Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost 100% cpu and 80% memory use


  • Please log in to reply
17 replies to this topic

#1 Shaldreth

Shaldreth

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 28 July 2015 - 11:58 PM

Whenever I start up my computer, the CPU usage will jump up to a hundred percent for about twenty or thirty minutes, then drop back down to normal levels. 

 

I run Windows Vista on a Toshiba Satellite.



BC AdBot (Login to Remove)

 


#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 29 July 2015 - 05:22 AM

Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.
 
Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.
 
 
Step 2
 
Scan with Norton Power Eraser
 
CAUTION: NPE uses aggressive methods to detect and remove malware,so do not touch any of settings !
 
Download NPE by Symantec and save it to your desktop.
 
Run the tool as Administrator,accept license agreement,and click  Scan button. 
 
Program will ask you to reboot to continue scanning (includes rootkit scan),so allow it to restart.
 
After restart program will automatically launch itself and start scanning. Scanning takes 5-10 minutes,so be patient !
 
If malware is detected,make sure that Create restore point option is checked,then click Fix button. After that,click on Restart now to complete removal.
 
Step 3
 
Scan with Zemana Antimalware
 
Download Zemana Antimalware and install it on your system.
 
Under Scan type choose Full Scan and let the tool scan system.
 
If malware is found click Next to remove it, if tool asks for restart, allow it .
 
If no malware is found , just exit program.
 
NOTE: Leave actions at default.
 
Attach log here .
 
Step 4
 
Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.


#3 Shaldreth

Shaldreth
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 31 July 2015 - 09:34 PM

Hello, this did not fix my problem. I ran all of these (as administrator) from a secondary account/profile on my computer, rather than my main one, to improve the time it took. Upon logging back into my main account for the first time, everything ran fine, but today the CPU was chugging away yet again. When I force closed the process causing it, I could still use the computer, but Windows Explorer ran extremely slowly and intermittently. 
 
 
MBAR did not find anything during its scan. 
 
NPE found a few things when I selected "System Scan", I can provide a screenshot of the items if needed. It recommended I update my version of Java, so I uninstalled the previous version and will install the latest version when my internet allows it.  Norton has historically caused me problems, so I uninstalled the program after running the cleanup. 
 
Zemana Antimalware did not find anything during a deep scan. 
 
TFC cleaned about 953 mb in temp files. 


#4 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 04 August 2015 - 12:36 PM

Sorry for late response, i was busy. 

 

I will need some info from your  PC :

 

please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 
  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs
 
Post log here .


#5 Shaldreth

Shaldreth
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 04 August 2015 - 02:26 PM

Here you go:

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Alys (administrator) on 04-08-2015 at 15:24:19
Running from "C:\Users\Alys\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: Satellite L455 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


=========================== Installed Programs ============================

Adobe Anchor Service CS4 (HKLM\...\{1618734A-3957-4ADD-8199-F973763109A8}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (HKLM\...\{83877DB1-8B77-45BC-AB43-2BAC22E093E0}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (HKLM\...\{94D398EB-D2FD-4FD1-B8C4-592635E8A191}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (HKLM\...\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (HKLM\...\{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (HKLM\...\{0D6013AB-A0C7-41DC-973C-E93129C9A29F}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (HKLM\...\{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (HKLM\...\{63C24A08-70F3-4C8E-B9FB-9F21A903801D}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (HKLM\...\{0F723FC1-7606-4867-866C-CE80AD292DAF}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (HKLM\...\{C52E3EC1-048C-45E1-8D53-10B0C6509683}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (HKLM\...\{67F0E67A-8E93-4C2C-B29D-47C48262738A}) (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (HKLM\...\{16E16F01-2E2D-4248-A42F-76261C147B6C}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (HKLM\...\{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}) (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (HKLM\...\{054EFA56-2AC1-48F4-A883-0AB89874B972}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Fonts All (HKLM\...\{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (HKLM\...\{931AB7EA-3656-4BB7-864D-022B09E3DD67}) (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (HKLM\...\{BB4E33EC-8181-4685-96F7-8554293DEC6A}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (HKLM\...\{F93C84A6-0DC6-42AF-89FA-776F7C377353}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\{E4848436-0345-47E2-B648-8B522FCDA623}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 Support (HKLM\...\{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Search for Help (HKLM\...\{F0E64E2E-3A60-40D8-A55D-92F6831875DA}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (HKLM\...\{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (HKLM\...\{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (HKLM\...\{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (HKLM\...\{05308C4E-7285-4066-BAE3-6B50DA6ED755}) (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (HKLM\...\{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}) (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (HKLM\...\{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (HKLM\...\{68243FF8-83CA-466B-B2B8-9F99DA5479C4}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (HKLM\...\{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (HKLM\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Creative Centrale (HKLM\...\{4442AB48-DEC4-4B39-B067-1F75BF8017E7}) (Version: 1.19.02 - Creative Technology Ltd.) Hidden
Creative Centrale (HKLM\...\Creative Centrale) (Version: 1.19.02 - Creative Technology Ltd.)
Creative Software Update (HKLM\...\{86604C06-DA30-425E-AECE-47304FE81C45}) (Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative ZEN MX Documentation (HKLM\...\ZENMXUG) (Version:  - Creative Technology Ltd.)
Dropbox (HKCU\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
f.lux (HKCU\...\Flux) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars (HKLM\...\Guild Wars) (Version:  - )
HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{1AFB6EA5-DBD0-43A4-AA56-4D1EBF8E39D8}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3000 J310 series Help (HKLM\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Hydrus-1D 4.xx (HKLM\...\{29B4BF2B-D1E7-4D50-868A-61789786037E}) (Version: 4.16.0110 - PC-Progress)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
kuler (HKLM\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Label@Once 1.0 (HKLM\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Legend of Grimrock (HKLM\...\Steam App 207170) (Version:  - Almost Human Games)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mobi File Reader (HKLM\...\{FFA8548C-9BC2-427F-9F81-E64F620A30CB}_is1) (Version:  - mobifilereader.com)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Norton Internet Security (HKLM\...\{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}) (Version: 16.7.0.30 - Symantec Corporation) Hidden
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 30.0.1835.125 (HKLM\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
PDF Settings CS4 (HKLM\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (HKLM\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Quintessence - The Blighted Venom [Chapter 1 - 11] (HKLM\...\{C9BFF8C0-2698-4E07-A808-5971E573D257}_is1) (Version:  - Freebird Games)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30098 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RGSS-RTP Standard (HKLM\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
RPG MAKER VX Ace (HKLM\...\RPGVXAce_E_is1) (Version: 1.01a - Enterbrain)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPGXP (HKLM\...\{9B34CAC6-738F-4A20-B428-A115C3E3474C}) (Version: 1.0.0 - Enterbrain)
ShareIns (HKLM\...\{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Sound Effects (HKLM\...\{A044C900-5DE1-4986-B0B8-D6A40271A929}) (Version: 2.0 - Music Oasis)
Suite Shared Configuration CS4 (HKLM\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.25 - TOSHIBA Corporation)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Utility Common Driver (HKLM\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.50.26C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vizzed Retro Game Room (HKLM\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
Windows Driver Package - Hewlett-Packard Image  (12/27/2006 8.0.0.0) (HKLM\...\F5E51FDA4F39B4D4F8A1DF9178FCF7947925E0F1) (Version: 12/27/2006 8.0.0.0 - Hewlett-Packard)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

**** End of log ****
 



#6 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 04 August 2015 - 02:44 PM

Everything seems good. We will continue tomorrow,because i will be busy now and i will need some rest,i had lot of work today,if you don't mind :)



#7 Shaldreth

Shaldreth
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 04 August 2015 - 08:40 PM

I don't mind, just let me know what to do in your next post. I won't be very active on my computer in the next few days anyway, since most of the stuff I usually do is difficult with a slow CPU. 



#8 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 05 August 2015 - 03:35 AM

Sorry for late response.

 

Step 1

 

Download GMER and save it on your desktop.

 

Run tool as Administrator and click Scan button, and wait while it's scanning, if there's rootkit it will be automatically removed.

 

When scanning is finished, use Copy option in program and paste content here .

 

 

Step 2

 

Download TDSS Killer by Kaspersky Lab and save it to your desktop.
 
Run tool as Administrator, accept terms and conditions, and click Scan.
 
If infected objects are found, leave actions at default, and click Continue to proceed.
 
If suspicious objects are found, just exit program.
 
Attach log here which is located in C:\
 
Step 3
 
Scan with Dr.Web Cure It !
 
Download Dr.Web Cure It ! and save it to your desktop.
 
Run the tool as Administrator,accept license agreement by putting a checkmark on it, and click Scan.
 
Scan may take a while so be patient !
 
If there's malware found, click on Neutralize button, if program asks for restart, allow it to do so.

Edited by Firehouse, 05 August 2015 - 03:35 AM.


#9 Shaldreth

Shaldreth
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 05 August 2015 - 06:31 PM

Hello, here are the logs. Dr. Web CureIt did not find anything. 
 

=========================

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-08-05 13:54:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB2O 232.89GB
Running: 8e9u4q90.exe; Driver: C:\Users\Alys\AppData\Local\Temp\fwddqpog.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
.text           ntkrnlpa.exe!ZwRequestWaitReplyPort + 1499                                                    830819F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                        830BB992 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\windows\system32\DRIVERS\tos_sps32.sys                                                     section is writeable [0x89131000, 0x3C849, 0xE8000020]
.dsrt           C:\windows\system32\DRIVERS\tos_sps32.sys                                                     unknown last section [0x89176000, 0x3DC, 0x48000040]
 
