Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

OS will not open [Solved]


  • This topic is locked This topic is locked

#1
phillip245

phillip245

    Member

  • Member
  • PipPip
  • 31 posts
HI: Thanks for looking. My Google Chrome will not open and I did get IE to open just now, normally IE does not open either for the last 2 weeks. I am running Windows 7 Home. When this happens none of my programs will not open from my desktop. I have run Avast Virus Scan but nothing shows. Start up is really slow, my laptop will connect to the wireless connection from my desktop. Thanks Phillip245 OTL logfile created on: 10/25/13 10:06:26 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SHawn\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.22% Memory free
4.00 Gb Paging File | 2.47 Gb Available in Paging File | 61.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.22 Gb Total Space | 29.65 Gb Free Space | 21.93% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 25.34 Gb Free Space | 25.94% Space Free | Partition Type: NTFS

Computer Name: PHILLIP | User Name: SHawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/19 18:04:14 | 001,185,744 | ---- | M] (Google Inc.) -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\Installer\setup.exe
PRC - [2013/10/17 00:57:41 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\SHawn\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/14 20:23:24 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/09/26 09:44:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHawn\Downloads\OTL.exe
PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/08/30 04:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/08/30 04:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/28 10:19:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/14 17:28:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 17:27:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/03 03:02:12 | 000,698,832 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 03:02:11 | 000,099,792 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/09/12 07:42:26 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/12 07:42:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/20 09:23:54 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/08/14 18:36:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 18:36:09 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\439eb22c3f6967beb8a3364626883423\System.Xml.ni.dll
MOD - [2013/08/14 18:35:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 19:35:01 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/11 19:34:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/22 17:36:26 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3257.27114__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3257.27112__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:26 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:26 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3257.27114__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3257.27109__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3257.27109__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:23 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:22 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:22 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:20 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3218.28700__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/08/22 17:36:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/08/22 17:36:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/08/22 17:36:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/08/22 17:36:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/08/22 17:36:17 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/08/22 17:36:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2011/08/22 17:36:17 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/08/22 17:36:16 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/08/22 17:36:16 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/08/22 17:36:16 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/08/22 17:36:16 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/08/22 17:36:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/08/22 17:36:16 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/08/22 17:36:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2011/08/22 17:36:15 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/08/22 17:36:15 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/08/22 17:36:15 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2011/08/22 17:36:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/08/22 17:36:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/08/22 17:36:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/08/22 17:36:15 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Services (SafeList) ==========

SRV - [2013/10/14 21:22:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/08/30 04:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/28 10:19:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/23 23:01:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/07 05:34:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/09/10 23:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 23:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 23:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/30 04:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 04:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 04:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 04:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 04:48:12 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/08/30 04:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 04:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 04:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/08/20 09:23:48 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/12/21 11:56:40 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/08 13:45:16 | 000,063,872 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009/10/08 13:45:16 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 19:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/04 10:31:28 | 000,746,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/04/30 20:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 19:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 19:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {E297C8D6-4896-4C91-BB2B-74653D8BD92A}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 A9 11 06 E0 9F CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {E297C8D6-4896-4C91-BB2B-74653D8BD92A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{E297C8D6-4896-4C91-BB2B-74653D8BD92A}: "URL" = http://search.condui...1112128913&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51311;https=127.0.0.1:51311


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SHawn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SHawn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/09/29 09:02:28 | 000,000,000 | ---D | M]

[2012/04/27 20:14:54 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://msn.ca/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Bobsled by T-Mobile = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgbddncklanadehifhcogjjfdolghnl\1.20.3.13868_0\
CHR - Extension: avast! Ad Blocker = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: KeyBar 1.8 = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.20.3.520_0\
CHR - Extension: KeyBar 1.8 = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.21.1.507_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {C8748F11-F4AD-47AF-AB50-C7DF5792096B} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4264F02C-9CDD-4EFA-BDE9-D4FAD3A68E16}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52834E69-2AC2-453B-A82C-378FE6E31359}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{860fb750-ec62-11df-9156-001d7d917612}\Shell - "" = AutoRun
O33 - MountPoints2\{860fb750-ec62-11df-9156-001d7d917612}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/12 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\{A3DE190D-5D42-4AC8-9C7B-CA24A7E1B12B}
[2013/10/12 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\LogMeIn Rescue Applet
[2013/09/27 20:17:43 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Roaming\Mozilla
[2013/09/26 09:08:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/09/26 09:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/26 09:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/26 09:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/26 08:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/09/26 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/09/26 08:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/09/26 08:49:32 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Roaming\SearchProtect
[2013/09/26 08:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
[2013/09/26 08:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot
[2013/09/25 21:08:12 | 000,000,000 | ---D | C] -- C:\Users\SHawn\Documents\DRM EPub
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/25 10:06:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 10:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2433745752-1580000231-467868225-1000UA.job
[2013/10/25 09:54:38 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 09:54:38 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 09:43:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/25 09:22:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/25 09:14:52 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 09:14:06 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/22 01:04:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2433745752-1580000231-467868225-1000Core.job
[2013/10/19 08:08:08 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/19 08:08:08 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/18 20:59:46 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/29 09:04:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/09/26 10:02:03 | 000,001,078 | ---- | M] () -- C:\Users\SHawn\Desktop\OTL - Shortcut.lnk
[2013/09/26 08:51:34 | 000,000,009 | ---- | M] () -- C:\END
[2013/09/25 21:38:31 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/26 10:02:03 | 000,001,078 | ---- | C] () -- C:\Users\SHawn\Desktop\OTL - Shortcut.lnk
[2013/09/26 08:48:16 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/23 13:27:51 | 000,007,624 | ---- | C] () -- C:\Users\SHawn\AppData\Local\Resmon.ResmonCfg
[2013/06/27 16:17:19 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 14:13:42 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 14:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/05/27 14:02:05 | 000,007,680 | ---- | C] () -- C:\Windows\System32\GBSinkps.dll
[2013/05/27 14:02:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\GBSink.dll
[2013/05/27 14:02:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GBProxy.exe
[2013/05/27 14:02:04 | 000,004,608 | ---- | C] () -- C:\Windows\System32\GBProxyps.dll
[2013/05/27 14:01:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\JPNXRES.dll
[2013/05/27 14:01:54 | 000,442,368 | ---- | C] () -- C:\Windows\System32\GBSinkCli.exe
[2013/05/27 14:01:54 | 000,184,320 | ---- | C] () -- C:\Windows\System32\JPNRES.dll
[2013/05/27 14:01:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\GBzipdll.dll
[2013/05/18 11:20:51 | 000,000,449 | ---- | C] () -- C:\Users\SHawn\.powerschool_gradebook.properties
[2013/05/18 11:17:44 | 000,000,012 | ---- | C] () -- C:\Users\SHawn\.gradebook_userdict.tlx
[2013/05/18 11:17:40 | 000,002,711 | ---- | C] () -- C:\Users\SHawn\powerschool-gradebook_custom_bundle.jar
[2013/05/18 11:17:40 | 000,002,700 | ---- | C] () -- C:\Users\SHawn\powerschool-gradebook_custom_bundle.jar.gz
[2013/04/24 10:53:42 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/24 10:53:39 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/12/21 11:32:53 | 000,000,685 | ---- | C] () -- C:\Users\SHawn\Libraries - Shortcut.lnk
[2010/09/12 21:41:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2008/01/04 18:25:18 | 000,018,581 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\Archetype.n
[2008/01/04 18:25:06 | 000,008,939 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\body.n
[2008/01/04 18:25:06 | 000,025,317 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\class.n
[2008/01/04 18:25:06 | 000,007,952 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\code.n
[2008/01/04 18:25:06 | 000,008,673 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\configbody.n
[2008/01/04 18:25:06 | 000,007,357 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\delete.n
[2008/01/04 18:25:08 | 000,010,835 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\ensemble.n
[2008/01/04 18:25:08 | 000,007,692 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\find.n
[2008/01/04 18:25:08 | 000,012,252 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\itcl.n
[2008/01/04 18:25:08 | 000,008,685 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\itclvars.n
[2008/01/04 18:25:08 | 000,022,575 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\itcl_class.n
[2008/01/04 18:25:08 | 000,007,295 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\itcl_info.n
[2008/01/04 18:25:20 | 000,008,062 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\itk.n
[2008/01/04 18:25:20 | 000,006,577 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\itkvars.n
[2008/01/04 18:25:40 | 000,010,869 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_buttonbox.n
[2008/01/04 18:25:42 | 000,014,211 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_calendar.n
[2008/01/04 18:25:44 | 000,012,887 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_canvasprintbox.n
[2008/01/04 18:25:44 | 000,008,965 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_canvasprintdialog.n
[2008/01/04 18:25:46 | 000,010,420 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_checkbox.n
[2008/01/04 18:25:48 | 000,017,205 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_combobox.n
[2008/01/04 18:25:48 | 000,009,523 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_dateentry.n
[2008/01/04 18:25:50 | 000,010,914 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_datefield.n
[2008/01/04 18:25:52 | 000,008,289 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_dialog.n
[2008/01/04 18:25:52 | 000,010,224 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_dialogshell.n
[2008/01/04 18:25:54 | 000,013,065 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_disjointlistbox.n
[2008/01/04 18:25:54 | 000,012,540 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_entryfield.n
[2008/01/04 18:25:56 | 000,008,395 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_extbutton.n
[2008/01/04 18:25:56 | 000,014,577 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_extfileselectionbox.n
[2008/01/04 18:25:58 | 000,010,556 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_extfileselectiondialog.n
[2008/01/04 18:25:58 | 000,008,641 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_feedback.n
[2008/01/04 18:25:58 | 000,014,667 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_fileselectionbox.n
[2008/01/04 18:26:00 | 000,010,103 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_fileselectiondialog.n
[2008/01/04 18:26:00 | 000,012,631 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_finddialog.n
[2008/01/04 18:26:02 | 000,025,413 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_hierarchy.n
[2008/01/04 18:26:02 | 000,010,534 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_hyperhelp.n
[2008/01/04 18:26:04 | 000,010,140 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_labeledframe.n
[2008/01/04 18:26:04 | 000,010,796 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_labeledwidget.n
[2008/01/04 18:26:06 | 000,013,277 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_mainwindow.n
[2008/01/04 18:26:06 | 000,025,199 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_menubar.n
[2008/01/04 18:26:08 | 000,013,504 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_messagebox.n
[2008/01/04 18:26:08 | 000,009,932 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_messagedialog.n
[2008/01/04 18:26:10 | 000,017,981 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_notebook.n
[2008/01/04 18:26:10 | 000,012,651 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_optionmenu.n
[2008/01/04 18:26:12 | 000,014,348 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_panedwindow.n
[2008/01/04 18:26:12 | 000,009,529 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_promptdialog.n
[2008/01/04 18:26:14 | 000,008,807 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_pushbutton.n
[2008/01/04 18:26:14 | 000,010,388 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_radiobox.n
[2008/01/04 18:26:16 | 000,007,386 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_scopedobject.n
[2008/01/04 18:26:16 | 000,011,946 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_scrolledcanvas.n
[2008/01/04 18:26:18 | 000,010,878 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_scrolledframe.n
[2008/01/04 18:26:18 | 000,013,906 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_scrolledhtml.n
[2008/01/04 18:26:20 | 000,015,659 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_scrolledlistbox.n
[2008/01/04 18:26:20 | 000,013,083 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_scrolledtext.n
[2008/01/04 18:26:22 | 000,012,819 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_selectionbox.n
[2008/01/04 18:26:22 | 000,009,723 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_selectiondialog.n
[2008/01/04 18:26:24 | 000,010,403 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_shell.n
[2008/01/04 18:26:24 | 000,011,491 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_spindate.n
[2008/01/04 18:26:26 | 000,009,394 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_spinint.n
[2008/01/04 18:26:26 | 000,010,485 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_spinner.n
[2008/01/04 18:26:28 | 000,011,288 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_spintime.n
[2008/01/04 18:26:28 | 000,031,730 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_tabnotebook.n
[2008/01/04 18:26:30 | 000,023,282 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_tabset.n
[2008/01/04 18:26:30 | 000,009,824 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_timeentry.n
[2008/01/04 18:26:32 | 000,009,626 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_timefield.n
[2008/01/04 18:26:32 | 000,016,961 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_toolbar.n
[2008/01/04 18:26:34 | 000,011,931 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\iwidgets_watch.n
[2008/01/04 18:25:08 | 000,006,825 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\local.n
[2008/01/04 18:25:10 | 000,007,526 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\scope.n
[2008/01/04 18:25:20 | 000,008,824 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\Toplevel.n
[2008/01/04 18:25:20 | 000,007,792 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\usual.n
[2008/01/04 18:25:20 | 000,008,484 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\microblaze\nt\man\mann\Widget.n
[2007/12/18 19:11:06 | 000,018,581 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\Archetype.n
[2007/12/18 19:10:50 | 000,008,939 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\body.n
[2007/12/18 19:10:50 | 000,025,317 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\class.n
[2007/12/18 19:10:52 | 000,007,952 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\code.n
[2007/12/18 19:10:52 | 000,008,673 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\configbody.n
[2007/12/18 19:10:52 | 000,007,357 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\delete.n
[2007/12/18 19:10:52 | 000,010,835 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\ensemble.n
[2007/12/18 19:10:54 | 000,007,692 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\find.n
[2007/12/18 19:10:54 | 000,012,252 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\itcl.n
[2007/12/18 19:10:54 | 000,008,685 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\itclvars.n
[2007/12/18 19:10:54 | 000,022,575 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\itcl_class.n
[2007/12/18 19:10:54 | 000,007,295 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\itcl_info.n
[2007/12/18 19:11:08 | 000,008,062 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\itk.n
[2007/12/18 19:11:08 | 000,006,577 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\itkvars.n
[2007/12/18 19:11:30 | 000,010,869 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_buttonbox.n
[2007/12/18 19:11:32 | 000,014,211 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_calendar.n
[2007/12/18 19:11:32 | 000,012,887 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_canvasprintbox.n
[2007/12/18 19:11:34 | 000,008,965 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_canvasprintdialog.n
[2007/12/18 19:11:34 | 000,010,420 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_checkbox.n
[2007/12/18 19:11:34 | 000,017,205 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_combobox.n
[2007/12/18 19:11:36 | 000,009,523 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_dateentry.n
[2007/12/18 19:11:36 | 000,010,914 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_datefield.n
[2007/12/18 19:11:38 | 000,008,289 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_dialog.n
[2007/12/18 19:11:38 | 000,010,224 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_dialogshell.n
[2007/12/18 19:11:38 | 000,013,065 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_disjointlistbox.n
[2007/12/18 19:11:40 | 000,012,540 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_entryfield.n
[2007/12/18 19:11:40 | 000,008,395 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_extbutton.n
[2007/12/18 19:11:42 | 000,014,577 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_extfileselectionbox.n
[2007/12/18 19:11:42 | 000,010,556 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_extfileselectiondialog.n
[2007/12/18 19:11:42 | 000,008,641 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_feedback.n
[2007/12/18 19:11:44 | 000,014,667 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_fileselectionbox.n
[2007/12/18 19:11:44 | 000,010,103 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_fileselectiondialog.n
[2007/12/18 19:11:46 | 000,012,631 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_finddialog.n
[2007/12/18 19:11:46 | 000,025,413 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_hierarchy.n
[2007/12/18 19:11:48 | 000,010,534 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_hyperhelp.n
[2007/12/18 19:11:48 | 000,010,140 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_labeledframe.n
[2007/12/18 19:11:48 | 000,010,796 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_labeledwidget.n
[2007/12/18 19:11:50 | 000,013,277 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_mainwindow.n
[2007/12/18 19:11:50 | 000,025,199 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_menubar.n
[2007/12/18 19:11:52 | 000,013,504 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_messagebox.n
[2007/12/18 19:11:52 | 000,009,932 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_messagedialog.n
[2007/12/18 19:11:52 | 000,017,981 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_notebook.n
[2007/12/18 19:11:54 | 000,012,651 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_optionmenu.n
[2007/12/18 19:11:54 | 000,014,348 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_panedwindow.n
[2007/12/18 19:11:56 | 000,009,529 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_promptdialog.n
[2007/12/18 19:11:56 | 000,008,807 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_pushbutton.n
[2007/12/18 19:11:56 | 000,010,388 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_radiobox.n
[2007/12/18 19:11:58 | 000,007,386 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_scopedobject.n
[2007/12/18 19:11:58 | 000,011,946 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_scrolledcanvas.n
[2007/12/18 19:12:00 | 000,010,878 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_scrolledframe.n
[2007/12/18 19:12:00 | 000,013,906 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_scrolledhtml.n
[2007/12/18 19:12:00 | 000,015,659 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_scrolledlistbox.n
[2007/12/18 19:12:02 | 000,013,083 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_scrolledtext.n
[2007/12/18 19:12:02 | 000,012,819 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_selectionbox.n
[2007/12/18 19:12:04 | 000,009,723 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_selectiondialog.n
[2007/12/18 19:12:04 | 000,010,403 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_shell.n
[2007/12/18 19:12:04 | 000,011,491 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_spindate.n
[2007/12/18 19:12:06 | 000,009,394 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_spinint.n
[2007/12/18 19:12:06 | 000,010,485 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_spinner.n
[2007/12/18 19:12:08 | 000,011,288 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_spintime.n
[2007/12/18 19:12:08 | 000,031,730 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_tabnotebook.n
[2007/12/18 19:12:08 | 000,023,282 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_tabset.n
[2007/12/18 19:12:10 | 000,009,824 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_timeentry.n
[2007/12/18 19:12:10 | 000,009,626 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_timefield.n
[2007/12/18 19:12:12 | 000,016,961 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_toolbar.n
[2007/12/18 19:12:12 | 000,011,931 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\iwidgets_watch.n
[2007/12/18 19:10:56 | 000,006,825 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\local.n
[2007/12/18 19:10:56 | 000,007,526 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\scope.n
[2007/12/18 19:11:08 | 000,008,824 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\Toplevel.n
[2007/12/18 19:11:08 | 000,007,792 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\usual.n
[2007/12/18 19:11:08 | 000,008,484 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\gnu\powerpc-eabi\nt\man\mann\Widget.n
[2008/02/10 20:09:08 | 000,002,512 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\ISE\lib\nt\perllib\unicode\Is\L.pl
[2008/02/10 20:09:09 | 000,000,526 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\ISE\lib\nt\perllib\unicode\Is\N.pl
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/30 15:00:20 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\AnvSoft
[2010/04/23 23:05:45 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Autodesk
[2012/10/11 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\AVG
[2012/04/27 20:14:49 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Babylon
[2013/04/24 11:31:31 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\BHOK IT Consulting
[2013/10/12 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\BitTorrent
[2012/12/16 13:54:41 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\calibre
[2013/09/13 09:22:51 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Canon
[2011/10/11 20:32:35 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Goto.Games
[2010/09/08 15:03:17 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Leadertech
[2013/05/27 14:12:25 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\LocalLow
[2010/04/07 00:38:29 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Opera
[2013/09/26 08:56:20 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\SearchProtect
[2010/04/14 20:14:59 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\StreamTorrent
[2012/10/11 09:54:22 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\TuneUp Software
[2012/04/23 18:23:48 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\uTorrent
[2010/11/30 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

