Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan:dos/alureon.J, Security Essentials detects but can't remove


  • This topic is locked This topic is locked
21 replies to this topic

#1 kcstueber

kcstueber

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE Wisconsin, US
  • Local time:04:41 AM

Posted 16 September 2014 - 12:38 PM

Hi all,

 

What a great site. You've helped me out in many ways over the years, but I'm not getting this one resolved.

 

Microsoft Security Essentials is detecting trojan:dos/alureon.J. It is detected multiple times, I've performed a "Remove All" which appears to be successful, but then then it is detected again and again. I have run TDDSKiller, Malwarebytes, but indicate clean.

 

Your help and advice are appreciated.

 

Kurt



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 18 September 2014 - 06:29 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 21 September 2014 - 04:35 AM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 1,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:01:41 AM

Posted 23 September 2014 - 09:07 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!" | If I am helping you and have not responded within 48 hours, please send me a PM. | Vi Veri Veniversum Vivus Vici | Proud member of UNITE

Simple and easy ways to keep your computer safe and secure on the Internet
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 01 October 2014 - 01:23 PM

Topic is reopend.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 kcstueber

kcstueber
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE Wisconsin, US
  • Local time:04:41 AM

Posted 01 October 2014 - 02:17 PM

Hi,

 

Thanks for reopening the topic. Shall I follow the directions in the 1st reply or wait?

 

Thanks,

 

Kurt



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 01 October 2014 - 02:21 PM

You are welcome!

Yes, please proceed with the instructions which I have posted above. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 kcstueber

kcstueber
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE Wisconsin, US
  • Local time:04:41 AM

Posted 04 October 2014 - 08:16 PM

Hi, deeprybka,

 

Sorry for the delay, but I've got everything on track now. Here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01
Ran by Susan (administrator) on SUSAN-PC on 04-10-2014 20:11:27
Running from F:\Bayview RE
Loaded Profile: Susan (Available profiles: Susan)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(StorageCraft Technology Corporation) C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Windows\System32\vsnapvss.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Create 7\PdfCreate7Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Pitney Bowes, Inc.) C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AT&T Inc.) C:\Users\Susan\AppData\Local\ATT Connect\Participant\pull.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\RealtyServer\RealtyServer Application Suite 5\rs-AppSuite.exe
(SentriLock LLC) C:\Program Files\SentrilockCardUtility\SentriLockCardUtility.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2009-08-27] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2009-08-27] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Create 7\pdfcreate7hook.exe [1275168 2010-08-18] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Create 7\RegistryController.exe [121120 2010-08-18] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Create 7-reminder] => C:\Program Files\Nuance\PDF Create 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PC Meter Connect] => C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe [3514368 2010-10-20] (Pitney Bowes, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2757621714-824139689-578480259-1000\...\Run: [ISUSPM] =>  -scheduler
HKU\S-1-5-21-2757621714-824139689-578480259-1000\...\Run: [Push Client] => C:\Users\Susan\AppData\Local\ATT Connect\Participant\pull.exe [966944 2011-04-27] (AT&T Inc.)
HKU\S-1-5-21-2757621714-824139689-578480259-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-09-20] (Siber Systems)
HKU\S-1-5-21-2757621714-824139689-578480259-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-01-22] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealtyServer Startup.lnk
ShortcutTarget: RealtyServer Startup.lnk -> C:\Windows\Installer\{89734A95-85CB-4C4B-8A8C-45458146D0F1}\_C55523B0E3BADFF5BAC46F.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SentriLock Card Utility.lnk
ShortcutTarget: SentriLock Card Utility.lnk -> C:\Program Files\SentrilockCardUtility\SentriLockCardUtility.exe (SentriLock LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bayviewnetwork.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0F9997E5092ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={39AEAA0F-7349-475F-B263-092486A18669}&mid=c8bda9f5d16748d7a8bb816973970b69-0caabec456b6742173a5d5bd3573855e86a11e87&lang=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-12-05 10:04:58&v=17.1.2.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {C0F454A0-6020-488D-A48E-84B92E60DEE8} https://ht4.hometracker.com/AurigmaInclude/ImageUploader7.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\lcaalw4t.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?cid={39AEAA0F-7349-475F-B263-092486A18669}&mid=c8bda9f5d16748d7a8bb816973970b69-0caabec456b6742173a5d5bd3573855e86a11e87&lang=en&ds=hk018&coid=avgtbdishk&pr=sa&d=&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Susan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\lcaalw4t.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011-06-13]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={39AEAA0F-7349-475F-B263-092486A18669}&mid=c8bda9f5d16748d7a8bb816973970b69-0caabec456b6742173a5d5bd3573855e86a11e87&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2013-12-05 10:04:58&v=18.1.5.514&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR CustomProfile: C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-09]
CHR Extension: (Google Drive) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-09]
CHR Extension: (Google Search) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-09]
CHR Extension: (ClickOnce for Google Chrome™) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeifaoomkminpbeebjdmdojbhmagnncl [2014-01-17]
CHR Extension: (AVG SafeGuard) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-05]
CHR Extension: (Google Wallet) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-09]
CHR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Chrome [2011-06-13]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2009-08-27] (Nuance Communications, Inc.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
S3 DM150Drv; C:\Windows\System32\DRIVERS\DM150Drv.sys [20600 2010-07-30] (Pitney Bowes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [21992 2011-12-01] (Silicon Laboratories)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 20:11 - 2014-10-04 20:11 - 00000000 ____D () C:\FRST
2014-10-04 20:01 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-04 20:01 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-04 20:01 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-04 20:01 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-04 20:01 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-04 20:01 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-04 20:01 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-04 20:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-04 20:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-04 19:59 - 2014-10-04 19:59 - 00003304 ____N () C:\bootsqm.dat
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 20:11 - 2011-06-14 06:24 - 01297085 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 20:10 - 2009-07-13 23:39 - 00088658 _____ () C:\Windows\setupact.log
2014-10-04 20:08 - 2009-07-13 23:34 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 20:08 - 2009-07-13 23:34 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 20:07 - 2013-01-22 10:41 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 20:07 - 2011-06-13 21:05 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-04 20:05 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 20:04 - 2011-11-15 10:34 - 00000000 ____D () C:\Users\Susan\RealtyServer
2014-10-04 20:00 - 2011-06-13 15:26 - 00000000 ____D () C:\Users\Susan
2014-09-22 01:41 - 2011-06-13 15:53 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Users\Susan\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\Susan\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Susan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Susan\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Susan\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\Susan\AppData\Local\Temp\oi_{189D1814-2E11-45F6-A73C-7C3000179A05}.exe
C:\Users\Susan\AppData\Local\Temp\outlooksoclconnector_2010_32.exe
C:\Users\Susan\AppData\Local\Temp\outlook_2010_32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-28 18:56
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-10-2014 01
Ran by Susan at 2014-10-04 20:12:05
Running from F:\Bayview RE
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACI Forms Client (HKLM\...\{1AE80CF0-5B8F-4661-A3C4-7DEAE85D2528}) (Version: 1.00.019 - ACI)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Connect Participant Application v9.0.82 (HKLM\...\{1F3A6960-8470-4C84-820C-EBFFAF4DA580}) (Version: 9.0.82 - AT&T Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite (HKLM\...\{71FD03B5-E653-4CB8-9B56-A466ABC9FCA9}) (Version: 1.00 - Brother Industries, Ltd.)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Finiti Worksite Client (HKLM\...\{0164E268-2476-410F-BFEA-05B2958A6CD4}) (Version: 1.00.012 - ACI)
Gena PhotoStamper 2.1.6 (HKLM\...\Gena PhotoStamper_is1) (Version:  - Kozasoft)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
Harmony (HKCU\...\17a0ced27de92cd5) (Version: 1.0.0.64 - ClearValue Consulting)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Online Services Sign-in Assistant (HKLM\...\{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM\...\{245FCF81-55BA-4AB9-A7C1-37411595676D}) (Version: 12.0.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{462FDFFB-F65C-44F6-824E-939AF86B7511}) (Version: 7.00.2132 - Nuance Communications, Inc)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PC Meter Connect (HKLM\...\{D39BAE47-1B85-41F6-9348-44E965009B56}) (Version: 05.00.0020.0000 - Pitney Bowes)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
RealtyServer Application Suite (HKLM\...\{89734A95-85CB-4C4B-8A8C-45458146D0F1}) (Version: 5.9.8 - RealtyServer)
ReoConnex SL (HKCU\...\1114398192.agentconnex.greenrivercap.com) (Version:  - agentconnex.greenrivercap.com)
RoboForm 7-9-1-1 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-1-1 - Siber Systems)
Scansoft PDF Create (Version:  - ) Hidden
SentriLock Card Utility (HKLM\...\{04A19A92-FE3E-4D76-BF26-13166003C0FA}_is1) (Version: 2.6.59 - SentriLock, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
ShadowProtect Desktop (HKLM\...\{8850DEC8-22FD-4F05-A3AA-49B91200C24F}) (Version: 4.15.10129 - StorageCraft)
ShadowProtect Desktop (Version: 4.15.9340 - StorageCraft) Hidden
The MultiForm Solution (HKLM\...\The MultiForm Solution7.1.0a) (Version: 7.1.0a - CMS Publishing Company)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Driver Package - Pitney Bowes (DM150Drv) USB  (07/04/2010 2.0.1.5) (HKLM\...\BD561D5D94E7AFC181BE8A098D2EC2B90BD07068) (Version: 07/04/2010 2.0.1.5 - Pitney Bowes)
zipForm6 (HKLM\...\zipForm6) (Version: 1.0.0.0 - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{182772c6-b5af-4c8d-aea3-d4726c752892}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{2087C2F4-2CEF-4953-A8AB-66779B670495}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Utilities\winhttp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Susan\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{83A4D5A6-E2C1-4edd-AD48-1A1C50BD06EF}\InprocServer32 -> C:\Users\Susan\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\ImageUploader6.ocx (Aurigma, Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Susan\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{8fa95db8-5072-421e-a714-66a9602ffde4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{94AB719E-1300-4098-8C18-B2A765327D15}\InprocServer32 -> C:\Users\Susan\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\ImageUploader6.ocx (Aurigma, Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{BA6272FD-A7AD-4498-9476-552040B7EDD4}\InprocServer32 -> C:\Users\Susan\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\ImageUploader6.ocx (Aurigma, Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{BF357E76-2001-47F1-8057-46DEE9627DFD}\InprocServer32 -> C:\Users\Susan\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\ImageUploader6.ocx (Aurigma, Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-2757621714-824139689-578480259-1000_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Users\Susan\AppData\Local\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03422D13-244C-4643-9C27-8654CB65088F} - System32\Tasks\G2MUpdateTask-S-1-5-21-2757621714-824139689-578480259-1000 => C:\Users\Susan\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0CA78DE2-425C-4B8B-9AF6-A2E6326D331B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {155EE6B9-288F-4608-99DE-F85B0F48353D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-22] (Google Inc.)
Task: {1D279BD0-D35C-4550-B270-17EAD20AE01C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {51446E99-C4A1-431C-B26C-B5E211888A8B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5A85E4F1-56B5-4F09-BF6D-A163DF0C3CF8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8420F613-8F8E-4B51-B68F-ABDFF3CD5C31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-22] (Google Inc.)
Task: {8767539D-AAED-458F-AE3B-EF9BDD6C8BAC} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-09-20] (Siber Systems)
Task: {9FFD5504-4CE4-4CDC-B608-96CCDE4A0E33} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{F2DEF3B8-A2C4-47A0-93E9-C8BEB108EADD}.exe [2014-09-01] ()
Task: {A298A611-955B-4E6E-AD48-5DA3C01E474A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A928D07C-1E96-49FB-85BA-20D3FA3CC339} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {EDB38938-E7CC-492C-83FE-0D351C1EA1BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{F2DEF3B8-A2C4-47A0-93E9-C8BEB108EADD}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2757621714-824139689-578480259-1000.job => C:\Users\Susan\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-14 17:26 - 2002-11-26 13:43 - 00106496 ____N () C:\Windows\system32\BrMuSNMP.dll
2014-08-11 16:35 - 2014-08-11 16:33 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-11 16:35 - 2014-08-11 16:33 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2013-12-05 11:04 - 2014-08-25 17:16 - 02640408 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe
2011-04-27 14:22 - 2011-04-27 14:22 - 00031744 _____ () C:\Users\Susan\AppData\Local\ATT Connect\Participant\IwRegVC90.dll
2011-04-21 12:10 - 2011-04-21 12:10 - 00418304 _____ () C:\Users\Susan\AppData\Local\ATT Connect\Participant\exchndl.dll
2011-09-26 10:06 - 2011-09-26 10:06 - 00063320 _____ () C:\RealtyServer\RealtyServer Application Suite 5\rs-AppSuite.exe
2011-09-26 10:05 - 2011-09-26 10:05 - 00081920 _____ () C:\RealtyServer\RealtyServer Application Suite 5\plugins\org.eclipse.equinox.launcher.win32.win32.x86_1.0.101.R34x_v20080731\eclipse_1115.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:01C66DD9
AlternateDataStreams: C:\ProgramData\TEMP:0B9FB94D
AlternateDataStreams: C:\ProgramData\TEMP:50C78B39
AlternateDataStreams: C:\ProgramData\TEMP:618D0840
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2757621714-824139689-578480259-500 - Administrator - Disabled)
Guest (S-1-5-21-2757621714-824139689-578480259-501 - Limited - Disabled)
Susan (S-1-5-21-2757621714-824139689-578480259-1000 - Administrator - Enabled) => C:\Users\Susan
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/04/2014 08:07:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 08:07:31 PM) (Source: ShadowProtectSvc) (EventID: 1121) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: D:\Local Back Up\C_VOL
Log file: C:\Program Files\StorageCraft\ShadowProtect\Logs\{BBC34365-3F27-453E-8762-7632C9E132B7}.txt
Start time: 10/4/2014 8:07:20 PM
Module: service
Code: 504
Message: Volume {92E274C4-9677-11E0-86F4-806E6F6E6963} was not found
 
