C036D5CB915DB6BC393D07DFBE429CC3DCDA9DF8A9291C4465E719AA4E43D535E47A3B8A9379CAE685D42B7A0FAE1BC2CCB5009B22F82D5D58B5894ACEEB91673F1E53281E206377A210831C6C9ABB34293D7D435F82F788596E8D12BD5DC24E4CADAD1295C418E62A5CDF3579AB03BE7EFE549FC35C1E9BE45CB5907E2CD07179A2B9DCFED743B86B2370339B518DB83A5226EEF2E5F74E862A6342A5DB54776297F9E8ADFC7C6500FEE6B56620A1C7E7E374DF62A32A26BB3246B7A8EBB6A683E7FDD127864B827869B3394E9AE8440B1CCEEFA7361FAAF01EA04E1BC08FA54A3D3610B02709972DDE661DD912D9D31B98857E14F15051D13A30A4531C37FA41E22325BC316EF9BDD76FF18A4AFEFBAAA1492950776491BB3F58290339F7FBF781459EC047C44094EF4142C685B0041DF18A7FCE2AB5012A78876A90B26840D7953DDA40CCA1F24F807A903265A5B2F1E3B9C002ADDA26BB805ED78011D15F6E884C66D25290954A258E78425D385ED30257B882533C58CAE14F0E55C23BBE28E521D2E95C18901168F7097AFEF07E2DD7F4C7B1DD643DF515C86D8665FFC393463E9CEA5B927931A53B2240AD66A75ECF115C358EDA4EA6986B73965FA6363A05F32379D396B72774C94137FAF36102722E0471FA16EB7BD398BF0A21B75C89BEF0050C56BDE07F5231D4D56A3F11A54BBB4EFB91A2B0D161E0BE565EBBCD1ECBB5C01BF7407B85B8056B8D7D925FA3C639AA3707F62343CDD3E01F691BFE45D6A4D32C47F6EEE730A453D4A7A591AA7C3984B8AF99C94F71D2D2A9C36066AB4A4DCCB2BB29C12036AF4C5F6AD16E15DCCB9CF50AF60950F86DE49A0021ACCBA1310B4E235188AD4476B36249BE3B7254A02180ACA369F4BC25B474A1C8270375CF1D631316AC0AE4AB1791C6B4804C8C07D0C0071A61A7476AC0AE2ADE8C0F32A87175FCE1B1A581BCD772646CD300F8E319479CD396E524DD77CB0DC6F23B523DB60B633B2029C61CA178A54FBA4BF5C2699BF057603ADEDE684FCD2040046EFF49A7C89B7DF40C5ADB08FBC59C6A3D165011842E6414DFEE0090DB70DC16F37DAABFAF7B3180DEE80DC7EA770FF8296F5B5CDAC0F91FA29CEF52CB212CDF6A3967D78A62D17CB844BD29F3CC6B82352DE9E256A7B59C915B72FA1EB9C8CA3DA2FF63EBDAD434231140A3AA4E5574FAE29A36AA5B203996CA39FB48B32664085AD009365BB04399BE56C97065545CE52DDABE2843AF51CD39B2DADBA5DC3934B1982C1E8E0C27A6AC5E0FE8B9CEB68E502A0D7309D99CCF4A5C1D39FA40B66D57A640E07A3E5CB47BD4EB65B44B0E510A1698FD063557077CC436F638FA67FCAD88DC3518DD6F5DAD39E089DD5FB0C7AE5EE538D1293D204159BC92DA6FCA6D33BE727CB25FBC0CA11B83C79D536A6CC6A176A8F34BAB8418AB129267276A598AC59849EF3BDF3C07F849A19CEC87BADA4CC1EFD5032EBD9326ED7767AC843C032CB20F17F84586324EB69A2471953C678F5B500EF63337215B81A44467147F4D62545ED52B9B55C08D3F33FC991F6BEED7A78BF98B557B53C783CB85FC47ADB9F5039BAF3C2D3523325CA16DB982C3E0B43AF63D3902149AE9783FB4CD9A41E9532447FEA097AEEAECA534F0596BCEEDB38A213285C57D673FB3835951A8D64C0B4B064C0F571D780A8BA13CFF36F75644298F82081C298948EA28DC3EEFC5629BEC393FCED82B6B1A9FA8AC2170D7CAF47DB3942672A7F18370B2C5DBCBA9CD739C731265B73334AB45DDB656A5EAAC231B1FF177657E907DDB93AEBEE90DDD20B0269E8A60DF551B0292E405529A8A7E66372261710ED6A6AF5DEF6EB43C1231EBD60653618A5D187A7ADDC3E381D665038B9F7B01E3348C50740051B9EF1D1593F418A735CEACF201F7EC08F51B205B97AFD12AA4A62A9D63789A0E66815E4A3D232BEC5A16D5563D9C974AE3D0F8EDF6F65006E5A229585CDE14FB468D465E6BC5B8894AED66A381CB78105C4DB08D5611A4863161D15BA106F9BEDC1D75B0946E670484CCC1787326F6EFAADBF7C1F964372F048F8305D495C0BF92DC6CEF4B8F8FE4943F76338611AC3F7C262F1A55709067FB65EEF56C1CF28408248C68E5ABCBBFF5B005633F2F30963C96D6F4EEB948D7729F5588DBDF1782B2E054CC173572ED25B8FF8612DE8C7A58B87FF049C0B8F3F696576EB88EA8520F8A667754DF4E02B0D4B52A8595B8527D059A7AFB09792413E57B65669E1D788AAD320902EB9577037DD6BF1BF60CC505F8A7135705F20E47073EAB7A7FFF4CC0A337EFB5FCE1D0BA2ED4B25A820228802C3657F248CC090C66051F78B6B6652E16F899E285CBABE1622FB2A5AC312377FAC8A751445FBAD0AC78BFC5D4DB584F62E4961D08BB4DF5B2482EA1E7021C59FECE8FF87B357A4024FA1B065CF67C91319C72DA18295E9389CE84B3B4FD99B2A2C8706E8FD5EDB77A19AFAEA170688FED80AE8E16AE4E776323637FB89C11FE81370701A4C98BB30647EC1364D1A2B80121A7CD96A2A43DD8D7395A44661BAA14AAA27C9C88CACF74155EF8F9A291961C400CFD1ABEE643556A74D7FAD42D51C783D111B98C21792E0286B3E26BDBA6999C3CB1154B8B24634DA47D4E7EBD6224632185AE5C262CAE8FE1D8A185D7660356B56E08E1195D8D0156AEB1CF4277B5C9023CCD615F76701E0EDBD9892B50DEE015A88817F75B2D15FA00B73B62EEF615F19BB94423C31D5D5C31ED0E2DF396A8BBE4F548CBA9DE0C1D17D14E85546FDA7E46D46D19BF009E5CEF4E5D85CAC51146A7E30C0CC61A542E38A28020247DA716B2B154A7B6B4818218802F9942E4CA1465C3CA213C6C7EABF78D78D9FBB9DC4963C2936436B387779224DCFF087033C3A33A1BAF8D3EFC14D8F4810936AF1A94DEAA91D5DB881097709EEE1D67E1DEC2E498690