Advertisement


#2
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,301 posts
Hello phillip245, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

NOTE:You have two antivirus programs running, but unfortunately, the bigger issue is you have a ZeroAccess rootkit infection.


:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Please let me know if you have decided to clean the machine or reinstall the O/S.
  • 0

#3
phillip245

phillip245

    Member

  • Member
  • PipPip
  • 31 posts
godawgs: Thank you for your quick reply. I did not realize just how bad the computer is damaged but if you can clean it that would be better for me. The end result I will leave the decision up to you if you feel it is safe. I do not have a windows 7 backup disc. thanks for now Phillip
  • 0

#4
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,301 posts
Hello Phillip,

The choice is not mine, it's yours. :) The infection can be killed. We do it all the time. It is your call to decide if you can trust the machine afterwards. Especially if you use it to do any on-line banking or store sensitive information. We can always clean the machine and after you use it again if you see the same kind of symptoms reoccur, or notice your passwords being changed after you have reset them, you can always reformat the machine and reinstall the O/S.

If you want to proceed the first thing you will need to decide is which antivirus you want to keep, Avast or Microsoft Security Essentials, and uninstall the other one.

Just go the the Programs list in Control Panel, right click the program you want to uninstall and click Uninstall and follow any on screen prompts. After that is done:


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {E297C8D6-4896-4C91-BB2B-74653D8BD92A}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {E297C8D6-4896-4C91-BB2B-74653D8BD92A}
IE - HKCU\..\SearchScopes\{E297C8D6-4896-4C91-BB2B-74653D8BD92A}: "URL" = http://search.condui...1112128913&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51311;https=127.0.0.1:51311
[2012/04/27 20:14:54 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {C8748F11-F4AD-47AF-AB50-C7DF5792096B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{860fb750-ec62-11df-9156-001d7d917612}\Shell - "" = AutoRun
O33 - MountPoints2\{860fb750-ec62-11df-9156-001d7d917612}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

:FILES
ipconfig /flushdns /c
C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

Posted Image TDSSKiller

Please read carefully and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Double click the TDSSKiller.exe file to run the application

    Posted Image
  • Then click on Change parameters. A settings page will open.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-4.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know which antivirus product you uninstalled
2. The OTL fixes log
3. The aswMBR log
4. The TDSSKiller log
5. The Extras.txt log
  • 0

#5
phillip245

phillip245

    Member

  • Member
  • PipPip
  • 31 posts
godawgs: Thanks for your info, I had some issues uninstalling from control panel Microsoft security would not uninstall so I had to reboot with the power button as the start button would not restart my computer. When it did reboot windows update froze after 3 of 8 another hard boot was needed. I did uninstall " Avast "Virus scan. I have done Step 1 & Step 2 in your instructions but could not get the TDSSKiller link from your directions it said it could not be found. I run the OTL fix twice the first time it said the log was to big, and I had run aswMBR twice after running the OTL the second time.
Hope this works for you Thanks Phillip
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E297C8D6-4896-4C91-BB2B-74653D8BD92A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E297C8D6-4896-4C91-BB2B-74653D8BD92A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{860fb750-ec62-11df-9156-001d7d917612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{860fb750-ec62-11df-9156-001d7d917612}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{860fb750-ec62-11df-9156-001d7d917612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{860fb750-ec62-11df-9156-001d7d917612}\ not found.
File F:\LaunchU3.exe -a not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SHawn\Downloads\cmd.bat deleted successfully.
C:\Users\SHawn\Downloads\cmd.txt deleted successfully.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: SHawn
->Temp folder emptied: 119036913 bytes
->Temporary Internet Files folder emptied: 103258153 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 13588476 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44402136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4746837 bytes

Total Files Cleaned = 272.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10272013_181151

Files\Folders moved on Reboot...
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0\AutoRefreshCallbacks scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src\org.eclipse.core.resources.win32_3.1.0 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2\src scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins\org.eclipse.platform.source.win32.win32.x86_3.1.2 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt\plugins scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin\nt scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse\bin scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK\eclipse scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\EDK scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1 scheduled to be moved on reboot.
Folder move failed. C:\$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR scheduled to be moved on reboot.
File\Folder C:\Users\SHawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat not found!
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-27 18:21:17
-----------------------------
18:21:17.761 OS Version: Windows 6.1.7601 Service Pack 1
18:21:17.761 Number of processors: 2 586 0x4303
18:21:17.763 ComputerName: PHILLIP UserName: SHawn
18:21:19.044 Initialize success
18:24:32.645 AVAST engine defs: 13102700
18:31:09.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
18:31:09.329 Disk 0 Vendor: ST325041 3.AA Size: 238474MB BusType: 3
18:31:09.476 Disk 0 MBR read successfully
18:31:09.483 Disk 0 MBR scan
18:31:09.590 Disk 0 Windows 7 default MBR code
18:31:09.594 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 138466 MB offset 63
18:31:09.651 Disk 0 Partition - 00 0F Extended LBA 99998 MB offset 283579380
18:31:09.676 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 283579443
18:31:09.703 Disk 0 scanning sectors +488376000
18:31:09.817 Disk 0 scanning C:\Windows\system32\drivers
18:31:29.166 Service scanning
18:31:45.819 Service MpKsl7957ead6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{648FC2F1-E773-4D10-8EAB-9197C7A9B6EF}\MpKsl7957ead6.sys **LOCKED** 32
18:32:08.422 Modules scanning
18:32:18.362 Disk 0 trace - called modules:
18:32:18.378 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
18:32:18.383 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d967c8]
18:32:18.388 3 CLASSPNP.SYS[88fad59e] -> nt!IofCallDriver -> [0x84cab660]
18:32:18.393 5 ACPI.sys[833bf3d4] -> nt!IofCallDriver -> \Device\0000005b[0x855f6730]
18:32:19.518 AVAST engine scan C:\Windows
18:32:22.125 AVAST engine scan C:\Windows\system32
18:36:58.757 AVAST engine scan C:\Windows\system32\drivers
18:37:20.306 AVAST engine scan C:\Users\SHawn
18:52:10.346 AVAST engine scan C:\ProgramData
18:57:54.544 Scan finished successfully
19:00:22.530 Disk 0 MBR has been saved successfully to "C:\Users\SHawn\Desktop\MBR.dat"
19:00:22.579 The log file has been saved successfully to "C:\Users\SHawn\Desktop\aswMBR1.txt"
  • 0

#6
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,301 posts
I apologize for the bad link for TDSSKiller. The web site changed the link on me. :blush:
Did I understand you correctly, you tried to uninstall both antivirus programs? I would recommend that you disconnect this computer from the internet, except when coming here to read my posts or make a reply, until we can verify what you actually have on the system.

In the future do not run the fixes or scans more than one time. It they won't run or you get a message that the log is too big....stop and ask.

You also did not post the new OTL.txt log . I will re-post the TDSSKiller scan instructions that will include two links for the tool. If one of them doesn't work use the other one.


Step-1.

Posted Image TDSSKiller

Please read carefully and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

OR

Click here to go to the TDSSKiller download page. Click tthe Download Now EXE Version button and save the tdsskiller.exe file to the desktop.