Error: (10/04/2014 08:07:30 PM) (Source: ShadowProtectSvc) (EventID: 1121) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: D:\Local Back Up\System Reserved_VOL
Log file: C:\Program Files\StorageCraft\ShadowProtect\Logs\{55DE440F-BCB5-4D92-85E3-3CF3779186EA}.txt
Start time: 10/4/2014 8:07:20 PM
Module: service
Code: 504
Message: Volume {92E274C3-9677-11E0-86F4-806E6F6E6963} was not found
 
Error: (10/04/2014 08:01:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (10/04/2014 08:01:38 PM) (Source: ShadowProtectSvc) (EventID: 1121) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: D:\Local Back Up\C_VOL
Log file: C:\Program Files\StorageCraft\ShadowProtect\Logs\{BBC34365-3F27-453E-8762-7632C9E132B7}.txt
Start time: 10/4/2014 8:01:35 PM
Module: service
Code: 504
Message: Volume {92E274C4-9677-11E0-86F4-806E6F6E6963} was not found
 
Error: (10/04/2014 08:01:38 PM) (Source: ShadowProtectSvc) (EventID: 1121) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: D:\Local Back Up\System Reserved_VOL
Log file: C:\Program Files\StorageCraft\ShadowProtect\Logs\{55DE440F-BCB5-4D92-85E3-3CF3779186EA}.txt
Start time: 10/4/2014 8:01:35 PM
Module: service
Code: 504
Message: Volume {92E274C3-9677-11E0-86F4-806E6F6E6963} was not found
 
Error: (10/04/2014 08:01:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).
 
Error: (10/04/2014 08:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 08:01:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).
 
Error: (10/04/2014 08:01:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80070422).
 
 
System errors:
=============
Error: (10/04/2014 08:05:35 PM) (Source: volsnap) (EventID: 29) (User: )
Description: The shadow copies of volume C: were aborted during detection.
 
Error: (10/04/2014 07:59:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:52:08 AM on ‎9/‎1/‎2014 was unexpected.
 
Error: (08/25/2014 06:23:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (08/25/2014 06:01:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.183.505.0).
 
Error: (08/25/2014 06:01:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.183.505.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/25/2014 05:22:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (08/25/2014 05:21:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (08/19/2014 02:56:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.2564.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/19/2014 02:56:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.2564.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/19/2014 02:56:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.179.2564.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (10/04/2014 08:07:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 08:07:31 PM) (Source: ShadowProtectSvc) (EventID: 1121) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: D:\Local Back Up\C_VOL
Log file: C:\Program Files\StorageCraft\ShadowProtect\Logs\{BBC34365-3F27-453E-8762-7632C9E132B7}.txt
Start time: 10/4/2014 8:07:20 PM
Module: service
Code: 504
Message: Volume {92E274C4-9677-11E0-86F4-806E6F6E6963} was not found
 
Error: (10/04/2014 08:07:30 PM) (Source: ShadowProtectSvc) (EventID: 1121) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: D:\Local Back Up\System Reserved_VOL
Log file: C:\Program Files\StorageCraft\ShadowProtect\Logs\{55DE440F-BCB5-4D92-85E3-3CF3779186EA}.txt
Start time: 10/4/2014 8:07:20 PM
Module: service
Code: 504
Message: Volume {92E274C3-9677-11E0-86F4-806E6F6E6963} was not found
 
Error: (10/04/2014 08:01:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (10/04/2014 08:01:38 PM) (Source: ShadowProtectSvc) (EventID: 1121) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: D:\Local Back Up\C_VOL
Log file: C:\Program Files\StorageCraft\ShadowProtect\Logs\{BBC34365-3F27-453E-8762-7632C9E132B7}.txt
Start time: 10/4/2014 8:01:35 PM
Module: service
Code: 504
Message: Volume {92E274C4-9677-11E0-86F4-806E6F6E6963} was not found
 
Error: (10/04/2014 08:01:38 PM) (Source: ShadowProtectSvc) (EventID: 1121) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: D:\Local Back Up\System Reserved_VOL
Log file: C:\Program Files\StorageCraft\ShadowProtect\Logs\{55DE440F-BCB5-4D92-85E3-3CF3779186EA}.txt
Start time: 10/4/2014 8:01:35 PM
Module: service
Code: 504
Message: Volume {92E274C3-9677-11E0-86F4-806E6F6E6963} was not found
 
Error: (10/04/2014 08:01:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
 
Error: (10/04/2014 08:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 08:01:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
 
Error: (10/04/2014 08:01:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E6500 @ 2.93GHz
Percentage of memory in use: 51%
Total physical RAM: 3317.49 MB
Available physical RAM: 1614.79 MB
Total Pagefile: 6633.27 MB
Available Pagefile: 4963.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:819.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Back Up) (Fixed) (Total:931.51 GB) (Free:224.79 GB) NTFS
Drive f: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:13.34 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000668DC)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CFB718D7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 345C6B47)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0B)
 
==================== End Of Log ============================


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 05 October 2014 - 02:47 PM

Hi,

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 kcstueber

kcstueber
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE Wisconsin, US
  • Local time:04:41 AM

Posted 05 October 2014 - 05:28 PM

Hi Jürgen,

 

Here it is:

 

