Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop's speed and response has reduced drastically


  • This topic is locked This topic is locked
13 replies to this topic

#1 pilbiruusa

pilbiruusa

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 16 May 2014 - 08:06 AM

Hi there, my laptop's speed and response was reduced drastically two days ago. The day before it happened everything was completely fine. Now the boot up itself takes 10-15 minutes, opening a windows explorer or a MS Office program will take 2-3 minutes and frequently freezes while opened. Video and music playing lags significantly. 

 

I've tried scanning my system with avast and mbam in safe mode, but both found nothing. Avast won't run full protection although regular scanning is possible and avast's boot time scan won't work. 

 

What may be the problem here? I'm completely baffled myself.

Could it be some type of spyware or malware that's eating up my computer's resources? I must also confess that I was running a P2P software the night before my computer slowed down. I've already deleted all files downloaded through the P2P software though.

 

I'm currently running

Windows 7 Ultimate 32 bit

Intel Core i5-2410M @ 2.30 GHz

4 GB RAM

 

Any help would be great. Thanks!



BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 16 May 2014 - 03:10 PM

Hello, Lets see what these show and how the machine is afer.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pilbiruusa

pilbiruusa
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 May 2014 - 09:40 AM

Thanks for the reply. I just got the chance to reply back. I've followed all of the instructions, except for eset. For some reason my computer crashes with a bluescreen near the end of an eset scan. I've tried 3 times with around 12 hours per scan before crashing.

 

For some reason I can't post all the logs in one reply. I'll try on the next post



#4 pilbiruusa

pilbiruusa
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 May 2014 - 09:41 AM

Mini tool box

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Toshiba (administrator) on 17-05-2014 at 12:21:04
Running from "C:\Users\Toshiba\Desktop"
Microsoft Windows 7 Ultimate   (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: cache2.itb.ac.id:8080
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
 
========================= IP Configuration: ================================
 
Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Bluetooth Personal Area Network = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="ethernet_19" address=192.168.81.1
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Zhilal
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
   Physical Address. . . . . . . . . : 68-A3-C4-7F-79-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8cf1:6ddc:ba3c:286e%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, May 17, 2014 11:29:44 AM
   Lease Expires . . . . . . . . . . : Tuesday, May 20, 2014 11:29:44 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 342401988
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D3-1F-0F-E8-9A-8F-04-72-78
   DNS Servers . . . . . . . . . . . : 198.153.194.1
                                       4.2.2.3
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Personal Area Network
   Physical Address. . . . . . . . . : 68-A3-C4-7F-A5-F4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : E8-9A-8F-04-72-78
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{D4BA985E-3F2D-4888-8B83-4726713C01FE}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter 6TO4 Adapter:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 17:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:30ca:13c5:3f57:fef9(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::30ca:13c5:3f57:fef9%28(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Reusable ISATAP Interface {9F0EDD0E-E785-4B30-9FEE-5C6F66699AF4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  198.153.194.1
 
Name:    google.com
Addresses:  2404:6800:4001:c01::65
 173.194.126.2
 173.194.126.9
 173.194.126.6
 173.194.126.4
 173.194.126.3
 173.194.126.14
 173.194.126.7
 173.194.126.1
 173.194.126.5
 173.194.126.8
 173.194.126.0
 
 
Pinging google.com [74.125.224.200] with 32 bytes of data:
Reply from 74.125.224.200: bytes=32 time=238ms TTL=51
Reply from 74.125.224.200: bytes=32 time=273ms TTL=51
 
Ping statistics for 74.125.224.200:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 238ms, Maximum = 273ms, Average = 255ms
Server:  UnKnown
Address:  198.153.194.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=330ms TTL=49
Reply from 98.139.183.24: bytes=32 time=354ms TTL=49
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 330ms, Maximum = 354ms, Average = 342ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...68 a3 c4 7f 79 94 ......Atheros AR9002WB-1NG Wireless Network Adapter
 12...68 a3 c4 7f a5 f4 ......Bluetooth Personal Area Network
 11...e8 9a 8f 04 72 78 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
 28...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    281
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 28     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 28     58 2001::/32                On-link
 28    306 2001:0:9d38:90d7:30ca:13c5:3f57:fef9/128
                                    On-link
 13    281 fe80::/64                On-link
 28    306 fe80::/64                On-link
 28    306 fe80::30ca:13c5:3f57:fef9/128
                                    On-link
 13    281 fe80::8cf1:6ddc:ba3c:286e/128
                                    On-link
  1    306 ff00::/8                 On-link
 28    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/17/2014 11:38:48 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\wuaueng.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\System32\wuaueng.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (05/17/2014 11:38:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wuaueng.dll, version: 7.6.7600.256, time stamp: 0x4fca8fc5
Exception code: 0xc0000006
Fault offset: 0x001a1266
Faulting process id: 0x470
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
 
Error: (05/17/2014 11:36:33 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\sppsvc.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Software Protection Platform Service because of this error.
 
Program: Microsoft Software Protection Platform Service
File: C:\Windows\System32\sppsvc.exe
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (05/17/2014 11:36:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd351
Faulting module name: sppsvc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd351
Exception code: 0xc0000006
Fault offset: 0x0029f5e5
Faulting process id: 0xb04
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3
 
Error: (05/17/2014 11:36:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdaae
Exception code: 0xc06d007e
Fault offset: 0x00009617
Faulting process id: 0xd54
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (05/17/2014 11:31:56 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Google Crash Handler because of this error.
 
Program: Google Crash Handler
File: C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (05/17/2014 11:31:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleCrashHandler.exe, version: 1.3.24.7, time stamp: 0x53604552
Faulting module name: GoogleCrashHandler.exe, version: 1.3.24.7, time stamp: 0x53604552
Exception code: 0xc0000006
Fault offset: 0x0001853f
Faulting process id: 0xd7c
Faulting application start time: 0xGoogleCrashHandler.exe0
Faulting application path: GoogleCrashHandler.exe1
Faulting module path: GoogleCrashHandler.exe2
Report Id: GoogleCrashHandler.exe3
 
Error: (05/17/2014 11:31:05 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/17/2014 11:31:05 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/17/2014 11:31:05 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (05/17/2014 00:11:15 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 00:11:15 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 00:11:15 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 11:59:30 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 11:59:30 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 11:53:00 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 11:53:00 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 11:53:00 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 11:53:00 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (05/17/2014 11:53:00 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
Microsoft Office Sessions:
=========================
Error: (01/12/2014 07:47:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/27/2013 05:42:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/24/2013 04:47:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13343 seconds with 2040 seconds of active time.  This session ended with a crash.
 
Error: (11/01/2013 08:30:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/13/2013 05:37:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (09/22/2013 08:08:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 265122 seconds with 9720 seconds of active time.  This session ended with a crash.
 
Error: (08/21/2013 08:48:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/21/2013 08:48:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/21/2013 08:48:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/19/2013 07:00:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 197 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-05-16 06:34:52.993
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 21:54:08.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 21:12:58.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 20:53:23.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 18:47:38.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 17:09:47.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 16:59:51.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 12:27:53.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 10:36:39.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-15 09:51:14.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00098_005\midas32.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Dreamweaver CS6 (Version: 12)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.23)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Help Manager (Version: 4.0.244)
Adobe Photoshop CS4
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Atheros Bluetooth Filter Driver Package (Version: 1.00.0004)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
Atheros Driver Installation Program (Version: 9.2)
avast! Free Antivirus (Version: 9.0.2018)
Banished v1.0.0 32-bit (Version: 1.0.0)
BlackBerry WebWorks SDK for Tablet OS (Version: 2.2.0.5)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.04(T))
Bonjour (Version: 3.0.0.10)
Borland Delphi 7 (Version: 7.0)
calibre (Version: 0.8.68)
Canon MP140 series
CCleaner (Version: 3.07)
Condition Zero (Version: 1.2)
Conexant HD Audio (Version: 8.51.1.0)
CyberLink PowerDVD 8 (Version: 8.0.1531)
Dropbox (Version: 2.6.33)
Facebook Video Calling 2.0.0.447 (Version: 2.0.447)
Google Chrome (Version: 34.0.1847.137)
Google Drive (Version: 1.15.6556.8063)
Google Earth Plug-in (Version: 7.1.2.2041)
Google Talk Plugin (Version: 5.3.1.18536)
Google Update Helper (Version: 1.3.24.7)
IBM SPSS Statistics 20 (Version: 20.0.0.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2291)
iTunes (Version: 11.1.3.8)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
JavaFX 2.1.1 (Version: 2.1.1)
Kamus 2.04 (Version: 2.04)
K-Lite Codec Pack 8.1.0 (Full) (Version: 8.1.0)
LINGO 11.0 (Version: 11.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Player Classic - Home Cinema 1.6.1.4235 (Version: 1.6.1.4235)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft SOAP Toolkit 3.0 (Version: 3.0.1325.4)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
PhotoScape
ProModel Book 2011 SP4 (Version: 8.6.2.1037)
QuickTime (Version: 7.74.80.86)
Realtek USB 2.0 Reader Driver (Version: 1.0.0.12)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Scribblenauts Unlimited
Sid Meier's Pirates! (Version: 1.00.0000)
SimCity™ (Version: 1.0.0.0)
Skype™ 5.3 (Version: 5.3.111)
SolidWorks 2004 SP0 (Version: 12.1.0000)
Sublime Text 2.0.2
TOSHIBA Assist (Version: 2.01.12)
TOSHIBA Bulletin Board (Version: 1.6.06.32)
TOSHIBA Web Camera Application (Version: 1.1.6.3)
Typing Instructor Platinum (Version: 21.00.0000)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR archiver
 
========================= Devices: ================================
 
Name: Bluetooth RFCOMM
Description: Bluetooth RFCOMM
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: tosrfcom
 
Name: BT Port (COM39)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NDProxy
 
Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: Intel® HM65 Express Chipset Family LPC Interface Controller - 1C49
Description: Intel® HM65 Express Chipset Family LPC Interface Controller - 1C49
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv
 
Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
 
Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: BT Port (COM40)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
 
Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
 
Name: Renesas Electronics USB 3.0 Root Hub
Description: Renesas Electronics USB 3.0 Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Renesas Electronics
Service: nusb3hub
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
 
Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: CLFS
 
Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: Compbatt
 
Name: Direct Application Launch Button
Description: Direct Application Launch Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: BT Port (COM41)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: KSecDD
 
Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NetBT
 
Name: Disk Virtual Machine Bus Acceleration Filter Driver
Description: Disk Virtual Machine Bus Acceleration Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: storflt
 
Name: Renesas Electronics USB 3.0 Host Controller
Description: Renesas Electronics USB 3.0 Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Renesas Electronics
Service: nusb3xhc
 
Name: AUOQUF2I IDE Controller
Description: AUOQUF2I IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: auoquf2i
 
Name: Intel® 82802 Firmware Hub Device
Description: Intel® 82802 Firmware Hub Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
 
Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: CNG
 
Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: Intel® 82801 PCI Bridge - 2448
Description: Intel® 82801 PCI Bridge - 2448
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
 
Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AFD
 
Name: BT Port (COM42)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: KSecPkg
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
 
Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Tcpip
 
Name: Offline Files Driver
Description: Offline Files Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: CSC
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: BT Port (COM6)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: lltdio
 
Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: nsiproxy
 
Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tcpipreg
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
 
Name: avast! HardwareID
Description: avast! HardwareID
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswHwid
 
Name: Atheros AR9002WB-1NG Wireless Network Adapter
Description: Atheros AR9002WB-1NG Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
 
Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
 
Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: discache
 
Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tdx
 
Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
 
Name: BT Port (COM7)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Conexant SmartAudio HD
Description: Conexant SmartAudio HD
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant
Service: CnxtHdAudService
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
 
Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Null
 
Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: DXGKrnl
 
Name: ATA Channel 3
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
 
Name: Bluetooth USB Controller-10 from TOSHIBA
Description: Bluetooth USB Controller-10 from TOSHIBA
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: Toshiba
Service: tosrfusb
 
Name: Bluetooth RFHID
Description: Bluetooth RFHID
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: Tosrfhid
 