  • Double click the TDSSKiller.exe file to run the application

    Posted Image
  • Then click on Change parameters. A settings page will open.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The TDSSKiller log
2. The new OTL.txt log
  • 0

#7
phillip245

phillip245

    Member

  • Member
  • PipPip
  • 31 posts
godawgs: Thanks for your time I am a slow learner on this matter. I have deleted Avast. Microsoft security essentials would not uninstall. Thanks Phillip245

08:42:39.0582 0x10fc TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
08:42:46.0932 0x10fc ============================================================
08:42:46.0932 0x10fc Current date / time: 2013/10/28 08:42:46.0932
08:42:46.0932 0x10fc SystemInfo:
08:42:46.0932 0x10fc
08:42:46.0932 0x10fc OS Version: 6.1.7601 ServicePack: 1.0
08:42:46.0932 0x10fc Product type: Workstation
08:42:46.0933 0x10fc ComputerName: PHILLIP
08:42:46.0933 0x10fc UserName: SHawn
08:42:46.0933 0x10fc Windows directory: C:\Windows
08:42:46.0933 0x10fc System windows directory: C:\Windows
08:42:46.0933 0x10fc Processor architecture: Intel x86
08:42:46.0933 0x10fc Number of processors: 2
08:42:46.0933 0x10fc Page size: 0x1000
08:42:46.0933 0x10fc Boot type: Normal boot
08:42:46.0934 0x10fc ============================================================
08:42:50.0089 0x10fc System UUID: {FD2B53E9-9A51-666B-45C9-63F40B33CD16}
08:42:50.0881 0x10fc Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:42:50.0884 0x10fc ============================================================
08:42:50.0884 0x10fc \Device\Harddisk0\DR0:
08:42:50.0884 0x10fc MBR partitions:
08:42:50.0884 0x10fc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x10E713B5
08:42:50.0906 0x10fc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10E71433, BlocksNum 0xC34F28D
08:42:50.0906 0x10fc ============================================================
08:42:50.0921 0x10fc C: <-> \Device\Harddisk0\DR0\Partition1
08:42:50.0950 0x10fc D: <-> \Device\Harddisk0\DR0\Partition2
08:42:50.0971 0x10fc ============================================================
08:42:50.0971 0x10fc Initialize success
08:42:50.0971 0x10fc ============================================================
08:42:58.0963 0x17f4 ============================================================
08:42:58.0963 0x17f4 Scan started
08:42:58.0963 0x17f4 Mode: Manual;
08:42:58.0963 0x17f4 ============================================================
08:42:58.0963 0x17f4 KSN ping started
08:43:01.0801 0x17f4 KSN ping finished: true
08:43:02.0252 0x17f4 ================ Scan system memory ========================
08:43:02.0253 0x17f4 System memory - ok
08:43:02.0254 0x17f4 ================ Scan services =============================
08:43:02.0457 0x17f4 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:43:02.0462 0x17f4 1394ohci - ok
08:43:02.0511 0x17f4 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:43:02.0520 0x17f4 ACPI - ok
08:43:02.0564 0x17f4 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:43:02.0566 0x17f4 AcpiPmi - ok
08:43:02.0697 0x17f4 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:43:02.0704 0x17f4 AdobeARMservice - ok
08:43:02.0804 0x17f4 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:43:02.0811 0x17f4 AdobeFlashPlayerUpdateSvc - ok
08:43:02.0896 0x17f4 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:43:02.0921 0x17f4 adp94xx - ok
08:43:03.0008 0x17f4 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:43:03.0026 0x17f4 adpahci - ok
08:43:03.0049 0x17f4 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:43:03.0055 0x17f4 adpu320 - ok
08:43:03.0098 0x17f4 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:43:03.0101 0x17f4 AeLookupSvc - ok
08:43:03.0157 0x17f4 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
08:43:03.0173 0x17f4 AFD - ok
08:43:03.0210 0x17f4 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
08:43:03.0213 0x17f4 agp440 - ok
08:43:03.0241 0x17f4 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
08:43:03.0245 0x17f4 aic78xx - ok
08:43:03.0260 0x17f4 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
08:43:03.0263 0x17f4 ALG - ok
08:43:03.0307 0x17f4 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
08:43:03.0309 0x17f4 aliide - ok
08:43:03.0362 0x17f4 [ EBCCBCBF1DF132E4775E5D6E6DEA3ED0, 142A8C4D21BC4772C4B9E16A1EC8C82EB08CD3E8199D167D4F5F42A2BC415DE2 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:43:03.0379 0x17f4 AMD External Events Utility - ok
08:43:03.0407 0x17f4 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:43:03.0440 0x17f4 amdagp - ok
08:43:03.0472 0x17f4 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
08:43:03.0475 0x17f4 amdide - ok
08:43:03.0510 0x17f4 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:43:03.0512 0x17f4 AmdK8 - ok
08:43:03.0785 0x17f4 [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:43:04.0018 0x17f4 amdkmdag - ok
08:43:04.0083 0x17f4 [ FB68E1B9CEC598F0F69503F3AEBB45DD, BCA3A89A7A570DAABB279ABF67E9DE889457BB2BFF586DB638AD419FF4DD14B2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:43:04.0107 0x17f4 amdkmdap - ok
08:43:04.0149 0x17f4 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:43:04.0155 0x17f4 AmdPPM - ok
08:43:04.0203 0x17f4 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:43:04.0211 0x17f4 amdsata - ok
08:43:04.0255 0x17f4 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:43:04.0262 0x17f4 amdsbs - ok
08:43:04.0286 0x17f4 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:43:04.0288 0x17f4 amdxata - ok
08:43:04.0335 0x17f4 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
08:43:04.0339 0x17f4 AppID - ok
08:43:04.0388 0x17f4 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:43:04.0391 0x17f4 AppIDSvc - ok
08:43:04.0423 0x17f4 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
08:43:04.0427 0x17f4 Appinfo - ok
08:43:04.0449 0x17f4 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:43:04.0454 0x17f4 arc - ok
08:43:04.0478 0x17f4 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:43:04.0483 0x17f4 arcsas - ok
08:43:04.0537 0x17f4 [ 3FCA5C1A8F33CF9857220CC3A3076A3E, 10160049A796031411F68984C8B0D21BD84F4433A0D71F2DCEC036647F8E0C6E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
08:43:04.0539 0x17f4 aswKbd - ok
08:43:04.0567 0x17f4 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:43:04.0569 0x17f4 AsyncMac - ok
08:43:04.0605 0x17f4 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
08:43:04.0606 0x17f4 atapi - ok
08:43:04.0856 0x17f4 [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:43:04.0995 0x17f4 atikmdag - ok
08:43:05.0086 0x17f4 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:43:05.0114 0x17f4 AudioEndpointBuilder - ok
08:43:05.0156 0x17f4 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:43:05.0169 0x17f4 Audiosrv - ok
08:43:05.0214 0x17f4 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:43:05.0223 0x17f4 AxInstSV - ok
08:43:05.0280 0x17f4 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
08:43:05.0306 0x17f4 b06bdrv - ok
08:43:05.0342 0x17f4 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
08:43:05.0360 0x17f4 b57nd60x - ok
08:43:05.0416 0x17f4 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
08:43:05.0420 0x17f4 BDESVC - ok
08:43:05.0456 0x17f4 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
08:43:05.0458 0x17f4 Beep - ok
08:43:05.0547 0x17f4 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
08:43:05.0577 0x17f4 BFE - ok
08:43:05.0644 0x17f4 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
08:43:05.0670 0x17f4 BITS - ok
08:43:05.0688 0x17f4 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:43:05.0691 0x17f4 blbdrive - ok
08:43:05.0735 0x17f4 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:43:05.0739 0x17f4 bowser - ok
08:43:05.0752 0x17f4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:43:05.0754 0x17f4 BrFiltLo - ok
08:43:05.0767 0x17f4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:43:05.0769 0x17f4 BrFiltUp - ok
08:43:05.0810 0x17f4 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
08:43:05.0814 0x17f4 Browser - ok
08:43:05.0846 0x17f4 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:43:05.0863 0x17f4 Brserid - ok
08:43:05.0879 0x17f4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:43:05.0882 0x17f4 BrSerWdm - ok
08:43:05.0896 0x17f4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:43:05.0897 0x17f4 BrUsbMdm - ok
08:43:05.0912 0x17f4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:43:05.0913 0x17f4 BrUsbSer - ok
08:43:05.0925 0x17f4 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:43:05.0928 0x17f4 BTHMODEM - ok
08:43:05.0972 0x17f4 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
08:43:05.0975 0x17f4 bthserv - ok
08:43:06.0000 0x17f4 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:43:06.0004 0x17f4 cdfs - ok
08:43:06.0068 0x17f4 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:43:06.0072 0x17f4 cdrom - ok
08:43:06.0117 0x17f4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
08:43:06.0120 0x17f4 CertPropSvc - ok
08:43:06.0138 0x17f4 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:43:06.0140 0x17f4 circlass - ok
08:43:06.0176 0x17f4 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
08:43:06.0184 0x17f4 CLFS - ok
08:43:06.0275 0x17f4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:43:06.0291 0x17f4 clr_optimization_v2.0.50727_32 - ok
08:43:06.0398 0x17f4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:43:06.0448 0x17f4 clr_optimization_v4.0.30319_32 - ok
08:43:06.0475 0x17f4 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:43:06.0477 0x17f4 CmBatt - ok
08:43:06.0521 0x17f4 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:43:06.0523 0x17f4 cmdide - ok
08:43:06.0637 0x17f4 [ 42F158036BD4C2FF3122BF142E60E6FD, BE7671C6FCE488A625DBA4F4F507664A12A31CF5CA564CC38E4C05FD8A86FB5D ] CNG C:\Windows\system32\Drivers\cng.sys
08:43:06.0666 0x17f4 CNG - ok
08:43:06.0691 0x17f4 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:43:06.0740 0x17f4 Compbatt - ok
08:43:06.0812 0x17f4 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:43:06.0817 0x17f4 CompositeBus - ok
08:43:06.0832 0x17f4 COMSysApp - ok
08:43:06.0861 0x17f4 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:43:06.0864 0x17f4 crcdisk - ok
08:43:06.0914 0x17f4 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:43:06.0919 0x17f4 CryptSvc - ok
08:43:06.0979 0x17f4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
08:43:07.0004 0x17f4 DcomLaunch - ok
08:43:07.0057 0x17f4 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
08:43:07.0074 0x17f4 defragsvc - ok
08:43:07.0108 0x17f4 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:43:07.0111 0x17f4 DfsC - ok
08:43:07.0140 0x17f4 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:43:07.0157 0x17f4 Dhcp - ok
08:43:07.0197 0x17f4 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
08:43:07.0200 0x17f4 discache - ok
08:43:07.0224 0x17f4 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:43:07.0227 0x17f4 Disk - ok
08:43:07.0259 0x17f4 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:43:07.0265 0x17f4 Dnscache - ok
08:43:07.0304 0x17f4 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
08:43:07.0312 0x17f4 dot3svc - ok
08:43:07.0341 0x17f4 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
08:43:07.0349 0x17f4 DPS - ok
08:43:07.0364 0x17f4 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:43:07.0365 0x17f4 drmkaud - ok
08:43:07.0455 0x17f4 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:43:07.0497 0x17f4 DXGKrnl - ok
08:43:07.0566 0x17f4 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
08:43:07.0570 0x17f4 EapHost - ok
08:43:07.0729 0x17f4 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
08:43:07.0837 0x17f4 ebdrv - ok
08:43:07.0880 0x17f4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS C:\Windows\System32\lsass.exe
08:43:07.0882 0x17f4 EFS - ok
08:43:07.0959 0x17f4 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:43:07.0985 0x17f4 ehRecvr - ok
08:43:08.0018 0x17f4 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
08:43:08.0022 0x17f4 ehSched - ok
08:43:08.0062 0x17f4 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:43:08.0075 0x17f4 elxstor - ok
08:43:08.0104 0x17f4 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:43:08.0105 0x17f4 ErrDev - ok
08:43:08.0171 0x17f4 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
08:43:08.0183 0x17f4 EventSystem - ok
08:43:08.0202 0x17f4 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
08:43:08.0207 0x17f4 exfat - ok
08:43:08.0227 0x17f4 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:43:08.0233 0x17f4 fastfat - ok
08:43:08.0303 0x17f4 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
08:43:08.0346 0x17f4 Fax - ok
08:43:08.0373 0x17f4 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:43:08.0375 0x17f4 fdc - ok
08:43:08.0413 0x17f4 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
08:43:08.0415 0x17f4 fdPHost - ok
08:43:08.0444 0x17f4 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
08:43:08.0446 0x17f4 FDResPub - ok
08:43:08.0455 0x17f4 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:43:08.0458 0x17f4 FileInfo - ok
08:43:08.0472 0x17f4 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:43:08.0474 0x17f4 Filetrace - ok
08:43:08.0542 0x17f4 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:43:08.0567 0x17f4 FLEXnet Licensing Service - ok
08:43:08.0584 0x17f4 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:43:08.0586 0x17f4 flpydisk - ok
08:43:08.0607 0x17f4 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:43:08.0613 0x17f4 FltMgr - ok
08:43:08.0685 0x17f4 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
08:43:08.0719 0x17f4 FontCache - ok
08:43:08.0798 0x17f4 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:43:08.0801 0x17f4 FontCache3.0.0.0 - ok
08:43:08.0813 0x17f4 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:43:08.0816 0x17f4 FsDepends - ok
08:43:08.0857 0x17f4 [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:43:08.0859 0x17f4 fssfltr - ok
08:43:09.0002 0x17f4 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:43:09.0056 0x17f4 fsssvc - ok
08:43:09.0085 0x17f4 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:43:09.0087 0x17f4 Fs_Rec - ok
08:43:09.0136 0x17f4 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:43:09.0145 0x17f4 fvevol - ok