17:22:32.0337 0x1154  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

17:22:38.0031 0x1154  ============================================================
17:22:38.0031 0x1154  Current date / time: 2014/10/05 17:22:38.0031
17:22:38.0031 0x1154  SystemInfo:
17:22:38.0031 0x1154  
17:22:38.0031 0x1154  OS Version: 6.1.7601 ServicePack: 1.0
17:22:38.0031 0x1154  Product type: Workstation
17:22:38.0031 0x1154  ComputerName: SUSAN-PC
17:22:38.0031 0x1154  UserName: Susan
17:22:38.0031 0x1154  Windows directory: C:\Windows
17:22:38.0031 0x1154  System windows directory: C:\Windows
17:22:38.0031 0x1154  Processor architecture: Intel x86
17:22:38.0031 0x1154  Number of processors: 2
17:22:38.0031 0x1154  Page size: 0x1000
17:22:38.0031 0x1154  Boot type: Normal boot
17:22:38.0031 0x1154  ============================================================
17:22:41.0120 0x1154  KLMD registered as C:\Windows\system32\drivers\75635538.sys
17:22:41.0432 0x1154  System UUID: {A3CC7560-F92C-6F6C-B5D7-BA8A714EC0F9}
17:22:41.0962 0x1154  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:22:41.0962 0x1154  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:22:42.0009 0x1154  Drive \Device\Harddisk2\DR2 - Size: 0x3BB000000 ( 14.92 Gb ), SectorSize: 0x200, Cylinders: 0x79B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:22:42.0009 0x1154  ============================================================
17:22:42.0009 0x1154  \Device\Harddisk0\DR0:
17:22:42.0009 0x1154  MBR partitions:
17:22:42.0009 0x1154  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705D6F
17:22:42.0009 0x1154  \Device\Harddisk1\DR1:
17:22:42.0009 0x1154  MBR partitions:
17:22:42.0009 0x1154  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:22:42.0009 0x1154  \Device\Harddisk2\DR2:
17:22:42.0009 0x1154  MBR partitions:
17:22:42.0009 0x1154  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1DD45DB
17:22:42.0009 0x1154  ============================================================
17:22:42.0009 0x1154  D: <-> \Device\Harddisk1\DR1\Partition1
17:22:42.0040 0x1154  C: <-> \Device\Harddisk0\DR0\Partition1
17:22:42.0040 0x1154  ============================================================
17:22:42.0040 0x1154  Initialize success
17:22:42.0040 0x1154  ============================================================
17:23:12.0882 0x135c  ============================================================
17:23:12.0882 0x135c  Scan started
17:23:12.0882 0x135c  Mode: Manual; SigCheck; TDLFS; 
17:23:12.0882 0x135c  ============================================================
17:23:12.0882 0x135c  KSN ping started
17:23:15.0627 0x135c  KSN ping finished: true
17:23:16.0704 0x135c  ================ Scan system memory ========================
17:23:16.0704 0x135c  System memory - ok
17:23:16.0704 0x135c  ================ Scan services =============================
17:23:16.0828 0x135c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:23:16.0906 0x135c  1394ohci - ok
17:23:16.0969 0x135c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:23:16.0984 0x135c  ACPI - ok
17:23:17.0000 0x135c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:23:17.0031 0x135c  AcpiPmi - ok
17:23:17.0125 0x135c  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:23:17.0140 0x135c  AdobeARMservice - ok
17:23:17.0203 0x135c  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:23:17.0312 0x135c  AdobeFlashPlayerUpdateSvc - ok
17:23:17.0328 0x135c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:23:17.0343 0x135c  adp94xx - ok
17:23:17.0359 0x135c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:23:17.0374 0x135c  adpahci - ok
17:23:17.0390 0x135c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:23:17.0406 0x135c  adpu320 - ok
17:23:17.0437 0x135c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:23:17.0499 0x135c  AeLookupSvc - ok
17:23:17.0546 0x135c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
17:23:17.0624 0x135c  AFD - ok
17:23:17.0640 0x135c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:23:17.0655 0x135c  agp440 - ok
17:23:17.0655 0x135c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:23:17.0671 0x135c  aic78xx - ok
17:23:17.0671 0x135c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
17:23:17.0702 0x135c  ALG - ok
17:23:17.0733 0x135c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:23:17.0749 0x135c  aliide - ok
17:23:17.0764 0x135c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:23:17.0780 0x135c  amdagp - ok
17:23:17.0796 0x135c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:23:17.0811 0x135c  amdide - ok
17:23:17.0811 0x135c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:23:17.0827 0x135c  AmdK8 - ok
17:23:17.0842 0x135c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:23:17.0858 0x135c  AmdPPM - ok
17:23:17.0889 0x135c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:23:17.0905 0x135c  amdsata - ok
17:23:17.0920 0x135c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:23:17.0936 0x135c  amdsbs - ok
17:23:17.0936 0x135c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:23:17.0952 0x135c  amdxata - ok
17:23:17.0967 0x135c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
17:23:17.0998 0x135c  AppID - ok
17:23:18.0014 0x135c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:23:18.0030 0x135c  AppIDSvc - ok
17:23:18.0061 0x135c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
17:23:18.0092 0x135c  Appinfo - ok
17:23:18.0154 0x135c  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:23:18.0170 0x135c  Apple Mobile Device - ok
17:23:18.0186 0x135c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
17:23:18.0201 0x135c  arc - ok
17:23:18.0217 0x135c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:23:18.0217 0x135c  arcsas - ok
17:23:18.0326 0x135c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:23:18.0373 0x135c  aspnet_state - ok
17:23:18.0404 0x135c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:23:18.0466 0x135c  AsyncMac - ok
17:23:18.0482 0x135c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:23:18.0498 0x135c  atapi - ok
17:23:18.0513 0x135c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:23:18.0560 0x135c  AudioEndpointBuilder - ok
17:23:18.0591 0x135c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:23:18.0622 0x135c  Audiosrv - ok
17:23:18.0669 0x135c  [ D15D2E9F5567075740B88F16F01810D6, 09086182352B0901D886B1F588F141DFC1E68CF0CA62BA399F841E1C96DFDFEF ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
17:23:18.0700 0x135c  avgtp - ok
17:23:18.0700 0x135c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:23:18.0747 0x135c  AxInstSV - ok
17:23:18.0763 0x135c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
17:23:18.0794 0x135c  b06bdrv - ok
17:23:18.0841 0x135c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:23:18.0856 0x135c  b57nd60x - ok
17:23:18.0872 0x135c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
17:23:18.0903 0x135c  BDESVC - ok
17:23:18.0919 0x135c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:23:18.0950 0x135c  Beep - ok
17:23:18.0966 0x135c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
17:23:19.0012 0x135c  BFE - ok
17:23:19.0044 0x135c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
17:23:19.0090 0x135c  BITS - ok
17:23:19.0106 0x135c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:23:19.0122 0x135c  blbdrive - ok
17:23:19.0184 0x135c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:23:19.0200 0x135c  Bonjour Service - ok
17:23:19.0231 0x135c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:23:19.0262 0x135c  bowser - ok
17:23:19.0278 0x135c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:23:19.0293 0x135c  BrFiltLo - ok
17:23:19.0309 0x135c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:23:19.0324 0x135c  BrFiltUp - ok
17:23:19.0371 0x135c  [ C711ED965009BDCFF9AA62CEB6FF1AAD, 083E981F983653329C2B8361963CA81D5D88E164C7738035F701A10CCB1C85CC ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe
17:23:19.0387 0x135c  Brother XP spl Service - detected UnsignedFile.Multi.Generic ( 1 )
17:23:22.0179 0x135c  Detect skipped due to KSN trusted
17:23:22.0179 0x135c  Brother XP spl Service - ok
17:23:22.0195 0x135c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
17:23:22.0226 0x135c  Browser - ok
17:23:22.0242 0x135c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:23:22.0273 0x135c  Brserid - ok
17:23:22.0273 0x135c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:23:22.0288 0x135c  BrSerWdm - ok
17:23:22.0304 0x135c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:23:22.0335 0x135c  BrUsbMdm - ok
17:23:22.0335 0x135c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:23:22.0351 0x135c  BrUsbSer - ok
17:23:22.0351 0x135c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:23:22.0366 0x135c  BTHMODEM - ok
17:23:22.0382 0x135c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
17:23:22.0413 0x135c  bthserv - ok
17:23:22.0429 0x135c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:23:22.0460 0x135c  cdfs - ok
17:23:22.0476 0x135c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:23:22.0491 0x135c  cdrom - ok
17:23:22.0491 0x135c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:23:22.0522 0x135c  CertPropSvc - ok
17:23:22.0522 0x135c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:23:22.0538 0x135c  circlass - ok
17:23:22.0569 0x135c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
17:23:22.0585 0x135c  CLFS - ok
17:23:22.0632 0x135c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:23:22.0647 0x135c  clr_optimization_v2.0.50727_32 - ok
17:23:22.0678 0x135c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:23:22.0772 0x135c  clr_optimization_v4.0.30319_32 - ok
17:23:22.0788 0x135c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:23:22.0803 0x135c  CmBatt - ok
17:23:22.0819 0x135c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:23:22.0834 0x135c  cmdide - ok
17:23:22.0866 0x135c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
17:23:22.0912 0x135c  CNG - ok
17:23:22.0912 0x135c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:23:22.0928 0x135c  Compbatt - ok
17:23:22.0944 0x135c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:23:22.0959 0x135c  CompositeBus - ok
17:23:22.0959 0x135c  COMSysApp - ok
17:23:22.0975 0x135c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:23:22.0975 0x135c  crcdisk - ok
17:23:23.0006 0x135c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:23:23.0037 0x135c  CryptSvc - ok
17:23:23.0068 0x135c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:23:23.0100 0x135c  DcomLaunch - ok
17:23:23.0131 0x135c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
17:23:23.0146 0x135c  defragsvc - ok
17:23:23.0178 0x135c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:23:23.0193 0x135c  DfsC - ok
17:23:23.0209 0x135c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:23:23.0256 0x135c  Dhcp - ok
17:23:23.0271 0x135c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
17:23:23.0302 0x135c  discache - ok
17:23:23.0302 0x135c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
17:23:23.0349 0x135c  Disk - ok
17:23:23.0365 0x135c  [ C1E8F827343C65957F76487677711DFA, BDF54F1455BE031DAC5927587C106B12AE93189E69E974704975D5C056A40ED3 ] DM150Drv        C:\Windows\system32\DRIVERS\DM150Drv.sys
17:23:23.0380 0x135c  DM150Drv - ok
17:23:23.0412 0x135c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:23:23.0443 0x135c  Dnscache - ok