E192C4D07519A413461C7C27787BBE85301ACCD704870EB7AFDD42BA0AE814AD3889EF1E205C121E2099E646FF38D1F82459C1E706E2D5DAE46A1CACB6567398634117B334A1BBBA89A8D80ECB6945FDA13C074367636AD1DBEE50CD1ADBCAD9CC82E5989B30C66EE913FA88C256071D0F8C47F30D52F624FE3089A41EC141F9D91401D43B515CC3A8A0F3BBCD46FEDED61128FDE2F7A05CB4FA6DB5AB4E017FF4BE126FFE4CA5402E186CB0D58351CB5F93536BCC9991006412A48DA7CC32F38449C072CB68C86DF4420C6DC053296910DA6F45B582F0987841D7B2FC81FCDEF07EB5E489EFEED230E87CFC77FFAE4252AD259184F8E6AC574FAE2D90B685C6A22296CD22273EF87BD06365E3CE07DD8ED61D5921B29BC56904D0054DB2F83601000E367D59E1662EC36AAEEB0A5DC22A1BFEA474AE366A1628E6421ABF7BB375DFC22682CCFEA4AF8939E176F9D77A9045717B657DE024C68297EDDE2336C76686BCA519CABE3B68EA77056EE59E8C261C1DE5DCFBC07AE1DB8C0C832753F93CBE85BB2A9949B2BFAECC23BA14D9805667ABEAC16EFFF4CFFB6CAAF013F7D15F4FE2719D82C6911E9CE14242CFB1F286F0C292FC1FC41AF8AAE0CC0D2F4CD838011ECE5ACD5E61EC7E5E6AEE5D4E2F207D0BE675563875C5B0907CC2C27A952D9CDEDA49C238A8911AEBA3A608D7FB8BD72DED145B828C9CD423C1FC16A991A7E7CD9E53A97DF174382EF6521675C82FC6D1AFC275CBE7E7DF42A4947100520FAB90215EC954C1FFA2D26ADAD04F2074119F3565ED3B0F0C9A942B811CA762CBB0D26C546BE6A299A27D08267E8E8AC2823E86E70BF98B75CAC260A65FC74945BE39851BD75A1BAA76D8D71E68598F81DF57AA2E172EE3883A734BEC81888DE39D6D769D55D9B59B708ADFABD5D9B519F191AA245996A0AFB150F339CC11B80F141747C02D8BF6D2D53B28B30F3587F280958DAF199B4951F6016076868B5230EDDFFE6EA69768B86D95BB205C968A75540A5BB99E2366D5D22D9A8CF81DE1AEEE6CDA8E092693B5FF3D9FD80524480834991D2931C280A50D7CAA616AF0EFF1E06743079E5FFE3255DEDCC551064814E9EADAE71AA01E286F9797DF242B03608A77E1C3AD6B3195351E7BCD8A6512963CA49ADBA1E4C8C6C02669ED6DF7A665B64586A97E71B44868A583DAF6682F38F27065ED0EB706E7C7D028728F7C5E672A793AA1599A10B1B61CFCD3DF382620D6F54405A84061F34D3EDD58ECE1B6CFAFBA0593850ECC3AE62BEEA08BFC7F21AFDC3E0BB8A860521A189086794F33030DB0F0674BF4704AC279622943DDC3A244CC5CE786168C6DF60547E4D1ED5F6C0C040206F374844810DE5F554E03790D5E6EA5815AB36BAAA9AD0C5A22E4C172745E4456C5B7919E9974EE0EF69529C9C56921C17CA78772FAB9E6D0B25BE17E0C65BC4008E51FB32571163C81BC5B3E4166D8903319C12EB2D1DE2ECB7B48F69DC274AD0626B4EF7C4EDFC5389F98D49A0DD3D4C9319444999CFA5CB36C7D44EF1C748305A0DABA65B25192636767F3970519768418951E77C34442B25508CECA1CC2DD4E7E187CA945758B4A3B510302F7B25FADF6F32214EDC4C9125E72FEF66A680E29E6F69D10B152983444DD6CA18AA7768BF234BA38C381D719B0423A3AAD6E93DD01FD85629BF0A26BA99396AF67FFA26835E24DAAED8356117300EC608EDA21B4F6B49D67AD588F3593FBE99D35C2CD8AE784423312D22C40CE357B2EB4B6A2F4EDA44BE78F9149DB2A9ECE8B9DF8DE3A2FA3039BDB7743EFF7684F6DC70AFDE61053F8A9E9A3B6A49503ABCD47AABDC035C6F7AAEF798165EF21D0E471DC1AD2844B0D766297C0DAFDB2EA2CDAE0516422758627F7E0D0EC04E8665D5836E1007414F016A2C64EC38934F170FFA0846E1E3918DC9AB417CA5146799E241F3AB706340B51524247A962102A615DF43D255098158F81FE3D48FFC271717EA00D416235C4EF1A0A95D2AFCEFBC69DE365D3E11CF50953C62CAE36E5B69C0EBF42E4B19F85B7A1D31F8799F7CE696675E2BEF84DF112B912CB441D35B0E77B86C1E91BF8B57290A5CD0F48120A1061B39D2EBEB29F725BEC0251DD3CC81C6EFD72D4C7CABCE88E8887B4E3A7178435A47E6D5BD358F0E05BB91F9E8264018E2B3E38DE9C02E1448535BC933E5D8D8B516EC2F6388555F068D8F4878EED6084180B1387F7EE255AA3BF707F6043F29AC05374B76A8C6935194719C0E8CCFFF7CCC26FEB62EA7B77EB0E18D094337D5CFB16CCC8F0D7F45478EFD6721867A690504C9532655EAD436308FCAD6395F4270AA0124E52CCBEF88DB672C5DB281FF6AB8FCD8388B081671596633F54CF2013F3D88E7419D58EC75F8537E01B7631D3E5755E065449C08B09A197ADEF4AC9C9C0A5875FCC592E69F6456BECFFB8A3CC07E592E450913256469CDE20BC6EB7F179F1473AF3BF64875ADC5710D8583E8B17C7AF4505F09E71D4C981C044A4B13224A3142B1671F9C99434437530BDCAB82002FE50F9CFCD84BBB8C7B40E528134CBA3375ABED6E1D6AA3377428E4F0FFA2780C72EB694883603C3FA25A2E1EDA075D8F8F172565F57A7C33AA07B76D4FA36285207C4A9952FB5D1603A89BABE1E2B2C9E15BB59C1F390CBD6B77E9AE36054E2E696A974BC18D9CC431C4A43BB55F48673F02047A1536F3391AE1F2302D38A96CC47EF5FC799759BE9F26DE6AEEED8CEBDAA2988C81E4BE2B4AEE679FAFBDF2C4DFF1DD17C5993269BE57B0A5D90F2EDC56B5E85FEFD2DC286DE5C0592815B8CAF52BC31A5013A55A01DFB1792E412C9D35A48A40A981CBA5167082D940D069F3A6753E90838731042C175741392784B2E9F6E4EB69620B25B7072BBC646E94B38676A606EA7453FC7F9718BA841195B206358ECC8A04192EE2223F5F2D50B79EF798