08:43:09.0179 0x17f4 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:43:09.0182 0x17f4 gagp30kx - ok
08:43:09.0232 0x17f4 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
08:43:09.0257 0x17f4 gpsvc - ok
08:43:09.0392 0x17f4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:43:09.0410 0x17f4 gupdate - ok
08:43:09.0442 0x17f4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:43:09.0452 0x17f4 gupdatem - ok
08:43:09.0470 0x17f4 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:43:09.0473 0x17f4 hcw85cir - ok
08:43:09.0544 0x17f4 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:43:09.0562 0x17f4 HdAudAddService - ok
08:43:09.0590 0x17f4 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:43:09.0596 0x17f4 HDAudBus - ok
08:43:09.0612 0x17f4 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:43:09.0614 0x17f4 HidBatt - ok
08:43:09.0629 0x17f4 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:43:09.0633 0x17f4 HidBth - ok
08:43:09.0654 0x17f4 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:43:09.0657 0x17f4 HidIr - ok
08:43:09.0686 0x17f4 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
08:43:09.0689 0x17f4 hidserv - ok
08:43:09.0716 0x17f4 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:43:09.0757 0x17f4 HidUsb - ok
08:43:09.0791 0x17f4 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
08:43:09.0795 0x17f4 hkmsvc - ok
08:43:09.0831 0x17f4 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:43:09.0838 0x17f4 HomeGroupListener - ok
08:43:09.0880 0x17f4 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:43:09.0897 0x17f4 HomeGroupProvider - ok
08:43:09.0944 0x17f4 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:43:09.0947 0x17f4 HpSAMD - ok
08:43:10.0007 0x17f4 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:43:10.0033 0x17f4 HTTP - ok
08:43:10.0075 0x17f4 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:43:10.0079 0x17f4 hwpolicy - ok
08:43:10.0134 0x17f4 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:43:10.0142 0x17f4 i8042prt - ok
08:43:10.0181 0x17f4 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:43:10.0199 0x17f4 iaStorV - ok
08:43:10.0256 0x17f4 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:43:10.0261 0x17f4 IDriverT - ok
08:43:10.0360 0x17f4 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:43:10.0394 0x17f4 idsvc - ok
08:43:10.0440 0x17f4 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:43:10.0442 0x17f4 iirsp - ok
08:43:10.0503 0x17f4 [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
08:43:10.0508 0x17f4 IJPLMSVC - ok
08:43:10.0589 0x17f4 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT C:\Windows\System32\ikeext.dll
08:43:10.0615 0x17f4 IKEEXT - ok
08:43:10.0656 0x17f4 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
08:43:10.0658 0x17f4 intelide - ok
08:43:10.0674 0x17f4 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:43:10.0677 0x17f4 intelppm - ok
08:43:10.0711 0x17f4 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:43:10.0715 0x17f4 IPBusEnum - ok
08:43:10.0732 0x17f4 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:43:10.0735 0x17f4 IpFilterDriver - ok
08:43:10.0794 0x17f4 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:43:10.0811 0x17f4 iphlpsvc - ok
08:43:10.0844 0x17f4 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:43:10.0848 0x17f4 IPMIDRV - ok
08:43:10.0871 0x17f4 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:43:10.0887 0x17f4 IPNAT - ok
08:43:10.0914 0x17f4 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:43:10.0917 0x17f4 IRENUM - ok
08:43:10.0963 0x17f4 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:43:10.0967 0x17f4 isapnp - ok
08:43:10.0998 0x17f4 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:43:11.0008 0x17f4 iScsiPrt - ok
08:43:11.0031 0x17f4 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:43:11.0034 0x17f4 kbdclass - ok
08:43:11.0057 0x17f4 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:43:11.0060 0x17f4 kbdhid - ok
08:43:11.0080 0x17f4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso C:\Windows\system32\lsass.exe
08:43:11.0083 0x17f4 KeyIso - ok
08:43:11.0125 0x17f4 [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:43:11.0127 0x17f4 KSecDD - ok
08:43:11.0172 0x17f4 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35, CD50885B37F66EFEAE82158EC78AE1D0B58D1F6901E16A1B27D061DE266A09EF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:43:11.0177 0x17f4 KSecPkg - ok
08:43:11.0227 0x17f4 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:43:11.0245 0x17f4 KtmRm - ok
08:43:11.0272 0x17f4 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:43:11.0278 0x17f4 LanmanServer - ok
08:43:11.0310 0x17f4 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:43:11.0315 0x17f4 LanmanWorkstation - ok
08:43:11.0410 0x17f4 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:43:11.0427 0x17f4 lltdio - ok
08:43:11.0470 0x17f4 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:43:11.0496 0x17f4 lltdsvc - ok
08:43:11.0518 0x17f4 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:43:11.0521 0x17f4 lmhosts - ok
08:43:11.0549 0x17f4 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:43:11.0554 0x17f4 LSI_FC - ok
08:43:11.0575 0x17f4 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:43:11.0580 0x17f4 LSI_SAS - ok
08:43:11.0599 0x17f4 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:43:11.0602 0x17f4 LSI_SAS2 - ok
08:43:11.0621 0x17f4 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:43:11.0625 0x17f4 LSI_SCSI - ok
08:43:11.0651 0x17f4 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
08:43:11.0655 0x17f4 luafv - ok
08:43:11.0705 0x17f4 [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
08:43:11.0707 0x17f4 LVPr2Mon - ok
08:43:11.0747 0x17f4 [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:43:11.0755 0x17f4 LVPrcSrv - ok
08:43:11.0821 0x17f4 [ 87ECCE893D8AEC5A9337B917742D339C, C5D5B4D0C4F206B67EF68D7D691B36A0249E7B41AE7DFD8445298A0F66A374A6 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
08:43:11.0848 0x17f4 LVRS - ok
08:43:11.0890 0x17f4 [ 23F8EF78BB9553E465A476F3CEE5CA18, 22E19B9F16EC555CCA091841711C8D1938F7EBCD8C6AC82E77375AE5EA96610C ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
08:43:11.0896 0x17f4 LVUSBSta - ok
08:43:11.0945 0x17f4 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:43:11.0961 0x17f4 Mcx2Svc - ok
08:43:12.0002 0x17f4 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:43:12.0011 0x17f4 megasas - ok
08:43:12.0055 0x17f4 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:43:12.0081 0x17f4 MegaSR - ok
08:43:12.0162 0x17f4 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:43:12.0166 0x17f4 Microsoft Office Groove Audit Service - ok
08:43:12.0203 0x17f4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
08:43:12.0207 0x17f4 MMCSS - ok
08:43:12.0224 0x17f4 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
08:43:12.0227 0x17f4 Modem - ok
08:43:12.0278 0x17f4 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:43:12.0280 0x17f4 monitor - ok
08:43:12.0328 0x17f4 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:43:12.0331 0x17f4 mouclass - ok
08:43:12.0388 0x17f4 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:43:12.0394 0x17f4 mouhid - ok
08:43:12.0444 0x17f4 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:43:12.0453 0x17f4 mountmgr - ok
08:43:12.0516 0x17f4 [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:43:12.0542 0x17f4 MpFilter - ok
08:43:12.0569 0x17f4 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
08:43:12.0575 0x17f4 mpio - ok
08:43:12.0694 0x17f4 MpKsl7957ead6 - ok
08:43:12.0742 0x17f4 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:43:12.0747 0x17f4 mpsdrv - ok
08:43:12.0810 0x17f4 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:43:12.0835 0x17f4 MpsSvc - ok
08:43:12.0867 0x17f4 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:43:12.0898 0x17f4 MRxDAV - ok
08:43:12.0952 0x17f4 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:43:12.0960 0x17f4 mrxsmb - ok
08:43:13.0019 0x17f4 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:43:13.0045 0x17f4 mrxsmb10 - ok
08:43:13.0074 0x17f4 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:43:13.0088 0x17f4 mrxsmb20 - ok
08:43:13.0127 0x17f4 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
08:43:13.0130 0x17f4 msahci - ok
08:43:13.0169 0x17f4 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:43:13.0176 0x17f4 msdsm - ok
08:43:13.0226 0x17f4 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
08:43:13.0244 0x17f4 MSDTC - ok
08:43:13.0294 0x17f4 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:43:13.0296 0x17f4 Msfs - ok
08:43:13.0310 0x17f4 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:43:13.0312 0x17f4 mshidkmdf - ok
08:43:13.0346 0x17f4 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:43:13.0349 0x17f4 msisadrv - ok
08:43:13.0379 0x17f4 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:43:13.0386 0x17f4 MSiSCSI - ok
08:43:13.0393 0x17f4 msiserver - ok
08:43:13.0413 0x17f4 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:43:13.0415 0x17f4 MSKSSRV - ok
08:43:13.0459 0x17f4 [ 0A7F86657755ADA92C57E597BF5151F7, E226DFF12C4930DF1D0F1D2E7CE7BFFDF62F6DC402200EEFE196D14172A59B63 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:43:13.0460 0x17f4 MsMpSvc - ok
08:43:13.0482 0x17f4 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:43:13.0484 0x17f4 MSPCLOCK - ok
08:43:13.0508 0x17f4 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:43:13.0510 0x17f4 MSPQM - ok
08:43:13.0535 0x17f4 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:43:13.0551 0x17f4 MsRPC - ok
08:43:13.0594 0x17f4 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:43:13.0596 0x17f4 mssmbios - ok
08:43:13.0611 0x17f4 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:43:13.0613 0x17f4 MSTEE - ok
08:43:13.0624 0x17f4 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:43:13.0625 0x17f4 MTConfig - ok
08:43:13.0641 0x17f4 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
08:43:13.0644 0x17f4 Mup - ok
08:43:13.0696 0x17f4 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
08:43:13.0708 0x17f4 napagent - ok
08:43:13.0778 0x17f4 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:43:13.0806 0x17f4 NativeWifiP - ok
08:43:13.0899 0x17f4 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:43:13.0922 0x17f4 NDIS - ok
08:43:13.0942 0x17f4 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:43:13.0944 0x17f4 NdisCap - ok
08:43:13.0971 0x17f4 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:43:13.0973 0x17f4 NdisTapi - ok
08:43:14.0009 0x17f4 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:43:14.0012 0x17f4 Ndisuio - ok
08:43:14.0046 0x17f4 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:43:14.0051 0x17f4 NdisWan - ok
08:43:14.0092 0x17f4 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:43:14.0096 0x17f4 NDProxy - ok
08:43:14.0111 0x17f4 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:43:14.0114 0x17f4 NetBIOS - ok
08:43:14.0159 0x17f4 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:43:14.0166 0x17f4 NetBT - ok
08:43:14.0177 0x17f4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon C:\Windows\system32\lsass.exe
08:43:14.0180 0x17f4 Netlogon - ok
08:43:14.0231 0x17f4 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
08:43:14.0249 0x17f4 Netman - ok
08:43:14.0274 0x17f4 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
08:43:14.0291 0x17f4 netprofm - ok
08:43:14.0353 0x17f4 [ 370887E0E0DBD2B31164EDADB95C99DF, 0BBAF19DAA9A186B5857FD2D04876AD34FF62AB6933AE55E51B828C45F4CC97C ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
08:43:14.0379 0x17f4 netr28u - ok
08:43:14.0403 0x17f4 [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:43:14.0408 0x17f4 NetTcpPortSharing - ok
08:43:14.0458 0x17f4 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:43:14.0460 0x17f4 nfrd960 - ok
08:43:14.0499 0x17f4 [ C58DB40E4C95BE8EE727BE872BE6383F, D64AFF36EAA058880E7144E9BB122C01302DB6783DB725CD3810DDDA47336C0F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:43:14.0502 0x17f4 NisDrv - ok
08:43:14.0540 0x17f4 [ 249D12488F9EE43B0D812C87335E0EF2, 2B96C5E4DA36917B25AEFAC517A1CF987A506A56ECC117C4BA40207AF064FF71 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
08:43:14.0556 0x17f4 NisSrv - ok
08:43:14.0590 0x17f4 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:43:14.0596 0x17f4 NlaSvc - ok
08:43:14.0609 0x17f4 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:43:14.0612 0x17f4 Npfs - ok
08:43:14.0645 0x17f4 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
08:43:14.0648 0x17f4 nsi - ok
08:43:14.0655 0x17f4 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:43:14.0656 0x17f4 nsiproxy - ok
08:43:14.0773 0x17f4 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:43:14.0824 0x17f4 Ntfs - ok
08:43:14.0840 0x17f4 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
08:43:14.0842 0x17f4 Null - ok
08:43:14.0897 0x17f4 [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
08:43:14.0914 0x17f4 NVENETFD - ok
08:43:14.0920 0x17f4 nvlddmkm - ok
08:43:14.0945 0x17f4 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:43:14.0950 0x17f4 nvraid - ok
08:43:14.0990 0x17f4 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:43:14.0994 0x17f4 nvstor - ok
08:43:15.0011 0x17f4 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:43:15.0015 0x17f4 nv_agp - ok
08:43:15.0115 0x17f4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:43:15.0132 0x17f4 odserv - ok
08:43:15.0145 0x17f4 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:43:15.0149 0x17f4 ohci1394 - ok
08:43:15.0206 0x17f4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:43:15.0211 0x17f4 ose - ok
08:43:15.0257 0x17f4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:43:15.0274 0x17f4 p2pimsvc - ok
08:43:15.0293 0x17f4 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
08:43:15.0301 0x17f4 p2psvc - ok
08:43:15.0321 0x17f4 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:43:15.0325 0x17f4 Parport - ok
08:43:15.0361 0x17f4 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:43:15.0364 0x17f4 partmgr - ok
08:43:15.0377 0x17f4 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:43:15.0379 0x17f4 Parvdm - ok
08:43:15.0397 0x17f4 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:43:15.0404 0x17f4 PcaSvc - ok