Name: Bluetooth ACPI
Description: Bluetooth ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Toshiba
Service: tosrfec
 
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
 
Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
 
Name: Intel® Core™ i5-2410M CPU @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
 
Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: pcw
 
Name: aswRdr
Description: aswRdr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRdr
 
Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VgaSave
 
Name: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Description: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
 
Name: esgiguard
Description: esgiguard
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: esgiguard
 
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
 
Name: Bluetooth RFBNEP
Description: Bluetooth RFBNEP
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: tosrfbnp
 
Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
 
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: ATA Channel 4
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
 
Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
 
Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: PEAUTH
 
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
 
Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mountmgr
 
Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: volmgrx
 
Name: Bluetooth Personal Area Network
Description: Bluetooth Personal Area Network
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Toshiba
Service: tosrfnds
 
Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Microsoft Watchdog Timer
Description: Microsoft Watchdog Timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Wd
 
Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Psched
 
Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
 
Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mpsdrv
 
Name: BT Port (COM10)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: volsnap
 
Name: Bluetooth RFBUS
Description: Bluetooth RFBUS
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: tosrfbd
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
 
Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
 
Name: 2nd generation Intel® Core™ processor family DRAM Controller - 0104
Description: 2nd generation Intel® Core™ processor family DRAM Controller - 0104
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
 
Name: QWAVE driver
Description: QWAVE driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: QWAVEdrv
 
Name: Intel® 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Description: Intel® 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
 
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 
 
Name: BT Port (COM11)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
 
Name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vwififlt
 
Name: Extended IO Bus
Description: Extended IO Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Intel® Core™ i5-2410M CPU @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
 
Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: aswStm
Description: aswStm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswStm
 
Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
 
Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
 
Name: BT Port (COM12)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
 
Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Wanarpv6
 
Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
 
Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPCDD
 
Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
 
Name: Microsoft 6to4 Adapter #5
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: Intel® HD Graphics Family
Description: Intel® HD Graphics Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
 
Name: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Description: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
 
Name: BT Port (COM13)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Wdf01000
 
Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: fvevol
 
Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot
 
Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
 
Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPENCDD
 
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
 
Name: Microsoft 6to4 Adapter #6
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: BT Port (COM14)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
 
Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr
 
Name: Hotspot Shield Routing Driver 6
Description: Hotspot Shield Routing Driver 6
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HssDRV6
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
 
Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: WfpLwf
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPREFMP
 
Name: IDE Channel
Description: IDE Channel
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: atapi
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
 
Name: ARI E3W9INK9YV SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
 
Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: msisadrv
 
Name: BT Port (COM20)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: Intel® Core™ i5-2410M CPU @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: HL-DT-ST DVDRAM GT30N ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
 
Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ws2ifsl
 
Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
 
Name: Intel® 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C03
Description: Intel® 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C03
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msahci
 
Name: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Description: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: TOSHIBA Web Camera - MP
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
 
Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: rspndr
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: BT Port (COM21)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: hwpolicy
 
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 
 
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
 
Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: WudfPf
 
Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: secdrv
 
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NativeWifiP
 
Name: BT Port (COM22)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: Microsoft ACPI-Compliant Embedded Controller
Description: Microsoft ACPI-Compliant Embedded Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
 
Name: {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}
Description: {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
 
Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: Intel® Management Engine Interface
Description: Intel® Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEI
 
Name: BT Port (COM37)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NDIS
 
Name: ACPI x86-based PC
Description: ACPI x86-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
 
Name: ST9500325AS ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
 
Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
 
Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sptd
 
Name: Intel® Core™ i5-2410M CPU @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
 
Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Beep
 
Name: BT Port (COM38)
Description: BT Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: tosporte
 
Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
 
Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Ndisuio
 
Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive
 
Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 2765.86 MB
Available physical RAM: 1064.6 MB
Total Pagefile: 5530 MB
Available Pagefile: 3681.54 MB
Total Virtual: 3071.88 MB
Available Virtual: 2963.93 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:38.96 GB) (Free:7.2 GB) NTFS
2 Drive d: () (Fixed) (Total:214.84 GB) (Free:12.68 GB) NTFS
3 Drive e: () (Fixed) (Total:211.85 GB) (Free:33.45 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ZHILAL
 
Administrator            Awthar                   Guest                    
Toshiba                  
 
 
**** End of log ****


#5 pilbiruusa

pilbiruusa
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 May 2014 - 09:42 AM

TDSSKiller

 