AFE9EF5B8CA78EF78C31B99FEE2EFCE8FE4095D884350A5A264DE627412A8C6392B62CBD499D7C8118433432EC6E4079AA04176FCABC920771153942DFCAB75024F80D1A2947EAFC536B7E7B1F1473701863892A6B3A3BB2B6218133D2140AF6AD2C1AE29A462CA1B42702C904960854D00B5BB8C43249F45C1F788AC68AF9CFB1CED0B71AF93419B0E26BBD2B8761A05758276B84496F44D95B69B83B83F633C96CC8F839F573DCD03A03C7F25D31DB14C658D329C3FE1CC461EF3C9FB3A2DE1A625E3665AF7E63A89A856A078BDB7DAEF27470035688F493BF7398618E621EFB5C2AE22CABA63690904B13C987D1007C5904D2CF658264CDE0914C2F78C68712C6999C0D5EADDE2E97DF65BC45B4FC0366747BEC659CD5D961B2D86807329C371E34C4765CD7B2E93DBCD05E49E9C8DAA76DDBC8FB1AC05CBF72BD99BE58D6EEEF86EBF61AD66D46DE6DD43DF9021F78983B53038A9ECCBE5BFB7C43028BCF9096FA831B1D0C55CE166CF1C487703853B577A21A989B5384D28794E2785DDEC2C12A1A43D7FC14F56224A99089C6DC029BAD298C9992ED3690E187F684418D0BEA70220EC01CB3433E3F7C10547852EB973659C82218024A2DC3D5FDBAD972C27F772ADA8A02F93E2717E9C28C07359544CDC35BB68D3B3615C8FF768087F88CFCA9A5459A2F0F5CA948632594E60C9630BDF946B5DB74D090C54B74EF89CFB6C1EE8211CE550EFE05314B78C813A74044C7915474E5619AD0C8D5C6C71B231617C18B00E35F251DFE5B8BAB186CDD694795E27D0778D5D27CACF275ABD9249F85123EF3031D04177E84937A9524CAF015082BD0FC0A44200ADE1C01FC2846C9C05D2858CC131E532C490D57DCB0226D13BAC7D0A12E2EFBF1C8DCEC36AD0C2F200EB1B2ACE5F6597E2523D34F036648EA1A612CB53908DEC8199F94F9CBD7278AA3658103EA0EA2EA85A17D6692F90BFE936225A6DF6430F43CEEBCA3F94A5B66B7DE548FB3D9C807F6F0A6C5C36D3ED7D2556BD465C3AB1CAFB493C3D9E8235AC8669DAEB7EA214CF58BEFC9E93559FC43A55FEC80A99597ED3BEAE7D20327CD31A8DCCF8AA257201DEDC91168E3D5D263FC825D9478990C732EF26E765DC134A01F928090BB5237BC90C30AC6FB4B00BFA5638635D32DD0DDB87AF63B4A983770354F605E740AEA7E1F5E3487DE11EDB35A8414D92BBC8B8942C4ED954C053C4E8463CD687289BECED40B1D201ED31FEB665B37F2F4DD93026870D318E4B0B9877790463332D73B1B794A33243FF71DD463653E17B0F99DD593FF353AA6F345A799255943277BD60059ABF518B4065DEACC36C5BC02A8F27F4FC0828F05655C6B73C3851CE2D0160A0FA0F1521D7956AB2B39AD544C54477C1685596A728F64DF61DB3824D77C819505B9B674CEE89EA1EAEE53751093E338628E186190C9F4D01DDD10FF87F98F3DC656930B9AACAC4B95E56692D1D07C50CE7B5E18C2BD9DC9F2597E1176AFC560EC284568535DF624B69F453202B27931B4BD78D49AD2B62979D0FDEF26379AAAC17F1C322B7502A9C77C8DD745824077BFE517498B91E47B2EC40EFD09099577F0FB95D7457A6867331D8F06FCE8888F3A32B7CC07739F3B8BB32FCFB19E3C54F4FE50EC53E68DD993E2E725BB5DA7D4CE86B8F0B1104CF71B1EEEEB927F25DE4827DBD5B941E96D747D24D7E34A3504E721B94BFAC0741A4777BAB53E21685054E87518080501BF3F4CA6721746A68C1EA42732573CBB21BB4E11D11710FA67C5B0DB4792A87D3B5EC20DC8B9DB72D6DF7E913858BD78B9C11292B3AFD52290F5216CD91BB4A26E7D8DCFD06D613071A42175E271FB332F0365ABC18AD687487DBAB840F5B227C4F5F0447D847045E8F73D43B5255E811F2CA7CBAF1AAD8F1AB9DD3C13A31963DB72AA2724A19149A953128925055FD8F3075980C0E1B2A064541966C5C662ED1E5E1BD65A474CB23F4241C4C67487A13ADE1B49AB729E71D1B6EFC6DBBA372A1A12A5E082E7FB06174F5B74FE056E8071CB3DB4C33FC969DF7CD0EAD9F8BEB13B5B08C4330634BBDDC4C028403A6CDD24696120ACCBBBFEE9F06D31252CC2090E7194FFEF148249DF6D097D31761B4DCF33063BCC88EEB78DBC053851B0B9981010EAF21BA54C46B882AC42566AE228DEA29D54A709FA0A375A497EF4170DF4CC936B594D3B2B28D5B014D6036B6A14DF52A709C0C1369EF3359A6360D25795B083A683F8488766D37FEA46ED0A1B884DADB3D9AE415CB7CDF878944C74FEF1485C1D10B15FF9971E4C9D3357C96F09A62E3432D3FCB50FA3FD846FFB719CAE10A74F6DEEB3EA2032909E29F81BDCFF755EA8B3B675D7FB91CF2E75124A891295DFBE1A1F56E198ACF67D792293FDF037B9A1BAEA2F4E0213D7D73215827CC5447FD9A3DD5B6866D9F8ABCF8BA44A8279CD5FD6C39B8FC9B6C22F35699BC04C990222798B53F72165E1A98B87DF3B1C97F8F395F74D05A8D6F886EDA308FBFF20014929CDD3065ECD7C174BABA758252ED25D56D9A6583610F59EC9465C9CE365F78E33094B2E557D12557E6B9F1A32BAE02DB80F59EFD7D143A766C7F92E4FD74F9203B24ED7CBF13EE4924C1909DBA8AD0527FCBA4524B46D5124AC8115DAF083C53A7D308B18C66C553BC1B7AF66949344352659E09316DD2CB16866F7AB5E3EC835BEA2C0C2692527B7610D6399FB2D8B5E00BB5AB9950D9A6B802D4C375CDAFB93FB08016F65F3CCB5AE6CDEBC48E64B0130411BFEAE290AD198466C1588E2DFC3B6F2D5662952C4BF0E586963FA5803DD29AD9CD8C6DA2E71F5350FBC6ED1054376D5A55D3FBC90221572AC17ABFD2620613355EE637B55CB3B9B8FA28B4FDC91BF4AA99B25ABCF8D382E0F5DCA4052995B84FF962DE7215BEFCC744E4A99E64CF4AD6AC657AAC35EFB0D1B9CD1BBF9A68