08:43:15.0458 0x17f4 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
08:43:15.0476 0x17f4 pci - ok
08:43:15.0523 0x17f4 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
08:43:15.0530 0x17f4 pciide - ok
08:43:15.0567 0x17f4 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:43:15.0584 0x17f4 pcmcia - ok
08:43:15.0613 0x17f4 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
08:43:15.0616 0x17f4 pcw - ok
08:43:15.0657 0x17f4 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:43:15.0683 0x17f4 PEAUTH - ok
08:43:15.0730 0x17f4 [ B20F958B207E6AAAC5F70D04DD2C30D8, 5572A45B0327AD72E78CFD541433BBBB54358115019FEFB324607A4F21818959 ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
08:43:15.0733 0x17f4 pepifilter - ok
08:43:15.0925 0x17f4 [ DD184D9ADFE2A8A21741DBDFE9E22F5C, 0C22966973246248FD15A6C192AA1B731D018B4FDF1BD97FE9AA67A746C9440C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
08:43:16.0046 0x17f4 PID_PEPI - ok
08:43:16.0127 0x17f4 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
08:43:16.0178 0x17f4 pla - ok
08:43:16.0230 0x17f4 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:43:16.0252 0x17f4 PlugPlay - ok
08:43:16.0296 0x17f4 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:43:16.0305 0x17f4 PNRPAutoReg - ok
08:43:16.0340 0x17f4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:43:16.0350 0x17f4 PNRPsvc - ok
08:43:16.0381 0x17f4 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:43:16.0399 0x17f4 PolicyAgent - ok
08:43:16.0432 0x17f4 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
08:43:16.0439 0x17f4 Power - ok
08:43:16.0507 0x17f4 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:43:16.0512 0x17f4 PptpMiniport - ok
08:43:16.0531 0x17f4 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:43:16.0535 0x17f4 Processor - ok
08:43:16.0583 0x17f4 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:43:16.0592 0x17f4 ProfSvc - ok
08:43:16.0602 0x17f4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
08:43:16.0604 0x17f4 ProtectedStorage - ok
08:43:16.0631 0x17f4 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:43:16.0634 0x17f4 Psched - ok
08:43:16.0711 0x17f4 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:43:16.0762 0x17f4 ql2300 - ok
08:43:16.0783 0x17f4 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:43:16.0787 0x17f4 ql40xx - ok
08:43:16.0836 0x17f4 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
08:43:16.0861 0x17f4 QWAVE - ok
08:43:16.0901 0x17f4 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:43:16.0952 0x17f4 QWAVEdrv - ok
08:43:17.0083 0x17f4 [ B5909D985716A9CD8B75C12D6581426D, C8FF9936C77A840A9E3AB5D7393C4F142BA7DD3B542228B2A0DB85B732A4BFFB ] RapportCerberus_56758 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys
08:43:17.0109 0x17f4 RapportCerberus_56758 - ok
08:43:17.0214 0x17f4 [ A0F0C41EE3F367CF71B9A50388E77CFA, 7B08B0A725C26EFE4351707704775474B41FD2BC59F0BAC36ADFA0CC2D336C4A ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
08:43:17.0221 0x17f4 RapportEI - ok
08:43:17.0240 0x17f4 [ 7E2C84E45379406B74117D86C40048DA, A359953A2C1E7C5DEEF8E8D5082425C04064661B5D37ADAE6A3FD5CCDC4D3E5C ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
08:43:17.0248 0x17f4 RapportKELL - ok
08:43:17.0328 0x17f4 [ 96759B4647AC26E2FA9F8D256700B5DC, 6E8C0B42D2F0D0AAF4F3013AE25357D23EF796AEDA8DCD71C19113165168C1EF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
08:43:17.0378 0x17f4 RapportMgmtService - ok
08:43:17.0424 0x17f4 [ 21FD14972C7E0DE6966463F823F97881, F5C863E711B54B0EDD26E907495A793077D980AA16F824AB9B4B74060C544ACF ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
08:43:17.0431 0x17f4 RapportPG - ok
08:43:17.0453 0x17f4 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:43:17.0455 0x17f4 RasAcd - ok
08:43:17.0496 0x17f4 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:43:17.0498 0x17f4 RasAgileVpn - ok
08:43:17.0517 0x17f4 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
08:43:17.0522 0x17f4 RasAuto - ok
08:43:17.0550 0x17f4 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:43:17.0554 0x17f4 Rasl2tp - ok
08:43:17.0598 0x17f4 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
08:43:17.0615 0x17f4 RasMan - ok
08:43:17.0630 0x17f4 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:43:17.0634 0x17f4 RasPppoe - ok
08:43:17.0681 0x17f4 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:43:17.0684 0x17f4 RasSstp - ok
08:43:17.0745 0x17f4 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:43:17.0762 0x17f4 rdbss - ok
08:43:17.0798 0x17f4 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:43:17.0803 0x17f4 rdpbus - ok
08:43:17.0853 0x17f4 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:43:17.0855 0x17f4 RDPCDD - ok
08:43:17.0880 0x17f4 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:43:17.0884 0x17f4 RDPENCDD - ok
08:43:17.0909 0x17f4 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:43:17.0910 0x17f4 RDPREFMP - ok
08:43:17.0979 0x17f4 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:43:17.0982 0x17f4 RdpVideoMiniport - ok
08:43:18.0025 0x17f4 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:43:18.0033 0x17f4 RDPWD - ok
08:43:18.0090 0x17f4 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:43:18.0097 0x17f4 rdyboost - ok
08:43:18.0135 0x17f4 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:43:18.0140 0x17f4 RemoteAccess - ok
08:43:18.0182 0x17f4 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:43:18.0189 0x17f4 RemoteRegistry - ok
08:43:18.0229 0x17f4 [ 32D6AB810537CE38CBFFE04ED9F6709A, DD3FA382517CE18D490BD2D95A65DC6873A3BC41DABC53BBD41BAFBCFC85C652 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
08:43:18.0233 0x17f4 RimVSerPort - ok
08:43:18.0279 0x17f4 [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
08:43:18.0283 0x17f4 ROOTMODEM - ok
08:43:18.0320 0x17f4 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:43:18.0329 0x17f4 RpcEptMapper - ok
08:43:18.0365 0x17f4 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
08:43:18.0367 0x17f4 RpcLocator - ok
08:43:18.0388 0x17f4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
08:43:18.0400 0x17f4 RpcSs - ok
08:43:18.0417 0x17f4 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:43:18.0420 0x17f4 rspndr - ok
08:43:18.0434 0x17f4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs C:\Windows\system32\lsass.exe
08:43:18.0436 0x17f4 SamSs - ok
08:43:18.0461 0x17f4 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:43:18.0464 0x17f4 sbp2port - ok
08:43:18.0508 0x17f4 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:43:18.0516 0x17f4 SCardSvr - ok
08:43:18.0551 0x17f4 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:43:18.0553 0x17f4 scfilter - ok
08:43:18.0623 0x17f4 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
08:43:18.0638 0x17f4 Schedule - ok
08:43:18.0678 0x17f4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:43:18.0680 0x17f4 SCPolicySvc - ok
08:43:18.0692 0x17f4 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:43:18.0697 0x17f4 SDRSVC - ok
08:43:18.0747 0x17f4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:43:18.0750 0x17f4 secdrv - ok
08:43:18.0788 0x17f4 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
08:43:18.0805 0x17f4 seclogon - ok
08:43:18.0823 0x17f4 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
08:43:18.0833 0x17f4 SENS - ok
08:43:18.0873 0x17f4 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:43:18.0877 0x17f4 SensrSvc - ok
08:43:18.0887 0x17f4 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:43:18.0890 0x17f4 Serenum - ok
08:43:18.0910 0x17f4 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:43:18.0915 0x17f4 Serial - ok
08:43:18.0927 0x17f4 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:43:18.0930 0x17f4 sermouse - ok
08:43:18.0978 0x17f4 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
08:43:18.0984 0x17f4 SessionEnv - ok
08:43:19.0014 0x17f4 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:43:19.0016 0x17f4 sffdisk - ok
08:43:19.0027 0x17f4 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:43:19.0029 0x17f4 sffp_mmc - ok
08:43:19.0036 0x17f4 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:43:19.0038 0x17f4 sffp_sd - ok
08:43:19.0053 0x17f4 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:43:19.0055 0x17f4 sfloppy - ok
08:43:19.0108 0x17f4 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:43:19.0125 0x17f4 SharedAccess - ok
08:43:19.0169 0x17f4 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:43:19.0178 0x17f4 ShellHWDetection - ok
08:43:19.0201 0x17f4 [ C16173316918A1360DC22947C4FF6352, 9ABEA840494E880654E8979B582E2FD70CF8BDEBF526A678555AB5E94375B5FB ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
08:43:19.0203 0x17f4 silabenm - ok
08:43:19.0211 0x17f4 [ 4569C7774FDE5029A422B1431DAECB90, 14D325ADCD4495BD2C1F3A4DC51C31C0A310F49BF8D792F3A327F1D5CB9530AF ] silabser C:\Windows\system32\DRIVERS\silabser.sys
08:43:19.0214 0x17f4 silabser - ok
08:43:19.0229 0x17f4 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:43:19.0231 0x17f4 sisagp - ok
08:43:19.0254 0x17f4 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:43:19.0257 0x17f4 SiSRaid2 - ok
08:43:19.0275 0x17f4 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:43:19.0279 0x17f4 SiSRaid4 - ok
08:43:19.0346 0x17f4 [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:43:19.0365 0x17f4 SkypeUpdate - ok
08:43:19.0399 0x17f4 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:43:19.0408 0x17f4 Smb - ok
08:43:19.0471 0x17f4 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:43:19.0475 0x17f4 SNMPTRAP - ok
08:43:19.0496 0x17f4 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
08:43:19.0498 0x17f4 spldr - ok
08:43:19.0543 0x17f4 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
08:43:19.0553 0x17f4 Spooler - ok
08:43:19.0705 0x17f4 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
08:43:19.0821 0x17f4 sppsvc - ok
08:43:19.0866 0x17f4 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:43:19.0870 0x17f4 sppuinotify - ok
08:43:19.0920 0x17f4 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:43:19.0937 0x17f4 srv - ok
08:43:19.0985 0x17f4 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:43:20.0002 0x17f4 srv2 - ok
08:43:20.0017 0x17f4 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:43:20.0022 0x17f4 srvnet - ok
08:43:20.0058 0x17f4 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:43:20.0064 0x17f4 SSDPSRV - ok
08:43:20.0080 0x17f4 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:43:20.0084 0x17f4 SstpSvc - ok
08:43:20.0111 0x17f4 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:43:20.0113 0x17f4 stexstor - ok
08:43:20.0150 0x17f4 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
08:43:20.0166 0x17f4 StiSvc - ok
08:43:20.0198 0x17f4 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
08:43:20.0200 0x17f4 swenum - ok
08:43:20.0219 0x17f4 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
08:43:20.0227 0x17f4 swprv - ok
08:43:20.0338 0x17f4 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
08:43:20.0427 0x17f4 SysMain - ok
08:43:20.0454 0x17f4 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
08:43:20.0462 0x17f4 TabletInputService - ok
08:43:20.0506 0x17f4 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
08:43:20.0523 0x17f4 TapiSrv - ok
08:43:20.0558 0x17f4 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
08:43:20.0563 0x17f4 TBS - ok
08:43:20.0652 0x17f4 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:43:20.0719 0x17f4 Tcpip - ok
08:43:20.0774 0x17f4 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:43:20.0798 0x17f4 TCPIP6 - ok
08:43:20.0844 0x17f4 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:43:20.0847 0x17f4 tcpipreg - ok
08:43:20.0884 0x17f4 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:43:20.0886 0x17f4 TDPIPE - ok
08:43:20.0917 0x17f4 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:43:20.0919 0x17f4 TDTCP - ok
08:43:20.0958 0x17f4 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:43:20.0961 0x17f4 tdx - ok
08:43:20.0976 0x17f4 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:43:20.0979 0x17f4 TermDD - ok
08:43:21.0053 0x17f4 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
08:43:21.0098 0x17f4 TermService - ok
08:43:21.0156 0x17f4 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
08:43:21.0160 0x17f4 Themes - ok
08:43:21.0173 0x17f4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
08:43:21.0176 0x17f4 THREADORDER - ok
08:43:21.0207 0x17f4 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
08:43:21.0211 0x17f4 TrkWks - ok
08:43:21.0261 0x17f4 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:43:21.0270 0x17f4 TrustedInstaller - ok
08:43:21.0314 0x17f4 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:43:21.0316 0x17f4 tssecsrv - ok
08:43:21.0365 0x17f4 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:43:21.0368 0x17f4 TsUsbFlt - ok
08:43:21.0398 0x17f4 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:43:21.0403 0x17f4 tunnel - ok
08:43:21.0444 0x17f4 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:43:21.0453 0x17f4 uagp35 - ok
08:43:21.0508 0x17f4 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:43:21.0535 0x17f4 udfs - ok
08:43:21.0583 0x17f4 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:43:21.0588 0x17f4 UI0Detect - ok
08:43:21.0635 0x17f4 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:43:21.0639 0x17f4 uliagpkx - ok
08:43:21.0666 0x17f4 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
08:43:21.0669 0x17f4 umbus - ok
08:43:21.0689 0x17f4 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:43:21.0691 0x17f4 UmPass - ok
08:43:21.0721 0x17f4 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
08:43:21.0738 0x17f4 upnphost - ok
08:43:21.0787 0x17f4 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:43:21.0836 0x17f4 usbaudio - ok
08:43:21.0852 0x17f4 [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:43:21.0856 0x17f4 usbccgp - ok
08:43:21.0900 0x17f4 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:43:21.0916 0x17f4 usbcir - ok
08:43:21.0935 0x17f4 [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:43:21.0938 0x17f4 usbehci - ok
08:43:21.0958 0x17f4 [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:43:21.0975 0x17f4 usbhub - ok