17:23:23.0458 0x135c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:23:23.0490 0x135c  dot3svc - ok
17:23:23.0505 0x135c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
17:23:23.0536 0x135c  DPS - ok
17:23:23.0568 0x135c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:23:23.0583 0x135c  drmkaud - ok
17:23:23.0630 0x135c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:23:23.0646 0x135c  DXGKrnl - ok
17:23:23.0661 0x135c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
17:23:23.0692 0x135c  EapHost - ok
17:23:23.0786 0x135c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
17:23:23.0880 0x135c  ebdrv - ok
17:23:23.0911 0x135c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
17:23:23.0942 0x135c  EFS - ok
17:23:23.0973 0x135c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:23:24.0020 0x135c  ehRecvr - ok
17:23:24.0020 0x135c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
17:23:24.0036 0x135c  ehSched - ok
17:23:24.0051 0x135c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:23:24.0067 0x135c  elxstor - ok
17:23:24.0082 0x135c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:23:24.0114 0x135c  ErrDev - ok
17:23:24.0129 0x135c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
17:23:24.0176 0x135c  EventSystem - ok
17:23:24.0192 0x135c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:23:24.0223 0x135c  exfat - ok
17:23:24.0223 0x135c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:23:24.0254 0x135c  fastfat - ok
17:23:24.0270 0x135c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
17:23:24.0301 0x135c  Fax - ok
17:23:24.0316 0x135c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:23:24.0332 0x135c  fdc - ok
17:23:24.0363 0x135c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
17:23:24.0379 0x135c  fdPHost - ok
17:23:24.0394 0x135c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:23:24.0426 0x135c  FDResPub - ok
17:23:24.0457 0x135c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:23:24.0457 0x135c  FileInfo - ok
17:23:24.0472 0x135c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:23:24.0504 0x135c  Filetrace - ok
17:23:24.0504 0x135c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:23:24.0535 0x135c  flpydisk - ok
17:23:24.0550 0x135c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:23:24.0566 0x135c  FltMgr - ok
17:23:24.0597 0x135c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
17:23:24.0660 0x135c  FontCache - ok
17:23:24.0722 0x135c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:23:24.0738 0x135c  FontCache3.0.0.0 - ok
17:23:24.0753 0x135c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:23:24.0769 0x135c  FsDepends - ok
17:23:24.0784 0x135c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:23:24.0800 0x135c  Fs_Rec - ok
17:23:24.0831 0x135c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:23:24.0847 0x135c  fvevol - ok
17:23:24.0862 0x135c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:23:24.0862 0x135c  gagp30kx - ok
17:23:24.0894 0x135c  gdrv - ok
17:23:24.0909 0x135c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:23:24.0925 0x135c  GEARAspiWDM - ok
17:23:24.0940 0x135c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:23:24.0987 0x135c  gpsvc - ok
17:23:25.0034 0x135c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:23:25.0065 0x135c  gupdate - ok
17:23:25.0112 0x135c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:23:25.0128 0x135c  gupdatem - ok
17:23:25.0174 0x135c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:23:25.0190 0x135c  gusvc - ok
17:23:25.0221 0x135c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:23:25.0252 0x135c  hcw85cir - ok
17:23:25.0268 0x135c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:23:25.0299 0x135c  HdAudAddService - ok
17:23:25.0315 0x135c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:23:25.0346 0x135c  HDAudBus - ok
17:23:25.0362 0x135c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:23:25.0362 0x135c  HidBatt - ok
17:23:25.0377 0x135c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:23:25.0393 0x135c  HidBth - ok
17:23:25.0408 0x135c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:23:25.0424 0x135c  HidIr - ok
17:23:25.0440 0x135c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
17:23:25.0471 0x135c  hidserv - ok
17:23:25.0486 0x135c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:23:25.0533 0x135c  HidUsb - ok
17:23:25.0549 0x135c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:23:25.0580 0x135c  hkmsvc - ok
17:23:25.0580 0x135c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:23:25.0611 0x135c  HomeGroupListener - ok
17:23:25.0627 0x135c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:23:25.0658 0x135c  HomeGroupProvider - ok
17:23:25.0674 0x135c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:23:25.0674 0x135c  HpSAMD - ok
17:23:25.0705 0x135c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:23:25.0736 0x135c  HTTP - ok
17:23:25.0752 0x135c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:23:25.0752 0x135c  hwpolicy - ok
17:23:25.0767 0x135c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:23:25.0783 0x135c  i8042prt - ok
17:23:25.0845 0x135c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:23:25.0861 0x135c  iaStorV - ok
17:23:25.0908 0x135c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:23:25.0954 0x135c  idsvc - ok
17:23:25.0970 0x135c  IEEtwCollectorService - ok
17:23:26.0110 0x135c  [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:23:26.0282 0x135c  igfx - ok
17:23:26.0298 0x135c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:23:26.0313 0x135c  iirsp - ok
17:23:26.0344 0x135c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:23:26.0391 0x135c  IKEEXT - ok
17:23:26.0469 0x135c  [ C5DF8A7FDC75019BF8D8AA4B56BE85C0, ADE63E2F7B7645ADB02D0B79ADADEBC648CDD691D2C5A4E18B83D42A2D887DAA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:23:26.0532 0x135c  IntcAzAudAddService - ok
17:23:26.0563 0x135c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:23:26.0578 0x135c  intelide - ok
17:23:26.0578 0x135c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:23:26.0610 0x135c  intelppm - ok
17:23:26.0625 0x135c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:23:26.0641 0x135c  IPBusEnum - ok
17:23:26.0656 0x135c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:23:26.0672 0x135c  IpFilterDriver - ok
17:23:26.0719 0x135c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:23:26.0750 0x135c  iphlpsvc - ok
17:23:26.0766 0x135c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:23:26.0781 0x135c  IPMIDRV - ok
17:23:26.0812 0x135c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:23:26.0844 0x135c  IPNAT - ok
17:23:26.0890 0x135c  [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:23:26.0906 0x135c  iPod Service - ok
17:23:26.0922 0x135c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:23:26.0937 0x135c  IRENUM - ok
17:23:26.0953 0x135c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:23:26.0968 0x135c  isapnp - ok
17:23:26.0984 0x135c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:23:27.0000 0x135c  iScsiPrt - ok
17:23:27.0046 0x135c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:23:27.0046 0x135c  kbdclass - ok
17:23:27.0062 0x135c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:23:27.0093 0x135c  kbdhid - ok
17:23:27.0109 0x135c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
17:23:27.0109 0x135c  KeyIso - ok
17:23:27.0156 0x135c  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:23:27.0187 0x135c  KSecDD - ok
17:23:27.0202 0x135c  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:23:27.0234 0x135c  KSecPkg - ok
17:23:27.0249 0x135c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:23:27.0280 0x135c  KtmRm - ok
17:23:27.0312 0x135c  [ A158CEA8644B8A5C1EC0E9A81B70F65A, 70B4726BFB652CB41F06F60AE2A780A521E7B783F0B38BE55E8A566A915929F5 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
17:23:27.0327 0x135c  L1C - ok
17:23:27.0343 0x135c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:23:27.0374 0x135c  LanmanServer - ok
17:23:27.0390 0x135c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:23:27.0421 0x135c  LanmanWorkstation - ok
17:23:27.0421 0x135c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:23:27.0452 0x135c  lltdio - ok
17:23:27.0468 0x135c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:23:27.0499 0x135c  lltdsvc - ok
17:23:27.0514 0x135c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:23:27.0546 0x135c  lmhosts - ok
17:23:27.0561 0x135c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:23:27.0577 0x135c  LSI_FC - ok
17:23:27.0577 0x135c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:23:27.0592 0x135c  LSI_SAS - ok
17:23:27.0608 0x135c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:23:27.0624 0x135c  LSI_SAS2 - ok
17:23:27.0639 0x135c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:23:27.0639 0x135c  LSI_SCSI - ok
17:23:27.0655 0x135c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:23:27.0686 0x135c  luafv - ok
17:23:27.0733 0x135c  [ F8B823414A22DBF3BEC10DCAA5F93CD8, 651C7521033439C0AA9006F1AC2CF376B1588CE781BEE4D10B7622FA3D055F6C ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
17:23:27.0748 0x135c  McciCMService - detected UnsignedFile.Multi.Generic ( 1 )
17:23:30.0915 0x135c  Detect skipped due to KSN trusted
17:23:30.0915 0x135c  McciCMService - ok
17:23:30.0946 0x135c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:23:30.0946 0x135c  Mcx2Svc - ok
17:23:30.0962 0x135c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:23:30.0978 0x135c  megasas - ok
17:23:30.0993 0x135c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:23:31.0009 0x135c  MegaSR - ok
17:23:31.0009 0x135c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
17:23:31.0056 0x135c  MMCSS - ok
17:23:31.0056 0x135c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
17:23:31.0087 0x135c  Modem - ok
17:23:31.0102 0x135c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:23:31.0118 0x135c  monitor - ok
17:23:31.0134 0x135c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:23:31.0134 0x135c  mouclass - ok
17:23:31.0149 0x135c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:23:31.0180 0x135c  mouhid - ok
17:23:31.0180 0x135c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:23:31.0196 0x135c  mountmgr - ok
17:23:31.0227 0x135c  [ A35576A433F4AEB0D48976A004657CB6, F820A759119785C3FB10B0EDCF8EF9985886A9B0767ABD45B2ACAC03498B321E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:23:31.0243 0x135c  MozillaMaintenance - ok
17:23:31.0290 0x135c  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
17:23:31.0321 0x135c  MpFilter - ok
17:23:31.0336 0x135c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:23:31.0352 0x135c  mpio - ok
17:23:31.0368 0x135c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:23:31.0399 0x135c  mpsdrv - ok
17:23:31.0414 0x135c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:23:31.0446 0x135c  MpsSvc - ok
17:23:31.0477 0x135c  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
17:23:31.0477 0x135c  MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
17:23:34.0332 0x135c  Detect skipped due to KSN trusted
17:23:34.0332 0x135c  MREMP50 - ok
17:23:34.0332 0x135c  MREMPR5 - ok
17:23:34.0347 0x135c  MRENDIS5 - ok
17:23:34.0394 0x135c  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