---- User code sections - GMER 2.1 ----
 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtCreateFile + 6                76FC55BE 4 Bytes  [28, B0, 7F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtCreateFile + B                76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtMapViewOfSection + 6          76FC5C1E 4 Bytes  [28, B3, 7F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtMapViewOfSection + B          76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenFile + 6                  76FC5CCE 4 Bytes  [68, B0, 7F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenFile + B                  76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenProcess + 6               76FC5D7E 4 Bytes  [A8, B1, 7F, 00] {TEST AL, 0xb1; JG 0x4}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenProcess + B               76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenProcessToken + 6          76FC5D8E 4 Bytes  CALL 75FCDD44 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenProcessToken + B          76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenProcessTokenEx + 6        76FC5D9E 4 Bytes  [A8, B2, 7F, 00] {TEST AL, 0xb2; JG 0x4}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenProcessTokenEx + B        76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenThread + 6                76FC5DFE 4 Bytes  [68, B1, 7F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenThread + B                76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenThreadToken + 6           76FC5E0E 4 Bytes  [68, B2, 7F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenThreadToken + B           76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenThreadTokenEx + 6         76FC5E1E 4 Bytes  CALL 75FCDDD5 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtOpenThreadTokenEx + B         76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtQueryAttributesFile + 6       76FC5F2E 4 Bytes  [A8, B0, 7F, 00] {TEST AL, 0xb0; JG 0x4}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtQueryAttributesFile + B       76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtQueryFullAttributesFile + 6   76FC5FDE 4 Bytes  CALL 75FCDF93 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtQueryFullAttributesFile + B   76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtSetInformationFile + 6        76FC662E 4 Bytes  [28, B1, 7F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtSetInformationFile + B        76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtSetInformationThread + 6      76FC668E 4 Bytes  [28, B2, 7F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtSetInformationThread + B      76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtUnmapViewOfSection + 6        76FC69AE 4 Bytes  [68, B3, 7F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[588] ntdll.dll!NtUnmapViewOfSection + B        76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 4C, 7B, 00] {SUB [EBX+EDI*2+0x0], CL}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 4F, 7B, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 4C, 7B, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 4D, 7B, 00] {TEST AL, 0x4d; JNP 0x4}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FCD8E0 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 4E, 7B, 00] {TEST AL, 0x4e; JNP 0x4}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 4D, 7B, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 4E, 7B, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FCD971 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 4C, 7B, 00] {TEST AL, 0x4c; JNP 0x4}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FCDB2F C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 4D, 7B, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 4E, 7B, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 4F, 7B, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[1772] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, B0, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, B3, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, B0, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, B1, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FCF744 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, B2, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, B1, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, B2, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FCF7D5 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, B0, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FCF993 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, B1, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, B2, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, B3, 99, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2708] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 84, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 87, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 84, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 85, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FC8B18 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 86, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 85, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 86, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FC8BA9 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 84, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FC8D67 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 85, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 86, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 87, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2772] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, C8, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, CB, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, C8, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, C9, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FCC75C C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, CA, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, C9, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, CA, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FCC7ED C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, C8, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FCC9AB C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, C9, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, CA, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, CB, 69, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[2976] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 20, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 23, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 20, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 21, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FCC3B4 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 22, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 21, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 22, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FCC445 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 20, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FCC603 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 21, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 22, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 23, 66, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3340] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 3C, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 3F, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 3C, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 3D, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FD25D0 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 3E, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 3D, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 3E, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FD2661 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 3C, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FD281F C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 3D, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 3E, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 3F, C8, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3444] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  CALL 59FB55F0 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, EB, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  CALL 59FB5D00 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  JMP 59FB5DB0 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FC8B7C C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  JMP E2FF002D 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  JMP 59FB5E30 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  JMP E2FF002D 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FC8C0D C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  CALL 59FB5F60 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FC8DCB C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  JMP 59FB6660 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  JMP E2FF002D 
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, EB, 2D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3472] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, EC, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, EF, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, EC, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, ED, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FD0A80 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, EE, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, ED, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, EE, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FD0B11 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, EC, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FD0CCF C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, ED, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, EE, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, EF, AC, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3548] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 64, 88, 00] {SUB [EAX+ECX*4+0x0], AH}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 67, 88, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 64, 88, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 65, 88, 00] {TEST AL, 0x65; MOV [EAX], AL}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FCE5F8 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 66, 88, 00] {TEST AL, 0x66; MOV [EAX], AL}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 65, 88, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 66, 88, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FCE689 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 64, 88, 00] {TEST AL, 0x64; MOV [EAX], AL}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FCE847 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 65, 88, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 66, 88, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 67, 88, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3572] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, D4, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, D7, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, D4, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, D5, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FCCB68 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, D6, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, D5, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, D6, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FCCBF9 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, D4, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FCCDB7 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, D5, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, D6, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, D7, 6D, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3588] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 48, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 4B, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 48, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 49, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FCF4DC C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 4A, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 49, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 4A, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FCF56D C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 48, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FCF72B C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 49, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 4A, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 4B, 97, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3592] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 24, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 27, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 24, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 25, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FC9CB8 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 26, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 25, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 26, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FC9D49 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 24, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FC9F07 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 25, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 26, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 27, 3F, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[3600] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 50, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 53, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 50, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 51, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FC6BE4 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 52, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 51, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 52, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FC6C75 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 50, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FC6E33 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 51, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 52, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 53, 0E, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4008] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 3C, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 3F, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 3C, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 3D, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FC9DD0 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 3E, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 3D, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 3E, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FC9E61 C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 3C, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FCA01F C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 3D, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 3E, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 3F, 40, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4012] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtCreateFile + 6               76FC55BE 4 Bytes  [28, 48, 20, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtCreateFile + B               76FC55C3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtMapViewOfSection + 6         76FC5C1E 4 Bytes  [28, 4B, 20, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtMapViewOfSection + B         76FC5C23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenFile + 6                 76FC5CCE 4 Bytes  [68, 48, 20, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenFile + B                 76FC5CD3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenProcess + 6              76FC5D7E 4 Bytes  [A8, 49, 20, 00] {TEST AL, 0x49; AND [EAX], AL}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenProcess + B              76FC5D83 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenProcessToken + 6         76FC5D8E 4 Bytes  CALL 75FC7DDC C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenProcessToken + B         76FC5D93 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenProcessTokenEx + 6       76FC5D9E 4 Bytes  [A8, 4A, 20, 00] {TEST AL, 0x4a; AND [EAX], AL}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenProcessTokenEx + B       76FC5DA3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenThread + 6               76FC5DFE 4 Bytes  [68, 49, 20, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenThread + B               76FC5E03 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenThreadToken + 6          76FC5E0E 4 Bytes  [68, 4A, 20, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenThreadToken + B          76FC5E13 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenThreadTokenEx + 6        76FC5E1E 4 Bytes  CALL 75FC7E6D C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtOpenThreadTokenEx + B        76FC5E23 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtQueryAttributesFile + 6      76FC5F2E 4 Bytes  [A8, 48, 20, 00] {TEST AL, 0x48; AND [EAX], AL}
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtQueryAttributesFile + B      76FC5F33 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtQueryFullAttributesFile + 6  76FC5FDE 4 Bytes  CALL 75FC802B C:\windows\system32\WININET.dll
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtQueryFullAttributesFile + B  76FC5FE3 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtSetInformationFile + 6       76FC662E 4 Bytes  [28, 49, 20, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtSetInformationFile + B       76FC6633 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtSetInformationThread + 6     76FC668E 4 Bytes  [28, 4A, 20, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtSetInformationThread + B     76FC6693 1 Byte  [E2]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtUnmapViewOfSection + 6       76FC69AE 4 Bytes  [68, 4B, 20, 00]
.text           C:\Program Files\Opera\30.0.1835.125\opera.exe[4068] ntdll.dll!NtUnmapViewOfSection + B       76FC69B3 1 Byte  [E2]
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                       Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                       Wdf01000.sys
 