08:43:22.0009 0x17f4 [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:43:22.0011 0x17f4 usbohci - ok
08:43:22.0054 0x17f4 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:43:22.0055 0x17f4 usbprint - ok
08:43:22.0094 0x17f4 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
08:43:22.0116 0x17f4 usbscan - ok
08:43:22.0130 0x17f4 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:43:22.0195 0x17f4 USBSTOR - ok
08:43:22.0266 0x17f4 [ FC43C9C666A1F5F288091BF2140ADA59, F3F7950B97046E6A8DBA676C764C74F438F69781CC447C6D2F0CB658AB7D256E ] usbUDisc C:\Windows\system32\DRIVERS\USBDrv.sys
08:43:22.0309 0x17f4 usbUDisc - ok
08:43:22.0346 0x17f4 [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:43:22.0349 0x17f4 usbuhci - ok
08:43:22.0384 0x17f4 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
08:43:22.0391 0x17f4 UxSms - ok
08:43:22.0416 0x17f4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc C:\Windows\system32\lsass.exe
08:43:22.0419 0x17f4 VaultSvc - ok
08:43:22.0450 0x17f4 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:43:22.0454 0x17f4 vdrvroot - ok
08:43:22.0524 0x17f4 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
08:43:22.0545 0x17f4 vds - ok
08:43:22.0571 0x17f4 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:43:22.0573 0x17f4 vga - ok
08:43:22.0609 0x17f4 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:43:22.0612 0x17f4 VgaSave - ok
08:43:22.0652 0x17f4 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:43:22.0658 0x17f4 vhdmp - ok
08:43:22.0706 0x17f4 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:43:22.0708 0x17f4 viaagp - ok
08:43:22.0723 0x17f4 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
08:43:22.0726 0x17f4 ViaC7 - ok
08:43:22.0764 0x17f4 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
08:43:22.0766 0x17f4 viaide - ok
08:43:22.0776 0x17f4 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:43:22.0779 0x17f4 volmgr - ok
08:43:22.0802 0x17f4 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:43:22.0819 0x17f4 volmgrx - ok
08:43:22.0837 0x17f4 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:43:22.0854 0x17f4 volsnap - ok
08:43:22.0870 0x17f4 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:43:22.0875 0x17f4 vsmraid - ok
08:43:22.0987 0x17f4 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
08:43:23.0042 0x17f4 VSS - ok
08:43:23.0058 0x17f4 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:43:23.0061 0x17f4 vwifibus - ok
08:43:23.0089 0x17f4 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:43:23.0094 0x17f4 vwififlt - ok
08:43:23.0139 0x17f4 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
08:43:23.0165 0x17f4 W32Time - ok
08:43:23.0187 0x17f4 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:43:23.0190 0x17f4 WacomPen - ok
08:43:23.0215 0x17f4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:43:23.0219 0x17f4 WANARP - ok
08:43:23.0232 0x17f4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:43:23.0236 0x17f4 Wanarpv6 - ok
08:43:23.0323 0x17f4 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:43:23.0367 0x17f4 WatAdminSvc - ok
08:43:23.0439 0x17f4 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
08:43:23.0498 0x17f4 wbengine - ok
08:43:23.0518 0x17f4 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:43:23.0526 0x17f4 WbioSrvc - ok
08:43:23.0562 0x17f4 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:43:23.0580 0x17f4 wcncsvc - ok
08:43:23.0591 0x17f4 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:43:23.0595 0x17f4 WcsPlugInService - ok
08:43:23.0634 0x17f4 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:43:23.0639 0x17f4 Wd - ok
08:43:23.0714 0x17f4 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:43:23.0741 0x17f4 Wdf01000 - ok
08:43:23.0756 0x17f4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:43:23.0761 0x17f4 WdiServiceHost - ok
08:43:23.0768 0x17f4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:43:23.0773 0x17f4 WdiSystemHost - ok
08:43:23.0809 0x17f4 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
08:43:23.0827 0x17f4 WebClient - ok
08:43:23.0844 0x17f4 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:43:23.0861 0x17f4 Wecsvc - ok
08:43:23.0872 0x17f4 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:43:23.0875 0x17f4 wercplsupport - ok
08:43:23.0905 0x17f4 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
08:43:23.0911 0x17f4 WerSvc - ok
08:43:23.0953 0x17f4 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:43:23.0955 0x17f4 WfpLwf - ok
08:43:23.0976 0x17f4 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:43:23.0978 0x17f4 WIMMount - ok
08:43:24.0081 0x17f4 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:43:24.0133 0x17f4 WinDefend - ok
08:43:24.0152 0x17f4 WinHttpAutoProxySvc - ok
08:43:24.0238 0x17f4 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:43:24.0255 0x17f4 Winmgmt - ok
08:43:24.0332 0x17f4 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
08:43:24.0383 0x17f4 WinRM - ok
08:43:24.0441 0x17f4 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:43:24.0444 0x17f4 WinUsb - ok
08:43:24.0522 0x17f4 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:43:24.0540 0x17f4 Wlansvc - ok
08:43:24.0653 0x17f4 [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:43:24.0655 0x17f4 wlcrasvc - ok
08:43:24.0809 0x17f4 [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:43:24.0873 0x17f4 wlidsvc - ok
08:43:24.0914 0x17f4 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:43:24.0916 0x17f4 WmiAcpi - ok
08:43:24.0949 0x17f4 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:43:24.0954 0x17f4 wmiApSrv - ok
08:43:25.0058 0x17f4 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:43:25.0079 0x17f4 WMPNetworkSvc - ok
08:43:25.0120 0x17f4 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:43:25.0123 0x17f4 WPCSvc - ok
08:43:25.0154 0x17f4 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:43:25.0159 0x17f4 WPDBusEnum - ok
08:43:25.0196 0x17f4 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:43:25.0198 0x17f4 ws2ifsl - ok
08:43:25.0212 0x17f4 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
08:43:25.0221 0x17f4 wscsvc - ok
08:43:25.0226 0x17f4 WSearch - ok
08:43:25.0384 0x17f4 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
08:43:25.0426 0x17f4 wuauserv - ok
08:43:25.0462 0x17f4 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:43:25.0466 0x17f4 WudfPf - ok
08:43:25.0497 0x17f4 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:43:25.0502 0x17f4 WUDFRd - ok
08:43:25.0546 0x17f4 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:43:25.0550 0x17f4 wudfsvc - ok
08:43:25.0590 0x17f4 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:43:25.0607 0x17f4 WwanSvc - ok
08:43:25.0634 0x17f4 ================ Scan global ===============================
08:43:25.0677 0x17f4 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
08:43:25.0736 0x17f4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
08:43:25.0786 0x17f4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
08:43:25.0837 0x17f4 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
08:43:25.0883 0x17f4 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
08:43:25.0905 0x17f4 [ Global ] - ok
08:43:25.0905 0x17f4 ================ Scan MBR ==================================
08:43:25.0916 0x17f4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:43:26.0362 0x17f4 \Device\Harddisk0\DR0 - ok
08:43:26.0366 0x17f4 ================ Scan VBR ==================================
08:43:26.0370 0x17f4 [ 60AD8A8AA3221E06E720AB2972972C58 ] \Device\Harddisk0\DR0\Partition1
08:43:26.0372 0x17f4 \Device\Harddisk0\DR0\Partition1 - ok
08:43:26.0398 0x17f4 [ E2B0B34774576C57E471B4FE88918E8D ] \Device\Harddisk0\DR0\Partition2
08:43:26.0400 0x17f4 \Device\Harddisk0\DR0\Partition2 - ok
08:43:26.0400 0x17f4 Waiting for KSN requests completion. In queue: 49
08:43:27.0400 0x17f4 Waiting for KSN requests completion. In queue: 49
08:43:28.0400 0x17f4 Waiting for KSN requests completion. In queue: 49
08:43:29.0425 0x17f4 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.3.219.0 ), 0x61000 ( enabled : updated )
08:43:29.0437 0x17f4 Win FW state via NFP2: enabled
08:43:32.0281 0x17f4 ============================================================
08:43:32.0281 0x17f4 Scan finished
08:43:32.0281 0x17f4 ============================================================
08:43:32.0309 0x1048 Detected object count: 0
08:43:32.0309 0x1048 Actual detected object count: 0
08:44:33.0264 0x0624 ============================================================
08:44:33.0264 0x0624 Scan started
08:44:33.0264 0x0624 Mode: Manual; SigCheck; TDLFS;
08:44:33.0264 0x0624 ============================================================
08:44:33.0264 0x0624 KSN ping started
08:44:36.0255 0x0624 KSN ping finished: true
08:44:36.0445 0x0624 ================ Scan system memory ========================
08:44:36.0446 0x0624 System memory - ok
08:44:36.0446 0x0624 ================ Scan services =============================
08:44:36.0635 0x0624 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:44:36.0772 0x0624 1394ohci - ok
08:44:36.0820 0x0624 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:44:36.0843 0x0624 ACPI - ok
08:44:36.0863 0x0624 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:44:36.0906 0x0624 AcpiPmi - ok
08:44:37.0001 0x0624 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:44:37.0015 0x0624 AdobeARMservice - ok
08:44:37.0068 0x0624 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:44:37.0084 0x0624 AdobeFlashPlayerUpdateSvc - ok
08:44:37.0133 0x0624 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:44:37.0155 0x0624 adp94xx - ok
08:44:37.0180 0x0624 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:44:37.0199 0x0624 adpahci - ok
08:44:37.0222 0x0624 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:44:37.0237 0x0624 adpu320 - ok
08:44:37.0281 0x0624 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:44:37.0342 0x0624 AeLookupSvc - ok
08:44:37.0398 0x0624 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
08:44:37.0441 0x0624 AFD - ok
08:44:37.0484 0x0624 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
08:44:37.0502 0x0624 agp440 - ok
08:44:37.0540 0x0624 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
08:44:37.0558 0x0624 aic78xx - ok
08:44:37.0591 0x0624 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
08:44:37.0669 0x0624 ALG - ok
08:44:37.0706 0x0624 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
08:44:37.0717 0x0624 aliide - ok
08:44:37.0754 0x0624 [ EBCCBCBF1DF132E4775E5D6E6DEA3ED0, 142A8C4D21BC4772C4B9E16A1EC8C82EB08CD3E8199D167D4F5F42A2BC415DE2 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:44:37.0813 0x0624 AMD External Events Utility - ok
08:44:37.0854 0x0624 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:44:37.0867 0x0624 amdagp - ok
08:44:37.0888 0x0624 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
08:44:37.0900 0x0624 amdide - ok
08:44:37.0934 0x0624 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:44:37.0970 0x0624 AmdK8 - ok
08:44:38.0286 0x0624 [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:44:38.0510 0x0624 amdkmdag - ok
08:44:38.0566 0x0624 [ FB68E1B9CEC598F0F69503F3AEBB45DD, BCA3A89A7A570DAABB279ABF67E9DE889457BB2BFF586DB638AD419FF4DD14B2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:44:38.0611 0x0624 amdkmdap - ok
08:44:38.0629 0x0624 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:44:38.0666 0x0624 AmdPPM - ok
08:44:38.0699 0x0624 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:44:38.0712 0x0624 amdsata - ok
08:44:38.0757 0x0624 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:44:38.0804 0x0624 amdsbs - ok
08:44:38.0827 0x0624 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:44:38.0850 0x0624 amdxata - ok
08:44:38.0884 0x0624 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
08:44:38.0993 0x0624 AppID - ok
08:44:39.0028 0x0624 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:44:39.0078 0x0624 AppIDSvc - ok
08:44:39.0106 0x0624 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
08:44:39.0140 0x0624 Appinfo - ok
08:44:39.0180 0x0624 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:44:39.0193 0x0624 arc - ok
08:44:39.0209 0x0624 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:44:39.0222 0x0624 arcsas - ok
08:44:39.0252 0x0624 [ 3FCA5C1A8F33CF9857220CC3A3076A3E, 10160049A796031411F68984C8B0D21BD84F4433A0D71F2DCEC036647F8E0C6E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
08:44:39.0269 0x0624 aswKbd - ok
08:44:39.0291 0x0624 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:44:39.0450 0x0624 AsyncMac - ok
08:44:39.0479 0x0624 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
08:44:39.0496 0x0624 atapi - ok
08:44:39.0755 0x0624 [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:44:39.0966 0x0624 atikmdag - ok
08:44:40.0036 0x0624 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:44:40.0104 0x0624 AudioEndpointBuilder - ok
08:44:40.0144 0x0624 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:44:40.0181 0x0624 Audiosrv - ok
08:44:40.0223 0x0624 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:44:40.0312 0x0624 AxInstSV - ok
08:44:40.0352 0x0624 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
08:44:40.0425 0x0624 b06bdrv - ok
08:44:40.0449 0x0624 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
08:44:40.0473 0x0624 b57nd60x - ok
08:44:40.0514 0x0624 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
08:44:40.0565 0x0624 BDESVC - ok
08:44:40.0587 0x0624 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
08:44:40.0633 0x0624 Beep - ok
08:44:40.0686 0x0624 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
08:44:40.0751 0x0624 BFE - ok
08:44:40.0832 0x0624 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
08:44:40.0912 0x0624 BITS - ok
08:44:40.0928 0x0624 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:44:40.0966 0x0624 blbdrive - ok
08:44:41.0008 0x0624 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:44:41.0060 0x0624 bowser - ok
08:44:41.0076 0x0624 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:44:41.0128 0x0624 BrFiltLo - ok
08:44:41.0141 0x0624 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:44:41.0166 0x0624 BrFiltUp - ok
08:44:41.0208 0x0624 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
08:44:41.0261 0x0624 Browser - ok