12:34:07.0024 0x1160  TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
12:34:27.0930 0x1160  ============================================================
12:34:27.0930 0x1160  Current date / time: 2014/05/17 12:34:27.0930
12:34:27.0930 0x1160  SystemInfo:
12:34:27.0930 0x1160  
12:34:27.0930 0x1160  OS Version: 6.1.7600 ServicePack: 0.0
12:34:27.0931 0x1160  Product type: Workstation
12:34:27.0931 0x1160  ComputerName: ZHILAL
12:34:27.0931 0x1160  UserName: Toshiba
12:34:27.0931 0x1160  Windows directory: C:\Windows
12:34:27.0931 0x1160  System windows directory: C:\Windows
12:34:27.0931 0x1160  Processor architecture: Intel x86
12:34:27.0931 0x1160  Number of processors: 4
12:34:27.0931 0x1160  Page size: 0x1000
12:34:27.0931 0x1160  Boot type: Normal boot
12:34:27.0931 0x1160  ============================================================
12:34:52.0076 0x1160  KLMD registered as C:\Windows\system32\drivers\33645158.sys
12:34:52.0191 0x1160  System UUID: {CBDC6C69-910C-1074-9E93-C8D021BCB343}
12:34:52.0636 0x1160  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:34:52.0641 0x1160  ============================================================
12:34:52.0641 0x1160  \Device\Harddisk0\DR0:
12:34:52.0641 0x1160  MBR partitions:
12:34:52.0641 0x1160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:34:52.0641 0x1160  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4DEE000
12:34:52.0641 0x1160  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4E20800, BlocksNum 0x1ADB0000
12:34:52.0641 0x1160  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1FBD0800, BlocksNum 0x1A7B5000
12:34:52.0641 0x1160  ============================================================
12:34:52.0669 0x1160  C: <-> \Device\Harddisk0\DR0\Partition2
12:34:52.0719 0x1160  D: <-> \Device\Harddisk0\DR0\Partition3
12:34:52.0766 0x1160  E: <-> \Device\Harddisk0\DR0\Partition4
12:34:52.0768 0x1160  ============================================================
12:34:52.0769 0x1160  Initialize success
12:34:52.0769 0x1160  ============================================================
12:35:20.0889 0x0ae8  ============================================================
12:35:20.0889 0x0ae8  Scan started
12:35:20.0889 0x0ae8  Mode: Manual; 
12:35:20.0889 0x0ae8  ============================================================
12:35:20.0889 0x0ae8  KSN ping started
12:35:24.0071 0x0ae8  KSN ping finished: true
12:35:44.0851 0x0ae8  ================ Scan system memory ========================
12:35:44.0851 0x0ae8  System memory - ok
12:35:44.0851 0x0ae8  ================ Scan services =============================
12:35:45.0022 0x0ae8  [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:35:45.0053 0x0ae8  1394ohci - ok
12:35:45.0116 0x0ae8  [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
12:35:45.0131 0x0ae8  ACPI - ok
12:35:45.0147 0x0ae8  [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
12:35:45.0147 0x0ae8  AcpiPmi - ok
12:35:45.0287 0x0ae8  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:35:45.0287 0x0ae8  AdobeARMservice - ok
12:35:45.0365 0x0ae8  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:35:45.0381 0x0ae8  adp94xx - ok
12:35:45.0412 0x0ae8  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:35:45.0412 0x0ae8  adpahci - ok
12:35:45.0443 0x0ae8  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:35:45.0443 0x0ae8  adpu320 - ok
12:35:45.0475 0x0ae8  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:35:45.0475 0x0ae8  AeLookupSvc - ok
12:35:45.0521 0x0ae8  [ DDC040FDB01EF1712A6B13E52AFB104C, BF17E91BBB85A04F1EEF580CD006101332CDE5B876A0D04C6932F30707BB184F ] AFD             C:\Windows\system32\drivers\afd.sys
12:35:45.0521 0x0ae8  AFD - ok
12:35:45.0537 0x0ae8  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
12:35:45.0553 0x0ae8  agp440 - ok
12:35:45.0568 0x0ae8  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:35:45.0584 0x0ae8  aic78xx - ok
12:35:45.0615 0x0ae8  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:35:45.0615 0x0ae8  ALG - ok
12:35:45.0631 0x0ae8  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
12:35:45.0631 0x0ae8  aliide - ok
12:35:45.0646 0x0ae8  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
12:35:45.0646 0x0ae8  amdagp - ok
12:35:45.0662 0x0ae8  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
12:35:45.0662 0x0ae8  amdide - ok
12:35:45.0677 0x0ae8  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:35:45.0677 0x0ae8  AmdK8 - ok
12:35:45.0709 0x0ae8  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:35:45.0709 0x0ae8  AmdPPM - ok
12:35:45.0724 0x0ae8  [ 2101A86C25C154F8314B24EF49D7FBC2, E4C1326CF55850793B45B2BFDF361C4E98A07FB13E08BFD6DB50135489700998 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
12:35:45.0740 0x0ae8  amdsata - ok
12:35:45.0755 0x0ae8  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:35:45.0755 0x0ae8  amdsbs - ok
12:35:45.0771 0x0ae8  [ B81C2B5616F6420A9941EA093A92B150, DA2000C9E06533232F8716A6674BC9DFD5C3AAE1FC46F7A91B8E917DB913F42F ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
12:35:45.0787 0x0ae8  amdxata - ok
12:35:45.0833 0x0ae8  [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID           C:\Windows\system32\drivers\appid.sys
12:35:45.0849 0x0ae8  AppID - ok
12:35:45.0911 0x0ae8  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:35:48.0423 0x0ae8  AppIDSvc - ok
12:36:02.0760 0x0ae8  [ D2A9A5AA05260DF1ACF2A5DFC006D72D, 862AFD8E1D7D8C855520D0E3E02B21BBE2E614062E3DC3ED4E7B0F93803B8C85 ] Appinfo         C:\Windows\System32\appinfo.dll
12:36:05.0380 0x0ae8  Suspicious file ( Forged ): C:\Windows\System32\appinfo.dll. Real md5: D2A9A5AA05260DF1ACF2A5DFC006D72D, sha256: 862AFD8E1D7D8C855520D0E3E02B21BBE2E614062E3DC3ED4E7B0F93803B8C85, fake md5: 7DEAD9E3F65DCB2794F2711003BBF650, fake sha256: F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B
12:36:05.0380 0x0ae8  Appinfo - detected ForgedFile.Multi.Generic ( 1 )
12:36:08.0844 0x0ae8  Detect skipped due to KSN trusted
12:36:08.0844 0x0ae8  Appinfo - ok
12:36:08.0906 0x0ae8  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:36:08.0922 0x0ae8  Apple Mobile Device - ok
12:36:08.0953 0x0ae8  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:36:08.0968 0x0ae8  AppMgmt - ok
12:36:09.0015 0x0ae8  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:36:09.0015 0x0ae8  arc - ok
12:36:09.0031 0x0ae8  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:36:09.0046 0x0ae8  arcsas - ok
12:36:09.0124 0x0ae8  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:36:09.0124 0x0ae8  aspnet_state - ok
12:36:09.0218 0x0ae8  [ 4D6C6E0505A8E5A0656DCB223497D37C, 7F9457AF4B6E4FC6C4F77BD39DB5EB5520C44D22974B9781EA0F984D6830637C ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
12:36:09.0218 0x0ae8  aswHwid - ok
12:36:09.0280 0x0ae8  [ 1A2CC93BBD77C2D95A7567938D7D7239, DD082ACA011DA63CC1A69BAD8C42B9DA3A9975194D87B5584A39C91ED92341E3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:36:09.0280 0x0ae8  aswMonFlt - ok
12:36:09.0312 0x0ae8  [ 9A646294396BBCDF29CF1CB4B1B0D68B, 7529E19DC637CF5FF6E12A7D82F971F0BF6BB3930B72118C6B0FED76EF9CED98 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
12:36:09.0327 0x0ae8  aswRdr - ok
12:36:09.0358 0x0ae8  [ 24B3BDA01DB3A704E33A5266C7B52DAF, FB2555504570E8FD6AA251BE9D05EDC2B73596EF830384130556EC64E518FE65 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
12:36:09.0358 0x0ae8  aswRvrt - ok
12:36:09.0436 0x0ae8  [ D13182758BAC9B4996D592E7684C9267, 8CDF8F3962659A6F3AE77AD9A4982E2D754E0DE3610BE26985444A4DCCDF181A ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:36:09.0468 0x0ae8  aswSnx - ok
12:36:09.0514 0x0ae8  [ D1A68A33B082FA1C7087CE54A7923D90, 9B776122078044A1336D0E7C5F3F016BC7196571DBF379F804AF70C49D642714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:36:09.0530 0x0ae8  aswSP - ok
12:36:09.0577 0x0ae8  [ 8B54399E3EC1150FA461837E60816812, F03E7C3BED19F2069910D4214066051E0D2269D48271B03955B746F41F128CE0 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
12:36:09.0577 0x0ae8  aswStm - ok
12:36:09.0655 0x0ae8  [ B2D7EE52633CA8831DDAFCA81C2D46C3, 017C6C376520380F29AF465F1464C3652D421C4B873B7AC2647498F356032361 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
12:36:09.0670 0x0ae8  aswVmm - ok
12:36:09.0702 0x0ae8  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:36:09.0702 0x0ae8  AsyncMac - ok
12:36:09.0733 0x0ae8  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
12:36:09.0733 0x0ae8  atapi - ok
12:36:09.0858 0x0ae8  [ 3DD5636164BA137089AF39E55F00FD2E, 9E50D23BE8DFB458273F58D8042E94587D56A2B810CC1CD92EB4012DA7C38957 ] athr            C:\Windows\system32\DRIVERS\athr.sys
12:36:09.0951 0x0ae8  athr - ok
12:36:10.0029 0x0ae8  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:36:10.0060 0x0ae8  AudioEndpointBuilder - ok
12:36:10.0092 0x0ae8  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:36:10.0107 0x0ae8  Audiosrv - ok
12:36:10.0138 0x0ae8  [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:36:10.0154 0x0ae8  avast! Antivirus - ok
12:36:10.0185 0x0ae8  [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:36:10.0201 0x0ae8  AxInstSV - ok
12:36:10.0248 0x0ae8  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:36:10.0279 0x0ae8  b06bdrv - ok
12:36:10.0326 0x0ae8  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:36:10.0326 0x0ae8  b57nd60x - ok
12:36:10.0388 0x0ae8  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:36:10.0404 0x0ae8  BDESVC - ok
12:36:10.0435 0x0ae8  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:36:10.0435 0x0ae8  Beep - ok
12:36:10.0482 0x0ae8  [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE             C:\Windows\System32\bfe.dll
12:36:10.0497 0x0ae8  BFE - ok
12:36:10.0575 0x0ae8  [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS            C:\Windows\System32\qmgr.dll
12:36:15.0614 0x0ae8  BITS - ok
12:36:17.0876 0x0ae8  blbdrive - ok
12:36:33.0460 0x0ae8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:36:33.0492 0x0ae8  Bonjour Service - ok
12:36:33.0523 0x0ae8  bowser - ok
12:36:33.0538 0x0ae8  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:36:33.0538 0x0ae8  BrFiltLo - ok
12:36:33.0554 0x0ae8  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:36:33.0554 0x0ae8  BrFiltUp - ok
12:36:33.0585 0x0ae8  [ 598E1280E7FF3744F4B8329366CC5635, 9B6392AEBE7EF26253487AF8C7C114822ABB187BA32DA8DBF622DB1B8DA6F1C0 ] Browser         C:\Windows\System32\browser.dll
12:36:33.0585 0x0ae8  Browser - ok
12:36:33.0616 0x0ae8  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:36:33.0632 0x0ae8  Brserid - ok
12:36:33.0648 0x0ae8  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:36:33.0648 0x0ae8  BrSerWdm - ok
12:36:33.0663 0x0ae8  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:36:33.0679 0x0ae8  BrUsbMdm - ok
12:36:33.0710 0x0ae8  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:36:33.0710 0x0ae8  BrUsbSer - ok
12:36:33.0757 0x0ae8  [ A65E0C67612ED2DE58DC80E7CDD8CB14, BB05B80E984E921D5405AC2D2D68F52B7C4C7B92104006E94D50AF9B34E5D01E ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
12:36:33.0757 0x0ae8  BtFilter - ok
12:36:33.0757 0x0ae8  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:36:33.0757 0x0ae8  BTHMODEM - ok
12:36:33.0804 0x0ae8  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
12:36:33.0804 0x0ae8  bthserv - ok
12:36:33.0819 0x0ae8  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:36:33.0819 0x0ae8  cdfs - ok
12:36:33.0882 0x0ae8  [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:36:33.0897 0x0ae8  cdrom - ok
12:36:33.0928 0x0ae8  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:36:33.0928 0x0ae8  CertPropSvc - ok
12:36:33.0975 0x0ae8  [ D6D33E4E9D2278C85E67264AE23FE55B, A6FD53A84DE2077C62B57BFC64843308DC4926790672B09D082F875011557129 ] Change Modem Device Service C:\Windows\system32\ChgService.exe
12:36:33.0991 0x0ae8  Change Modem Device Service - ok
12:36:33.0991 0x0ae8  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:36:33.0991 0x0ae8  circlass - ok
12:36:34.0006 0x0ae8  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
12:36:34.0022 0x0ae8  CLFS - ok
12:36:34.0084 0x0ae8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:34.0100 0x0ae8  clr_optimization_v2.0.50727_32 - ok
12:36:34.0178 0x0ae8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:36:34.0225 0x0ae8  clr_optimization_v4.0.30319_32 - ok
12:36:34.0256 0x0ae8  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:36:34.0272 0x0ae8  CmBatt - ok
12:36:34.0272 0x0ae8  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
12:36:34.0287 0x0ae8  cmdide - ok
12:36:34.0350 0x0ae8  [ BDDE322DD3E6ABBC589C5DC8A948A661, AB4771526EFB051FBF8B7CD500C6F29C3091DAA215C603E181033445F523CD9D ] cmusbser        C:\Windows\system32\DRIVERS\cmusbser.sys
12:36:34.0350 0x0ae8  cmusbser - ok
12:36:34.0412 0x0ae8  [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:36:34.0443 0x0ae8  CNG - ok
12:36:34.0537 0x0ae8  [ DD308E51103270E3EB550574E3E27731, DC38997CB6405DFA923A70FD64A68DD9358D561ECF3C244B37FED120BE180C27 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
12:36:34.0584 0x0ae8  CnxtHdAudService - ok
12:36:34.0615 0x0ae8  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:36:34.0615 0x0ae8  Compbatt - ok