---- Registry - GMER 2.1 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                              ????????Type?|??????????TCPIP6TUNNEL?Tcpip6??F???????????m?????????e?y?????? ????5???????????????????????????????????????????????????????????????????t???F???F???????????e???e??Generic Non-PnP Monitor?????????????????????? ???????5??????s0??.NT?A3???????????????????e??*6to4mp??l??????????????????????os??????????????11???????????????F??AE????\????????g?????????????y??em???????????????????????????a???????????????n??nt???????????4??E-???????????????????????????????????s???g?g?k?g?k?z??????????????*??????n?????????nic??HID_Inst?????????????????????????????????????????e????????????N??????s????Dvol????:??????????????????????????????i???t??{b9a55b8e-3632-11e1-9ca8-f8667270525c}?78F????????????????????????????`?????????????????????????48??????????????????input.inf???????????Microsoft 6to4 Adapter???????????????????????????????????????T???????????g?g????????????????????????????&????????????y????????????????????????????????????????????????????N??????\?????D_{??.NT?????nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.1638
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                             ????el??????????????????????????????????????????????6.1.7600.16385??0????g??????????????????????????volume_snapshot_install??l??.NTx86?u?s??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31773|Desc=@FirewallAPI.dll,-31774|EmbedCtxt=@FirewallAPI.dll,-31752|??????t???????p??????????????????????????????????????????????????????????4B??6-21-2006???????????????????LegacyDriver?<??? ??????????????????????????????????????????6to4mp.ndi?ale??? ???????p????????????N??????e????D??????????y???5???????????????????????B????????????????????m??????????????????????5??3f???????????????????????????s???????????????????????????e???????t???????????s??????ol??????????{B91ACE80-50ED-11D4-A82A-00A02491DF4E}??????? ??1???????????l????????????????h???????5??Microsoft Basic Optical Mouse v2.0 ?????????????????????????????????????Hewlett-Packard??_??????????????"C:\Program Files\Common Files\Steam\SteamService.exe" /RunAsServic
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                            ????????????????? ?????????????????????1????????????????????? ??????????????????????????????????????????????? ?????????????????????1????????*?????????????*?????????????int?????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????? ?????????????????????1????????????&???????????????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????????????? ???????????????????n?1??????????????????????????????????????????????:??????????h????????????????????????N???????????D?ve??es??????#???{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ???????U???????????S?,??N?????$???<??????????????????????????????????????????
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                         ?????????????????i???????h???????????????????????????????o??? ???????l??????s???0.??ROOT\*6TO4MP\0017????????&???????@???????????????????5???????s???w???????N??????????????????????????????????????Type????????????Local Area Connection* 25???tunnel??tu??????????? ????????????????9?r?????:??????-?g1???????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????@?@???@?@?@???????@?@?@?@???@???@?????@?@??????????)/?????@?@??**?????@???????? ??@?????????????@?@?@?@???????????? ????@???@?@???@?@??(???????H????@?????@(???????????????????????????????????????*6to4mp?????Microsoft 6to4 Adapter??????6.1.7600.16385?ICM??USBSTOR?,%????????????????????????????N????????????D????????????????????????????Microsoft 6to4 Adapter?cpi???????????????????????????????????????????????????????'???p??s2???????????????????????????????????????h??????????????????????????????????????????0a???? ??/???????????e??? "??????0?????-FF??.NT?}"??tunnel???5???????????? ??????t????c?????6.1
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                        ????7e??????????????????????????????90??90??0?P??????????????9???????????????????1??????????????????Microsoft????????t??? ???????3???????s??? p?????????????x????????{???1??\D??????????Microsoft???.NT?????Microsoft???????????? ???????&??????????????????? ???????U??????????? ???j???o??????????????????Microsoft???????el??????????Net??p?????????????????s?????????????????t??Microsoft???tunnel???????????????9??s.??text??????N??????d???????????????????????????????$???????????C??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30769|Desc=@FirewallAPI.dll,-30772|EmbedCtxt=@FirewallAPI.dll,-30752|??????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Steam\steamapps\common\jollyrover\jolly_rover.exe|Name=Jolly Rover|?????P??????????????d??Mouse???192.168.1.1?255?????????00????6??????2???????1???????????t??????????????? ???????}???????????[????????"???$?????????T_?????
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                       ????????????28??VolumeSnapshot?d????? ?????????????n???????-????????????????????????????? ?????????????????????-?????????????????f???????????????????????????i???t??????????????????Microsoft????????????N???T???????????2???????????e?k?k?k?k??????1d??????????@volsnap.inf,%storage\volumesnapshot.devicedesc%;Generic volume shadow copy?2-???&???????????????????????????????p??tunnel???????????????????????&???????p???????????????????p????????????????????m?????????????????os??????????????????????????????????Port_#0002.Hub_#0006?0???&???????????????????????????????????????.???????????????????t?????s)????&???????e???????????????????-????N???????????????????????*??????3????dvic??Port_#0002.Hub_#0006?????????????????????????&???????4???????????????????8???????????????????????????????????????????h???/?;???4?????????????????????????????????????&???????4???????????????????8??????B0??{533c5b84-ec70-11d2-9505-00c04f79deaf}?|Ap????N??????f????D?0???????#?????N????????????D??????.??????3??A2?????????????????????????????????????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                  ???:?m???0??? ???????3?????0???????1?????????????????????????????????????0?6?6?6????? ??????? D????????????,??????????'?&???????????????????????? ???????3?????2?????2?,???????? ???:??????????????????????????????/??????H??????????????0??????????????????????s?????p??0?????????????????????\???????????????????? ?????????????????????????????H??0?????????????????????4???????????????????? ?????????`??0?????????????????????L???????????????????? ??????????? ????????Z?Z?????????p??????????????????????????atapi???? ???????/?????????????1????????????????????? ???????/?????????????1????????????????????? ???????/?????????????1???????????????????????/???0???0???0???0???0???0???0???0????????????? ???????/?????????????1?????????????????????0??? ???????3?????/???????1?????????????????????????????e???e???????0???????????0??? ???????3?????0???????1???????????????????????/?????0?0?0???0??? ???????0???????????.?1?????????????????????????0???3??1}???0???????????????????????6???????0???.???????.??1&841921d&0??7???????????7?????????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                 ???k?o???????????????????????????????????????????f???????e???????U???????e??????????????? ???????k?????k?????k?-???????????????????C?????????r??tos_sps32???? ???????k?????????????-????????Z?????????????N??l???d????Dble???????1???k?????k?&???k?l?????? ??????}???e???????k???????9???k???l?los??Keyboard Class???????????j???????????k???l?l??????????????N??k????????D??????????????????????4?????s80???????????k???k???????????D??????\s???l?l???????k?&???k??? ???????k?????k?????i?-?????????????????????E???????????4???0???k??? ???????k???????????z?-????????b????????????????k???3??s{???k???????????D???5?????k?&??????????*6to4mp????????|?????????????k???g?k?{???m?m?k?????l?????????U???????????k?k????CD/DVD File System Reader????k?l?????m?n?n???????????????????????????????1???l?l????????1?????L??????t??n????????????????????????????????????????????????k???s??nf???????????????????????k???9???e??? ???????k?????k?????k?-??????????)? ???????O????????????????:???&??????RDP_KBD?????? ???????k???????????{?-????????`????????????p?
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                ???m?o???????z???m?n?a??.NTx86?t????? ???????l?????l???????1??????????????????????N??p??? ????Dnet??? ???????l???????????k?1????????(????????????????l???????????????????5??ve??.NTx86???????n?n?l???m?????l????? ???????l?????l???????1????????????????????? ???????l???????????k?1????????????????????? 0??m???6?????tor???????????????????n??ud???l?m?l??ud?????l????? ???????l?????l???????1?????????????????????????m??????p???????????????e???? ???????l???????????k?1????????????????????volume_install???????????m??Microsoft??????l????? ???????l?????l???????1????????????????????? ???????l???????????k?1????????????????????machine.inf??3???????l???3??? ??????????????????.NTx86?????????l????? ???????l?????l???????1????????????????????? ???????l???????????k?1????????????????????root\vdrvroot????????o???????????t???????l???????l?????l????? ???????l?????l???????1???????????????????????l???l???l???l???l???l???l???l????????????????? ???????l???????????k?1?????????????????????p?p???????l????? ???????k?????l???????-??????????j????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                             ???[?o???_?_?[???????[????????????N??j?????????D????????????????oo???????????????[???????????????s??MEDIA????t???????????:???????e???????.??????s?????X??k???????????????z??????????????????1.11?????????????????????????????????????_???????????????????_???????????????????_??????????msonpui.dll??????????????-???????????????a???????????????????}???????|???????2???[??? ???????\???????????[?1?????? ??????????????????????q?????????????\???\4??[7?Inte???????|??*6to4mp??r??mountmgr?????????????????????????????????????????????????e?g????????????????????????Debug?Windows???????*6to4mp?????????????? ???????[?????[?????[?9?????? ?????&???????????????????????????(????????????s???????[???????h??nettcpip.inf?f\nettcpip.inf??????[?[?[??? >??[??????????????MS_TCPIP.Tunnel.PrimaryInstall???????????[??????????????@nettcpip.inf,%ms_tcpip.tunnel.displayname%;Internet Protocol (TCP/IP) - Tunnels????noupper???????J??[?????????n????Internet Protocol (TCP/IP) - Tunnels?????? ??[???f??????????ms_tcpip_tunnel??????[?[?[?[?[?[?[???????[?
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                            ???0?o???????????????f???????????-???$???e??????????????????????????rdbss????????e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ????????????? ??????????$???e??????????????????????????tunnel???????????e???????????????e???y????????N??g?????????D?????$???e???????????????????????????????????d??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000??????$???e???????????????????????????$???e??????????????????????????? ???g???????????????????,????????????H??k??????????*pnp0c02?????$???e??????????????????????????{00000000-0000-0000-ffff-ffffffffffff}??{0???f?gsy??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????Network??????????????????????????f?f????t????e??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e???????????????????????????$???e?????????????????????????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                           ???m?m???????????????????????????????????????????o?o??????X??????????????p?p?{???????k???????e??????????????????????????????????????System32\Drivers\dfsc.sys????U?o?????????`??????????????????????????????????storage\volume?rag????????????????>??m?????g?"???????d?????????????????~?e???????m?????????????????????g ???????????????????Microsoft????????????????m??????????Generic volume???????????????}??DA???k??t???? ???????m???????????l?-??????????????????????s?????? ???????m?????????????-?????????????????f??? ???????m?????m???????1??L????????? ??????????????m???m???m????????? ???????m?????m???????1????????????&????????????????????f??? ???????m?????m???????1????????????????????? ???????m???????????k?1?????????????????????????????????????????????0??00???U?|???????m????? ???????m?????m???????1???????????????????????m???m????? ???????m???????????k?1??????????????????????N??|???n?????D?????????m?????????????????m????? ???????m?????m???????1????????????&??????????????????????????m???m????? ???????m?????m???????1???????
 
---- EOF - GMER 2.1 ----
 

 