17:23:34.0410 0x135c  MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
17:23:37.0218 0x135c  Detect skipped due to KSN trusted
17:23:37.0218 0x135c  MRESP50 - ok
17:23:37.0249 0x135c  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:23:37.0280 0x135c  MRxDAV - ok
17:23:37.0327 0x135c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:23:37.0374 0x135c  mrxsmb - ok
17:23:37.0405 0x135c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:23:37.0436 0x135c  mrxsmb10 - ok
17:23:37.0452 0x135c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:23:37.0467 0x135c  mrxsmb20 - ok
17:23:37.0483 0x135c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:23:37.0498 0x135c  msahci - ok
17:23:37.0514 0x135c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:23:37.0530 0x135c  msdsm - ok
17:23:37.0545 0x135c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
17:23:37.0561 0x135c  MSDTC - ok
17:23:37.0576 0x135c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:23:37.0608 0x135c  Msfs - ok
17:23:37.0623 0x135c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:23:37.0639 0x135c  mshidkmdf - ok
17:23:37.0654 0x135c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:23:37.0654 0x135c  msisadrv - ok
17:23:37.0686 0x135c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:23:37.0701 0x135c  MSiSCSI - ok
17:23:37.0701 0x135c  msiserver - ok
17:23:37.0717 0x135c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:23:37.0748 0x135c  MSKSSRV - ok
17:23:37.0810 0x135c  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:23:37.0826 0x135c  MsMpSvc - ok
17:23:37.0935 0x135c  [ 49C033B32014FD0868785CCF8E00E93D, E807D91B16D4352E783EA991D8C6AF62D8F79F020D10C987860067C5B9598042 ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
17:23:37.0998 0x135c  msoidsvc - ok
17:23:38.0013 0x135c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:23:38.0044 0x135c  MSPCLOCK - ok
17:23:38.0044 0x135c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:23:38.0076 0x135c  MSPQM - ok
17:23:38.0091 0x135c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:23:38.0107 0x135c  MsRPC - ok
17:23:38.0122 0x135c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:23:38.0122 0x135c  mssmbios - ok
17:23:38.0138 0x135c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:23:38.0154 0x135c  MSTEE - ok
17:23:38.0169 0x135c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:23:38.0185 0x135c  MTConfig - ok
17:23:38.0185 0x135c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:23:38.0200 0x135c  Mup - ok
17:23:38.0232 0x135c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
17:23:38.0247 0x135c  napagent - ok
17:23:38.0278 0x135c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:23:38.0294 0x135c  NativeWifiP - ok
17:23:38.0325 0x135c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:23:38.0372 0x135c  NDIS - ok
17:23:38.0388 0x135c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:23:38.0403 0x135c  NdisCap - ok
17:23:38.0419 0x135c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:23:38.0434 0x135c  NdisTapi - ok
17:23:38.0450 0x135c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:23:38.0466 0x135c  Ndisuio - ok
17:23:38.0481 0x135c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:23:38.0512 0x135c  NdisWan - ok
17:23:38.0544 0x135c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:23:38.0559 0x135c  NDProxy - ok
17:23:38.0575 0x135c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:23:38.0590 0x135c  NetBIOS - ok
17:23:38.0606 0x135c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:23:38.0637 0x135c  NetBT - ok
17:23:38.0653 0x135c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
17:23:38.0653 0x135c  Netlogon - ok
17:23:38.0684 0x135c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
17:23:38.0715 0x135c  Netman - ok
17:23:38.0762 0x135c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:23:38.0809 0x135c  NetMsmqActivator - ok
17:23:38.0809 0x135c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:23:38.0824 0x135c  NetPipeActivator - ok
17:23:38.0840 0x135c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
17:23:38.0871 0x135c  netprofm - ok
17:23:38.0887 0x135c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:23:38.0902 0x135c  NetTcpActivator - ok
17:23:38.0902 0x135c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:23:38.0918 0x135c  NetTcpPortSharing - ok
17:23:38.0934 0x135c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:23:38.0934 0x135c  nfrd960 - ok
17:23:38.0980 0x135c  [ FCBC2F48430EB0D7150A6521C0B84ACA, EEFB975E2D1121EE9E93702F2CA2938C99C6B2273616C85816BA15E857E8D4FF ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:23:38.0996 0x135c  NisDrv - ok
17:23:39.0043 0x135c  [ E4AA07F8BCBCB66EF115C443CD45C7A2, 3B538D9E376F12FC8589BA500BB5E859337CF1856D0E4AA66E2E3B5E301DAEC5 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
17:23:39.0074 0x135c  NisSrv - ok
17:23:39.0105 0x135c  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:23:39.0121 0x135c  NlaSvc - ok
17:23:39.0136 0x135c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:23:39.0152 0x135c  Npfs - ok
17:23:39.0168 0x135c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
17:23:39.0183 0x135c  nsi - ok
17:23:39.0199 0x135c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:23:39.0230 0x135c  nsiproxy - ok
17:23:39.0292 0x135c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:23:39.0339 0x135c  Ntfs - ok
17:23:39.0355 0x135c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
17:23:39.0370 0x135c  Null - ok
17:23:39.0402 0x135c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:23:39.0417 0x135c  nvraid - ok
17:23:39.0433 0x135c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:23:39.0448 0x135c  nvstor - ok
17:23:39.0464 0x135c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:23:39.0480 0x135c  nv_agp - ok
17:23:39.0480 0x135c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:23:39.0511 0x135c  ohci1394 - ok
17:23:39.0526 0x135c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:23:39.0542 0x135c  ose - ok
17:23:39.0682 0x135c  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:23:39.0823 0x135c  osppsvc - ok
17:23:39.0854 0x135c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:23:39.0885 0x135c  p2pimsvc - ok
17:23:39.0901 0x135c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:23:39.0916 0x135c  p2psvc - ok
17:23:39.0932 0x135c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:23:39.0948 0x135c  Parport - ok
17:23:39.0979 0x135c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:23:39.0979 0x135c  partmgr - ok
17:23:39.0994 0x135c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:23:40.0010 0x135c  Parvdm - ok
17:23:40.0041 0x135c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:23:40.0057 0x135c  PcaSvc - ok
17:23:40.0057 0x135c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
17:23:40.0072 0x135c  pci - ok
17:23:40.0088 0x135c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:23:40.0104 0x135c  pciide - ok
17:23:40.0119 0x135c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:23:40.0135 0x135c  pcmcia - ok
17:23:40.0135 0x135c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:23:40.0150 0x135c  pcw - ok
17:23:40.0197 0x135c  [ C9C45471C80F3FBF939F4E72A1E1401B, 784A0CCFBE68BC10BE07AB0CCDFD964471BEB886B3AFB2C7337485359C5B8C1F ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
17:23:40.0213 0x135c  PDFProFiltSrvPP - ok
17:23:40.0244 0x135c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:23:40.0291 0x135c  PEAUTH - ok
17:23:40.0338 0x135c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
17:23:40.0416 0x135c  pla - ok
17:23:40.0462 0x135c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:23:40.0509 0x135c  PlugPlay - ok
17:23:40.0525 0x135c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:23:40.0540 0x135c  PNRPAutoReg - ok
17:23:40.0540 0x135c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:23:40.0572 0x135c  PNRPsvc - ok
17:23:40.0603 0x135c  [ 56E08C5366865A8DE8D106BFC27490A4, 32DA00ADF32D1087988F3E87D273A2B559683BE626CD5C5FFC1702D28D8AF822 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
17:23:40.0603 0x135c  Point32 - ok
17:23:40.0650 0x135c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:23:40.0681 0x135c  PolicyAgent - ok
17:23:40.0712 0x135c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
17:23:40.0759 0x135c  Power - ok
17:23:40.0759 0x135c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:23:40.0806 0x135c  PptpMiniport - ok
17:23:40.0806 0x135c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
17:23:40.0821 0x135c  Processor - ok
17:23:40.0852 0x135c  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:23:40.0899 0x135c  ProfSvc - ok
17:23:40.0915 0x135c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:23:40.0930 0x135c  ProtectedStorage - ok
17:23:40.0946 0x135c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:23:40.0962 0x135c  Psched - ok
17:23:41.0008 0x135c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:23:41.0055 0x135c  ql2300 - ok
17:23:41.0071 0x135c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:23:41.0086 0x135c  ql40xx - ok
17:23:41.0102 0x135c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
17:23:41.0118 0x135c  QWAVE - ok
17:23:41.0133 0x135c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:23:41.0149 0x135c  QWAVEdrv - ok
17:23:41.0164 0x135c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:23:41.0196 0x135c  RasAcd - ok
17:23:41.0196 0x135c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:23:41.0227 0x135c  RasAgileVpn - ok
17:23:41.0227 0x135c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
17:23:41.0258 0x135c  RasAuto - ok
17:23:41.0274 0x135c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:23:41.0305 0x135c  Rasl2tp - ok
17:23:41.0320 0x135c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
17:23:41.0352 0x135c  RasMan - ok
17:23:41.0352 0x135c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:23:41.0383 0x135c  RasPppoe - ok
17:23:41.0383 0x135c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:23:41.0414 0x135c  RasSstp - ok
17:23:41.0430 0x135c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:23:41.0461 0x135c  rdbss - ok
17:23:41.0476 0x135c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:23:41.0492 0x135c  rdpbus - ok
17:23:41.0492 0x135c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:23:41.0523 0x135c  RDPCDD - ok
17:23:41.0523 0x135c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:23:41.0554 0x135c  RDPENCDD - ok
17:23:41.0554 0x135c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:23:41.0586 0x135c  RDPREFMP - ok
17:23:41.0617 0x135c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:23:41.0648 0x135c  RdpVideoMiniport - ok
17:23:41.0679 0x135c  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:23:41.0710 0x135c  RDPWD - ok
17:23:41.0710 0x135c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:23:41.0726 0x135c  rdyboost - ok
17:23:41.0742 0x135c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:23:41.0773 0x135c  RemoteAccess - ok
17:23:41.0773 0x135c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:23:41.0804 0x135c  RemoteRegistry - ok
17:23:41.0820 0x135c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:23:41.0851 0x135c  RpcEptMapper - ok
17:23:41.0851 0x135c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
17:23:41.0866 0x135c  RpcLocator - ok