D14C26672980192665A46364959B2C3BB77516562342C25E272495B5EEA8E367A6576D5EE18770D53C77DF0E3F9C2A4885355DEB1D25A6072F0211FCE36A977A7E9657ADCE3123B1C96A3E4C714864DCFA3D0B8E2FFFE9D11293B60BC3AA338AA3316BBDB82439A453A30ACDF147E4E160B6A7A6237594A616FE0B485513997D5B5131F66708BA94244ACA218842B23DFDC7BA9BBF31AD6D856C991C634AD03DEF1E32C0A386AF6B82880787FEE1D4DA1A99CBD5CCDB3F0DDA04E6EFB3FAE0B0A7BFF58433461F10B68548211BCB549EFE5462BB111A4F70BFEF7C2A0FC9D2C0CA5D03A8E0EF126B08681556A7A93973F31F08B75897E77D1A54E3333D5FAD54A21FE29672A79064BF59F68E69228C403F22433067FA0E1C005CA17405657953752E1CB4B19EA2E3258274312ADF54EC2B869E8F07EACD35B72F405431833EA78CB1396C64F34FD0800816A8B2879961FF73D73A000F2BB088F4483A876005372FD1BF2555D3A01319166559C9C364860310CD9A1A123076BBD33F90D1A5D500
HKU\postgres\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\postgres\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] ()
HKU\postgresService\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\postgresService\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] ()
GroupPolicyUsers\S-1-5-21-1004063365-477754918-742943989-1010\User: Group Policy restriction detected <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
S3 Apache2.2; C:\apache2\bin\httpd.exe [24635 2008-01-17] (Apache Software Foundation)
S3 Apacheds; C:\Program Files\apacheds-1.0.2\bin\apacheds.exe [102400 2007-05-26] (Apache Software Foundation)
S2 dlcg_device; C:\Windows\system32\dlcgcoms.exe [537480 2006-12-07] ( )
S3 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks)
S2 gupdate1c98d3688abd71; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-12] (Google Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation)
S3 MySQL; C:\MySQL\my.ini [8887 2009-08-09] ()
S3 Network ConnectorService; C:\Program Files\Barracuda\Network Connector\bin\network-connectorserv.exe [43416 2010-05-18] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [287824 2012-09-12] (Microsoft Corporation)
S3 pgsql-8.3; C:\apache2\htdocs\bin\pg_ctl.exe [77824 2008-03-17] (PostgreSQL Global Development Group)
S2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S2 SCManager; C:\Program Files\SafeConnect\scManager.sys [176520 2012-11-19] (Impulse Point, LLC)
S2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-31] (Logitech Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [50256 2010-06-28] (ALWIL Software)
S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9072 2007-12-10] (Sonic Solutions)
S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9200 2007-12-10] (Sonic Solutions)
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-03-12] (Juniper Networks)
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
S1 taomsfqc; C:\Windows\system32\drivers\taomsfqc.sys [49088 2014-02-28] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2010-05-18] (The OpenVPN Project)
S2 UltraMonUtility; C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2008-11-13] (Realtime Soft Ltd)
S1 aeuufodf; \??\C:\Windows\system32\drivers\aeuufodf.sys [X]
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 blqvwcpk; \??\C:\Windows\system32\drivers\blqvwcpk.sys [X]
S3 catchme; \??\C:\Users\ITSME~1\AppData\Local\Temp\catchme.sys [X]
S1 cfbsbign; \??\C:\Windows\system32\drivers\cfbsbign.sys [X]
S1 czowflqj; \??\C:\Windows\system32\drivers\czowflqj.sys [X]
S1 dldfrcba; \??\C:\Windows\system32\drivers\dldfrcba.sys [X]
S1 dllezbou; \??\C:\Windows\system32\drivers\dllezbou.sys [X]
S1 fkzsukpc; \??\C:\Windows\system32\drivers\fkzsukpc.sys [X]
S1 gixaasll; \??\C:\Windows\system32\drivers\gixaasll.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kxrvzdez; \??\C:\Windows\system32\drivers\kxrvzdez.sys [X]
S1 lboyysxx; \??\C:\Windows\system32\drivers\lboyysxx.sys [X]
S1 lslbmnxb; \??\C:\Windows\system32\drivers\lslbmnxb.sys [X]
S1 lullxmrk; \??\C:\Windows\system32\drivers\lullxmrk.sys [X]
S1 MpKsl04a3606b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF10286-9FE2-4152-9D3C-66C221D4B28B}\MpKsl04a3606b.sys [X]
S1 MpKsl43972dcc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF10286-9FE2-4152-9D3C-66C221D4B28B}\MpKsl43972dcc.sys [X]
S1 MpKsl4d5fcd8c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF10286-9FE2-4152-9D3C-66C221D4B28B}\MpKsl4d5fcd8c.sys [X]