Second part

==========================
 
13:55:40.0747 0x0ec4  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
13:55:53.0630 0x0ec4  ============================================================
13:55:53.0630 0x0ec4  Current date / time: 2015/08/05 13:55:53.0630
13:55:53.0630 0x0ec4  SystemInfo:
13:55:53.0630 0x0ec4  
13:55:53.0630 0x0ec4  OS Version: 6.1.7601 ServicePack: 1.0
13:55:53.0630 0x0ec4  Product type: Workstation
13:55:53.0630 0x0ec4  ComputerName: GLADOS
13:55:53.0636 0x0ec4  UserName: Alys
13:55:53.0636 0x0ec4  Windows directory: C:\windows
13:55:53.0636 0x0ec4  System windows directory: C:\windows
13:55:53.0636 0x0ec4  Processor architecture: Intel x86
13:55:53.0636 0x0ec4  Number of processors: 1
13:55:53.0636 0x0ec4  Page size: 0x1000
13:55:53.0636 0x0ec4  Boot type: Normal boot
13:55:53.0636 0x0ec4  ============================================================
13:55:53.0842 0x0ec4  KLMD registered as C:\windows\system32\drivers\57673569.sys
13:55:54.0520 0x0ec4  System UUID: {5D213EC9-F16B-1B40-2152-C5D2E2C3AA35}
13:55:55.0174 0x0ec4  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:55:55.0193 0x0ec4  ============================================================
13:55:55.0193 0x0ec4  \Device\Harddisk0\DR0:
13:55:55.0194 0x0ec4  MBR partitions:
13:55:55.0194 0x0ec4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BE8C800
13:55:55.0194 0x0ec4  ============================================================
13:55:55.0231 0x0ec4  C: <-> \Device\Harddisk0\DR0\Partition1
13:55:55.0231 0x0ec4  ============================================================
13:55:55.0231 0x0ec4  Initialize success
13:55:55.0231 0x0ec4  ============================================================
13:56:13.0303 0x0b50  ============================================================
13:56:13.0303 0x0b50  Scan started
13:56:13.0303 0x0b50  Mode: Manual; 
13:56:13.0303 0x0b50  ============================================================
13:56:13.0303 0x0b50  KSN ping started
13:56:16.0058 0x0b50  KSN ping finished: true
13:56:16.0668 0x0b50  ================ Scan system memory ========================
13:56:16.0668 0x0b50  System memory - ok
13:56:16.0671 0x0b50  ================ Scan services =============================
13:56:16.0910 0x0b50  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
13:56:16.0915 0x0b50  1394ohci - ok
13:56:16.0997 0x0b50  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
13:56:17.0004 0x0b50  ACPI - ok
13:56:17.0037 0x0b50  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
13:56:17.0038 0x0b50  AcpiPmi - ok
13:56:17.0115 0x0b50  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79, FBEE01F2FFDB6854F682B4BE91673462A146927DD333D3C4DE66E6B86D9ED8DB ] adfs            C:\windows\system32\drivers\adfs.sys
13:56:17.0118 0x0b50  adfs - ok
13:56:17.0285 0x0b50  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:56:17.0287 0x0b50  AdobeARMservice - ok
13:56:17.0444 0x0b50  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:56:17.0451 0x0b50  AdobeFlashPlayerUpdateSvc - ok
13:56:17.0531 0x0b50  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
13:56:17.0542 0x0b50  adp94xx - ok
13:56:17.0584 0x0b50  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
13:56:17.0592 0x0b50  adpahci - ok
13:56:17.0621 0x0b50  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
13:56:17.0626 0x0b50  adpu320 - ok
13:56:17.0677 0x0b50  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
13:56:17.0679 0x0b50  AeLookupSvc - ok
13:56:17.0771 0x0b50  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\windows\system32\drivers\afd.sys
13:56:17.0780 0x0b50  AFD - ok
13:56:17.0882 0x0b50  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
13:56:17.0909 0x0b50  AgereSoftModem - ok
13:56:17.0972 0x0b50  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
13:56:17.0974 0x0b50  agp440 - ok
13:56:18.0025 0x0b50  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
13:56:18.0027 0x0b50  aic78xx - ok
13:56:18.0080 0x0b50  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
13:56:18.0082 0x0b50  ALG - ok
13:56:18.0137 0x0b50  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
13:56:18.0138 0x0b50  aliide - ok
13:56:18.0163 0x0b50  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
13:56:18.0165 0x0b50  amdagp - ok
13:56:18.0191 0x0b50  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
13:56:18.0192 0x0b50  amdide - ok
13:56:18.0235 0x0b50  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
13:56:18.0237 0x0b50  AmdK8 - ok
13:56:18.0260 0x0b50  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
13:56:18.0262 0x0b50  AmdPPM - ok
13:56:18.0346 0x0b50  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\windows\system32\drivers\amdsata.sys
13:56:18.0349 0x0b50  amdsata - ok
13:56:18.0374 0x0b50  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
13:56:18.0379 0x0b50  amdsbs - ok
13:56:18.0406 0x0b50  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
13:56:18.0407 0x0b50  amdxata - ok
13:56:18.0480 0x0b50  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\windows\system32\drivers\appid.sys
13:56:18.0482 0x0b50  AppID - ok
13:56:18.0502 0x0b50  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\windows\System32\appidsvc.dll
13:56:18.0504 0x0b50  AppIDSvc - ok
13:56:18.0559 0x0b50  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\windows\System32\appinfo.dll
13:56:18.0561 0x0b50  Appinfo - ok
13:56:18.0626 0x0b50  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\DRIVERS\arc.sys
13:56:18.0628 0x0b50  arc - ok
13:56:18.0652 0x0b50  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
13:56:18.0655 0x0b50  arcsas - ok
13:56:18.0772 0x0b50  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:56:18.0801 0x0b50  aspnet_state - ok
13:56:18.0841 0x0b50  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
13:56:18.0842 0x0b50  AsyncMac - ok
13:56:18.0930 0x0b50  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
13:56:18.0931 0x0b50  atapi - ok
13:56:19.0005 0x0b50  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:56:19.0018 0x0b50  AudioEndpointBuilder - ok
13:56:19.0041 0x0b50  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\windows\System32\Audiosrv.dll
13:56:19.0052 0x0b50  Audiosrv - ok
13:56:19.0126 0x0b50  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
13:56:19.0130 0x0b50  AxInstSV - ok
13:56:19.0186 0x0b50  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
13:56:19.0198 0x0b50  b06bdrv - ok
13:56:19.0233 0x0b50  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
13:56:19.0239 0x0b50  b57nd60x - ok
13:56:19.0294 0x0b50  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
13:56:19.0297 0x0b50  BDESVC - ok
13:56:19.0346 0x0b50  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
13:56:19.0347 0x0b50  Beep - ok
13:56:19.0434 0x0b50  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
13:56:19.0447 0x0b50  BFE - ok
13:56:19.0539 0x0b50  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\system32\qmgr.dll
13:56:19.0556 0x0b50  BITS - ok
13:56:19.0590 0x0b50  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
13:56:19.0592 0x0b50  blbdrive - ok
13:56:19.0651 0x0b50  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
13:56:19.0654 0x0b50  bowser - ok
13:56:19.0687 0x0b50  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
13:56:19.0688 0x0b50  BrFiltLo - ok
13:56:19.0709 0x0b50  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
13:56:19.0710 0x0b50  BrFiltUp - ok
13:56:19.0730 0x0b50  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
13:56:19.0733 0x0b50  BridgeMP - ok
13:56:19.0764 0x0b50  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
13:56:19.0767 0x0b50  Browser - ok
13:56:19.0791 0x0b50  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
13:56:19.0798 0x0b50  Brserid - ok
13:56:19.0819 0x0b50  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
13:56:19.0821 0x0b50  BrSerWdm - ok
13:56:19.0843 0x0b50  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
13:56:19.0845 0x0b50  BrUsbMdm - ok
13:56:19.0855 0x0b50  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
13:56:19.0856 0x0b50  BrUsbSer - ok
13:56:19.0883 0x0b50  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
13:56:19.0886 0x0b50  BTHMODEM - ok
13:56:19.0949 0x0b50  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
13:56:19.0952 0x0b50  bthserv - ok
13:56:20.0155 0x0b50  [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
13:56:20.0190 0x0b50  c2cautoupdatesvc - ok
13:56:20.0332 0x0b50  [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc       C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
13:56:20.0376 0x0b50  c2cpnrsvc - ok
13:56:20.0487 0x0b50  catchme - ok
13:56:20.0521 0x0b50  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
13:56:20.0523 0x0b50  cdfs - ok
13:56:20.0609 0x0b50  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\drivers\cdrom.sys
13:56:20.0612 0x0b50  cdrom - ok
13:56:20.0693 0x0b50  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
13:56:20.0695 0x0b50  CertPropSvc - ok
13:56:20.0788 0x0b50  [ 1F8A319D29394F9CE1B7AE020DF2EBBF, 624D2A19751D50566C4D3292CA627ADE78C2BE5807B37A0C370EF7FE4FE62048 ] cfWiMAXService  C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
13:56:20.0794 0x0b50  cfWiMAXService - ok
13:56:20.0818 0x0b50  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
13:56:20.0820 0x0b50  circlass - ok
13:56:20.0883 0x0b50  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\windows\system32\CLFS.sys
13:56:20.0890 0x0b50  CLFS - ok
13:56:21.0003 0x0b50  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:56:21.0005 0x0b50  clr_optimization_v2.0.50727_32 - ok
13:56:21.0058 0x0b50  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:56:21.0159 0x0b50  clr_optimization_v4.0.30319_32 - ok
13:56:21.0186 0x0b50  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
13:56:21.0187 0x0b50  CmBatt - ok
13:56:21.0207 0x0b50  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
13:56:21.0208 0x0b50  cmdide - ok
13:56:21.0281 0x0b50  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\windows\system32\Drivers\cng.sys
13:56:21.0292 0x0b50  CNG - ok
13:56:21.0369 0x0b50  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
13:56:21.0371 0x0b50  Compbatt - ok
13:56:21.0447 0x0b50  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
13:56:21.0449 0x0b50  CompositeBus - ok
13:56:21.0468 0x0b50  COMSysApp - ok
13:56:21.0499 0x0b50  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
13:56:21.0501 0x0b50  ConfigFree Service - ok
13:56:21.0521 0x0b50  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
13:56:21.0523 0x0b50  crcdisk - ok
13:56:21.0594 0x0b50  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\windows\system32\cryptsvc.dll
13:56:21.0598 0x0b50  CryptSvc - ok
13:56:21.0743 0x0b50  [ A5BEA0E5C297F5F3835638A87E512FBA, D9C31AE8661CD8AC87E5F28AFE4126C62B5D4AEB96610C9A2F49CEB288AF673A ] CTDevice_Srv    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
13:56:21.0745 0x0b50  CTDevice_Srv - ok
13:56:21.0840 0x0b50  [ 8E26D772F53B7883A651E0E4A9598F21, 69A94B643038B874C69998A8BA5C45E04E034D0FF9C21D131BCDA02125BAEE5F ] CTUPnPSv        C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
13:56:21.0846 0x0b50  CTUPnPSv - ok
13:56:21.0917 0x0b50  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
13:56:21.0929 0x0b50  DcomLaunch - ok
13:56:21.0963 0x0b50  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
13:56:21.0969 0x0b50  defragsvc - ok
13:56:22.0032 0x0b50  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
13:56:22.0035 0x0b50  DfsC - ok
13:56:22.0091 0x0b50  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
13:56:22.0098 0x0b50  Dhcp - ok
13:56:22.0139 0x0b50  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
13:56:22.0141 0x0b50  discache - ok
13:56:22.0220 0x0b50  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\DRIVERS\disk.sys
13:56:22.0222 0x0b50  Disk - ok
13:56:22.0283 0x0b50  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
13:56:22.0287 0x0b50  Dnscache - ok
13:56:22.0352 0x0b50  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
13:56:22.0358 0x0b50  dot3svc - ok
13:56:22.0417 0x0b50  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
13:56:22.0421 0x0b50  DPS - ok
13:56:22.0492 0x0b50  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
13:56:22.0493 0x0b50  drmkaud - ok
13:56:22.0574 0x0b50  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
13:56:22.0592 0x0b50  DXGKrnl - ok
13:56:22.0667 0x0b50  EagleXNt - ok
13:56:22.0698 0x0b50  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
13:56:22.0702 0x0b50  EapHost - ok
13:56:22.0846 0x0b50  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
13:56:22.0959 0x0b50  ebdrv - ok
13:56:23.0026 0x0b50  [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] EFS             C:\windows\System32\lsass.exe
13:56:23.0030 0x0b50  EFS - ok
13:56:23.0124 0x0b50  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\windows\ehome\ehRecvr.exe
13:56:23.0139 0x0b50  ehRecvr - ok
13:56:23.0179 0x0b50  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\windows\ehome\ehsched.exe
13:56:23.0182 0x0b50  ehSched - ok
13:56:23.0246 0x0b50  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
13:56:23.0263 0x0b50  elxstor - ok
13:56:23.0315 0x0b50  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
13:56:23.0317 0x0b50  ErrDev - ok
13:56:23.0407 0x0b50  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
13:56:23.0415 0x0b50  EventSystem - ok
13:56:23.0448 0x0b50  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
13:56:23.0454 0x0b50  exfat - ok
13:56:23.0484 0x0b50  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
13:56:23.0488 0x0b50  fastfat - ok
13:56:23.0573 0x0b50  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
13:56:23.0587 0x0b50  Fax - ok
13:56:23.0627 0x0b50  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
13:56:23.0629 0x0b50  fdc - ok
13:56:23.0652 0x0b50  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
13:56:23.0655 0x0b50  fdPHost - ok
13:56:23.0682 0x0b50  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
13:56:23.0685 0x0b50  FDResPub - ok
13:56:23.0702 0x0b50  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
13:56:23.0704 0x0b50  FileInfo - ok
13:56:23.0722 0x0b50  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
13:56:23.0724 0x0b50  Filetrace - ok
13:56:23.0816 0x0b50  [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:56:23.0833 0x0b50  FLEXnet Licensing Service - ok
13:56:23.0867 0x0b50  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
13:56:23.0868 0x0b50  flpydisk - ok
13:56:23.0911 0x0b50  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
13:56:23.0916 0x0b50  FltMgr - ok