12:36:34.0630 0x0ae8  [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:36:34.0708 0x0ae8  CompositeBus - ok
12:36:34.0771 0x0ae8  COMSysApp - ok
12:36:34.0802 0x0ae8  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:36:34.0802 0x0ae8  crcdisk - ok
12:36:34.0864 0x0ae8  [ 9C231178CE4FB385F4B54B0A9080B8A4, 08EFAEBFF68D5CCE432D75116ED4BDC63FEA651459C9AD363CBEEDB769806527 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:36:34.0880 0x0ae8  CryptSvc - ok
12:36:34.0927 0x0ae8  [ 27C9490BDD0AE48911AB8CF1932591ED, 751F576F797F8A7BA576C32598BD6FD2E60D4FACC7836CC5BA3F68C38D27CCCA ] CSC             C:\Windows\system32\drivers\csc.sys
12:36:34.0942 0x0ae8  CSC - ok
12:36:34.0989 0x0ae8  [ 56FB5F222EA30D3D3FC459879772CB73, 2C4646774575858E26DBA9C73853E06D0BD18CC8A4C73C633071FF5FE04CA0F4 ] CscService      C:\Windows\System32\cscsvc.dll
12:36:35.0005 0x0ae8  CscService - ok
12:36:35.0067 0x0ae8  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:36:35.0083 0x0ae8  DcomLaunch - ok
12:36:35.0114 0x0ae8  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
12:36:35.0114 0x0ae8  defragsvc - ok
12:36:35.0130 0x0ae8  [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB, B03D0CF11C1D0DCBB76E74D796F3AFA2F9598C918017C29670BED4E3A9962EF5 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:36:35.0130 0x0ae8  DfsC - ok
12:36:35.0176 0x0ae8  [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:36:35.0176 0x0ae8  Dhcp - ok
12:36:35.0192 0x0ae8  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
12:36:35.0192 0x0ae8  discache - ok
12:36:35.0223 0x0ae8  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:36:35.0239 0x0ae8  Disk - ok
12:36:35.0254 0x0ae8  [ D0722E963D3C6145446874241401B209, 542B3E6EC7E0161AB4732380343139959775E749996A97684A5D423833DDB196 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:36:35.0270 0x0ae8  Dnscache - ok
12:36:35.0301 0x0ae8  [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc         C:\Windows\System32\dot3svc.dll
12:36:35.0317 0x0ae8  dot3svc - ok
12:36:35.0348 0x0ae8  [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS             C:\Windows\system32\dps.dll
12:36:35.0348 0x0ae8  DPS - ok
12:36:35.0395 0x0ae8  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:36:35.0395 0x0ae8  drmkaud - ok
12:36:35.0473 0x0ae8  [ 39806CFEDDCC55E686A49BCCD2972F23, EFD5816D3E8E7F0F8D8E52AB9C534737F32D2D6D3EACCA78940792C553881C64 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:36:35.0535 0x0ae8  DXGKrnl - ok
12:36:35.0598 0x0ae8  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
12:36:35.0613 0x0ae8  EapHost - ok
12:36:35.0754 0x0ae8  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:36:36.0003 0x0ae8  ebdrv - ok
12:36:36.0066 0x0ae8  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS             C:\Windows\System32\lsass.exe
12:36:36.0081 0x0ae8  EFS - ok
12:36:36.0237 0x0ae8  [ 3A74A6E33685662B125A3269B1F2114F, 183E180E4B35E549B5D7363D926E17226FF70CFDE7328F7B0B3676B9A27E2569 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:36:38.0702 0x0ae8  ehRecvr - ok
12:36:43.0398 0x0ae8  ehSched - ok
12:36:45.0909 0x0ae8  elxstor - ok
12:36:51.0354 0x0ae8  ErrDev - ok
12:37:01.0369 0x0ae8  esgiguard - ok
12:37:01.0650 0x0ae8  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
12:37:01.0681 0x0ae8  EventSystem - ok
12:37:01.0681 0x0ae8  ewusbmbb - ok
12:37:01.0681 0x0ae8  ewusbnet - ok
12:37:01.0712 0x0ae8  ew_hwusbdev - ok
12:37:01.0743 0x0ae8  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:37:01.0743 0x0ae8  exfat - ok
12:37:01.0759 0x0ae8  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:37:01.0774 0x0ae8  fastfat - ok
12:37:01.0837 0x0ae8  [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax             C:\Windows\system32\fxssvc.exe
12:37:01.0868 0x0ae8  Fax - ok
12:37:01.0899 0x0ae8  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:37:01.0899 0x0ae8  fdc - ok
12:37:01.0915 0x0ae8  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
12:37:01.0930 0x0ae8  fdPHost - ok
12:37:01.0930 0x0ae8  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:37:01.0946 0x0ae8  FDResPub - ok
12:37:01.0962 0x0ae8  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:37:01.0962 0x0ae8  FileInfo - ok
12:37:01.0977 0x0ae8  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:37:01.0977 0x0ae8  Filetrace - ok
12:37:02.0040 0x0ae8  [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:37:02.0071 0x0ae8  FLEXnet Licensing Service - ok
12:37:02.0086 0x0ae8  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:37:02.0086 0x0ae8  flpydisk - ok
12:37:02.0118 0x0ae8  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:37:02.0133 0x0ae8  FltMgr - ok
12:37:02.0196 0x0ae8  [ B6512A85815FDC3D560C3705F5BDB93D, A04D60BF4649DD7582C0E26E9CED93841D8B2729FDF6E1551F48A94AFD5A6436 ] FontCache       C:\Windows\system32\FntCache.dll
12:37:02.0242 0x0ae8  FontCache - ok
12:37:02.0274 0x0ae8  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:37:02.0274 0x0ae8  FontCache3.0.0.0 - ok
12:37:02.0320 0x0ae8  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:37:02.0320 0x0ae8  FsDepends - ok
12:37:02.0336 0x0ae8  [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:37:02.0336 0x0ae8  Fs_Rec - ok
12:37:02.0367 0x0ae8  [ 5592F5DBA26282D24D2B080EB438A4D7, 5376D6CFFE9A1406CFA0BF4325EB65206F57A5C50034DA7EB4238BEB08D4D6DB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:37:02.0383 0x0ae8  fvevol - ok
12:37:02.0461 0x0ae8  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:37:02.0461 0x0ae8  gagp30kx - ok
12:37:02.0539 0x0ae8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:37:02.0539 0x0ae8  GEARAspiWDM - ok
12:37:02.0617 0x0ae8  [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:37:02.0648 0x0ae8  gpsvc - ok
12:37:02.0773 0x0ae8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:37:02.0788 0x0ae8  gupdate - ok
12:37:02.0820 0x0ae8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:37:02.0820 0x0ae8  gupdatem - ok
12:37:02.0851 0x0ae8  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:37:02.0851 0x0ae8  hcw85cir - ok
12:37:02.0913 0x0ae8  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:37:02.0944 0x0ae8  HdAudAddService - ok
12:37:02.0960 0x0ae8  [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:37:02.0976 0x0ae8  HDAudBus - ok
12:37:02.0991 0x0ae8  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:37:02.0991 0x0ae8  HidBatt - ok
12:37:03.0022 0x0ae8  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:37:03.0022 0x0ae8  HidBth - ok
12:37:03.0038 0x0ae8  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:37:03.0038 0x0ae8  HidIr - ok
12:37:03.0069 0x0ae8  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
12:37:03.0069 0x0ae8  hidserv - ok
12:37:03.0100 0x0ae8  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:37:03.0100 0x0ae8  HidUsb - ok
12:37:03.0132 0x0ae8  [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:37:03.0132 0x0ae8  hkmsvc - ok
12:37:03.0163 0x0ae8  [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:37:03.0178 0x0ae8  HomeGroupListener - ok
12:37:03.0210 0x0ae8  [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:37:03.0225 0x0ae8  HomeGroupProvider - ok
12:37:03.0256 0x0ae8  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
12:37:03.0256 0x0ae8  HpSAMD - ok
12:37:03.0303 0x0ae8  [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB, 3A863AEB10E12608007EF08DDC272BFA7670F7CB9CD3CE9896CFAB439C4B236A ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
12:37:03.0303 0x0ae8  HssDRV6 - ok
12:37:03.0350 0x0ae8  [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:37:03.0381 0x0ae8  HTTP - ok
12:37:03.0412 0x0ae8  huawei_enumerator - ok
12:37:03.0444 0x0ae8  hwdatacard - ok
12:37:03.0459 0x0ae8  [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:37:03.0459 0x0ae8  hwpolicy - ok
12:37:03.0475 0x0ae8  hwusbdev - ok
12:37:03.0537 0x0ae8  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:37:03.0537 0x0ae8  i8042prt - ok
12:37:03.0584 0x0ae8  [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
12:37:03.0584 0x0ae8  iaStorV - ok
12:37:03.0678 0x0ae8  [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:37:03.0724 0x0ae8  idsvc - ok
12:37:04.0099 0x0ae8  [ 368400500B6ECBA46B16D844691749EC, 4DAD80F812C152520AD6C39AB491DA4F12C6115C8307E18DC01F9747F8651E43 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:37:16.0906 0x0ae8  igfx - ok
12:37:18.0966 0x0ae8  [ 4B8BCB342FE2F36942151A6B6B062C8E, 1F6D39FD97D527C1440F3F09FB7D549CECAAEBAD169DB0AAC73DE68850735450 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:37:19.0278 0x0ae8  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\iirsp.sys. Real md5: 4B8BCB342FE2F36942151A6B6B062C8E, sha256: 1F6D39FD97D527C1440F3F09FB7D549CECAAEBAD169DB0AAC73DE68850735450, fake md5: 4173FF5708F3236CF25195FECD742915, fake sha256: 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D
12:37:19.0278 0x0ae8  iirsp - detected ForgedFile.Multi.Generic ( 1 )
12:37:22.0678 0x0ae8  Detect skipped due to KSN trusted
12:37:22.0678 0x0ae8  iirsp - ok
12:37:27.0124 0x0ae8  [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:37:27.0156 0x0ae8  IKEEXT - ok
12:37:27.0202 0x0ae8  [ 5576AD2F0039D2BCCCA3567FC0BF981C, 4C782738B211B236DBDD0066BA0EDBA04E6BC5A97EF3227F2C7DAD7EBABF4C73 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:37:27.0218 0x0ae8  IntcDAud - ok
12:37:27.0234 0x0ae8  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
12:37:27.0234 0x0ae8  intelide - ok
12:37:27.0265 0x0ae8  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:37:27.0265 0x0ae8  intelppm - ok
12:37:27.0296 0x0ae8  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:37:27.0312 0x0ae8  IPBusEnum - ok
12:37:27.0327 0x0ae8  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:37:27.0343 0x0ae8  IpFilterDriver - ok
12:37:27.0390 0x0ae8  [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:37:27.0421 0x0ae8  iphlpsvc - ok
12:37:27.0452 0x0ae8  [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:37:27.0452 0x0ae8  IPMIDRV - ok
12:37:27.0468 0x0ae8  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:37:27.0468 0x0ae8  IPNAT - ok
12:37:27.0546 0x0ae8  [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:37:27.0561 0x0ae8  iPod Service - ok
12:37:27.0577 0x0ae8  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:37:27.0592 0x0ae8  IRENUM - ok
12:37:27.0592 0x0ae8  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
12:37:27.0608 0x0ae8  isapnp - ok
12:37:27.0624 0x0ae8  [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:37:27.0624 0x0ae8  iScsiPrt - ok
12:37:27.0655 0x0ae8  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:37:27.0655 0x0ae8  kbdclass - ok
12:37:27.0670 0x0ae8  [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:37:27.0670 0x0ae8  kbdhid - ok
12:37:27.0702 0x0ae8  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso          C:\Windows\system32\lsass.exe
12:37:27.0717 0x0ae8  KeyIso - ok
12:37:27.0733 0x0ae8  [ E36A061EC11B373826905B21BE10948F, CB9F8B76E0A99307A841B66CBD96C7087CC0B068699CBEF01040E37C6EA60E6A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:37:27.0748 0x0ae8  KSecDD - ok
12:37:27.0780 0x0ae8  [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:37:27.0795 0x0ae8  KSecPkg - ok
12:37:27.0920 0x0ae8  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:37:27.0951 0x0ae8  KtmRm - ok
12:37:27.0998 0x0ae8  [ E8E3B9DC901303BD8F590ADA711DE243, 63FFE0CE8725FEDDC70B21F66311BC3BCDA29163B37CC1A7E37815A399775B4F ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
12:37:27.0998 0x0ae8  L1C - ok
12:37:28.0060 0x0ae8  [ BCA92CB047A4326925ECEF759DBAA233, C2A188F5526882A2E3AC4CC0190452DA37CBD93043DFE5571A20E8EFE9D56DA3 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:37:28.0092 0x0ae8  LanmanServer - ok
12:37:28.0107 0x0ae8  [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:37:28.0123 0x0ae8  LanmanWorkstation - ok
12:37:28.0185 0x0ae8  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:37:28.0185 0x0ae8  lltdio - ok
12:37:28.0232 0x0ae8  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:37:28.0263 0x0ae8  lltdsvc - ok
12:37:28.0279 0x0ae8  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:37:28.0279 0x0ae8  lmhosts - ok
12:37:28.0388 0x0ae8  [ D75C4B4A8FE6D7FD74A7EECDBAEC729F, 9BB0A3BE7CCDF62CF0A67CB67019364965F6567BE29BA6D153B8E36F88058302 ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:37:28.0419 0x0ae8  LMS - ok
12:37:28.0466 0x0ae8  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:37:28.0466 0x0ae8  LSI_FC - ok
12:37:28.0482 0x0ae8  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:37:28.0482 0x0ae8  LSI_SAS - ok
12:37:28.0513 0x0ae8  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:37:28.0513 0x0ae8  LSI_SAS2 - ok
12:37:28.0528 0x0ae8  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:37:28.0544 0x0ae8  LSI_SCSI - ok
12:37:28.0575 0x0ae8  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:37:28.0575 0x0ae8  luafv - ok
12:37:28.0606 0x0ae8  [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:37:28.0622 0x0ae8  Mcx2Svc - ok
12:37:28.0653 0x0ae8  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:37:28.0653 0x0ae8  megasas - ok