S1 MpKsl7939589f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF10286-9FE2-4152-9D3C-66C221D4B28B}\MpKsl7939589f.sys [X]
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 ochfmxiv; \??\C:\Windows\system32\drivers\ochfmxiv.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
S1 ubaqihrb; \??\C:\Windows\system32\drivers\ubaqihrb.sys [X]
S1 uwfoxwjp; \??\C:\Windows\system32\drivers\uwfoxwjp.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S1 vwyoogih; \??\C:\Windows\system32\drivers\vwyoogih.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\System32\Drivers\adfs.sys 6D7F09CD92A9FEF3A8EFCE66231FDD79
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\System32\DRIVERS\AGRSM.sys CE91B158FA490CF4C4D487A4130F4660
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswMonFlt.sys EFFC39A1EDF04E83A42279D9DAA696A7
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\athr.sys 8BE56F8300E1C37B578DA23C71816B7A
C:\Windows\System32\DRIVERS\atikmdag.sys FAB37C8E4B55235DE9055026561DCC7F
C:\Windows\System32\DRIVERS\AtiPcie.sys 4AA1EB65481C392955939E735D27118B
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\Drivers\Cdr4_xp.sys D3BA7BF8ACE02CC8AFF8410CB0729898
C:\Windows\System32\Drivers\Cdralw2k.sys 5AFC3B4D53788FF23C171C87E1C20747
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\DRIVERS\dsNcAdpt.sys E6B6DD5A355C432045219FAD8512FB70
C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys 3F90E001369A07243763BD5A523D8722
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 6F62BAFE6150F3952F877051C65786FE
C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\system32\drivers\kr10i.sys E8CA038F51F7761BD6E3A3B0B8014263
C:\Windows\system32\drivers\kr10n.sys 6A4ADB9186DD0E114E623DAF57E42B31
C:\Windows\system32\drivers\kr3npxp.sys 485E005CD51FF502FB16483EB4B69C17
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\System32\DRIVERS\LPCFilter.sys 515FC18CABEE0158A324B08B1C2667CF
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\DRIVERS\lvpopflt.sys AF280405C10F0D20F37670B7432E5C2F
C:\Windows\System32\DRIVERS\lvrs.sys B6E1CCD6572984ADCAE68439AFD07011
C:\Windows\System32\DRIVERS\lvuvc.sys 6C42815DD57E397F0CD988304B5EB4B3
C:\Windows\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\System32\DRIVERS\MpFilter.sys EE728AF83850DDAD9A3FCAC0AAB3AD97
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 2CD24A6AF497D0E9B9BF3DA924ED05E6
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\System32\DRIVERS\pcmcia.sys 3BB2244F343B610C29C98035504C9B75
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys D970470F8F39470BDAE94D313A1CCDCE
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\Rtlh86.sys A1ADC7B4C074744662207DA6EDCDFBB0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys E9BBD87AFD80DC1212ECD762858B45C7
C:\Windows\System32\DRIVERS\sdbus.sys 8F36B54688C31EED4580129040C6A3D3
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\System32\DRIVERS\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys 9F66A46C55D6F1CCABC79BB7AFCCC545
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 5EFCEDCF3DAF5C8D9E8B77A34A4EEC99
C:\Windows\system32\drivers\taomsfqc.sys 3FB47D5AB2DE389888C8DB45D22202E6
C:\Windows\System32\DRIVERS\tap0901.sys 3B45D2674414D1F5400B9C452A7A293F
C:\Windows\System32\drivers\tcpip.sys 6D0D344F643E28B31262AC2682109A3C
C:\Windows\System32\DRIVERS\tcpip.sys 6D0D344F643E28B31262AC2682109A3C
C:\Windows\System32\drivers\tcpipreg.sys 5877A786EF27E42C4E84D1356F922302
C:\Windows\System32\DRIVERS\tdcmdpst.sys 1825BCEB47BF41C5A9F0E44DE82FC27A
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\drivers\tifm21.sys 28B7F973C36D157A7885B1AE42A4A2A9
C:\Windows\System32\DRIVERS\tos_sps32.sys 1EA5F27C29405BF49799FECA77186DA9
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 792A8B80F8188ABA4B2BE271583F3E46
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys 5A5BD0F66E84EB039CB227520D49908C
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\System32\DRIVERS\usbohci.sys CE697FEE0D479290D89BEC80DFE793B7
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-28 15:53 - 2014-02-28 15:53 - 00049088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\taomsfqc.sys