13:56:24.0010 0x0b50  [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache       C:\windows\system32\FntCache.dll
13:56:24.0033 0x0b50  FontCache - ok
13:56:24.0095 0x0b50  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:56:24.0097 0x0b50  FontCache3.0.0.0 - ok
13:56:24.0133 0x0b50  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
13:56:24.0135 0x0b50  FsDepends - ok
13:56:24.0166 0x0b50  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
13:56:24.0167 0x0b50  Fs_Rec - ok
13:56:24.0231 0x0b50  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
13:56:24.0236 0x0b50  fvevol - ok
13:56:24.0265 0x0b50  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
13:56:24.0267 0x0b50  gagp30kx - ok
13:56:24.0333 0x0b50  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:56:24.0335 0x0b50  GEARAspiWDM - ok
13:56:24.0411 0x0b50  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
13:56:24.0427 0x0b50  gpsvc - ok
13:56:24.0551 0x0b50  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:56:24.0554 0x0b50  gupdate - ok
13:56:24.0608 0x0b50  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:56:24.0611 0x0b50  gupdatem - ok
13:56:24.0643 0x0b50  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
13:56:24.0645 0x0b50  hcw85cir - ok
13:56:24.0731 0x0b50  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:56:24.0739 0x0b50  HdAudAddService - ok
13:56:24.0761 0x0b50  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
13:56:24.0765 0x0b50  HDAudBus - ok
13:56:24.0777 0x0b50  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
13:56:24.0778 0x0b50  HidBatt - ok
13:56:24.0798 0x0b50  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
13:56:24.0801 0x0b50  HidBth - ok
13:56:24.0846 0x0b50  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
13:56:24.0848 0x0b50  HidIr - ok
13:56:24.0877 0x0b50  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\System32\hidserv.dll
13:56:24.0880 0x0b50  hidserv - ok
13:56:24.0954 0x0b50  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
13:56:24.0955 0x0b50  HidUsb - ok
13:56:25.0008 0x0b50  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
13:56:25.0013 0x0b50  hkmsvc - ok
13:56:25.0038 0x0b50  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:56:25.0045 0x0b50  HomeGroupListener - ok
13:56:25.0103 0x0b50  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:56:25.0109 0x0b50  HomeGroupProvider - ok
13:56:25.0192 0x0b50  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
13:56:25.0194 0x0b50  HpSAMD - ok
13:56:25.0267 0x0b50  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\windows\system32\drivers\HTTP.sys
13:56:25.0280 0x0b50  HTTP - ok
13:56:25.0355 0x0b50  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
13:56:25.0356 0x0b50  hwpolicy - ok
13:56:25.0427 0x0b50  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
13:56:25.0430 0x0b50  i8042prt - ok
13:56:25.0481 0x0b50  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
13:56:25.0488 0x0b50  iaStor - ok
13:56:25.0536 0x0b50  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
13:56:25.0545 0x0b50  iaStorV - ok
13:56:25.0655 0x0b50  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:56:25.0678 0x0b50  idsvc - ok
13:56:25.0709 0x0b50  IEEtwCollectorService - ok
13:56:25.0953 0x0b50  [ 315AAAA2BC9BC778ADC0454B3CA8DCCE, E635DD4CC0CD62C14AE38FDCE7B9B0C982C85D758515CB3C51BB5A9E2A16A491 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
13:56:26.0164 0x0b50  igfx - ok
13:56:26.0293 0x0b50  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
13:56:26.0295 0x0b50  iirsp - ok
13:56:26.0379 0x0b50  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
13:56:26.0397 0x0b50  IKEEXT - ok
13:56:26.0539 0x0b50  [ E4A2E810CB2607C9C159C0DFB0BD4C88, 9F84636D1096BD5EFEDC295D289241CCF3BE77C643C83F3C0F105791042D6A08 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
13:56:26.0608 0x0b50  IntcAzAudAddService - ok
13:56:26.0675 0x0b50  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
13:56:26.0677 0x0b50  intelide - ok
13:56:26.0725 0x0b50  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
13:56:26.0728 0x0b50  intelppm - ok
13:56:26.0764 0x0b50  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
13:56:26.0768 0x0b50  IPBusEnum - ok
13:56:26.0784 0x0b50  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
13:56:26.0787 0x0b50  IpFilterDriver - ok
13:56:26.0868 0x0b50  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
13:56:26.0881 0x0b50  iphlpsvc - ok
13:56:26.0939 0x0b50  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
13:56:26.0941 0x0b50  IPMIDRV - ok
13:56:26.0980 0x0b50  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
13:56:26.0983 0x0b50  IPNAT - ok
13:56:27.0023 0x0b50  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
13:56:27.0025 0x0b50  IRENUM - ok
13:56:27.0048 0x0b50  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
13:56:27.0050 0x0b50  isapnp - ok
13:56:27.0078 0x0b50  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
13:56:27.0084 0x0b50  iScsiPrt - ok
13:56:27.0128 0x0b50  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
13:56:27.0130 0x0b50  kbdclass - ok
13:56:27.0200 0x0b50  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
13:56:27.0202 0x0b50  kbdhid - ok
13:56:27.0215 0x0b50  [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] KeyIso          C:\windows\system32\lsass.exe
13:56:27.0218 0x0b50  KeyIso - ok
13:56:27.0285 0x0b50  [ A5B076011C853B4CAFD6296217A6E345, 3C852DC701231241881AB472A0CBBA9C1E25E92C52EF819C8AA2252833835344 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
13:56:27.0287 0x0b50  KSecDD - ok
13:56:27.0331 0x0b50  [ FD6A70D5D5B5BDF36AD265A232DAFB9A, C8CB4CE76A8CBD84CA1430D0E50651D3E3AEF4861FD17DEAFF2974183FAC585F ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
13:56:27.0335 0x0b50  KSecPkg - ok
13:56:27.0383 0x0b50  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
13:56:27.0393 0x0b50  KtmRm - ok
13:56:27.0420 0x0b50  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\System32\srvsvc.dll
13:56:27.0433 0x0b50  LanmanServer - ok
13:56:27.0502 0x0b50  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:56:27.0507 0x0b50  LanmanWorkstation - ok
13:56:27.0568 0x0b50  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
13:56:27.0571 0x0b50  lltdio - ok
13:56:27.0608 0x0b50  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
13:56:27.0615 0x0b50  lltdsvc - ok
13:56:27.0639 0x0b50  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
13:56:27.0641 0x0b50  lmhosts - ok
13:56:27.0693 0x0b50  [ 6E3D3816749E107883EEC5734CE44493, 73455F0195935AC591E36984BDF9A6FB49C304ED24CF1B8BDC2049826630170D ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
13:56:27.0695 0x0b50  LPCFilter - ok
13:56:27.0736 0x0b50  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
13:56:27.0739 0x0b50  LSI_FC - ok
13:56:27.0775 0x0b50  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
13:56:27.0779 0x0b50  LSI_SAS - ok
13:56:27.0802 0x0b50  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
13:56:27.0804 0x0b50  LSI_SAS2 - ok
13:56:27.0829 0x0b50  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
13:56:27.0832 0x0b50  LSI_SCSI - ok
13:56:27.0852 0x0b50  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
13:56:27.0855 0x0b50  luafv - ok
13:56:27.0929 0x0b50  [ 3C21F7E95FFCA33EF1A83AA33D9663CF, C843116969E1CDBA45AEF98B33BEDBA9200C62CDB52CD7056CE6768A1EF3A637 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
13:56:27.0931 0x0b50  MBAMProtector - ok
13:56:28.0017 0x0b50  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
13:56:28.0045 0x0b50  MBAMService - ok
13:56:28.0093 0x0b50  [ 167BCE00050B19DA25065335645A3C7A, 5CD3EA3E09B4ED318AB6151F56A17B0E4C8CE32DBB77342A39DEF53908F7D2F0 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
13:56:28.0096 0x0b50  MBAMWebAccessControl - ok
13:56:28.0162 0x0b50  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
13:56:28.0166 0x0b50  Mcx2Svc - ok
13:56:28.0203 0x0b50  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
13:56:28.0205 0x0b50  megasas - ok
13:56:28.0241 0x0b50  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
13:56:28.0247 0x0b50  MegaSR - ok
13:56:28.0282 0x0b50  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
13:56:28.0288 0x0b50  MMCSS - ok
13:56:28.0302 0x0b50  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
13:56:28.0305 0x0b50  Modem - ok
13:56:28.0380 0x0b50  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
13:56:28.0381 0x0b50  monitor - ok
13:56:28.0440 0x0b50  [ 4B19F024D238D00A29BA111AA8CDF27E, 17504A9323FFF234A11B05CCAA71C8A0A55E1961909DB17C2DBCC2B909F44969 ] MotioninJoyXFilter C:\windows\system32\DRIVERS\MijXfilt.sys
13:56:28.0443 0x0b50  MotioninJoyXFilter - ok
13:56:28.0517 0x0b50  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\drivers\mouclass.sys
13:56:28.0519 0x0b50  mouclass - ok
13:56:28.0573 0x0b50  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
13:56:28.0575 0x0b50  mouhid - ok
13:56:28.0633 0x0b50  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
13:56:28.0635 0x0b50  mountmgr - ok
13:56:28.0760 0x0b50  [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:56:28.0763 0x0b50  MozillaMaintenance - ok
13:56:28.0783 0x0b50  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
13:56:28.0788 0x0b50  mpio - ok
13:56:28.0827 0x0b50  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
13:56:28.0829 0x0b50  mpsdrv - ok
13:56:28.0906 0x0b50  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
13:56:28.0922 0x0b50  MpsSvc - ok
13:56:28.0982 0x0b50  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
13:56:28.0986 0x0b50  MRxDAV - ok
13:56:29.0048 0x0b50  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
13:56:29.0052 0x0b50  mrxsmb - ok
13:56:29.0080 0x0b50  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
13:56:29.0087 0x0b50  mrxsmb10 - ok
13:56:29.0104 0x0b50  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
13:56:29.0107 0x0b50  mrxsmb20 - ok
13:56:29.0131 0x0b50  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
13:56:29.0133 0x0b50  msahci - ok
13:56:29.0189 0x0b50  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\windows\system32\drivers\msdsm.sys
13:56:29.0193 0x0b50  msdsm - ok
13:56:29.0217 0x0b50  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\windows\System32\msdtc.exe
13:56:29.0226 0x0b50  MSDTC - ok
13:56:29.0286 0x0b50  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
13:56:29.0287 0x0b50  Msfs - ok
13:56:29.0325 0x0b50  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
13:56:29.0327 0x0b50  mshidkmdf - ok
13:56:29.0343 0x0b50  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
13:56:29.0344 0x0b50  msisadrv - ok
13:56:29.0391 0x0b50  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
13:56:29.0396 0x0b50  MSiSCSI - ok
13:56:29.0407 0x0b50  msiserver - ok
13:56:29.0441 0x0b50  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
13:56:29.0442 0x0b50  MSKSSRV - ok
13:56:29.0453 0x0b50  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
13:56:29.0455 0x0b50  MSPCLOCK - ok
13:56:29.0466 0x0b50  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
13:56:29.0468 0x0b50  MSPQM - ok
13:56:29.0489 0x0b50  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
13:56:29.0497 0x0b50  MsRPC - ok
13:56:29.0558 0x0b50  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
13:56:29.0560 0x0b50  mssmbios - ok
13:56:29.0602 0x0b50  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
13:56:29.0603 0x0b50  MSTEE - ok
13:56:29.0621 0x0b50  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
13:56:29.0622 0x0b50  MTConfig - ok
13:56:29.0644 0x0b50  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\windows\system32\Drivers\mup.sys
13:56:29.0647 0x0b50  Mup - ok
13:56:29.0712 0x0b50  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
13:56:29.0723 0x0b50  napagent - ok
13:56:29.0748 0x0b50  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
13:56:29.0755 0x0b50  NativeWifiP - ok
13:56:29.0802 0x0b50  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\windows\system32\drivers\ndis.sys
13:56:29.0819 0x0b50  NDIS - ok
13:56:29.0870 0x0b50  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
13:56:29.0872 0x0b50  NdisCap - ok
13:56:29.0900 0x0b50  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
13:56:29.0902 0x0b50  NdisTapi - ok
13:56:29.0959 0x0b50  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
13:56:29.0961 0x0b50  Ndisuio - ok
13:56:30.0016 0x0b50  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
13:56:30.0020 0x0b50  NdisWan - ok
13:56:30.0085 0x0b50  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
13:56:30.0087 0x0b50  NDProxy - ok
13:56:30.0126 0x0b50  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
13:56:30.0128 0x0b50  NetBIOS - ok
13:56:30.0202 0x0b50  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
13:56:30.0207 0x0b50  NetBT - ok
13:56:30.0228 0x0b50  [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] Netlogon        C:\windows\system32\lsass.exe
13:56:30.0230 0x0b50  Netlogon - ok
13:56:30.0300 0x0b50  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
13:56:30.0309 0x0b50  Netman - ok
13:56:30.0368 0x0b50  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:56:30.0401 0x0b50  NetMsmqActivator - ok
13:56:30.0414 0x0b50  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:56:30.0418 0x0b50  NetPipeActivator - ok
13:56:30.0460 0x0b50  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
13:56:30.0470 0x0b50  netprofm - ok
13:56:30.0484 0x0b50  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:56:30.0487 0x0b50  NetTcpActivator - ok
13:56:30.0500 0x0b50  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:56:30.0503 0x0b50  NetTcpPortSharing - ok
13:56:30.0551 0x0b50  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
13:56:30.0553 0x0b50  nfrd960 - ok
13:56:30.0625 0x0b50  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\windows\System32\nlasvc.dll
13:56:30.0632 0x0b50  NlaSvc - ok
13:56:30.0648 0x0b50  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
13:56:30.0650 0x0b50  Npfs - ok
13:56:30.0695 0x0b50  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\windows\system32\nsisvc.dll
13:56:30.0698 0x0b50  nsi - ok
13:56:30.0720 0x0b50  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
13:56:30.0721 0x0b50  nsiproxy - ok
13:56:30.0805 0x0b50  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
13:56:30.0836 0x0b50  Ntfs - ok
13:56:30.0865 0x0b50  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
13:56:30.0866 0x0b50  Null - ok
13:56:30.0921 0x0b50  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\windows\system32\drivers\nvraid.sys
13:56:30.0924 0x0b50  nvraid - ok
13:56:30.0942 0x0b50  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
13:56:30.0947 0x0b50  nvstor - ok