12:37:28.0700 0x0ae8  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:37:28.0731 0x0ae8  MegaSR - ok
12:37:28.0762 0x0ae8  [ D86AC00883B9C98B570E7643AAF8E554, 4B4BDC01DC20F820A9D1E1B8E875B6445F9B920F0AB1E115ADD9651A368911C4 ] MEI             C:\Windows\system32\DRIVERS\HECI.sys
12:37:28.0762 0x0ae8  MEI - ok
12:37:28.0918 0x0ae8  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:37:28.0918 0x0ae8  Microsoft Office Groove Audit Service - ok
12:37:28.0950 0x0ae8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
12:37:28.0950 0x0ae8  MMCSS - ok
12:37:28.0981 0x0ae8  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
12:37:28.0981 0x0ae8  Modem - ok
12:37:29.0028 0x0ae8  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:37:29.0028 0x0ae8  monitor - ok
12:37:29.0059 0x0ae8  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:37:29.0059 0x0ae8  mouclass - ok
12:37:29.0106 0x0ae8  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:37:29.0106 0x0ae8  mouhid - ok
12:37:29.0137 0x0ae8  [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:37:29.0137 0x0ae8  mountmgr - ok
12:37:29.0386 0x0ae8  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:37:29.0386 0x0ae8  MozillaMaintenance - ok
12:37:29.0433 0x0ae8  [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
12:37:29.0433 0x0ae8  mpio - ok
12:37:29.0449 0x0ae8  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:37:29.0464 0x0ae8  mpsdrv - ok
12:37:29.0574 0x0ae8  [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:37:29.0605 0x0ae8  MpsSvc - ok
12:37:31.0898 0x0ae8  MRxDAV - ok
12:37:39.0526 0x0ae8  mrxsmb - ok
12:37:39.0542 0x0ae8  mrxsmb10 - ok
12:37:41.0820 0x0ae8  mrxsmb20 - ok
12:37:42.0085 0x0ae8  msahci - ok
12:37:44.0378 0x0ae8  msdsm - ok
12:37:44.0721 0x0ae8  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
12:37:49.0651 0x0ae8  MSDTC - ok
12:37:52.0241 0x0ae8  Msfs - ok
12:37:52.0319 0x0ae8  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:37:52.0334 0x0ae8  mshidkmdf - ok
12:37:52.0443 0x0ae8  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
12:37:52.0443 0x0ae8  msisadrv - ok
12:37:52.0521 0x0ae8  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:37:52.0521 0x0ae8  MSiSCSI - ok
12:37:52.0521 0x0ae8  msiserver - ok
12:37:52.0615 0x0ae8  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:37:52.0615 0x0ae8  MSKSSRV - ok
12:37:52.0631 0x0ae8  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:37:52.0646 0x0ae8  MSPCLOCK - ok
12:37:52.0677 0x0ae8  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:37:52.0677 0x0ae8  MSPQM - ok
12:37:52.0709 0x0ae8  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:37:52.0724 0x0ae8  MsRPC - ok
12:37:52.0740 0x0ae8  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:37:52.0740 0x0ae8  mssmbios - ok
12:37:52.0755 0x0ae8  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:37:52.0755 0x0ae8  MSTEE - ok
12:37:52.0771 0x0ae8  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:37:52.0771 0x0ae8  MTConfig - ok
12:37:52.0787 0x0ae8  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:37:52.0802 0x0ae8  Mup - ok
12:37:52.0865 0x0ae8  [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent        C:\Windows\system32\qagentRT.dll
12:37:52.0896 0x0ae8  napagent - ok
12:37:52.0958 0x0ae8  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:37:52.0974 0x0ae8  NativeWifiP - ok
12:37:53.0021 0x0ae8  [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:37:53.0052 0x0ae8  NDIS - ok
12:37:53.0083 0x0ae8  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:37:53.0083 0x0ae8  NdisCap - ok
12:37:53.0130 0x0ae8  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:37:53.0130 0x0ae8  NdisTapi - ok
12:37:53.0177 0x0ae8  [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:37:53.0177 0x0ae8  Ndisuio - ok
12:37:53.0192 0x0ae8  [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:37:53.0208 0x0ae8  NdisWan - ok
12:37:53.0208 0x0ae8  [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:37:53.0223 0x0ae8  NDProxy - ok
12:37:53.0239 0x0ae8  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:37:53.0239 0x0ae8  NetBIOS - ok
12:37:53.0255 0x0ae8  [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:37:53.0270 0x0ae8  NetBT - ok
12:37:53.0301 0x0ae8  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon        C:\Windows\system32\lsass.exe
12:37:53.0301 0x0ae8  Netlogon - ok
12:37:53.0348 0x0ae8  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
12:37:53.0395 0x0ae8  Netman - ok
12:37:53.0442 0x0ae8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:53.0457 0x0ae8  NetMsmqActivator - ok
12:37:53.0489 0x0ae8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:53.0489 0x0ae8  NetPipeActivator - ok
12:37:53.0535 0x0ae8  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
12:37:53.0567 0x0ae8  netprofm - ok
12:37:53.0582 0x0ae8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:53.0582 0x0ae8  NetTcpActivator - ok
12:37:53.0629 0x0ae8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:37:53.0629 0x0ae8  NetTcpPortSharing - ok
12:37:53.0660 0x0ae8  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:37:53.0660 0x0ae8  nfrd960 - ok
12:37:53.0691 0x0ae8  [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:37:53.0707 0x0ae8  NlaSvc - ok
12:37:53.0723 0x0ae8  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:37:53.0723 0x0ae8  Npfs - ok
12:37:53.0738 0x0ae8  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
12:37:53.0754 0x0ae8  nsi - ok
12:37:53.0769 0x0ae8  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:37:53.0769 0x0ae8  nsiproxy - ok
12:37:53.0832 0x0ae8  [ 3795DCD21F740EE799FB7223234215AF, B03DBFD33B201134473D23038E0BD86CFE64556754BF4EBA42C10B67AEECAEA6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:37:53.0863 0x0ae8  Ntfs - ok
12:37:53.0879 0x0ae8  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
12:37:53.0879 0x0ae8  Null - ok
12:37:53.0910 0x0ae8  [ F0CBF252811BC5FC49E7ECCA3EE9519F, 769DE13260C056A5102FCE0FF97DD8371A826376516149C890C64BEF32EAD01B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
12:37:53.0910 0x0ae8  nusb3hub - ok
12:37:53.0925 0x0ae8  [ BDC5FF9B669B5475E3A6E47E5608205C, 98644F5D6190765D318871466B224F1E7F51670FD1DCE6C858863C4C856511A4 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:37:53.0941 0x0ae8  nusb3xhc - ok
12:37:53.0957 0x0ae8  [ 3F3D04B1D08D43C16EA7963954EC768D, BA82C1D3D9F4AA5F1C9729D61D4E06DB961FDF2B1E9B483D29DB308204DF0754 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
12:37:53.0957 0x0ae8  nvraid - ok
12:37:53.0988 0x0ae8  [ C99F251A5DE63C6F129CF71933ACED0F, 24D48A5F5D699AB0DD4D4435F8F7C6B73A924AEF8F9D1170FD644E26499546A2 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
12:37:54.0003 0x0ae8  nvstor - ok
12:37:54.0019 0x0ae8  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
12:37:54.0019 0x0ae8  nv_agp - ok
12:37:54.0159 0x0ae8  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:37:54.0191 0x0ae8  odserv - ok
12:37:54.0222 0x0ae8  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:37:54.0237 0x0ae8  ohci1394 - ok
12:37:54.0284 0x0ae8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:37:54.0331 0x0ae8  ose - ok
12:37:54.0362 0x0ae8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:37:54.0378 0x0ae8  p2pimsvc - ok
12:37:54.0425 0x0ae8  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:37:54.0456 0x0ae8  p2psvc - ok
12:37:54.0487 0x0ae8  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:37:54.0487 0x0ae8  Parport - ok
12:37:54.0503 0x0ae8  [ FF4218952B51DE44FE910953A3E686B9, 871E4F8300AFE2AE770B8F00C12911A08D8BBD8E07C37A11AFF67CA92607A602 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:37:54.0503 0x0ae8  partmgr - ok
12:37:54.0518 0x0ae8  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:37:54.0518 0x0ae8  Parvdm - ok
12:37:54.0549 0x0ae8  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:37:54.0549 0x0ae8  PcaSvc - ok
12:37:54.0581 0x0ae8  [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci             C:\Windows\system32\DRIVERS\pci.sys
12:37:54.0596 0x0ae8  pci - ok
12:37:54.0612 0x0ae8  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
12:37:54.0612 0x0ae8  pciide - ok
12:37:54.0643 0x0ae8  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:37:54.0643 0x0ae8  pcmcia - ok
12:37:54.0659 0x0ae8  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:37:54.0659 0x0ae8  pcw - ok
12:37:54.0690 0x0ae8  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:37:54.0705 0x0ae8  PEAUTH - ok
12:37:54.0893 0x0ae8  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:37:54.0924 0x0ae8  PeerDistSvc - ok
12:37:55.0002 0x0ae8  [ 1B5011DD8D57F53AED31FF0F7D635802, FA4D0DD592DAA27A3F7D4881B8675E3B40E2479B2D2912F2BF132E7FC13FF80A ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
12:37:55.0002 0x0ae8  PGEffect - ok
12:37:57.0264 0x0ae8  pla - ok
12:38:12.0458 0x0ae8  [ CDBED5267B170E6ED38B563A96540CCF, E644A365055F002AB3EF102468A2708616304A6B1EABD49D1B7913CA65C63D25 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:38:12.0739 0x0ae8  Suspicious file ( Forged ): C:\Windows\system32\umpnpmgr.dll. Real md5: CDBED5267B170E6ED38B563A96540CCF, sha256: E644A365055F002AB3EF102468A2708616304A6B1EABD49D1B7913CA65C63D25, fake md5: 2CC2008F1296968FBA162ED9F9AFE328, fake sha256: 670E2BE4EB8210C9D6AEA635DFA20E390936762A22B2BB413BF9C7AF418150D6
12:38:12.0739 0x0ae8  PlugPlay - detected ForgedFile.Multi.Generic ( 1 )
12:38:16.0171 0x0ae8  Detect skipped due to KSN trusted
12:38:16.0171 0x0ae8  PlugPlay - ok
12:38:17.0513 0x0ae8  [ DAA100DF6E6711906B61C9AB5AA16032, CC61635DA46B2C9974335EA37E0B5FD660A5C8A42A89B271FA7EC2AC4B8B26F6 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:38:17.0747 0x0ae8  Suspicious file ( Forged ): C:\Windows\system32\pnrpauto.dll. Real md5: DAA100DF6E6711906B61C9AB5AA16032, sha256: CC61635DA46B2C9974335EA37E0B5FD660A5C8A42A89B271FA7EC2AC4B8B26F6, fake md5: 63FF8572611249931EB16BB8EED6AFC8, fake sha256: 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33
12:38:17.0747 0x0ae8  PNRPAutoReg - detected ForgedFile.Multi.Generic ( 1 )
12:38:21.0147 0x0ae8  Detect skipped due to KSN trusted
12:38:21.0147 0x0ae8  PNRPAutoReg - ok
12:38:21.0210 0x0ae8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:38:21.0225 0x0ae8  PNRPsvc - ok
12:38:21.0288 0x0ae8  [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:38:21.0303 0x0ae8  PolicyAgent - ok
12:38:21.0335 0x0ae8  [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power           C:\Windows\system32\umpo.dll
12:38:21.0350 0x0ae8  Power - ok
12:38:21.0381 0x0ae8  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:38:21.0397 0x0ae8  PptpMiniport - ok
12:38:21.0413 0x0ae8  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:38:21.0413 0x0ae8  Processor - ok
12:38:21.0459 0x0ae8  [ 630CF26F0227498B7D5A92B12548960F, 7B6E2A3C398DF2E8F63C03ED5B59BB8DA47D5C1ACA9F37438F71F35633ACD6CD ] ProfSvc         C:\Windows\system32\profsvc.dll
12:38:21.0475 0x0ae8  ProfSvc - ok
12:38:21.0553 0x0ae8  [ 66BB47A3ED1E20D2D33E7EFED3697B56, 372C745E8BBE15138D4D8E1E48EDD434F508BFAF712B3D808C08EA83FF4F032A ] PROLiNKusbdiag  C:\Windows\system32\DRIVERS\PROLiNKusbdiag.sys
12:38:21.0569 0x0ae8  PROLiNKusbdiag - ok
12:38:21.0600 0x0ae8  [ 66BB47A3ED1E20D2D33E7EFED3697B56, 372C745E8BBE15138D4D8E1E48EDD434F508BFAF712B3D808C08EA83FF4F032A ] PROLiNKusbmodem C:\Windows\system32\DRIVERS\PROLiNKusbmodem.sys
12:38:21.0600 0x0ae8  PROLiNKusbmodem - ok
12:38:21.0647 0x0ae8  [ 66BB47A3ED1E20D2D33E7EFED3697B56, 372C745E8BBE15138D4D8E1E48EDD434F508BFAF712B3D808C08EA83FF4F032A ] PROLiNKusbnmea  C:\Windows\system32\DRIVERS\PROLiNKusbnmea.sys
12:38:21.0662 0x0ae8  PROLiNKusbnmea - ok
12:38:21.0693 0x0ae8  [ 66BB47A3ED1E20D2D33E7EFED3697B56, 372C745E8BBE15138D4D8E1E48EDD434F508BFAF712B3D808C08EA83FF4F032A ] PROLiNKusbvoice C:\Windows\system32\DRIVERS\PROLiNKusbvoice.sys
12:38:21.0709 0x0ae8  PROLiNKusbvoice - ok
12:38:21.0725 0x0ae8  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:38:21.0725 0x0ae8  ProtectedStorage - ok
12:38:21.0756 0x0ae8  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:38:21.0771 0x0ae8  Psched - ok
12:38:21.0803 0x0ae8  qcusbserialser - ok
12:38:21.0912 0x0ae8  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:38:21.0990 0x0ae8  ql2300 - ok
12:38:22.0021 0x0ae8  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:38:22.0021 0x0ae8  ql40xx - ok
12:38:22.0083 0x0ae8  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
12:38:22.0115 0x0ae8  QWAVE - ok
12:38:22.0130 0x0ae8  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:38:22.0146 0x0ae8  QWAVEdrv - ok
12:38:22.0161 0x0ae8  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:38:22.0161 0x0ae8  RasAcd - ok
12:38:22.0193 0x0ae8  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:38:22.0208 0x0ae8  RasAgileVpn - ok
12:38:22.0239 0x0ae8  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:38:22.0255 0x0ae8  RasAuto - ok
12:38:22.0286 0x0ae8  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:38:22.0286 0x0ae8  Rasl2tp - ok
12:38:22.0317 0x0ae8  [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan          C:\Windows\System32\rasmans.dll
12:38:22.0349 0x0ae8  RasMan - ok
12:38:22.0349 0x0ae8  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:38:22.0349 0x0ae8  RasPppoe - ok