08:44:41.0285 0x0624 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:44:41.0335 0x0624 Brserid - ok
08:44:41.0361 0x0624 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:44:41.0403 0x0624 BrSerWdm - ok
08:44:41.0419 0x0624 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:44:41.0447 0x0624 BrUsbMdm - ok
08:44:41.0468 0x0624 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:44:41.0504 0x0624 BrUsbSer - ok
08:44:41.0567 0x0624 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:44:41.0629 0x0624 BTHMODEM - ok
08:44:41.0670 0x0624 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
08:44:41.0706 0x0624 bthserv - ok
08:44:41.0741 0x0624 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:44:41.0783 0x0624 cdfs - ok
08:44:41.0825 0x0624 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:44:41.0841 0x0624 cdrom - ok
08:44:41.0881 0x0624 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
08:44:41.0917 0x0624 CertPropSvc - ok
08:44:41.0936 0x0624 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:44:41.0953 0x0624 circlass - ok
08:44:41.0992 0x0624 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
08:44:42.0008 0x0624 CLFS - ok
08:44:42.0097 0x0624 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:44:42.0134 0x0624 clr_optimization_v2.0.50727_32 - ok
08:44:42.0200 0x0624 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:44:42.0218 0x0624 clr_optimization_v4.0.30319_32 - ok
08:44:42.0265 0x0624 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:44:42.0308 0x0624 CmBatt - ok
08:44:42.0361 0x0624 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:44:42.0373 0x0624 cmdide - ok
08:44:42.0506 0x0624 [ 42F158036BD4C2FF3122BF142E60E6FD, BE7671C6FCE488A625DBA4F4F507664A12A31CF5CA564CC38E4C05FD8A86FB5D ] CNG C:\Windows\system32\Drivers\cng.sys
08:44:42.0551 0x0624 CNG - ok
08:44:42.0589 0x0624 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:44:42.0624 0x0624 Compbatt - ok
08:44:42.0661 0x0624 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:44:42.0713 0x0624 CompositeBus - ok
08:44:42.0718 0x0624 COMSysApp - ok
08:44:42.0734 0x0624 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:44:42.0750 0x0624 crcdisk - ok
08:44:42.0801 0x0624 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:44:42.0841 0x0624 CryptSvc - ok
08:44:42.0901 0x0624 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
08:44:42.0943 0x0624 DcomLaunch - ok
08:44:42.0988 0x0624 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
08:44:43.0024 0x0624 defragsvc - ok
08:44:43.0056 0x0624 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:44:43.0088 0x0624 DfsC - ok
08:44:43.0113 0x0624 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:44:43.0166 0x0624 Dhcp - ok
08:44:43.0204 0x0624 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
08:44:43.0236 0x0624 discache - ok
08:44:43.0247 0x0624 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:44:43.0259 0x0624 Disk - ok
08:44:43.0299 0x0624 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:44:43.0327 0x0624 Dnscache - ok
08:44:43.0369 0x0624 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
08:44:43.0411 0x0624 dot3svc - ok
08:44:43.0456 0x0624 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
08:44:43.0495 0x0624 DPS - ok
08:44:43.0529 0x0624 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:44:43.0544 0x0624 drmkaud - ok
08:44:43.0621 0x0624 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:44:43.0685 0x0624 DXGKrnl - ok
08:44:43.0731 0x0624 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
08:44:43.0780 0x0624 EapHost - ok
08:44:43.0916 0x0624 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
08:44:44.0021 0x0624 ebdrv - ok
08:44:44.0070 0x0624 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS C:\Windows\System32\lsass.exe
08:44:44.0090 0x0624 EFS - ok
08:44:44.0194 0x0624 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:44:44.0247 0x0624 ehRecvr - ok
08:44:44.0283 0x0624 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
08:44:44.0320 0x0624 ehSched - ok
08:44:44.0371 0x0624 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:44:44.0397 0x0624 elxstor - ok
08:44:44.0427 0x0624 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:44:44.0450 0x0624 ErrDev - ok
08:44:44.0498 0x0624 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
08:44:44.0546 0x0624 EventSystem - ok
08:44:44.0575 0x0624 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
08:44:44.0604 0x0624 exfat - ok
08:44:44.0625 0x0624 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:44:44.0655 0x0624 fastfat - ok
08:44:44.0726 0x0624 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
08:44:44.0805 0x0624 Fax - ok
08:44:44.0837 0x0624 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:44:44.0869 0x0624 fdc - ok
08:44:44.0911 0x0624 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
08:44:44.0949 0x0624 fdPHost - ok
08:44:44.0966 0x0624 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
08:44:45.0003 0x0624 FDResPub - ok
08:44:45.0019 0x0624 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:44:45.0032 0x0624 FileInfo - ok
08:44:45.0045 0x0624 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:44:45.0086 0x0624 Filetrace - ok
08:44:45.0136 0x0624 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:44:45.0181 0x0624 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
08:44:45.0181 0x0624 Detect skipped due to KSN trusted
08:44:45.0181 0x0624 FLEXnet Licensing Service - ok
08:44:45.0215 0x0624 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:44:45.0239 0x0624 flpydisk - ok
08:44:45.0254 0x0624 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:44:45.0270 0x0624 FltMgr - ok
08:44:45.0333 0x0624 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
08:44:45.0386 0x0624 FontCache - ok
08:44:45.0464 0x0624 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:44:45.0496 0x0624 FontCache3.0.0.0 - ok
08:44:45.0544 0x0624 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:44:45.0560 0x0624 FsDepends - ok
08:44:45.0588 0x0624 [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:44:45.0602 0x0624 fssfltr - ok
08:44:45.0725 0x0624 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:44:45.0768 0x0624 fsssvc - ok
08:44:45.0799 0x0624 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:44:45.0812 0x0624 Fs_Rec - ok
08:44:45.0850 0x0624 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:44:45.0869 0x0624 fvevol - ok
08:44:45.0903 0x0624 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:44:45.0916 0x0624 gagp30kx - ok
08:44:45.0981 0x0624 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
08:44:46.0076 0x0624 gpsvc - ok
08:44:46.0194 0x0624 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:44:46.0209 0x0624 gupdate - ok
08:44:46.0227 0x0624 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:44:46.0239 0x0624 gupdatem - ok
08:44:46.0260 0x0624 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:44:46.0294 0x0624 hcw85cir - ok
08:44:46.0339 0x0624 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:44:46.0375 0x0624 HdAudAddService - ok
08:44:46.0395 0x0624 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:44:46.0417 0x0624 HDAudBus - ok
08:44:46.0434 0x0624 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:44:46.0461 0x0624 HidBatt - ok
08:44:46.0477 0x0624 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:44:46.0502 0x0624 HidBth - ok
08:44:46.0518 0x0624 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:44:46.0535 0x0624 HidIr - ok
08:44:46.0576 0x0624 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
08:44:46.0603 0x0624 hidserv - ok
08:44:46.0630 0x0624 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:44:46.0664 0x0624 HidUsb - ok
08:44:46.0708 0x0624 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
08:44:46.0788 0x0624 hkmsvc - ok
08:44:46.0838 0x0624 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:44:46.0880 0x0624 HomeGroupListener - ok
08:44:46.0921 0x0624 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:44:46.0955 0x0624 HomeGroupProvider - ok
08:44:46.0992 0x0624 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:44:47.0004 0x0624 HpSAMD - ok
08:44:47.0055 0x0624 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:44:47.0092 0x0624 HTTP - ok
08:44:47.0130 0x0624 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:44:47.0142 0x0624 hwpolicy - ok
08:44:47.0179 0x0624 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:44:47.0205 0x0624 i8042prt - ok
08:44:47.0233 0x0624 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:44:47.0252 0x0624 iaStorV - ok
08:44:47.0295 0x0624 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:44:47.0303 0x0624 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
08:44:47.0303 0x0624 Detect skipped due to KSN trusted
08:44:47.0303 0x0624 IDriverT - ok
08:44:47.0412 0x0624 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:44:47.0473 0x0624 idsvc - ok
08:44:47.0504 0x0624 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:44:47.0518 0x0624 iirsp - ok
08:44:47.0568 0x0624 [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
08:44:47.0583 0x0624 IJPLMSVC - ok
08:44:47.0647 0x0624 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT C:\Windows\System32\ikeext.dll
08:44:47.0695 0x0624 IKEEXT - ok
08:44:47.0729 0x0624 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
08:44:47.0741 0x0624 intelide - ok
08:44:47.0772 0x0624 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:44:47.0802 0x0624 intelppm - ok
08:44:47.0833 0x0624 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:44:47.0862 0x0624 IPBusEnum - ok
08:44:47.0879 0x0624 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:44:47.0915 0x0624 IpFilterDriver - ok
08:44:47.0980 0x0624 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:44:48.0060 0x0624 iphlpsvc - ok
08:44:48.0101 0x0624 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:44:48.0138 0x0624 IPMIDRV - ok
08:44:48.0174 0x0624 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:44:48.0227 0x0624 IPNAT - ok
08:44:48.0244 0x0624 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:44:48.0278 0x0624 IRENUM - ok
08:44:48.0310 0x0624 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:44:48.0324 0x0624 isapnp - ok
08:44:48.0342 0x0624 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:44:48.0359 0x0624 iScsiPrt - ok
08:44:48.0377 0x0624 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:44:48.0390 0x0624 kbdclass - ok
08:44:48.0430 0x0624 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:44:48.0455 0x0624 kbdhid - ok
08:44:48.0468 0x0624 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso C:\Windows\system32\lsass.exe
08:44:48.0483 0x0624 KeyIso - ok
08:44:48.0522 0x0624 [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:44:48.0535 0x0624 KSecDD - ok
08:44:48.0579 0x0624 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35, CD50885B37F66EFEAE82158EC78AE1D0B58D1F6901E16A1B27D061DE266A09EF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:44:48.0593 0x0624 KSecPkg - ok
08:44:48.0642 0x0624 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:44:48.0683 0x0624 KtmRm - ok
08:44:48.0703 0x0624 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:44:48.0743 0x0624 LanmanServer - ok
08:44:48.0775 0x0624 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:44:48.0813 0x0624 LanmanWorkstation - ok
08:44:48.0847 0x0624 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:44:48.0875 0x0624 lltdio - ok
08:44:48.0919 0x0624 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:44:48.0951 0x0624 lltdsvc - ok
08:44:48.0965 0x0624 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:44:48.0997 0x0624 lmhosts - ok
08:44:49.0022 0x0624 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:44:49.0036 0x0624 LSI_FC - ok
08:44:49.0063 0x0624 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:44:49.0077 0x0624 LSI_SAS - ok
08:44:49.0096 0x0624 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:44:49.0109 0x0624 LSI_SAS2 - ok
08:44:49.0125 0x0624 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:44:49.0139 0x0624 LSI_SCSI - ok
08:44:49.0156 0x0624 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
08:44:49.0192 0x0624 luafv - ok
08:44:49.0235 0x0624 [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
08:44:49.0246 0x0624 LVPr2Mon - ok
08:44:49.0290 0x0624 [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:44:49.0328 0x0624 LVPrcSrv - ok
08:44:49.0398 0x0624 [ 87ECCE893D8AEC5A9337B917742D339C, C5D5B4D0C4F206B67EF68D7D691B36A0249E7B41AE7DFD8445298A0F66A374A6 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
08:44:49.0425 0x0624 LVRS - ok
08:44:49.0454 0x0624 [ 23F8EF78BB9553E465A476F3CEE5CA18, 22E19B9F16EC555CCA091841711C8D1938F7EBCD8C6AC82E77375AE5EA96610C ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
08:44:49.0471 0x0624 LVUSBSta - ok
08:44:49.0515 0x0624 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:44:49.0553 0x0624 Mcx2Svc - ok
08:44:49.0582 0x0624 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:44:49.0594 0x0624 megasas - ok
08:44:49.0620 0x0624 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:44:49.0636 0x0624 MegaSR - ok
08:44:49.0700 0x0624 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:44:49.0711 0x0624 Microsoft Office Groove Audit Service - ok
08:44:49.0750 0x0624 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
08:44:49.0784 0x0624 MMCSS - ok
08:44:49.0796 0x0624 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
08:44:49.0837 0x0624 Modem - ok
08:44:49.0868 0x0624 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:44:49.0883 0x0624 monitor - ok
08:44:49.0916 0x0624 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:44:49.0928 0x0624 mouclass - ok
08:44:49.0968 0x0624 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:44:50.0016 0x0624 mouhid - ok
08:44:50.0066 0x0624 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:44:50.0097 0x0624 mountmgr - ok
08:44:50.0149 0x0624 [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:44:50.0172 0x0624 MpFilter - ok
08:44:50.0191 0x0624 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
08:44:50.0205 0x0624 mpio - ok
08:44:50.0317 0x0624 MpKsl7957ead6 - ok
08:44:50.0347 0x0624 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:44:50.0374 0x0624 mpsdrv - ok
08:44:50.0427 0x0624 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:44:50.0480 0x0624 MpsSvc - ok