13:56:31.0013 0x0b50  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
13:56:31.0016 0x0b50  nv_agp - ok
13:56:31.0136 0x0b50  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:56:31.0148 0x0b50  odserv - ok
13:56:31.0205 0x0b50  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
13:56:31.0207 0x0b50  ohci1394 - ok
13:56:31.0240 0x0b50  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:56:31.0244 0x0b50  ose - ok
13:56:31.0293 0x0b50  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
13:56:31.0302 0x0b50  p2pimsvc - ok
13:56:31.0336 0x0b50  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
13:56:31.0348 0x0b50  p2psvc - ok
13:56:31.0390 0x0b50  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\windows\system32\DRIVERS\parport.sys
13:56:31.0392 0x0b50  Parport - ok
13:56:31.0432 0x0b50  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\windows\system32\drivers\partmgr.sys
13:56:31.0434 0x0b50  partmgr - ok
13:56:31.0459 0x0b50  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
13:56:31.0460 0x0b50  Parvdm - ok
13:56:31.0516 0x0b50  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\windows\System32\pcasvc.dll
13:56:31.0522 0x0b50  PcaSvc - ok
13:56:31.0582 0x0b50  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\windows\system32\drivers\pci.sys
13:56:31.0587 0x0b50  pci - ok
13:56:31.0628 0x0b50  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
13:56:31.0630 0x0b50  pciide - ok
13:56:31.0662 0x0b50  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
13:56:31.0668 0x0b50  pcmcia - ok
13:56:31.0690 0x0b50  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\windows\system32\drivers\pcw.sys
13:56:31.0692 0x0b50  pcw - ok
13:56:31.0733 0x0b50  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
13:56:31.0749 0x0b50  PEAUTH - ok
13:56:31.0880 0x0b50  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\windows\system32\pla.dll
13:56:31.0920 0x0b50  pla - ok
13:56:32.0006 0x0b50  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
13:56:32.0016 0x0b50  PlugPlay - ok
13:56:32.0055 0x0b50  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
13:56:32.0058 0x0b50  PNRPAutoReg - ok
13:56:32.0086 0x0b50  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
13:56:32.0094 0x0b50  PNRPsvc - ok
13:56:32.0160 0x0b50  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
13:56:32.0170 0x0b50  PolicyAgent - ok
13:56:32.0237 0x0b50  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\windows\system32\umpo.dll
13:56:32.0243 0x0b50  Power - ok
13:56:32.0282 0x0b50  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
13:56:32.0285 0x0b50  PptpMiniport - ok
13:56:32.0305 0x0b50  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\windows\system32\DRIVERS\processr.sys
13:56:32.0307 0x0b50  Processor - ok
13:56:32.0375 0x0b50  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\windows\system32\profsvc.dll
13:56:32.0381 0x0b50  ProfSvc - ok
13:56:32.0406 0x0b50  [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] ProtectedStorage C:\windows\system32\lsass.exe
13:56:32.0408 0x0b50  ProtectedStorage - ok
13:56:32.0446 0x0b50  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
13:56:32.0449 0x0b50  Psched - ok
13:56:32.0515 0x0b50  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
13:56:32.0550 0x0b50  ql2300 - ok
13:56:32.0581 0x0b50  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
13:56:32.0584 0x0b50  ql40xx - ok
13:56:32.0624 0x0b50  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\windows\system32\qwave.dll
13:56:32.0631 0x0b50  QWAVE - ok
13:56:32.0649 0x0b50  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
13:56:32.0651 0x0b50  QWAVEdrv - ok
13:56:32.0673 0x0b50  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
13:56:32.0675 0x0b50  RasAcd - ok
13:56:32.0721 0x0b50  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
13:56:32.0723 0x0b50  RasAgileVpn - ok
13:56:32.0747 0x0b50  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\windows\System32\rasauto.dll
13:56:32.0753 0x0b50  RasAuto - ok
13:56:32.0786 0x0b50  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
13:56:32.0789 0x0b50  Rasl2tp - ok
13:56:32.0868 0x0b50  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
13:56:32.0879 0x0b50  RasMan - ok
13:56:32.0901 0x0b50  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
13:56:32.0903 0x0b50  RasPppoe - ok
13:56:32.0943 0x0b50  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
13:56:32.0946 0x0b50  RasSstp - ok
13:56:33.0017 0x0b50  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
13:56:33.0023 0x0b50  rdbss - ok
13:56:33.0059 0x0b50  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
13:56:33.0060 0x0b50  rdpbus - ok
13:56:33.0128 0x0b50  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
13:56:33.0129 0x0b50  RDPCDD - ok
13:56:33.0155 0x0b50  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
13:56:33.0157 0x0b50  RDPENCDD - ok
13:56:33.0188 0x0b50  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
13:56:33.0189 0x0b50  RDPREFMP - ok
13:56:33.0251 0x0b50  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
13:56:33.0256 0x0b50  RDPWD - ok
13:56:33.0329 0x0b50  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
13:56:33.0334 0x0b50  rdyboost - ok
13:56:33.0375 0x0b50  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
13:56:33.0379 0x0b50  RemoteAccess - ok
13:56:33.0423 0x0b50  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
13:56:33.0430 0x0b50  RemoteRegistry - ok
13:56:33.0460 0x0b50  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
13:56:33.0464 0x0b50  RpcEptMapper - ok
13:56:33.0493 0x0b50  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
13:56:33.0495 0x0b50  RpcLocator - ok
13:56:33.0529 0x0b50  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\windows\system32\rpcss.dll
13:56:33.0540 0x0b50  RpcSs - ok
13:56:33.0589 0x0b50  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
13:56:33.0591 0x0b50  rspndr - ok
13:56:33.0622 0x0b50  RSUSBSTOR - ok
13:56:33.0664 0x0b50  [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
13:56:33.0669 0x0b50  RTL8167 - ok
13:56:33.0722 0x0b50  [ 8E7D6DBBA555C5D5A02DECC79FE9C638, 8A19E692516277A2F25DEE260AF6557864BB65CEF458D609D95F83DD64DE5884 ] RTL8187B        C:\windows\system32\DRIVERS\RTL8187B.sys
13:56:33.0732 0x0b50  RTL8187B - ok
13:56:33.0745 0x0b50  RtsUIR - ok
13:56:33.0761 0x0b50  [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] SamSs           C:\windows\system32\lsass.exe
13:56:33.0763 0x0b50  SamSs - ok
13:56:33.0828 0x0b50  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
13:56:33.0831 0x0b50  sbp2port - ok
13:56:33.0871 0x0b50  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
13:56:33.0877 0x0b50  SCardSvr - ok
13:56:33.0902 0x0b50  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
13:56:33.0903 0x0b50  scfilter - ok
13:56:33.0981 0x0b50  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\windows\system32\schedsvc.dll
13:56:34.0002 0x0b50  Schedule - ok
13:56:34.0028 0x0b50  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\windows\System32\certprop.dll
13:56:34.0031 0x0b50  SCPolicySvc - ok
13:56:34.0090 0x0b50  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
13:56:34.0096 0x0b50  SDRSVC - ok
13:56:34.0155 0x0b50  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
13:56:34.0157 0x0b50  secdrv - ok
13:56:34.0190 0x0b50  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\windows\system32\seclogon.dll
13:56:34.0193 0x0b50  seclogon - ok
13:56:34.0212 0x0b50  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\system32\sens.dll
13:56:34.0216 0x0b50  SENS - ok
13:56:34.0240 0x0b50  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\windows\system32\sensrsvc.dll
13:56:34.0244 0x0b50  SensrSvc - ok
13:56:34.0261 0x0b50  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
13:56:34.0263 0x0b50  Serenum - ok
13:56:34.0315 0x0b50  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\DRIVERS\serial.sys
13:56:34.0318 0x0b50  Serial - ok
13:56:34.0337 0x0b50  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
13:56:34.0339 0x0b50  sermouse - ok
13:56:34.0414 0x0b50  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
13:56:34.0419 0x0b50  SessionEnv - ok
13:56:34.0473 0x0b50  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
13:56:34.0474 0x0b50  sffdisk - ok
13:56:34.0496 0x0b50  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
13:56:34.0497 0x0b50  sffp_mmc - ok
13:56:34.0514 0x0b50  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
13:56:34.0515 0x0b50  sffp_sd - ok
13:56:34.0554 0x0b50  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
13:56:34.0556 0x0b50  sfloppy - ok
13:56:34.0605 0x0b50  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
13:56:34.0614 0x0b50  SharedAccess - ok
13:56:34.0677 0x0b50  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:56:34.0689 0x0b50  ShellHWDetection - ok
13:56:34.0714 0x0b50  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
13:56:34.0717 0x0b50  sisagp - ok
13:56:34.0767 0x0b50  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
13:56:34.0769 0x0b50  SiSRaid2 - ok
13:56:34.0788 0x0b50  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
13:56:34.0791 0x0b50  SiSRaid4 - ok
13:56:34.0922 0x0b50  [ 0B70786BD1062CD4C6B58E412B9C3E55, 60ED027642FFF97BFFA55AE3EFFCCBB6D6AD8196D35E9ED06F9AF431E3C0402A ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:56:34.0931 0x0b50  SkypeUpdate - ok
13:56:34.0965 0x0b50  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\windows\system32\DRIVERS\smb.sys
13:56:34.0967 0x0b50  Smb - ok
13:56:35.0027 0x0b50  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
13:56:35.0030 0x0b50  SNMPTRAP - ok
13:56:35.0105 0x0b50  [ 92A9FC4F85D418709A58A677211EA561, 9E79C1832F4687A4E3894A20940B0B4312AF38CA8AAEC92616480BFA811328FC ] SophosVirusRemovalTool C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
13:56:35.0109 0x0b50  SophosVirusRemovalTool - ok
13:56:35.0143 0x0b50  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\windows\system32\drivers\spldr.sys
13:56:35.0146 0x0b50  spldr - ok
13:56:35.0209 0x0b50  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\windows\System32\spoolsv.exe
13:56:35.0219 0x0b50  Spooler - ok
13:56:35.0355 0x0b50  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
13:56:35.0479 0x0b50  sppsvc - ok
13:56:35.0546 0x0b50  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\windows\system32\sppuinotify.dll
13:56:35.0550 0x0b50  sppuinotify - ok
13:56:35.0625 0x0b50  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\windows\system32\DRIVERS\srv.sys
13:56:35.0633 0x0b50  srv - ok
13:56:35.0667 0x0b50  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
13:56:35.0677 0x0b50  srv2 - ok
13:56:35.0704 0x0b50  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
13:56:35.0709 0x0b50  srvnet - ok
13:56:35.0750 0x0b50  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
13:56:35.0757 0x0b50  SSDPSRV - ok
13:56:35.0781 0x0b50  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\windows\system32\sstpsvc.dll
13:56:35.0786 0x0b50  SstpSvc - ok
13:56:35.0897 0x0b50  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
13:56:35.0922 0x0b50  Steam Client Service - ok
13:56:35.0966 0x0b50  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
13:56:35.0967 0x0b50  stexstor - ok
13:56:36.0041 0x0b50  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
13:56:36.0057 0x0b50  StiSvc - ok
13:56:36.0118 0x0b50  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\drivers\swenum.sys
13:56:36.0121 0x0b50  swenum - ok
13:56:36.0164 0x0b50  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\windows\System32\swprv.dll
13:56:36.0178 0x0b50  swprv - ok
13:56:36.0236 0x0b50  [ 8BD10DC8809DC69A1C5A795CB10ADD76, 92ED1BC580DC2BE539296D69775368C974FBB0145A5114BA250261E49E073960 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
13:56:36.0242 0x0b50  SynTP - ok
13:56:36.0335 0x0b50  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\windows\system32\sysmain.dll
13:56:36.0367 0x0b50  SysMain - ok
13:56:36.0424 0x0b50  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
13:56:36.0429 0x0b50  TabletInputService - ok
13:56:36.0499 0x0b50  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\windows\System32\tapisrv.dll
13:56:36.0508 0x0b50  TapiSrv - ok
13:56:36.0550 0x0b50  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\windows\System32\tbssvc.dll
13:56:36.0554 0x0b50  TBS - ok
13:56:36.0642 0x0b50  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
13:56:36.0678 0x0b50  Tcpip - ok
13:56:36.0765 0x0b50  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
13:56:36.0792 0x0b50  TCPIP6 - ok
13:56:36.0865 0x0b50  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
13:56:36.0867 0x0b50  tcpipreg - ok
13:56:36.0925 0x0b50  [ 4084EA00D50C858D6F9038F86AE2E2D0, FD7C34311B7F700C7C93B9A8A59D507C53ADF874651C6979979EDF5E21C32FD5 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
13:56:36.0927 0x0b50  tdcmdpst - ok
13:56:36.0971 0x0b50  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
13:56:36.0973 0x0b50  TDPIPE - ok
13:56:36.0986 0x0b50  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
13:56:36.0987 0x0b50  TDTCP - ok
13:56:37.0044 0x0b50  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
13:56:37.0047 0x0b50  tdx - ok
13:56:37.0106 0x0b50  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\drivers\termdd.sys
13:56:37.0108 0x0b50  TermDD - ok
13:56:37.0186 0x0b50  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\windows\System32\termsrv.dll
13:56:37.0202 0x0b50  TermService - ok
13:56:37.0234 0x0b50  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
13:56:37.0237 0x0b50  Themes - ok
13:56:37.0261 0x0b50  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\windows\system32\mmcss.dll
13:56:37.0264 0x0b50  THREADORDER - ok
13:56:37.0376 0x0b50  [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:56:37.0378 0x0b50  TMachInfo - ok
13:56:37.0443 0x0b50  [ FE65D33B7D4FF07DD1D29526A48DF810, E595370FD907734BC24263661C58F9AF7BDAEAE3BABED65A6C0EF837E17A7F68 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
13:56:37.0449 0x0b50  TODDSrv - ok
13:56:37.0517 0x0b50  [ 451B09BA1A0D019BA0B5A27229559D55, A8E8491DB7E9B27F98D1CB46B1146FADC7FA665D7588BA8E5EC461DBF7DE22F6 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:56:37.0529 0x0b50  TosCoSrv - ok
13:56:37.0593 0x0b50  [ 67C1DA40D78C92622081A3E780C926B2, 12240BF045AF00F6B801E4CEFF4C7E851B6826D263F7F93C5ABC23C03A42393E ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:56:37.0596 0x0b50  TOSHIBA HDD SSD Alert Service - ok
13:56:37.0645 0x0b50  [ 969377943FE7284609BABBAB4E06B93C, 401ABFF0F2157730F8188E1C02C947EB62E9E0BE87DF260C4BCE74F5E8C08A46 ] tos_sps32       C:\windows\system32\DRIVERS\tos_sps32.sys