12:38:22.0380 0x0ae8  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:38:22.0395 0x0ae8  RasSstp - ok
12:38:22.0411 0x0ae8  [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:38:22.0411 0x0ae8  rdbss - ok
12:38:22.0427 0x0ae8  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:38:22.0442 0x0ae8  rdpbus - ok
12:38:22.0458 0x0ae8  [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:38:22.0458 0x0ae8  RDPCDD - ok
12:38:22.0489 0x0ae8  [ C5FF95883FFEF704D50C40D21CFB3AB5, 26CC53DDE126A6BD99F606695F063BB7FDC4BBABB9F75F7AD7A84B58C837EEAA ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:38:22.0489 0x0ae8  RDPDR - ok
12:38:22.0536 0x0ae8  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:38:22.0536 0x0ae8  RDPENCDD - ok
12:38:22.0551 0x0ae8  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:38:22.0551 0x0ae8  RDPREFMP - ok
12:38:22.0567 0x0ae8  [ 801371BA9782282892D00AADB08EE367, 884DDC24B8400E76F65F54C249053333AD29543224F9EC156C64A6BDF584DDCD ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:38:22.0567 0x0ae8  RDPWD - ok
12:38:22.0614 0x0ae8  [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:38:22.0614 0x0ae8  rdyboost - ok
12:38:22.0645 0x0ae8  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:38:22.0661 0x0ae8  RemoteAccess - ok
12:38:22.0707 0x0ae8  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:38:22.0739 0x0ae8  RemoteRegistry - ok
12:38:22.0785 0x0ae8  [ BBCE96557881586683611C561FB06269, BB0DA582B2135EC589037D61597DB79F264F579D464DCE5B7D65A3D36CADEB86 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
12:38:22.0801 0x0ae8  RimUsb - ok
12:38:22.0863 0x0ae8  [ C4F4FCD5AE48BDD31648981DDF8EF993, B2C8586D5F09AB2FBCE8BBACC9B1C74D6E1A25A8264A4218E80354C4470C750F ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
12:38:22.0863 0x0ae8  RimVSerPort - ok
12:38:22.0926 0x0ae8  [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
12:38:22.0926 0x0ae8  ROOTMODEM - ok
12:38:27.0699 0x0ae8  RpcEptMapper - ok
12:38:30.0305 0x0ae8  RpcLocator - ok
12:38:32.0785 0x0ae8  [ 6C5CC47FF3D89E0E38AC5C5377ED63BA, A638606E6C25E9274999C523C69C7A6B5023B71E466AAD1BD672EB68B4A4475E ] RpcSs           C:\Windows\system32\rpcss.dll
12:38:32.0910 0x0ae8  Suspicious file ( Forged ): C:\Windows\system32\rpcss.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, sha256: A638606E6C25E9274999C523C69C7A6B5023B71E466AAD1BD672EB68B4A4475E, fake md5: B82CD39E336973359D7C9BF911E8E84F, fake sha256: 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A
12:38:32.0910 0x0ae8  RpcSs - detected ForgedFile.Multi.Generic ( 1 )
12:38:36.0373 0x0ae8  Detect skipped due to KSN trusted
12:38:36.0373 0x0ae8  RpcSs - ok
12:38:45.0405 0x0ae8  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:38:45.0405 0x0ae8  rspndr - ok
12:38:45.0717 0x0ae8  [ C5ACB4D2CA623F678257B0844BD1AC8A, F6CDB5B517B16D38012CC02A842AA5758C3EEEE5A6B35CA26C9C10E2E79B7978 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:38:45.0749 0x0ae8  RSUSBSTOR - ok
12:38:45.0764 0x0ae8  [ 45449ACF2B9DD9278A40FCFB2DAA7969, 7A0AA195D63E121EF997DEC0C16E3F0BC16ACA1CBDD2D5A566E97CD9079EA143 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RTSUVSTOR.sys
12:38:45.0780 0x0ae8  RSUSBVSTOR - ok
12:38:45.0873 0x0ae8  [ 5423D8437051E89DD34749F242C98648, 28FD190E13676B0FD452A73C3069B72206E2938DB2240BAA9BDB56687C748A2B ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
12:38:45.0873 0x0ae8  s3cap - ok
12:38:45.0905 0x0ae8  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs           C:\Windows\system32\lsass.exe
12:38:45.0905 0x0ae8  SamSs - ok
12:38:45.0936 0x0ae8  [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
12:38:45.0936 0x0ae8  sbp2port - ok
12:38:45.0967 0x0ae8  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:38:45.0967 0x0ae8  SCardSvr - ok
12:38:45.0998 0x0ae8  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:38:45.0998 0x0ae8  scfilter - ok
12:38:46.0029 0x0ae8  [ 3E8B0C453E25613A1F59762A5C42AA75, 86801C49664441A08F7E95031E52AD2518D61CCB945A857A18F0714351A8158C ] Schedule        C:\Windows\system32\schedsvc.dll
12:38:46.0061 0x0ae8  Schedule - ok
12:38:46.0076 0x0ae8  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:38:46.0076 0x0ae8  SCPolicySvc - ok
12:38:46.0107 0x0ae8  [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:38:46.0107 0x0ae8  SDRSVC - ok
12:38:46.0139 0x0ae8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:38:46.0139 0x0ae8  secdrv - ok
12:38:46.0154 0x0ae8  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
12:38:46.0154 0x0ae8  seclogon - ok
12:38:46.0170 0x0ae8  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
12:38:46.0170 0x0ae8  SENS - ok
12:38:46.0185 0x0ae8  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:38:46.0185 0x0ae8  SensrSvc - ok
12:38:46.0201 0x0ae8  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:38:46.0201 0x0ae8  Serenum - ok
12:38:46.0232 0x0ae8  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:38:46.0248 0x0ae8  Serial - ok
12:38:46.0263 0x0ae8  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:38:46.0263 0x0ae8  sermouse - ok
12:38:46.0279 0x0ae8  [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv      C:\Windows\system32\sessenv.dll
12:38:46.0295 0x0ae8  SessionEnv - ok
12:38:46.0310 0x0ae8  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
12:38:46.0310 0x0ae8  sffdisk - ok
12:38:46.0326 0x0ae8  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:38:46.0326 0x0ae8  sffp_mmc - ok
12:38:46.0326 0x0ae8  [ 4F1E5B0FE7C8050668DBFADE8999AEFB, E36DAACC3D11F004808A3F44C471BBFDC2F33411D9F5C18B55B0DB2A6DA6E74C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
12:38:46.0341 0x0ae8  sffp_sd - ok
12:38:46.0341 0x0ae8  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:38:46.0357 0x0ae8  sfloppy - ok
12:38:46.0404 0x0ae8  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:38:46.0419 0x0ae8  SharedAccess - ok
12:38:46.0466 0x0ae8  [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:38:46.0482 0x0ae8  ShellHWDetection - ok
12:38:46.0529 0x0ae8  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
12:38:46.0529 0x0ae8  sisagp - ok
12:38:46.0544 0x0ae8  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:38:46.0544 0x0ae8  SiSRaid2 - ok
12:38:46.0575 0x0ae8  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:38:46.0591 0x0ae8  SiSRaid4 - ok
12:38:46.0622 0x0ae8  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:38:46.0622 0x0ae8  Smb - ok
12:38:46.0685 0x0ae8  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:38:46.0685 0x0ae8  SNMPTRAP - ok
12:38:46.0716 0x0ae8  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:38:46.0716 0x0ae8  spldr - ok
12:38:46.0778 0x0ae8  [ 49B6DD6AB3715B7A67965F17194E98A9, 331D69F3630BA978AC13471A2E7465351D04416343A595C62B94BADFFCD02B3A ] Spooler         C:\Windows\System32\spoolsv.exe
12:38:46.0809 0x0ae8  Spooler - ok
12:38:47.0059 0x0ae8  [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:38:47.0106 0x0ae8  sppsvc - ok
12:38:47.0153 0x0ae8  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:38:47.0153 0x0ae8  sppuinotify - ok
12:38:47.0262 0x0ae8  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\Windows\system32\Drivers\sptd.sys
12:38:47.0262 0x0ae8  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
12:38:47.0277 0x0ae8  sptd - detected LockedFile.Multi.Generic ( 1 )
12:38:50.0616 0x0ae8  Detect skipped due to KSN trusted
12:38:50.0616 0x0ae8  sptd - ok
12:38:52.0815 0x0ae8  srv - ok
12:38:52.0925 0x0ae8  srv2 - ok
12:38:55.0514 0x0ae8  srvnet - ok
12:38:57.0807 0x0ae8  SSDPSRV - ok
12:39:00.0444 0x0ae8  [ 60BB7D1D3E808134AC9AEFB9D5D21E2A, 57A5FB4B13EB5927882EF4C4908BB5F67F75BFA9F2E7D5E9476DE0608C61094E ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:39:10.0818 0x0ae8  Suspicious file ( Forged ): C:\Windows\system32\sstpsvc.dll. Real md5: 60BB7D1D3E808134AC9AEFB9D5D21E2A, sha256: 57A5FB4B13EB5927882EF4C4908BB5F67F75BFA9F2E7D5E9476DE0608C61094E, fake md5: D318F23BE45D5E3A107469EB64815B50, fake sha256: D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0
12:39:10.0818 0x0ae8  SstpSvc - detected ForgedFile.Multi.Generic ( 1 )
12:39:14.0281 0x0ae8  Detect skipped due to KSN trusted
12:39:14.0281 0x0ae8  SstpSvc - ok
12:39:15.0638 0x0ae8  stexstor - ok
12:39:17.0994 0x0ae8  StiSvc - ok
12:39:25.0622 0x0ae8  storflt - ok
12:39:33.0375 0x0ae8  [ D5751969DC3E4B88BF482AC8EC9FE019, DAEB50C0045364C75965B0E94744C6E2E1E85C8D00F1E8A5593F3EC780BDD7D9 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
12:39:33.0391 0x0ae8  storvsc - ok
12:39:33.0469 0x0ae8  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:39:33.0563 0x0ae8  swenum - ok
12:39:33.0812 0x0ae8  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
12:39:33.0843 0x0ae8  swprv - ok
12:39:33.0906 0x0ae8  [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain         C:\Windows\system32\sysmain.dll
12:39:33.0953 0x0ae8  SysMain - ok
12:39:33.0968 0x0ae8  [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:39:33.0968 0x0ae8  TabletInputService - ok
12:39:34.0015 0x0ae8  [ FD90A16CEB10D4FDAA00AAF39B8FF58F, A0471D1AE2704BCFE70C61A83B24B45ED92D71706BEC7D599BB7418BF8B854F1 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
12:39:34.0015 0x0ae8  taphss - ok
12:39:34.0046 0x0ae8  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:39:34.0077 0x0ae8  TapiSrv - ok
12:39:34.0093 0x0ae8  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
12:39:34.0093 0x0ae8  TBS - ok
12:39:34.0155 0x0ae8  [ 2CC3D75488ABD3EC628BBB9A4FC84EFC, 62917CDBC6529D1CC3D7F6E211C717DC44033955749333DCBD052F9BF6639767 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:39:34.0218 0x0ae8  Tcpip - ok
12:39:34.0280 0x0ae8  [ 2CC3D75488ABD3EC628BBB9A4FC84EFC, 62917CDBC6529D1CC3D7F6E211C717DC44033955749333DCBD052F9BF6639767 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:39:34.0296 0x0ae8  TCPIP6 - ok
12:39:34.0327 0x0ae8  [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:39:34.0343 0x0ae8  tcpipreg - ok
12:39:34.0358 0x0ae8  [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:39:34.0358 0x0ae8  TDPIPE - ok
12:39:34.0374 0x0ae8  [ 7551E91EA999EE9A8E9C331D5A9C31F3, C98C97DFD6C7276CD999545A7BC67B56E1BDDFB2886412E9198012322F95A10D ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:39:34.0374 0x0ae8  TDTCP - ok
12:39:34.0389 0x0ae8  [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:39:34.0389 0x0ae8  tdx - ok
12:39:34.0405 0x0ae8  [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:39:34.0405 0x0ae8  TermDD - ok
12:39:34.0452 0x0ae8  [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService     C:\Windows\System32\termsrv.dll
12:39:34.0467 0x0ae8  TermService - ok
12:39:34.0483 0x0ae8  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
12:39:34.0483 0x0ae8  Themes - ok
12:39:34.0499 0x0ae8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:39:34.0499 0x0ae8  THREADORDER - ok
12:39:34.0592 0x0ae8  [ 3C47A2841BB479201CB356285BC2B18E, 42015E2DE004F022C071AE4433B1DECF0C7C0660B23855CE2D902B44E1901F2B ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
12:39:34.0608 0x0ae8  TOSHIBA Bluetooth Service - ok
12:39:34.0686 0x0ae8  [ 90AFA1A4451BBBEE87C9F18A665D8121, 592AE754F117018E8777C541437544E1BC7FD93F460F3EE5DDBBC150448BFBD7 ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
12:39:34.0686 0x0ae8  tosporte - ok
12:39:34.0733 0x0ae8  [ 96A50E6713C8BAC88A817342B76E7E8B, 6A93AD6775E50EAE5A1AA592785348E20878503559AEEAB4F47937B87308438E ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
12:39:34.0733 0x0ae8  tosrfbd - ok
12:39:34.0764 0x0ae8  [ 75CD3C238A0FFC66C4581C3870C09314, 6D4690961ACEF48AEF630C6486A489D4CEB6BCF4ABCC81E70A30004B7569A270 ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
12:39:34.0764 0x0ae8  tosrfbnp - ok
12:39:34.0779 0x0ae8  [ B551D3F266DDA311256F963E8CFD1E9B, 49724855BCC945F5DBFCD48282156DE9B1DD7B88FC6181710587156D655E1F24 ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
12:39:34.0779 0x0ae8  Tosrfcom - ok
12:39:34.0811 0x0ae8  [ 8A555DCF3DDAD3965DA11550491408F8, 992E7209EBDA01D0054B995D77393FCC51F8FB50CEFFA4790323F63C5F75EF82 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
12:39:34.0811 0x0ae8  tosrfec - ok
12:39:34.0826 0x0ae8  [ F3E8762163EE87F3AC95537584CF5B4F, C01B30E764F187022E48C6BE8BD648D53CB4065973B176B5EA03FD13BAA2C9CB ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
12:39:34.0826 0x0ae8  Tosrfhid - ok
12:39:34.0842 0x0ae8  [ B2A1A6538245FD69578224BBF2FD4677, 0393ECF2541A269169BA23D007266750958CD35E05FA7FCBEE1CF9727E07D9C4 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
12:39:34.0842 0x0ae8  tosrfnds - ok
12:39:34.0857 0x0ae8  [ 3DE5CBB4F8EB64563CE08E8EC7458D03, C993E67C3C5CD0190CC4EA622641621BA9D163528C06F009B7F1A8C7CB1BC488 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
12:39:34.0857 0x0ae8  TosRfSnd - ok
12:39:34.0889 0x0ae8  [ AF5126FB6E9ED41C99AB7A10E98729CD, A191CE117619C87AD98F2965EC4D01D890CE46ED7C0BCD0F719178BE1B7681FE ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
12:39:34.0889 0x0ae8  Tosrfusb - ok
12:39:34.0904 0x0ae8  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
12:39:34.0920 0x0ae8  TrkWks - ok
12:39:34.0982 0x0ae8  [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:39:34.0998 0x0ae8  TrustedInstaller - ok