2014-02-28 15:35 - 2014-02-28 15:35 - 01143808 _____ (Farbar) C:\Users\Its Me\Downloads\FRST (1).exe
2014-02-28 05:31 - 2014-02-28 05:31 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-27 17:06 - 2014-02-27 17:12 - 00000382 _____ () C:\Users\Its Me\Desktop\fbp.txt
2014-02-27 15:24 - 2014-02-27 15:26 - 00051736 _____ () C:\Users\Its Me\Downloads\Addition.txt
2014-02-27 15:22 - 2014-02-27 15:26 - 00059528 _____ () C:\Users\Its Me\Downloads\FRST.txt
2014-02-27 15:22 - 2014-02-27 15:26 - 00000000 ____D () C:\FRST
2014-02-27 15:21 - 2014-02-27 15:21 - 02155520 _____ (Farbar) C:\Users\Its Me\Downloads\FRST64.exe
2014-02-27 15:21 - 2014-02-27 15:21 - 01143808 _____ (Farbar) C:\Users\Its Me\Downloads\FRST.exe
2014-02-27 15:03 - 2014-02-27 15:03 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Its Me\Desktop\bmv.exe
2014-02-26 16:06 - 2014-02-26 16:06 - 00018521 _____ () C:\Users\Its Me\Desktop\post.txt
2014-02-26 15:57 - 2014-02-26 15:58 - 00017619 _____ () C:\Users\Its Me\Desktop\dds.txt
2014-02-26 15:57 - 2014-02-26 15:57 - 00013952 _____ () C:\Users\Its Me\Desktop\attach.txt
2014-02-26 15:49 - 2014-02-26 15:49 - 00688992 ____R (Swearware) C:\Users\Its Me\Downloads\dds.com
2014-02-26 15:05 - 2014-02-26 15:06 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Its Me\Downloads\mmm.exe
2014-02-26 14:30 - 2014-02-26 14:30 - 00000000 _____ () C:\Users\Its Me\Desktop\lko.log
2014-02-26 14:26 - 2014-02-26 14:26 - 00000000 _____ () C:\Users\Its Me\Desktop\lll.log
2014-02-26 14:25 - 2014-02-26 14:25 - 00000000 _____ () C:\Users\Its Me\Desktop\iop.log
2014-02-25 18:10 - 2014-02-25 18:10 - 00005043 _____ () C:\Users\Its Me\Desktop\jkl.log
2014-02-25 17:12 - 2014-02-25 17:12 - 00380416 _____ () C:\Users\Its Me\Desktop\d1tlgnzq.exe
2014-02-25 17:08 - 2014-02-25 17:08 - 00031029 _____ () C:\Users\Its Me\Desktop\sfcdetails.txt
2014-02-25 16:10 - 2014-02-25 16:10 - 00000000 ____D () C:\Windows\pss
2014-02-25 15:10 - 2014-02-25 16:35 - 00002805 _____ () C:\Users\Its Me\Desktop\safemode.txt
2014-02-22 08:22 - 2014-02-22 08:22 - 00000917 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 08:19 - 2014-02-22 08:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Its Me\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-22 08:13 - 2014-02-22 08:13 - 03274299 _____ (Malwarebytes Corporation ) C:\Users\Its Me\Downloads\Unconfirmed 479890.crdownload
2014-02-21 19:57 - 2014-02-21 20:03 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-21 19:42 - 2014-02-05 00:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-21 19:42 - 2014-02-05 00:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-21 19:42 - 2014-02-05 00:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-21 19:42 - 2014-02-05 00:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-21 19:42 - 2014-02-05 00:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-21 19:42 - 2014-02-05 00:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-02-21 19:42 - 2014-02-05 00:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-21 19:41 - 2014-02-05 00:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-21 19:41 - 2014-02-05 00:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-21 19:41 - 2014-02-05 00:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-21 19:41 - 2014-02-05 00:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-21 19:41 - 2014-02-05 00:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-21 19:41 - 2014-02-05 00:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-21 19:41 - 2014-02-05 00:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-02-21 19:41 - 2014-02-05 00:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-21 19:41 - 2014-02-05 00:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-02-21 17:49 - 2014-02-21 17:49 - 00380416 _____ () C:\Users\Its Me\Downloads\19zhj9en.exe
2014-02-20 17:28 - 2014-02-20 18:46 - 00000400 _____ () C:\Users\Its Me\Desktop\netflixsuggestions.txt
2014-02-12 04:52 - 2013-12-04 18:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-02 12:56 - 2014-02-02 12:56 - 00334527 _____ () C:\Users\Its Me\Downloads\hot-vector-punk-girl-art.jpeg
 