17:23:41.0882 0x135c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
17:23:41.0913 0x135c  RpcSs - ok
17:23:41.0913 0x135c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:23:41.0944 0x135c  rspndr - ok
17:23:41.0960 0x135c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
17:23:41.0976 0x135c  SamSs - ok
17:23:42.0007 0x135c  [ C94B6A11720BEE396F1D9692091B4381, 2FBA8436B6BB22597FF2DFA7917C13B3B49771C780EE643FF2A0FDBB9A728B18 ] sbmount         C:\Windows\system32\drivers\sbmount.sys
17:23:42.0069 0x135c  sbmount - ok
17:23:42.0085 0x135c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:23:42.0085 0x135c  sbp2port - ok
17:23:42.0100 0x135c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:23:42.0132 0x135c  SCardSvr - ok
17:23:42.0132 0x135c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:23:42.0163 0x135c  scfilter - ok
17:23:42.0194 0x135c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
17:23:42.0241 0x135c  Schedule - ok
17:23:42.0256 0x135c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:23:42.0272 0x135c  SCPolicySvc - ok
17:23:42.0288 0x135c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:23:42.0319 0x135c  SDRSVC - ok
17:23:42.0319 0x135c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:23:42.0350 0x135c  secdrv - ok
17:23:42.0350 0x135c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
17:23:42.0381 0x135c  seclogon - ok
17:23:42.0397 0x135c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
17:23:42.0412 0x135c  SENS - ok
17:23:42.0459 0x135c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:23:42.0490 0x135c  SensrSvc - ok
17:23:42.0490 0x135c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:23:42.0506 0x135c  Serenum - ok
17:23:42.0522 0x135c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:23:42.0537 0x135c  Serial - ok
17:23:42.0537 0x135c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:23:42.0568 0x135c  sermouse - ok
17:23:42.0584 0x135c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:23:42.0615 0x135c  SessionEnv - ok
17:23:42.0631 0x135c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:23:42.0662 0x135c  sffdisk - ok
17:23:42.0662 0x135c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:23:42.0678 0x135c  sffp_mmc - ok
17:23:42.0678 0x135c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:23:42.0693 0x135c  sffp_sd - ok
17:23:42.0709 0x135c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:23:42.0724 0x135c  sfloppy - ok
17:23:42.0818 0x135c  [ BE2C2151EE4CDA656DC10C2B6B3DA95D, 25158652A69BDDDE0A36063EAF62C4FFFEC42E80775A32FA0ED4AEC8557832CB ] ShadowProtectSvc C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
17:23:46.0156 0x135c  ShadowProtectSvc - ok
17:23:46.0203 0x135c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:23:46.0250 0x135c  SharedAccess - ok
17:23:46.0281 0x135c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:23:46.0312 0x135c  ShellHWDetection - ok
17:23:46.0328 0x135c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:23:46.0344 0x135c  sisagp - ok
17:23:46.0359 0x135c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:23:46.0375 0x135c  SiSRaid2 - ok
17:23:46.0390 0x135c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:23:46.0390 0x135c  SiSRaid4 - ok
17:23:46.0437 0x135c  [ DD22C852933516ED9B63BFD94BC83622, 916AC0597E0955E3746267E643957F643BF8B3489698251ABBCE6104768C99B5 ] SIUSBXP         C:\Windows\system32\drivers\SiUSBXp.sys
17:23:46.0437 0x135c  SIUSBXP - ok
17:23:46.0453 0x135c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:23:46.0484 0x135c  Smb - ok
17:23:46.0484 0x135c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:23:46.0500 0x135c  SNMPTRAP - ok
17:23:46.0515 0x135c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:23:46.0515 0x135c  spldr - ok
17:23:46.0562 0x135c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
17:23:46.0578 0x135c  Spooler - ok
17:23:46.0656 0x135c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
17:23:46.0765 0x135c  sppsvc - ok
17:23:46.0812 0x135c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:23:46.0843 0x135c  sppuinotify - ok
17:23:46.0858 0x135c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:23:46.0890 0x135c  srv - ok
17:23:46.0936 0x135c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:23:46.0952 0x135c  srv2 - ok
17:23:46.0968 0x135c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:23:46.0983 0x135c  srvnet - ok
17:23:46.0999 0x135c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:23:47.0030 0x135c  SSDPSRV - ok
17:23:47.0046 0x135c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:23:47.0061 0x135c  SstpSvc - ok
17:23:47.0077 0x135c  [ 9724C24533A2B2973CE3855E8513AB92, D14758EF3A97AB2F7A15427AD2F0C30EFD2B535E0375B0D4D05B6512C7055273 ] stcvsm          C:\Windows\system32\DRIVERS\stcvsm.sys
17:23:47.0139 0x135c  stcvsm - ok
17:23:47.0170 0x135c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:23:47.0186 0x135c  stexstor - ok
17:23:47.0217 0x135c  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\drivers\serscan.sys
17:23:47.0233 0x135c  StillCam - ok
17:23:47.0264 0x135c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:23:47.0295 0x135c  StiSvc - ok
17:23:47.0311 0x135c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:23:47.0326 0x135c  swenum - ok
17:23:47.0358 0x135c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
17:23:47.0389 0x135c  swprv - ok
17:23:47.0420 0x135c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
17:23:47.0467 0x135c  SysMain - ok
17:23:47.0482 0x135c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
17:23:47.0498 0x135c  TabletInputService - ok
17:23:47.0514 0x135c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:23:47.0545 0x135c  TapiSrv - ok
17:23:47.0560 0x135c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
17:23:47.0592 0x135c  TBS - ok
17:23:47.0638 0x135c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:23:47.0685 0x135c  Tcpip - ok
17:23:47.0716 0x135c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:23:47.0748 0x135c  TCPIP6 - ok
17:23:47.0779 0x135c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:23:47.0794 0x135c  tcpipreg - ok
17:23:47.0826 0x135c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:23:47.0841 0x135c  TDPIPE - ok
17:23:47.0872 0x135c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:23:47.0872 0x135c  TDTCP - ok
17:23:47.0888 0x135c  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:23:47.0904 0x135c  tdx - ok
17:23:47.0919 0x135c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:23:47.0935 0x135c  TermDD - ok
17:23:47.0950 0x135c  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
17:23:47.0997 0x135c  TermService - ok
17:23:47.0997 0x135c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
17:23:48.0028 0x135c  Themes - ok
17:23:48.0028 0x135c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:23:48.0060 0x135c  THREADORDER - ok
17:23:48.0075 0x135c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
17:23:48.0091 0x135c  TrkWks - ok
17:23:48.0138 0x135c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:23:48.0153 0x135c  TrustedInstaller - ok
17:23:48.0184 0x135c  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:23:48.0200 0x135c  tssecsrv - ok
17:23:48.0231 0x135c  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:23:48.0247 0x135c  TsUsbFlt - ok
17:23:48.0278 0x135c  [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:23:48.0294 0x135c  TsUsbGD - ok
17:23:48.0309 0x135c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:23:48.0325 0x135c  tunnel - ok
17:23:48.0340 0x135c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:23:48.0356 0x135c  uagp35 - ok
17:23:48.0372 0x135c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:23:48.0403 0x135c  udfs - ok
17:23:48.0418 0x135c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:23:48.0434 0x135c  UI0Detect - ok
17:23:48.0450 0x135c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:23:48.0450 0x135c  uliagpkx - ok
17:23:48.0465 0x135c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:23:48.0481 0x135c  umbus - ok
17:23:48.0481 0x135c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:23:48.0512 0x135c  UmPass - ok
17:23:48.0528 0x135c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
17:23:48.0559 0x135c  upnphost - ok
17:23:48.0590 0x135c  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:23:48.0606 0x135c  USBAAPL - ok
17:23:48.0637 0x135c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:23:48.0684 0x135c  usbccgp - ok
17:23:48.0699 0x135c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:23:48.0730 0x135c  usbcir - ok
17:23:48.0746 0x135c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:23:48.0746 0x135c  usbehci - ok
17:23:48.0777 0x135c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:23:48.0793 0x135c  usbhub - ok
17:23:48.0824 0x135c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:23:48.0840 0x135c  usbohci - ok
17:23:48.0855 0x135c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:23:48.0871 0x135c  usbprint - ok
17:23:48.0886 0x135c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:23:48.0933 0x135c  USBSTOR - ok
17:23:48.0964 0x135c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:23:48.0980 0x135c  usbuhci - ok
17:23:48.0996 0x135c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
17:23:49.0011 0x135c  UxSms - ok
17:23:49.0027 0x135c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
17:23:49.0042 0x135c  VaultSvc - ok
17:23:49.0042 0x135c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:23:49.0058 0x135c  vdrvroot - ok
17:23:49.0074 0x135c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
17:23:49.0120 0x135c  vds - ok
17:23:49.0120 0x135c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:23:49.0152 0x135c  vga - ok
17:23:49.0167 0x135c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:23:49.0183 0x135c  VgaSave - ok
17:23:49.0198 0x135c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:23:49.0214 0x135c  vhdmp - ok
17:23:49.0230 0x135c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:23:49.0245 0x135c  viaagp - ok
17:23:49.0245 0x135c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:23:49.0261 0x135c  ViaC7 - ok
17:23:49.0292 0x135c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:23:49.0292 0x135c  viaide - ok
17:23:49.0308 0x135c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:23:49.0323 0x135c  volmgr - ok
17:23:49.0339 0x135c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:23:49.0354 0x135c  volmgrx - ok
17:23:49.0370 0x135c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:23:49.0417 0x135c  volsnap - ok
17:23:49.0432 0x135c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:23:49.0432 0x135c  vsmraid - ok
17:23:49.0448 0x135c  [ 59AF286F1E8E89527E382EC88ED8DF16, 0BD2B94CCC263295BC1A29466D0A0BDCC4B0938B49A0073A4CCD2835B6F7B7D0 ] VSNAPVSS        C:\Windows\system32\vsnapvss.exe
17:23:49.0479 0x135c  VSNAPVSS - ok
17:23:49.0510 0x135c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
17:23:49.0573 0x135c  VSS - ok
17:23:49.0713 0x135c  [ C22E26DEDA8CDDCD45B5E0751CD9ABCC, B913266BCB85F1C67AD5A44A53F4DAF4026D46B058EE6174FEC355FF2EA0F338 ] vToolbarUpdater18.1.9 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
17:23:49.0776 0x135c  vToolbarUpdater18.1.9 - ok
17:23:49.0791 0x135c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:23:49.0807 0x135c  vwifibus - ok
17:23:49.0838 0x135c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