12:39:35.0029 0x0ae8  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:35.0029 0x0ae8  tssecsrv - ok
12:39:35.0076 0x0ae8  [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:39:35.0091 0x0ae8  tunnel - ok
12:39:35.0123 0x0ae8  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:39:35.0123 0x0ae8  uagp35 - ok
12:39:35.0154 0x0ae8  [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:39:35.0169 0x0ae8  udfs - ok
12:39:35.0201 0x0ae8  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:39:35.0201 0x0ae8  UI0Detect - ok
12:39:35.0216 0x0ae8  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
12:39:35.0232 0x0ae8  uliagpkx - ok
12:39:35.0263 0x0ae8  [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:39:35.0263 0x0ae8  umbus - ok
12:39:35.0279 0x0ae8  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:39:35.0279 0x0ae8  UmPass - ok
12:39:35.0310 0x0ae8  [ 8ECACA5454844F66386F7BE4AE0D7CD1, F3B02A9F598C6A9EFA019F5833959DD1A86FDFDB9FDDF99A8687BBB6211AAD00 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:39:35.0325 0x0ae8  UmRdpService - ok
12:39:35.0466 0x0ae8  [ 758C2CE427C343F780A205E28555C98D, E3413BA433CD26DD61D3257B08B8354478A049A972EFAC53C303690BC71DD7E1 ] UNS             C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:39:35.0575 0x0ae8  UNS - ok
12:39:35.0606 0x0ae8  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
12:39:35.0637 0x0ae8  upnphost - ok
12:39:35.0669 0x0ae8  [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:39:35.0669 0x0ae8  usbccgp - ok
12:39:35.0684 0x0ae8  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
12:39:35.0684 0x0ae8  usbcir - ok
12:39:35.0715 0x0ae8  [ 1C333BFD60F2FED2C7AD5DAF533CB742, 97AE9CA39482B886FCD063E80B8AB153E1FC1459452657393D8B1745EF69E1C3 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:39:35.0715 0x0ae8  usbehci - ok
12:39:35.0762 0x0ae8  [ EE6EF93CCFA94FAE8C6AB298273D8AE2, CBEE16CEAD02E994F0C2AD77DD8C01CB9964C6B42DE49FF7A787849CD25767B4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:39:35.0809 0x0ae8  usbhub - ok
12:39:35.0825 0x0ae8  UsbModemDriver - ok
12:39:35.0840 0x0ae8  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:39:35.0856 0x0ae8  usbohci - ok
12:39:35.0903 0x0ae8  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:39:35.0918 0x0ae8  usbprint - ok
12:39:35.0965 0x0ae8  [ 20158F032EEA4FC501118F1992FDF57D, CD81F7501432D5FBBEF4FA9DBAE16E5D080EFE49B5441949E373C6CBFBAB6035 ] usbrndis6       C:\Windows\system32\DRIVERS\usb80236.sys
12:39:35.0965 0x0ae8  usbrndis6 - ok
12:39:35.0996 0x0ae8  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:39:35.0996 0x0ae8  usbscan - ok
12:39:36.0074 0x0ae8  [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:36.0090 0x0ae8  USBSTOR - ok
12:39:50.0863 0x0ae8  [ B30147CA21AB2D10A14DC36A9AA17FD9, CB84CA9C299A9B76A5E4BD9663E89665D91FA72B1406A44BB36745F71383EEE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:39:50.0879 0x0ae8  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\usbuhci.sys. Real md5: B30147CA21AB2D10A14DC36A9AA17FD9, sha256: CB84CA9C299A9B76A5E4BD9663E89665D91FA72B1406A44BB36745F71383EEE7, fake md5: 78780C3EBCE17405B1CCD07A3A8A7D72, fake sha256: FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9
12:39:50.0879 0x0ae8  usbuhci - detected ForgedFile.Multi.Generic ( 1 )
12:39:54.0436 0x0ae8  Detect skipped due to KSN trusted
12:39:54.0436 0x0ae8  usbuhci - ok
12:39:58.0351 0x0ae8  usbvideo - ok
12:39:58.0601 0x0ae8  USB_BusEnum_W - ok
12:39:58.0648 0x0ae8  USB_ETS_W - ok
12:39:58.0663 0x0ae8  USB_WinMux_W - ok
12:39:58.0710 0x0ae8  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
12:39:58.0726 0x0ae8  UxSms - ok
12:39:58.0741 0x0ae8  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc        C:\Windows\system32\lsass.exe
12:39:58.0757 0x0ae8  VaultSvc - ok
12:39:58.0788 0x0ae8  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
12:39:58.0788 0x0ae8  vdrvroot - ok
12:39:58.0835 0x0ae8  [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds             C:\Windows\System32\vds.exe
12:39:58.0850 0x0ae8  vds - ok
12:39:58.0866 0x0ae8  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:58.0866 0x0ae8  vga - ok
12:39:58.0882 0x0ae8  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:39:58.0897 0x0ae8  VgaSave - ok
12:39:58.0928 0x0ae8  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
12:39:58.0944 0x0ae8  vhdmp - ok
12:39:58.0960 0x0ae8  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
12:39:58.0960 0x0ae8  viaagp - ok
12:39:58.0975 0x0ae8  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:39:58.0975 0x0ae8  ViaC7 - ok
12:39:59.0006 0x0ae8  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
12:39:59.0006 0x0ae8  viaide - ok
12:40:01.0502 0x0ae8  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
12:40:06.0666 0x0ae8  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\vmbus.sys. Real md5: 25072FB35AC90B25F9E4E3BACF774102, sha256: EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D, fake md5: 379B349F65F453D2A6E75EA6B7448E49, fake sha256: F52B1B3AE9F5D38B45C889A7B1EBE59533C17E73678D355D1466B5EF3338BF16
12:40:06.0666 0x0ae8  vmbus - detected ForgedFile.Multi.Generic ( 1 )
12:40:06.0666 0x0ae8  Detect skipped due to KSN trusted
12:40:06.0666 0x0ae8  vmbus - ok
12:40:08.0944 0x0ae8  VMBusHID - ok
12:40:21.0595 0x0ae8  vmci - ok
12:40:21.0642 0x0ae8  VMnetAdapter - ok
12:40:21.0689 0x0ae8  [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
12:40:21.0736 0x0ae8  volmgr - ok
12:40:21.0798 0x0ae8  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:40:21.0829 0x0ae8  volmgrx - ok
12:40:21.0845 0x0ae8  [ 58DF9D2481A56EDDE167E51B334D44FD, C77D7BE83CF1C0DEC80429C5A519E794FD2E8C1E6DAD6F5C92B5EB5694CEB8EA ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
12:40:21.0876 0x0ae8  volsnap - ok
12:40:21.0892 0x0ae8  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:40:21.0907 0x0ae8  vsmraid - ok
12:40:22.0079 0x0ae8  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS             C:\Windows\system32\vssvc.exe
12:40:22.0172 0x0ae8  VSS - ok
12:40:22.0204 0x0ae8  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:40:22.0204 0x0ae8  vwifibus - ok
12:40:22.0235 0x0ae8  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:40:22.0235 0x0ae8  vwififlt - ok
12:40:22.0250 0x0ae8  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
12:40:22.0266 0x0ae8  W32Time - ok
12:40:22.0282 0x0ae8  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:40:22.0282 0x0ae8  WacomPen - ok
12:40:22.0313 0x0ae8  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:40:22.0313 0x0ae8  WANARP - ok
12:40:22.0313 0x0ae8  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:40:22.0313 0x0ae8  Wanarpv6 - ok
12:40:22.0406 0x0ae8  [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine        C:\Windows\system32\wbengine.exe
12:40:22.0484 0x0ae8  wbengine - ok
12:40:22.0547 0x0ae8  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:40:22.0547 0x0ae8  WbioSrvc - ok
12:40:22.0562 0x0ae8  [ D0F88AA11EE1A62BCC6D6A8A7783CA11, 3DBC1806E6F8CD58A9E93EA2A0CDC83C1A90E37B5E385209E4D9A0C81922F447 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:40:22.0578 0x0ae8  wcncsvc - ok
12:40:22.0594 0x0ae8  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:40:22.0609 0x0ae8  WcsPlugInService - ok
12:40:22.0640 0x0ae8  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:40:22.0640 0x0ae8  Wd - ok
12:40:22.0672 0x0ae8  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:40:22.0703 0x0ae8  Wdf01000 - ok
12:40:22.0718 0x0ae8  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:40:22.0734 0x0ae8  WdiServiceHost - ok
12:40:22.0734 0x0ae8  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:40:22.0750 0x0ae8  WdiSystemHost - ok
12:40:22.0781 0x0ae8  [ D87C7D2C517F82A5AB7A73E203063D9E, 8861AB4ECEDAE801008BE0406FCB19418AA2864E89D0776B94E25773E6DB5E88 ] WebClient       C:\Windows\System32\webclnt.dll
12:40:22.0796 0x0ae8  WebClient - ok
12:40:22.0796 0x0ae8  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:40:22.0812 0x0ae8  Wecsvc - ok
12:40:22.0828 0x0ae8  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:40:22.0828 0x0ae8  wercplsupport - ok
12:40:22.0859 0x0ae8  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
12:40:22.0859 0x0ae8  WerSvc - ok
12:40:22.0921 0x0ae8  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:40:22.0921 0x0ae8  WfpLwf - ok
12:40:22.0952 0x0ae8  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:40:22.0952 0x0ae8  WIMMount - ok
12:40:23.0030 0x0ae8  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:40:23.0077 0x0ae8  WinDefend - ok
12:40:23.0077 0x0ae8  WinHttpAutoProxySvc - ok
12:40:23.0171 0x0ae8  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:40:23.0171 0x0ae8  Winmgmt - ok
12:40:23.0280 0x0ae8  [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM           C:\Windows\system32\WsmSvc.dll
12:40:23.0327 0x0ae8  WinRM - ok
12:40:23.0389 0x0ae8  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:40:23.0389 0x0ae8  WinUsb - ok
12:40:23.0498 0x0ae8  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:40:23.0561 0x0ae8  Wlansvc - ok
12:40:23.0701 0x0ae8  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:40:23.0810 0x0ae8  wlidsvc - ok
12:40:23.0857 0x0ae8  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:40:23.0857 0x0ae8  WmiAcpi - ok
12:40:23.0904 0x0ae8  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:40:23.0904 0x0ae8  wmiApSrv - ok
12:40:24.0044 0x0ae8  [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:40:24.0107 0x0ae8  WMPNetworkSvc - ok
12:40:24.0138 0x0ae8  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:40:24.0138 0x0ae8  WPCSvc - ok
12:40:24.0169 0x0ae8  [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:40:24.0169 0x0ae8  WPDBusEnum - ok
12:40:24.0185 0x0ae8  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:40:24.0185 0x0ae8  ws2ifsl - ok
12:40:24.0200 0x0ae8  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:40:24.0200 0x0ae8  wscsvc - ok
12:40:24.0216 0x0ae8  WSearch - ok
12:40:24.0325 0x0ae8  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:40:24.0372 0x0ae8  wuauserv - ok
12:40:24.0419 0x0ae8  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E, C685A458951820ED0F09E6197251CE6FC55AAB75D4FBEFF2992805309239A47A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:40:24.0419 0x0ae8  WudfPf - ok
12:40:24.0466 0x0ae8  [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:40:24.0481 0x0ae8  WUDFRd - ok
12:40:24.0512 0x0ae8  [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:40:24.0528 0x0ae8  wudfsvc - ok
12:40:24.0544 0x0ae8  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:40:24.0575 0x0ae8  WwanSvc - ok
12:40:24.0668 0x0ae8  [ CE0C846127D6ABB1E2A22E59682B2527, 9FDDECDC964A2E0AD306C68E1CF6B8B77388BBD0EC7642B61EE03273381777F7 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
12:40:24.0700 0x0ae8  xnacc - ok
12:40:24.0746 0x0ae8  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
12:40:24.0746 0x0ae8  ================ Scan global ===============================
12:40:24.0793 0x0ae8  [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
12:40:24.0824 0x0ae8  [ 827E4F75901CA3F990B1487D3301841E, A0B17C83D52DB95EDBA81C6ABD78E5E4E3BB65CB57F977B07172A96D4C2B743B ] C:\Windows\system32\winsrv.dll
12:40:24.0887 0x0ae8  [ 827E4F75901CA3F990B1487D3301841E, A0B17C83D52DB95EDBA81C6ABD78E5E4E3BB65CB57F977B07172A96D4C2B743B ] C:\Windows\system32\winsrv.dll
12:40:24.0902 0x0ae8  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:40:24.0934 0x0ae8  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:40:24.0965 0x0ae8  [ Global ] - ok
12:40:24.0965 0x0ae8  ================ Scan MBR ==================================
12:40:24.0965 0x0ae8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:40:25.0308 0x0ae8  \Device\Harddisk0\DR0 - ok
12:40:25.0308 0x0ae8  ================ Scan VBR ==================================
12:40:25.0308 0x0ae8  [ C598A40E7B91836BD9EE31283980C3F4 ] \Device\Harddisk0\DR0\Partition1
12:40:25.0308 0x0ae8  \Device\Harddisk0\DR0\Partition1 - ok
12:40:25.0324 0x0ae8  [ AF885FC4B523B46B1C8D745DD43907F3 ] \Device\Harddisk0\DR0\Partition2
12:40:25.0324 0x0ae8  \Device\Harddisk0\DR0\Partition2 - ok
12:40:25.0324 0x0ae8  [ F08F88ACC87859F1034FB699E91BEDC7 ] \Device\Harddisk0\DR0\Partition3
12:40:25.0324 0x0ae8  \Device\Harddisk0\DR0\Partition3 - ok
12:40:25.0355 0x0ae8  [ EDE6E81F46DDAA2CF70388CB6708E337 ] \Device\Harddisk0\DR0\Partition4
12:40:25.0355 0x0ae8  \Device\Harddisk0\DR0\Partition4 - ok
12:40:25.0355 0x0ae8  Waiting for KSN requests completion. In queue: 44
12:40:26.0369 0x0ae8  Waiting for KSN requests completion. In queue: 44
12:40:27.0383 0x0ae8  Waiting for KSN requests completion. In queue: 44
12:40:28.0397 0x0ae8  Waiting for KSN requests completion. In queue: 44
12:40:29.0442 0x0ae8  Win FW state via NFP2: enabled
12:40:32.0531 0x0ae8  ============================================================
12:40:32.0531 0x0ae8  Scan finished
12:40:32.0531 0x0ae8  ============================================================
12:40:32.0546 0x05d0  Detected object count: 0
12:40:32.0546 0x05d0  Actual detected object count: 0