13:56:37.0653 0x0b50  tos_sps32 - ok
13:56:37.0697 0x0b50  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
13:56:37.0702 0x0b50  TrkWks - ok
13:56:37.0788 0x0b50  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:56:37.0794 0x0b50  TrustedInstaller - ok
13:56:37.0857 0x0b50  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
13:56:37.0859 0x0b50  tssecsrv - ok
13:56:37.0932 0x0b50  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
13:56:37.0935 0x0b50  TsUsbFlt - ok
13:56:38.0004 0x0b50  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
13:56:38.0007 0x0b50  tunnel - ok
13:56:38.0039 0x0b50  [ FC24015B4052600C324C43E3A79C0664, 908DFC8490079FB3178DEF9D3A712F22E4E39D65092401D1003925FCF65EE4DB ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:56:38.0041 0x0b50  TVALZ - ok
13:56:38.0074 0x0b50  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
13:56:38.0076 0x0b50  uagp35 - ok
13:56:38.0146 0x0b50  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
13:56:38.0153 0x0b50  udfs - ok
13:56:38.0200 0x0b50  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\windows\system32\UI0Detect.exe
13:56:38.0203 0x0b50  UI0Detect - ok
13:56:38.0259 0x0b50  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
13:56:38.0262 0x0b50  uliagpkx - ok
13:56:38.0330 0x0b50  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\windows\system32\drivers\umbus.sys
13:56:38.0332 0x0b50  umbus - ok
13:56:38.0365 0x0b50  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
13:56:38.0367 0x0b50  UmPass - ok
13:56:38.0396 0x0b50  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
13:56:38.0406 0x0b50  upnphost - ok
13:56:38.0441 0x0b50  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
13:56:38.0443 0x0b50  USBAAPL - ok
13:56:38.0499 0x0b50  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
13:56:38.0501 0x0b50  usbccgp - ok
13:56:38.0512 0x0b50  USBCCID - ok
13:56:38.0539 0x0b50  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
13:56:38.0542 0x0b50  usbcir - ok
13:56:38.0567 0x0b50  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
13:56:38.0569 0x0b50  usbehci - ok
13:56:38.0600 0x0b50  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
13:56:38.0607 0x0b50  usbhub - ok
13:56:38.0628 0x0b50  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\windows\system32\drivers\usbohci.sys
13:56:38.0631 0x0b50  usbohci - ok
13:56:38.0672 0x0b50  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
13:56:38.0673 0x0b50  usbprint - ok
13:56:38.0739 0x0b50  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\windows\system32\drivers\usbscan.sys
13:56:38.0741 0x0b50  usbscan - ok
13:56:38.0806 0x0b50  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
13:56:38.0809 0x0b50  USBSTOR - ok
13:56:38.0867 0x0b50  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
13:56:38.0869 0x0b50  usbuhci - ok
13:56:38.0901 0x0b50  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\windows\System32\uxsms.dll
13:56:38.0905 0x0b50  UxSms - ok
13:56:38.0916 0x0b50  [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] VaultSvc        C:\windows\system32\lsass.exe
13:56:38.0918 0x0b50  VaultSvc - ok
13:56:38.0951 0x0b50  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
13:56:38.0953 0x0b50  vdrvroot - ok
13:56:39.0022 0x0b50  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\windows\System32\vds.exe
13:56:39.0036 0x0b50  vds - ok
13:56:39.0094 0x0b50  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
13:56:39.0095 0x0b50  vga - ok
13:56:39.0131 0x0b50  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\windows\System32\drivers\vga.sys
13:56:39.0133 0x0b50  VgaSave - ok
13:56:39.0187 0x0b50  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
13:56:39.0192 0x0b50  vhdmp - ok
13:56:39.0215 0x0b50  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
13:56:39.0218 0x0b50  viaagp - ok
13:56:39.0244 0x0b50  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
13:56:39.0246 0x0b50  ViaC7 - ok
13:56:39.0267 0x0b50  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
13:56:39.0268 0x0b50  viaide - ok
13:56:39.0335 0x0b50  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
13:56:39.0337 0x0b50  volmgr - ok
13:56:39.0371 0x0b50  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
13:56:39.0381 0x0b50  volmgrx - ok
13:56:39.0453 0x0b50  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\windows\system32\drivers\volsnap.sys
13:56:39.0461 0x0b50  volsnap - ok
13:56:39.0508 0x0b50  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
13:56:39.0513 0x0b50  vsmraid - ok
13:56:39.0596 0x0b50  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\windows\system32\vssvc.exe
13:56:39.0624 0x0b50  VSS - ok
13:56:39.0642 0x0b50  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
13:56:39.0643 0x0b50  vwifibus - ok
13:56:39.0675 0x0b50  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
13:56:39.0677 0x0b50  vwififlt - ok
13:56:39.0708 0x0b50  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
13:56:39.0709 0x0b50  vwifimp - ok
13:56:39.0755 0x0b50  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\windows\system32\w32time.dll
13:56:39.0765 0x0b50  W32Time - ok
13:56:39.0786 0x0b50  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
13:56:39.0788 0x0b50  WacomPen - ok
13:56:39.0848 0x0b50  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
13:56:39.0850 0x0b50  WANARP - ok
13:56:39.0861 0x0b50  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
13:56:39.0864 0x0b50  Wanarpv6 - ok
13:56:40.0004 0x0b50  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
13:56:40.0038 0x0b50  WatAdminSvc - ok
13:56:40.0098 0x0b50  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
13:56:40.0130 0x0b50  wbengine - ok
13:56:40.0170 0x0b50  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
13:56:40.0177 0x0b50  WbioSrvc - ok
13:56:40.0247 0x0b50  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\windows\System32\wcncsvc.dll
13:56:40.0257 0x0b50  wcncsvc - ok
13:56:40.0287 0x0b50  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:56:40.0293 0x0b50  WcsPlugInService - ok
13:56:40.0336 0x0b50  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\DRIVERS\wd.sys
13:56:40.0338 0x0b50  Wd - ok
13:56:40.0390 0x0b50  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
13:56:40.0404 0x0b50  Wdf01000 - ok
13:56:40.0439 0x0b50  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\windows\system32\wdi.dll
13:56:40.0443 0x0b50  WdiServiceHost - ok
13:56:40.0455 0x0b50  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\windows\system32\wdi.dll
13:56:40.0459 0x0b50  WdiSystemHost - ok
13:56:40.0522 0x0b50  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\windows\System32\webclnt.dll
13:56:40.0533 0x0b50  WebClient - ok
13:56:40.0554 0x0b50  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
13:56:40.0560 0x0b50  Wecsvc - ok
13:56:40.0577 0x0b50  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\windows\System32\wercplsupport.dll
13:56:40.0583 0x0b50  wercplsupport - ok
13:56:40.0614 0x0b50  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
13:56:40.0619 0x0b50  WerSvc - ok
13:56:40.0663 0x0b50  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
13:56:40.0664 0x0b50  WfpLwf - ok
13:56:40.0684 0x0b50  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
13:56:40.0686 0x0b50  WIMMount - ok
13:56:40.0806 0x0b50  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:56:40.0824 0x0b50  WinDefend - ok
13:56:40.0855 0x0b50  WinHttpAutoProxySvc - ok
13:56:40.0914 0x0b50  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
13:56:40.0919 0x0b50  Winmgmt - ok
13:56:41.0017 0x0b50  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\windows\system32\WsmSvc.dll
13:56:41.0053 0x0b50  WinRM - ok
13:56:41.0146 0x0b50  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
13:56:41.0148 0x0b50  WinUsb - ok
13:56:41.0210 0x0b50  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\windows\System32\wlansvc.dll
13:56:41.0233 0x0b50  Wlansvc - ok
13:56:41.0280 0x0b50  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
13:56:41.0281 0x0b50  WmiAcpi - ok
13:56:41.0341 0x0b50  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
13:56:41.0345 0x0b50  wmiApSrv - ok
13:56:41.0468 0x0b50  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:56:41.0496 0x0b50  WMPNetworkSvc - ok
13:56:41.0546 0x0b50  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
13:56:41.0550 0x0b50  WPCSvc - ok
13:56:41.0610 0x0b50  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
13:56:41.0615 0x0b50  WPDBusEnum - ok
13:56:41.0655 0x0b50  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
13:56:41.0657 0x0b50  ws2ifsl - ok
13:56:41.0712 0x0b50  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\system32\wscsvc.dll
13:56:41.0717 0x0b50  wscsvc - ok
13:56:41.0727 0x0b50  WSearch - ok
13:56:41.0899 0x0b50  [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv        C:\windows\system32\wuaueng.dll
13:56:41.0951 0x0b50  wuauserv - ok
13:56:42.0016 0x0b50  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
13:56:42.0020 0x0b50  WudfPf - ok
13:56:42.0111 0x0b50  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
13:56:42.0115 0x0b50  WUDFRd - ok
13:56:42.0208 0x0b50  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
13:56:42.0213 0x0b50  wudfsvc - ok
13:56:42.0255 0x0b50  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\windows\System32\wwansvc.dll
13:56:42.0263 0x0b50  WwanSvc - ok
13:56:42.0307 0x0b50  XDva390 - ok
13:56:42.0375 0x0b50  [ EE9144207EE0211EB5656BA6808AC4A0, 8C4EEC5D22C8FA43CAEF1A7C098198BE3DE8804FAFFFF9ADBCC4A9C6157FCD85 ] xusb21          C:\windows\system32\DRIVERS\xusb21.sys
13:56:42.0377 0x0b50  xusb21 - ok
13:56:42.0429 0x0b50  ZAM - ok
13:56:42.0491 0x0b50  ZAMSvc - ok
13:56:42.0536 0x0b50  ZAM_Guard - ok
13:56:42.0562 0x0b50  ================ Scan global ===============================
13:56:42.0649 0x0b50  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
13:56:42.0704 0x0b50  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\windows\system32\winsrv.dll
13:56:42.0722 0x0b50  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\windows\system32\winsrv.dll
13:56:42.0757 0x0b50  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
13:56:42.0822 0x0b50  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\windows\system32\services.exe
13:56:42.0831 0x0b50  [ Global ] - ok
13:56:42.0835 0x0b50  ================ Scan MBR ==================================
13:56:42.0846 0x0b50  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
13:56:43.0218 0x0b50  \Device\Harddisk0\DR0 - ok
13:56:43.0221 0x0b50  ================ Scan VBR ==================================
13:56:43.0226 0x0b50  [ CCCF7B1DA0D32030E1F47F2B02234DAA ] \Device\Harddisk0\DR0\Partition1
13:56:43.0227 0x0b50  \Device\Harddisk0\DR0\Partition1 - ok
13:56:43.0231 0x0b50  ================ Scan generic autorun ======================
13:56:43.0277 0x0b50  [ 15556E800CE3434F583C2D7B1189A5E2, C2E1810EC5A19488286B1DC9DD5FB730D70EA8FFEC01AF39D1849A5EF97671DC ] C:\windows\system32\igfxtray.exe
13:56:43.0282 0x0b50  IgfxTray - ok
13:56:43.0334 0x0b50  [ 0AC7A7E1293322F9FC415BAE839600E3, 8027E69328B5126C0064AB4E5547737E18D331415DFE9275837CB52C62E10E7E ] C:\windows\system32\hkcmd.exe
13:56:43.0339 0x0b50  HotKeysCmds - ok
13:56:43.0373 0x0b50  [ 17BA811DA9E17F74F529B6EFA1CF61C5, FB80D5C27BE28D3BC46947B1485E89905B597A98839C8345CF5B98C4FC4E8EC6 ] C:\windows\system32\igfxpers.exe
13:56:43.0379 0x0b50  Persistence - ok
13:56:43.0676 0x0b50  [ 967DCD9F36AAEA34FE859C9B82E6A4B9, C3D5CA9E972912C014421DDC8E2D8DD9240983F0BDAF47A52FE39F28AA9553AD ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
13:56:43.0926 0x0b50  RtHDVCpl - ok
13:56:44.0026 0x0b50  [ 778B2333591E9D28063D491456DA18BE, B6EE1FDE2CC137C075E2AA5A588C9356F79690525B0587A97D63127768247717 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
13:56:44.0063 0x0b50  SynTPEnh - ok
13:56:44.0120 0x0b50  [ E579644A3F6196BDD8D1B00EC12FC7E6, A63F2C90FB74518D4DB4DA0381BFFE9509624DB6D9D4573BD24542094567211C ] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
13:56:44.0130 0x0b50  SVPWUTIL - ok
13:56:44.0163 0x0b50  [ 5F91764211D1517C15C9D2C4ED665A09, 56941A8571FE5935237756795B9F821235B7AED066A450905C860B08F54A248E ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
13:56:44.0174 0x0b50  HWSetup - ok
13:56:44.0209 0x0b50  [ DB0E503EDF7C9030731070DB5EDA0CEA, 2DE9C60EC150DBEF8DF61E8486B5BE079D6E456CBA14B291C86E446BB4B500F1 ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
13:56:44.0221 0x0b50  TPwrMain - ok
13:56:44.0276 0x0b50  [ A9BC134691E76EB00F0739046D433447, 1D548EF0EADC92252116E2AD07E5FB17F048EADB8C06DBF4E7C524DC779169A0 ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
13:56:44.0291 0x0b50  TosSENotify - ok
13:56:44.0375 0x0b50  [ D658AB1B55127D18DCFBCAC8CAAEA522, 9FB818F3899542CB7F1B979644423A66842D98D1762B1C38AE04AEE23320DA8E ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
13:56:44.0377 0x0b50  HP Software Update - ok
13:56:44.0469 0x0b50  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:56:44.0493 0x0b50  Adobe ARM - ok
13:56:44.0559 0x0b50  [ 815CBBBAC9F4D44081955ABBC9544930, 1A3EDC87B61C98BBDDB12F20EFAB6DFFE9E0CE33AD119BF4423200B1145B67F3 ] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe
13:56:44.0566 0x0b50  MyTOSHIBA - ok
13:56:44.0709 0x0b50  [ DA5FBAA5D62B4FD393947DE5EE8715BE, BA3FDF00AFCF2859585FB9D934E67D31CC7960C093A09F73F8F6AEFE86E9528E ] C:\Users\Alys\AppData\Local\FluxSoftware\Flux\flux.exe
13:56:44.0733 0x0b50  F.lux - ok
13:56:44.0799 0x0b50  [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Alys\AppData\Local\Dropbox\Update\DropboxUpdate.exe
13:56:44.0803 0x0b50  Dropbox Update - ok
13:56:44.0825 0x0b50  [ 815CBBBAC9F4D44081955ABBC9544930, 1A3EDC87B61C98BBDDB12F20EFAB6DFFE9E0CE33AD119BF4423200B1145B67F3 ] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe
13:56:44.0830 0x0b50  MyTOSHIBA - ok
13:56:44.0846 0x0b50  [ 815CBBBAC9F4D44081955ABBC9544930, 1A3EDC87B61C98BBDDB12F20EFAB6DFFE9E0CE33AD119BF4423200B1145B67F3 ] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe
13:56:44.0852 0x0b50  MyTOSHIBA - ok
13:56:44.0857 0x0b50  Waiting for KSN requests completion. In queue: 65
13:56:45.0857 0x0b50  Waiting for KSN requests completion. In queue: 65
13:56:46.0857 0x0b50  Waiting for KSN requests completion. In queue: 65
13:56:47.0918 0x0b50  Win FW state via NFP2: enabled ( trusted )
13:56:50.0823 0x0b50  ============================================================
13:56:50.0823 0x0b50  Scan finished
13:56:50.0823 0x0b50  ============================================================
13:56:50.0839 0x022c  Detected object count: 0
13:56:50.0839 0x022c  Actual detected object count: 0
13:57:27.0557 0x0e78  Deinitialize success
 