17:23:49.0869 0x135c  W32Time - ok
17:23:49.0869 0x135c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:23:49.0885 0x135c  WacomPen - ok
17:23:49.0900 0x135c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:23:49.0932 0x135c  WANARP - ok
17:23:49.0947 0x135c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:23:49.0963 0x135c  Wanarpv6 - ok
17:23:50.0025 0x135c  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:23:50.0072 0x135c  WatAdminSvc - ok
17:23:50.0103 0x135c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
17:23:50.0166 0x135c  wbengine - ok
17:23:50.0181 0x135c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:23:50.0197 0x135c  WbioSrvc - ok
17:23:50.0212 0x135c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:23:50.0244 0x135c  wcncsvc - ok
17:23:50.0244 0x135c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:23:50.0275 0x135c  WcsPlugInService - ok
17:23:50.0290 0x135c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
17:23:50.0306 0x135c  Wd - ok
17:23:50.0337 0x135c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:23:50.0353 0x135c  Wdf01000 - ok
17:23:50.0368 0x135c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:23:50.0400 0x135c  WdiServiceHost - ok
17:23:50.0415 0x135c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:23:50.0431 0x135c  WdiSystemHost - ok
17:23:50.0446 0x135c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
17:23:50.0478 0x135c  WebClient - ok
17:23:50.0478 0x135c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:23:50.0509 0x135c  Wecsvc - ok
17:23:50.0524 0x135c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:23:50.0540 0x135c  wercplsupport - ok
17:23:50.0556 0x135c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
17:23:50.0587 0x135c  WerSvc - ok
17:23:50.0602 0x135c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:23:50.0618 0x135c  WfpLwf - ok
17:23:50.0634 0x135c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:23:50.0649 0x135c  WIMMount - ok
17:23:50.0696 0x135c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:23:50.0743 0x135c  WinDefend - ok
17:23:50.0774 0x135c  WinHttpAutoProxySvc - ok
17:23:50.0821 0x135c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:23:50.0852 0x135c  Winmgmt - ok
17:23:50.0883 0x135c  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:23:50.0961 0x135c  WinRM - ok
17:23:51.0008 0x135c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:23:51.0055 0x135c  WinUsb - ok
17:23:51.0086 0x135c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:23:51.0133 0x135c  Wlansvc - ok
17:23:51.0148 0x135c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:23:51.0164 0x135c  WmiAcpi - ok
17:23:51.0164 0x135c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:23:51.0195 0x135c  wmiApSrv - ok
17:23:51.0242 0x135c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:23:51.0304 0x135c  WMPNetworkSvc - ok
17:23:51.0320 0x135c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:23:51.0336 0x135c  WPCSvc - ok
17:23:51.0351 0x135c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:23:51.0382 0x135c  WPDBusEnum - ok
17:23:51.0382 0x135c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:23:51.0414 0x135c  ws2ifsl - ok
17:23:51.0429 0x135c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:23:51.0460 0x135c  wscsvc - ok
17:23:51.0460 0x135c  WSearch - ok
17:23:51.0523 0x135c  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
17:23:51.0601 0x135c  wuauserv - ok
17:23:51.0632 0x135c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:23:51.0648 0x135c  WudfPf - ok
17:23:51.0694 0x135c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:23:51.0694 0x135c  WUDFRd - ok
17:23:51.0726 0x135c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:23:51.0741 0x135c  wudfsvc - ok
17:23:51.0757 0x135c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:23:51.0788 0x135c  WwanSvc - ok
17:23:51.0788 0x135c  ================ Scan global ===============================
17:23:51.0850 0x135c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
17:23:51.0883 0x135c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:23:51.0898 0x135c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:23:51.0898 0x135c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
17:23:51.0914 0x135c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
17:23:51.0929 0x135c  [ Global ] - ok
17:23:51.0929 0x135c  ================ Scan MBR ==================================
17:23:51.0945 0x135c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:23:52.0335 0x135c  \Device\Harddisk0\DR0 - ok
17:23:52.0351 0x135c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:23:52.0397 0x135c  \Device\Harddisk1\DR1 - ok
17:23:52.0397 0x135c  [ 5CDC9AA413B3DC8FC3E6275F6A380A93 ] \Device\Harddisk2\DR2
17:23:52.0507 0x135c  \Device\Harddisk2\DR2 - detected TDSS File System ( 1 )
17:23:52.0507 0x135c  \Device\Harddisk2\DR2 ( TDSS File System ) - warning
17:23:55.0394 0x135c  ================ Scan VBR ==================================
17:23:55.0394 0x135c  [ EB04597295945013F7F0283DE6670E6A ] \Device\Harddisk0\DR0\Partition1
17:23:55.0456 0x135c  \Device\Harddisk0\DR0\Partition1 - ok
17:23:55.0456 0x135c  [ 21CA525F969272FF257DC55E1AB286AF ] \Device\Harddisk1\DR1\Partition1
17:23:55.0487 0x135c  \Device\Harddisk1\DR1\Partition1 - ok
17:23:55.0487 0x135c  [ BEE16B98F6C8CC90EF454EA2910880BA ] \Device\Harddisk2\DR2\Partition1
17:23:55.0503 0x135c  \Device\Harddisk2\DR2\Partition1 - ok
17:23:55.0503 0x135c  ================ Scan generic autorun ======================
17:23:55.0518 0x135c  [ 68239842340DDFF8993DFD9127553EDA, 9FEC34A35D5A91FEF1C4859AFD0C2538C5CD3E1792FB118487368CFDF66CBCA0 ] C:\Windows\system32\igfxtray.exe
17:23:55.0534 0x135c  IgfxTray - ok
17:23:55.0550 0x135c  [ 004763BDF8E48244DBB9FDFDE3065EBC, AA88911C51D73C501C67F62A907425EF91D1820D3ED581F0952619EBB6216F14 ] C:\Windows\system32\hkcmd.exe
17:23:55.0565 0x135c  HotKeysCmds - ok
17:23:55.0581 0x135c  [ CD1102E5D340216138C7F56FA8D26998, 805BE128B6A52E304A91AD44B6A7322BAD5F72CD400DB5E74D8EF47424894266 ] C:\Windows\system32\igfxpers.exe
17:23:55.0581 0x135c  Persistence - ok
17:23:55.0784 0x135c  [ 82C6742FA2EC1C010770F042E8BDEF4D, CB06004FCCC5D9AE37A6A2DFB3F97729B716B50EBAEDD5ECD1EFABB66CE21D2E ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
17:23:56.0018 0x135c  RtHDVCpl - ok
17:23:56.0033 0x135c  [ 2D1E4FBBFE541C43E4DD1538E9966F35, 1C1DB712AD5B93CBEAEE37090FE4F8C79A3BCFB3E927EB7D428C55D5E2775FDA ] C:\Program Files\Nuance\PaperPort\IndexSearch.exe
17:23:56.0049 0x135c  IndexSearch - ok
17:23:56.0049 0x135c  [ DCA748F19504C5F6E47591D1ED263841, 264A33B782947F65210BEE5564502C0298130AAACE0B0D08BCE6E7CD079C7011 ] C:\Program Files\Nuance\PaperPort\pptd40nt.exe
17:23:56.0064 0x135c  PaperPort PTD - ok
17:23:56.0080 0x135c  [ 757A595F75E7840A7132EC11E6E6188A, 95085E8B5432F76E0C50D79F74DECAD54662BB32FFDD575BC8CBAC2C79B1C069 ] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe
17:23:56.0096 0x135c  PPort12reminder - ok
17:23:56.0142 0x135c  [ 20882B356367AD285C8A242A03F1A42A, 0079F36FFDFDB8CC1D4C0877A9D340A716E6E48FF0122FA19AA9E41BD35FA3E2 ] C:\Program Files\Brother\ControlCenter3\brctrcen.exe
17:23:56.0142 0x135c  ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
17:23:58.0935 0x135c  Detect skipped due to KSN trusted
17:23:58.0935 0x135c  ControlCenter3 - ok
17:23:58.0982 0x135c  [ 35DC9743725ED021DAA66F7E15F2D2D7, CDB8C8601B192B295D942577C5E6CE4B31E0396F801EA5C661C1A1B796F566C9 ] C:\Program Files\Nuance\PDF Create 7\pdfcreate7hook.exe
17:23:59.0013 0x135c  PDFHook - ok
17:23:59.0028 0x135c  [ 25DD46ACA4FAB1768E8404921849748B, ED8FBC82D9A375C49D1DBAEE3A9CE695592FC37DE2FC2F53897EB99966709E5B ] C:\Program Files\Nuance\PDF Create 7\RegistryController.exe
17:23:59.0044 0x135c  PDF7 Registry Controller - ok
17:23:59.0060 0x135c  [ 8F28FBD3B4D76E8A7FD5C6931F33A108, 417B62C25437BA7A266FEB2E4948AC01A0E36ECE04F2373C7BBCD3F8C20090C4 ] C:\Program Files\Nuance\PDF Create 7\Ereg\Ereg.exe
17:23:59.0075 0x135c  Nuance PDF Create 7-reminder - ok
17:23:59.0184 0x135c  [ 64570ACC820D9F2FB3252F3B7611046D, 36CED0B375B90BB1E1D611EF9B55B2B5F3102F714BCA1FA9FC5C8195B23A5AE1 ] C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe
17:23:59.0294 0x135c  PC Meter Connect - detected UnsignedFile.Multi.Generic ( 1 )
17:24:02.0102 0x135c  Detect skipped due to KSN trusted
17:24:02.0102 0x135c  PC Meter Connect - ok
17:24:02.0133 0x135c  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:24:02.0148 0x135c  APSDaemon - ok
17:24:02.0180 0x135c  [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] c:\Program Files\Microsoft Security Client\msseces.exe
17:24:02.0226 0x135c  MSC - ok
17:24:02.0289 0x135c  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:24:02.0320 0x135c  Adobe ARM - ok
17:24:02.0351 0x135c  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
17:24:02.0367 0x135c  SunJavaUpdateSched - ok
17:24:02.0382 0x135c  [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\QTTask.exe
17:24:02.0414 0x135c  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
17:24:05.0190 0x135c  Detect skipped due to KSN trusted
17:24:05.0190 0x135c  QuickTime Task - ok
17:24:05.0300 0x135c  [ A7D6721D90AB8D3EE1DB118F23FEB653, 25570EFF59410E2FB9082202091F7F8A375F3AD7A3C8090D3CFF8FEFC23E6AAE ] C:\Program Files\AVG SafeGuard toolbar\vprot.exe
17:24:05.0378 0x135c  vProt - ok
17:24:05.0424 0x135c  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files\iTunes\iTunesHelper.exe
17:24:05.0440 0x135c  iTunesHelper - ok
17:24:05.0502 0x135c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:24:05.0549 0x135c  Sidebar - ok
17:24:05.0565 0x135c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:24:05.0580 0x135c  mctadmin - ok
17:24:05.0612 0x135c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:24:05.0643 0x135c  Sidebar - ok
17:24:05.0658 0x135c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:24:05.0674 0x135c  mctadmin - ok
17:24:05.0674 0x135c  ISUSPM - ok
17:24:05.0768 0x135c  [ 2C8F184415DDFE6A57E785245E207BD9, 8E0A32A3D670C66AF6A9A2587E162AFE0A646D6218B5B8A8067239DD7C4B2485 ] C:\Users\Susan\AppData\Local\ATT Connect\Participant\pull.exe
17:24:05.0799 0x135c  Push Client - ok
17:24:05.0830 0x135c  [ 4A81697E7607729BF66CFEB239483CB2, 56DA1C08436BD31508CDC177C2AB7962447BA358E2D299A1624E389E6C002171 ] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
17:24:05.0846 0x135c  RoboForm - ok
17:24:05.0908 0x135c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
17:24:05.0908 0x135c  swg - ok
17:24:05.0908 0x135c  Waiting for KSN requests completion. In queue: 13
17:24:06.0922 0x135c  Waiting for KSN requests completion. In queue: 13
17:24:07.0936 0x135c  Waiting for KSN requests completion. In queue: 13
17:24:08.0950 0x135c  Waiting for KSN requests completion. In queue: 9
17:24:09.0964 0x135c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )
17:24:09.0980 0x135c  Win FW state via NFP2: enabled
17:24:12.0866 0x135c  ============================================================
17:24:12.0866 0x135c  Scan finished
17:24:12.0866 0x135c  ============================================================
17:24:12.0866 0x1354  Detected object count: 1
17:24:12.0866 0x1354  Actual detected object count: 1
17:24:21.0836 0x1354  \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
17:24:21.0836 0x1354  \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip 
17:24:33.0208 0x1148  Deinitialize success
 