#6 pilbiruusa

pilbiruusa
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 May 2014 - 09:44 AM

ADW Cleaner

 

# AdwCleaner v3.208 - Report created 17/05/2014 at 13:34:46
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : Toshiba - ZHILAL
# Running from : C:\Users\Toshiba\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Awthar\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Awthar\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Toshiba\AppData\Local\genienext
Folder Deleted : C:\Users\Toshiba\AppData\LocalLow\Conduit
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
File Deleted : C:\Users\Toshiba\daemonprocess.txt
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Windows\System32\Tasks\YourFile DownloaderUpdate
File Deleted : C:\Windows\System32\Tasks\YourFile Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16BDB57C-DE7E-4253-B890-81FBAA2A5100}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16BDB57C-DE7E-4253-B890-81FBAA2A5100}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{799B1027-778A-4048-815A-BB4DE46174A3}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{799B1027-778A-4048-815A-BB4DE46174A3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&SearchAmong
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\YourFileDownloader
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Awthar\AppData\Roaming\Mozilla\Firefox\Profiles\zw1j9miw.default\prefs.js ]
 
 
[ File : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\Toshiba\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=129868A3C47F7994&affID=120007&tsp=4931
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [7885 octets] - [17/05/2014 13:30:10]
AdwCleaner[S0].txt - [7377 octets] - [17/05/2014 13:34:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7437 octets] ##########

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Toshiba on Sat 05/17/2014 at 17:20:35.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1344602048-2015683009-3195712872-1000\Software\sweetim
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Toshiba\Local Settings\Application Data\cre"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/17/2014 at 17:25:48.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 20 May 2014 - 10:34 AM

Ok, lets run this then instead..

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 pilbiruusa

pilbiruusa
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 May 2014 - 11:17 AM

Here's the rogue killer log

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Toshiba [Admin rights]
Mode : Scan -- Date : 05/20/2014 23:13:08
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{635CAA68-9CB8-489F-AEEE-AA0023C29E77}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{635CAA68-9CB8-489F-AEEE-AA0023C29E77}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP UNIC] smadav : C:\Program Files\Smadav\SMΔRTP.exe - rtp [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0xC23841F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0xC23841F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0xC23841F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0xC23841F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0xC23841F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0xC23841F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0xC23841F8)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745209AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745149A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74540731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74516395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745208ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745194AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74516A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74513982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74533B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745435E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745153E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745151BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74514EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745163E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451FCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74513F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74513F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745406CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74514BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745204BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74520473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745205DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74520FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451BF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74517C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451FF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745423B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745186E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745206E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74533FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74523611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745239D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745422E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74543172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74533274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7454301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745429C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7454320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74512D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74521081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74523CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451F869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74512E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745160AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7454312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745185B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745173D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74533D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74543296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74520134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7454068D)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS ATA Device +++++
--- User ---
[MBR] dd76c36ac64bce5014d65f07996d9239
[BSP] b72e9200b9136a918fb7dbb4ef5dc48b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 39900 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 220000 MB
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 532482048 | Size: 216938 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_05202014_231308.txt >>


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 20 May 2014 - 11:41 AM

There's the bad guys...
  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", this time click the Delete button.
  • Copy and paste the report that opens into your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 pilbiruusa

pilbiruusa
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 May 2014 - 12:10 PM

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Toshiba [Admin rights]
Mode : Remove -- Date : 05/20/2014 23:55:14
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{635CAA68-9CB8-489F-AEEE-AA0023C29E77}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{635CAA68-9CB8-489F-AEEE-AA0023C29E77}.exe - --uninstall=1 [x] -> ERROR DELETING TASK
[V2][SUSP UNIC] smadav : C:\Program Files\Smadav\SMΔRTP.exe - rtp [x] -> ERROR DELETING TASK
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745209AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745149A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74540731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74516395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745208ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745194AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74516A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74513982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74533B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745435E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745153E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745151BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74514EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745163E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451FCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74513F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74513F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745406CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74514BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745204BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74520473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745205DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74520FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451BF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74517C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451FF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745423B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745186E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745206E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74533FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74523611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745239D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745422E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74543172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74533274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7454301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745429C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7454320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74542B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74512D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74521081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74523CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451F869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74512E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745160AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7454312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745185B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x745173D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74533D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74543296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74520134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7452CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7451B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7454068D)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS ATA Device +++++
--- User ---
[MBR] dd76c36ac64bce5014d65f07996d9239
[BSP] b72e9200b9136a918fb7dbb4ef5dc48b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 39900 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 220000 MB
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 532482048 | Size: 216938 MB
Error reading LL1 MBR! ([0x79] The semaphore timeout period has expired. )
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_05202014_235514.txt >>
RKreport[0]_S_05202014_231308.txt;RKreport[0]_S_05202014_235357.txt
 
 
 
There is barely any difference. Maybe I'll try rebooting first. Then I'll reply again.


#11 pilbiruusa

pilbiruusa
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 May 2014 - 01:12 PM

Just rebooted my machine. There is barely any difference before and after the scans. Are there any other options that I can try out?



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 20 May 2014 - 08:05 PM

It is still hooked and we need stronger tools and probably a custom script.

We need to repost in a new topic,titled "Rootkits."

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.

Include this link back to here.

http://www.bleepingcomputer.com/forums/t/534531/my-laptops-speed-and-response-has-reduced-drastically/#entry3373887

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 pilbiruusa

pilbiruusa
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 May 2014 - 11:16 PM

So rootkits are the problem huh? Well thanks for the help here. I really appreciate it.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 21 May 2014 - 10:13 AM

Thanks, New topic.... http://www.bleepingcomputer.com/forums/t/535027/rootkit-problem-dont-know-how-to-fix-it/#entry3374385

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users