==================== One Month Modified Files and Folders =======
 
2014-02-28 15:53 - 2014-02-28 15:53 - 00049088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\taomsfqc.sys
2014-02-28 15:50 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 15:50 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 15:39 - 2008-04-29 14:45 - 01835430 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 15:35 - 2014-02-28 15:35 - 01143808 _____ (Farbar) C:\Users\Its Me\Downloads\FRST (1).exe
2014-02-28 15:32 - 2006-11-02 02:33 - 00763654 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-28 05:31 - 2014-02-28 05:31 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-27 17:12 - 2014-02-27 17:06 - 00000382 _____ () C:\Users\Its Me\Desktop\fbp.txt
2014-02-27 15:52 - 2008-05-18 11:42 - 00000000 ____D () C:\Users\Its Me\AppData\Roaming\Mozilla
2014-02-27 15:26 - 2014-02-27 15:24 - 00051736 _____ () C:\Users\Its Me\Downloads\Addition.txt
2014-02-27 15:26 - 2014-02-27 15:22 - 00059528 _____ () C:\Users\Its Me\Downloads\FRST.txt
2014-02-27 15:26 - 2014-02-27 15:22 - 00000000 ____D () C:\FRST
2014-02-27 15:21 - 2014-02-27 15:21 - 02155520 _____ (Farbar) C:\Users\Its Me\Downloads\FRST64.exe
2014-02-27 15:21 - 2014-02-27 15:21 - 01143808 _____ (Farbar) C:\Users\Its Me\Downloads\FRST.exe
2014-02-27 15:03 - 2014-02-27 15:03 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Its Me\Desktop\bmv.exe
2014-02-26 16:06 - 2014-02-26 16:06 - 00018521 _____ () C:\Users\Its Me\Desktop\post.txt
2014-02-26 15:58 - 2014-02-26 15:57 - 00017619 _____ () C:\Users\Its Me\Desktop\dds.txt
2014-02-26 15:57 - 2014-02-26 15:57 - 00013952 _____ () C:\Users\Its Me\Desktop\attach.txt
2014-02-26 15:49 - 2014-02-26 15:49 - 00688992 ____R (Swearware) C:\Users\Its Me\Downloads\dds.com
2014-02-26 15:06 - 2014-02-26 15:05 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Its Me\Downloads\mmm.exe
2014-02-26 14:30 - 2014-02-26 14:30 - 00000000 _____ () C:\Users\Its Me\Desktop\lko.log
2014-02-26 14:26 - 2014-02-26 14:26 - 00000000 _____ () C:\Users\Its Me\Desktop\lll.log
2014-02-26 14:25 - 2014-02-26 14:25 - 00000000 _____ () C:\Users\Its Me\Desktop\iop.log
2014-02-25 18:10 - 2014-02-25 18:10 - 00005043 _____ () C:\Users\Its Me\Desktop\jkl.log
2014-02-25 17:12 - 2014-02-25 17:12 - 00380416 _____ () C:\Users\Its Me\Desktop\d1tlgnzq.exe
2014-02-25 17:08 - 2014-02-25 17:08 - 00031029 _____ () C:\Users\Its Me\Desktop\sfcdetails.txt
2014-02-25 16:35 - 2014-02-25 15:10 - 00002805 _____ () C:\Users\Its Me\Desktop\safemode.txt
2014-02-25 16:10 - 2014-02-25 16:10 - 00000000 ____D () C:\Windows\pss
2014-02-24 16:57 - 2011-08-02 22:02 - 00007944 _____ () C:\Users\Its Me\AppData\Local\d3d9caps.dat
2014-02-22 15:29 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-22 08:22 - 2014-02-22 08:22 - 00000917 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 08:22 - 2009-03-30 14:19 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 08:21 - 2014-02-22 08:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Its Me\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-22 08:13 - 2014-02-22 08:13 - 03274299 _____ (Malwarebytes Corporation ) C:\Users\Its Me\Downloads\Unconfirmed 479890.crdownload
2014-02-22 07:57 - 2011-03-31 17:04 - 00089811 _____ () C:\Windows\System32\lvcoinst.log
2014-02-22 06:53 - 2013-01-24 21:15 - 00002113 _____ () C:\Windows\epplauncher.mif
2014-02-21 21:39 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-02-21 21:23 - 2006-11-02 04:47 - 03134096 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-02-21 21:06 - 2007-08-16 10:00 - 00212398 _____ () C:\Windows\PFRO.log
2014-02-21 21:06 - 2006-11-02 04:37 - 00000000 ____D () C:\Windows\System32\XPSViewer
2014-02-21 20:58 - 2008-09-04 12:09 - 00002058 _____ () C:\Users\Its Me\Desktop\Google Chrome.lnk
2014-02-21 20:54 - 2008-04-29 14:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 20:17 - 2010-03-29 11:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-21 20:03 - 2014-02-21 19:57 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-21 19:10 - 2006-11-02 04:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-21 17:49 - 2014-02-21 17:49 - 00380416 _____ () C:\Users\Its Me\Downloads\19zhj9en.exe
2014-02-20 18:46 - 2014-02-20 17:28 - 00000400 _____ () C:\Users\Its Me\Desktop\netflixsuggestions.txt
2014-02-13 20:49 - 2012-04-20 16:15 - 00001760 ____H () C:\Users\Its Me\Documents\Default.rdp
2014-02-05 00:58 - 2014-02-21 19:41 - 12345344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-05 00:56 - 2014-02-21 19:41 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-05 00:53 - 2014-02-21 19:41 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-05 00:51 - 2014-02-21 19:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-05 00:50 - 2014-02-21 19:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-05 00:49 - 2014-02-21 19:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-05 00:49 - 2014-02-21 19:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-02-05 00:48 - 2014-02-21 19:42 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-05 00:48 - 2014-02-21 19:42 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-05 00:48 - 2014-02-21 19:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-05 00:48 - 2014-02-21 19:41 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-05 00:48 - 2014-02-21 19:41 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-02-05 00:47 - 2014-02-21 19:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-05 00:47 - 2014-02-21 19:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-05 00:47 - 2014-02-21 19:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-02-05 00:46 - 2014-02-21 19:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-04 16:09 - 2006-11-02 02:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-02-02 12:56 - 2014-02-02 12:56 - 00334527 _____ () C:\Users\Its Me\Downloads\hot-vector-punk-girl-art.jpeg
 