 
Thanks for your help. If you're able, I'll be watching for next steps this evening to keep things moving. It's appreciated.
 
Kurt


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 06 October 2014 - 03:02 AM

Hi Kurt,
 
please do the following:

Step 1
 
Please download emsimbrmaster.PNGEmsisoft MBR Master from this link (make sure to save it on your desktop), and follow the instructions below to get me an MBR dump and a log:
  • Open the Emsisoft MBR Master file that you saved on your desktop (the default file name is mbrmastr).
  • Click on the Backup MBR button in the lower-right corner.
  • Save the backup of your MBR on your desktop (you can name it whatever you want).
  • Close Emsisoft MBR Master, and a log file will be saved on your desktop.
  • Please right-click on the MBR backup that you saved on your desktop, go to Sent to, and select Compressed (zipped) folder in order to zip the file so that it can be attached to a reply. Note that you can use something such as 7-Zip, WinZip, WinRar, etc. if you would prefer.
  • Please attach both the log and the zipped MBR backup to a reply by using the More Reply Options button to the lower-right of where you type in your reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 kcstueber

kcstueber
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE Wisconsin, US
  • Local time:04:41 AM

Posted 06 October 2014 - 08:30 AM

Good morning Jürgen,

 

Here you go:

 

Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x000000F8
2 valid drive(s) found.
 
Details for Disk 0 - WDC WD10EZEX-08M2NA0 Rev 01.01A01:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 121601/255/63
  Boot loader reputation   : Known Good (Windows 7)
  Cross view comparison    : Passed
  Partition table integrity: Passed
 
  Boot loader hashes
    SHA-1                  : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    MD5                    : A36C5E4F47E84449FF07ED3517B43A31
 
 
Details for Disk 1 - WDC WD10EALX-009BA0 Rev 15.01H15:
  Device name              : \\.\PhysicalDrive1
  Geometry (C/H/S)         : 121601/255/63
  Boot loader reputation   : Known Good (Windows 7)
  Cross view comparison    : Passed
  Partition table integrity: Passed
 
  Boot loader hashes
    SHA-1                  : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    MD5                    : A36C5E4F47E84449FF07ED3517B43A31
 
 

Attached Files



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 06 October 2014 - 10:41 AM

Hi Kurt,

For analysis, I want you to do the following:
 

Download mbar.PNGMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished (and malware was detected) select "Exit" and approve the warning with "Yes".

scan.png

  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

Edited by deeprybka, 06 October 2014 - 12:59 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 kcstueber

kcstueber
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE Wisconsin, US
  • Local time:04:41 AM

Posted 06 October 2014 - 12:11 PM

Hi,

 

Security Essentials continues to flag it, and if removed, it continues to return and get flagged again. Here's the scan:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17280
 
Java version: 1.6.0_33
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.933000 GHz
Memory total: 3478642688, free: 2248716288
 
Downloaded database version: v2014.10.06.06
Downloaded database version: v2014.09.19.01
=======================================
Initializing...
------------ Kernel report ------------
     10/06/2014 11:52:48
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\DRIVERS\stcvsm.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\sbmount.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87d6cac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff8783dae0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86b157b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xffffffff86662338
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86b15030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85cf8610
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86b15030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86b15d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86b15030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8665c2b8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85cf8610, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 668DC
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953521007
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000203804160 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953503055-1953523055)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86b157b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86b16020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86b157b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86647938, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86662338, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CFB718D7
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff87d6cac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8719c648, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87d6cac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8783dae0, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 345C6B47
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 31278555
    Partition file system is FAT32
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 16022241280 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.10.06.06
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17280
Susan :: SUSAN-PC [administrator]
 
10/6/2014 11:52:58 AM
mbar-log-2014-10-06 (11-52-58).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 302874
Time elapsed: 13 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
Thanks


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 AM

Posted 06 October 2014 - 12:53 PM

Hi,
please disconnect the flash drive from the computer.
 

Drive f: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:13.34 GB) FAT32

and run a scan with TDSS-Killer.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users