#10 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 06 August 2015 - 12:36 AM

How is the situation now ?



#11 Shaldreth

Shaldreth
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 06 August 2015 - 11:13 AM

It's still happening. Is there any way I can just see what specific program is running through the svchost in task manager or something? 



#12 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 06 August 2015 - 11:28 AM

Svchost is related to services. I cannot help you further,but i will let MRT know about this so you can open new topic in MRL.



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 PM

Posted 06 August 2015 - 11:39 AM

Hello Shaldreth,

Can you follow this tutorial and tell me which services are running under the svchost process that takes up the most CPU?

#14 Shaldreth

Shaldreth
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 07 August 2015 - 11:08 AM

Thanks, this was exactly the kind of tool I was looking for!

There are a lot of services registered under that instance of svchost, here is the list: 

- AeLookupSvc

- Appinfo

- BITS

- Browser

- EapHost

- gpsvc

- IKEEXT

- iphlpsvc

- LanmanServer

- MMCSS

- ProfSvc

- RasMan

- Schedule

- seclogon

- SENS

- ShellHWDetection

- Themes

- Winmgmt

- wuauserv



#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:37 PM

Posted 07 August 2015 - 03:29 PM

That's a lot of services for one svchost.exe instance...

Do you experience any slowdowns when svchost consumes 100% CPU?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users