Some content of TEMP:
====================
C:\Users\Hallie\AppData\Local\Temp\GUR7909.exe
C:\Users\Its Me\AppData\Local\Temp\GUR45C7.exe
C:\Users\Its Me\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Its Me\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Its Me\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\Its Me\AppData\Local\Temp\npp.6.3.2.Installer.exe
C:\Users\Its Me\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Its Me\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Its Me\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Its Me\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Its Me\AppData\Local\Temp\_is3800.exe
C:\Users\Its Me\AppData\Local\Temp\_is4421.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-02-25 16:10:48
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {d0b31e2d-4c27-11dc-b25a-001b381ac316}
displayorder            {default}
toolsdisplayorder       {current}
                        {memdiag}
timeout                 30
customactions           0x1000000720001
                        0x54000001
custom:54000001         {current}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[E:]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                ramdisk=[E:]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {d0b31e2d-4c27-11dc-b25a-001b381ac316}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {d0b31e2d-4c27-11dc-b25a-001b381ac316}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=E:
ramdisksdipath          \boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 2941.44 MB
Available physical RAM: 2484.88 MB
Total Pagefile: 2740.75 MB
Available Pagefile: 2592.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.39 MB
 
==================== Drives ================================
 
Drive c: (SQ004512V03) (Fixed) (Total:147.58 GB) (Free:2.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
Drive f: (SQ003520) (Fixed) (Total:111.79 GB) (Free:50.98 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 25592117)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=148 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 112 GB) (Disk ID: D3B0D3B0)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-02-28 15:39
 
==================== End Of Log ============================-+


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 01 March 2014 - 06:45 AM

Start your computer in the System Recovery Options again and open FRST.
  • Write the following text into the Search: textbox:
    RDPENCDD.sys
  • Click on the Search File(s) button.
  • When the search is finished a log file (Search.txt) is save on your flash drive.
    Copy and paste it in your next reply.


#10 aksweeney

aksweeney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 01 March 2014 - 10:54 AM

Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by SYSTEM at 2014-03-01 10:05:42
Running from F:\
Boot Mode: Recovery
 
================== Search: "RDPENCDD.sys" ===================
 
C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.0.6001.18000_none_06cf4b56d5c130dc\RDPENCDD.sys
[2008-06-29 17:14] - [2008-01-18 22:01] - 0006144 ____N () DD69030A791B7074C0C1F8F1E5232EA4
 
C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.0.6000.16386_none_0498895ad8d62008\RDPENCDD.sys
[2006-11-02 01:02] - [2006-11-02 01:02] - 0006144 ____A (Microsoft Corporation) 980B56E2E273E19D3A9D72D5C420F008
 
C:\Windows\System32\drivers\rdpencdd.sys
[2008-06-29 17:14] - [2008-01-18 22:01] - 0006144 ____A (Microsoft Corporation) 9D91FE5286F748862ECFFA05F8A0710C
 
=== End Of Search ===


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 01 March 2014 - 11:02 AM

Please run the following fix and start your computer in normal mode again afterwards.
Is MSE still detecting anything?


Please download this attached Attached File  fixlist.txt   400bytes   2 downloads and save it on the same flash drive as FRST.
  • Plug in the flash drive to the infected computer, enter the System Recovery Options and open FRST.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) is saved on the flash drive.
    Please copy and paste its contents in your next reply.


#12 aksweeney

aksweeney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 01 March 2014 - 12:31 PM

Ran a quick scan with MSE and it no longer detects Win32\Alureon.h!
 
Still haven't left the computer on long enough to see if the screen issue has been resolved, but at least there's one less obvious thing.
 
Thank you so much!
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-02-2014 02
Ran by SYSTEM at 2014-03-01 12:11:19 Run:1
Running from F:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\System32\drivers\rdpencdd.sys C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.0.6001.18000_none_06cf4b56d5c130dc\RDPENCDD.sys
GroupPolicyUsers\S-1-5-21-1004063365-477754918-742943989-1010\User: Group Policy restriction detected <======= ATTENTION
HKU\Its Me\...\Policies\Explorer: [DriveConfiguration] 
C:\Users\Its Me\AppData\Local\Temp\*.exe
*****************
 
C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.0.6001.18000_none_06cf4b56d5c130dc\RDPENCDD.sys => Moved successfully.
C:\Windows\System32\drivers\rdpencdd.sys copied successfully to C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.0.6001.18000_none_06cf4b56d5c130dc\RDPENCDD.sys
C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1004063365-477754918-742943989-1010\User => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
HKU\Its Me\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DriveConfiguration => Value deleted successfully.
C:\Users\Its Me\AppData\Local\Temp\*.exe => Moved successfully.
 
==== End of Fixlog ====


#13 aksweeney

aksweeney
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 01 March 2014 - 12:45 PM

Screen issue persisting, unfortunately.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users