08:44:50.0513 0x0624 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:44:50.0552 0x0624 MRxDAV - ok
08:44:50.0589 0x0624 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:44:50.0627 0x0624 mrxsmb - ok
08:44:50.0675 0x0624 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:44:50.0729 0x0624 mrxsmb10 - ok
08:44:50.0759 0x0624 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:44:50.0790 0x0624 mrxsmb20 - ok
08:44:50.0833 0x0624 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
08:44:50.0847 0x0624 msahci - ok
08:44:50.0883 0x0624 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:44:50.0900 0x0624 msdsm - ok
08:44:50.0947 0x0624 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
08:44:50.0971 0x0624 MSDTC - ok
08:44:51.0016 0x0624 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:44:51.0041 0x0624 Msfs - ok
08:44:51.0048 0x0624 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:44:51.0084 0x0624 mshidkmdf - ok
08:44:51.0119 0x0624 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:44:51.0130 0x0624 msisadrv - ok
08:44:51.0142 0x0624 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:44:51.0176 0x0624 MSiSCSI - ok
08:44:51.0181 0x0624 msiserver - ok
08:44:51.0202 0x0624 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:44:51.0227 0x0624 MSKSSRV - ok
08:44:51.0282 0x0624 [ 0A7F86657755ADA92C57E597BF5151F7, E226DFF12C4930DF1D0F1D2E7CE7BFFDF62F6DC402200EEFE196D14172A59B63 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:44:51.0322 0x0624 MsMpSvc - ok
08:44:51.0346 0x0624 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:44:51.0400 0x0624 MSPCLOCK - ok
08:44:51.0415 0x0624 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:44:51.0454 0x0624 MSPQM - ok
08:44:51.0471 0x0624 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:44:51.0487 0x0624 MsRPC - ok
08:44:51.0525 0x0624 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:44:51.0537 0x0624 mssmbios - ok
08:44:51.0550 0x0624 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:44:51.0576 0x0624 MSTEE - ok
08:44:51.0587 0x0624 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:44:51.0610 0x0624 MTConfig - ok
08:44:51.0629 0x0624 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
08:44:51.0642 0x0624 Mup - ok
08:44:51.0698 0x0624 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
08:44:51.0780 0x0624 napagent - ok
08:44:51.0841 0x0624 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:44:51.0883 0x0624 NativeWifiP - ok
08:44:51.0940 0x0624 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:44:51.0971 0x0624 NDIS - ok
08:44:51.0989 0x0624 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:44:52.0029 0x0624 NdisCap - ok
08:44:52.0043 0x0624 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:44:52.0077 0x0624 NdisTapi - ok
08:44:52.0115 0x0624 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:44:52.0146 0x0624 Ndisuio - ok
08:44:52.0185 0x0624 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:44:52.0211 0x0624 NdisWan - ok
08:44:52.0249 0x0624 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:44:52.0273 0x0624 NDProxy - ok
08:44:52.0309 0x0624 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:44:52.0391 0x0624 NetBIOS - ok
08:44:52.0441 0x0624 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:44:52.0490 0x0624 NetBT - ok
08:44:52.0508 0x0624 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon C:\Windows\system32\lsass.exe
08:44:52.0523 0x0624 Netlogon - ok
08:44:52.0569 0x0624 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
08:44:52.0603 0x0624 Netman - ok
08:44:52.0637 0x0624 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
08:44:52.0684 0x0624 netprofm - ok
08:44:52.0742 0x0624 [ 370887E0E0DBD2B31164EDADB95C99DF, 0BBAF19DAA9A186B5857FD2D04876AD34FF62AB6933AE55E51B828C45F4CC97C ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
08:44:52.0792 0x0624 netr28u - ok
08:44:52.0833 0x0624 [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:44:52.0845 0x0624 NetTcpPortSharing - ok
08:44:52.0880 0x0624 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:44:52.0915 0x0624 nfrd960 - ok
08:44:52.0958 0x0624 [ C58DB40E4C95BE8EE727BE872BE6383F, D64AFF36EAA058880E7144E9BB122C01302DB6783DB725CD3810DDDA47336C0F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:44:52.0989 0x0624 NisDrv - ok
08:44:53.0032 0x0624 [ 249D12488F9EE43B0D812C87335E0EF2, 2B96C5E4DA36917B25AEFAC517A1CF987A506A56ECC117C4BA40207AF064FF71 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
08:44:53.0064 0x0624 NisSrv - ok
08:44:53.0096 0x0624 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:44:53.0129 0x0624 NlaSvc - ok
08:44:53.0148 0x0624 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:44:53.0174 0x0624 Npfs - ok
08:44:53.0209 0x0624 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
08:44:53.0243 0x0624 nsi - ok
08:44:53.0285 0x0624 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:44:53.0322 0x0624 nsiproxy - ok
08:44:53.0446 0x0624 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:44:53.0511 0x0624 Ntfs - ok
08:44:53.0529 0x0624 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
08:44:53.0571 0x0624 Null - ok
08:44:53.0600 0x0624 [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
08:44:53.0623 0x0624 NVENETFD - ok
08:44:53.0628 0x0624 nvlddmkm - ok
08:44:53.0651 0x0624 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:44:53.0665 0x0624 nvraid - ok
08:44:53.0704 0x0624 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:44:53.0718 0x0624 nvstor - ok
08:44:53.0750 0x0624 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:44:53.0763 0x0624 nv_agp - ok
08:44:53.0870 0x0624 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:44:53.0890 0x0624 odserv - ok
08:44:53.0926 0x0624 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:44:53.0979 0x0624 ohci1394 - ok
08:44:54.0033 0x0624 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:44:54.0060 0x0624 ose - ok
08:44:54.0114 0x0624 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:44:54.0157 0x0624 p2pimsvc - ok
08:44:54.0182 0x0624 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
08:44:54.0216 0x0624 p2psvc - ok
08:44:54.0259 0x0624 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:44:54.0275 0x0624 Parport - ok
08:44:54.0308 0x0624 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:44:54.0320 0x0624 partmgr - ok
08:44:54.0333 0x0624 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:44:54.0347 0x0624 Parvdm - ok
08:44:54.0361 0x0624 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:44:54.0382 0x0624 PcaSvc - ok
08:44:54.0417 0x0624 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
08:44:54.0432 0x0624 pci - ok
08:44:54.0467 0x0624 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
08:44:54.0499 0x0624 pciide - ok
08:44:54.0531 0x0624 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:44:54.0576 0x0624 pcmcia - ok
08:44:54.0601 0x0624 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
08:44:54.0616 0x0624 pcw - ok
08:44:54.0653 0x0624 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:44:54.0706 0x0624 PEAUTH - ok
08:44:54.0744 0x0624 [ B20F958B207E6AAAC5F70D04DD2C30D8, 5572A45B0327AD72E78CFD541433BBBB54358115019FEFB324607A4F21818959 ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
08:44:54.0753 0x0624 pepifilter - ok
08:44:54.0909 0x0624 [ DD184D9ADFE2A8A21741DBDFE9E22F5C, 0C22966973246248FD15A6C192AA1B731D018B4FDF1BD97FE9AA67A746C9440C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
08:44:54.0977 0x0624 PID_PEPI - ok
08:44:55.0058 0x0624 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
08:44:55.0129 0x0624 pla - ok
08:44:55.0179 0x0624 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:44:55.0243 0x0624 PlugPlay - ok
08:44:55.0286 0x0624 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:44:55.0329 0x0624 PNRPAutoReg - ok
08:44:55.0357 0x0624 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:44:55.0391 0x0624 PNRPsvc - ok
08:44:55.0446 0x0624 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:44:55.0492 0x0624 PolicyAgent - ok
08:44:55.0520 0x0624 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
08:44:55.0580 0x0624 Power - ok
08:44:55.0621 0x0624 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:44:55.0676 0x0624 PptpMiniport - ok
08:44:55.0710 0x0624 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:44:55.0752 0x0624 Processor - ok
08:44:55.0788 0x0624 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:44:55.0858 0x0624 ProfSvc - ok
08:44:55.0875 0x0624 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
08:44:55.0901 0x0624 ProtectedStorage - ok
08:44:55.0930 0x0624 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:44:55.0974 0x0624 Psched - ok
08:44:56.0051 0x0624 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:44:56.0094 0x0624 ql2300 - ok
08:44:56.0113 0x0624 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:44:56.0126 0x0624 ql40xx - ok
08:44:56.0166 0x0624 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
08:44:56.0189 0x0624 QWAVE - ok
08:44:56.0206 0x0624 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:44:56.0223 0x0624 QWAVEdrv - ok
08:44:56.0321 0x0624 [ B5909D985716A9CD8B75C12D6581426D, C8FF9936C77A840A9E3AB5D7393C4F142BA7DD3B542228B2A0DB85B732A4BFFB ] RapportCerberus_56758 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys
08:44:56.0367 0x0624 RapportCerberus_56758 - ok
08:44:56.0468 0x0624 [ A0F0C41EE3F367CF71B9A50388E77CFA, 7B08B0A725C26EFE4351707704775474B41FD2BC59F0BAC36ADFA0CC2D336C4A ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
08:44:56.0484 0x0624 RapportEI - ok
08:44:56.0502 0x0624 [ 7E2C84E45379406B74117D86C40048DA, A359953A2C1E7C5DEEF8E8D5082425C04064661B5D37ADAE6A3FD5CCDC4D3E5C ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
08:44:56.0517 0x0624 RapportKELL - ok
08:44:56.0591 0x0624 [ 96759B4647AC26E2FA9F8D256700B5DC, 6E8C0B42D2F0D0AAF4F3013AE25357D23EF796AEDA8DCD71C19113165168C1EF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
08:44:56.0633 0x0624 RapportMgmtService - ok
08:44:56.0679 0x0624 [ 21FD14972C7E0DE6966463F823F97881, F5C863E711B54B0EDD26E907495A793077D980AA16F824AB9B4B74060C544ACF ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
08:44:56.0696 0x0624 RapportPG - ok
08:44:56.0708 0x0624 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:44:56.0757 0x0624 RasAcd - ok
08:44:56.0784 0x0624 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:44:56.0816 0x0624 RasAgileVpn - ok
08:44:56.0839 0x0624 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
08:44:56.0869 0x0624 RasAuto - ok
08:44:56.0880 0x0624 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:44:56.0916 0x0624 Rasl2tp - ok
08:44:56.0964 0x0624 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
08:44:57.0061 0x0624 RasMan - ok
08:44:57.0085 0x0624 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:44:57.0119 0x0624 RasPppoe - ok
08:44:57.0162 0x0624 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:44:57.0200 0x0624 RasSstp - ok
08:44:57.0241 0x0624 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:44:57.0278 0x0624 rdbss - ok
08:44:57.0293 0x0624 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:44:57.0309 0x0624 rdpbus - ok
08:44:57.0349 0x0624 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:44:57.0373 0x0624 RDPCDD - ok
08:44:57.0385 0x0624 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:44:57.0417 0x0624 RDPENCDD - ok
08:44:57.0438 0x0624 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:44:57.0468 0x0624 RDPREFMP - ok
08:44:57.0500 0x0624 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:44:57.0529 0x0624 RdpVideoMiniport - ok
08:44:57.0577 0x0624 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:44:57.0642 0x0624 RDPWD - ok
08:44:57.0687 0x0624 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:44:57.0705 0x0624 rdyboost - ok
08:44:57.0749 0x0624 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:44:57.0789 0x0624 RemoteAccess - ok
08:44:57.0829 0x0624 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:44:57.0863 0x0624 RemoteRegistry - ok
08:44:57.0901 0x0624 [ 32D6AB810537CE38CBFFE04ED9F6709A, DD3FA382517CE18D490BD2D95A65DC6873A3BC41DABC53BBD41BAFBCFC85C652 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
08:44:57.0932 0x0624 RimVSerPort - ok
08:44:57.0975 0x0624 [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
08:44:58.0005 0x0624 ROOTMODEM - ok
08:44:58.0023 0x0624 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:44:58.0060 0x0624 RpcEptMapper - ok
08:44:58.0094 0x0624 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
08:44:58.0120 0x0624 RpcLocator - ok
08:44:58.0141 0x0624 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
08:44:58.0177 0x0624 RpcSs - ok
08:44:58.0189 0x0624 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:44:58.0216 0x0624 rspndr - ok
08:44:58.0231 0x0624 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs C:\Windows\system32\lsass.exe
08:44:58.0246 0x0624 SamSs - ok
08:44:58.0266 0x0624 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:44:58.0279 0x0624 sbp2port - ok
08:44:58.0321 0x0624 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:44:58.0350 0x0624 SCardSvr - ok
08:44:58.0389 0x0624 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:44:58.0416 0x0624 scfilter - ok
08:44:58.0488 0x0624 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
08:44:58.0583 0x0624 Schedule - ok
08:44:58.0616 0x0624 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:44:58.0645 0x0624 SCPolicySvc - ok
08:44:58.0680 0x0624 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:44:58.0721 0x0624 SDRSVC - ok
08:44:58.0758 0x0624 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:44:58.0789 0x0624 secdrv - ok
08:44:58.0826 0x0624 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
08:44:58.0858 0x0624 seclogon - ok
08:44:58.0875 0x0624 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
08:44:58.0905 0x0624 SENS - ok
08:44:58.0944 0x0624 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:44:59.0005 0x0624 SensrSvc - ok
08:44:59.0026 0x0624 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:44:59.0059 0x0624 Serenum - ok
08:44:59.0097 0x0624 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:44:59.0120 0x0624 Serial - ok
08:44:59.0140 0x0624 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:44:59.0177 0x0624 sermouse - ok
08:44:59.0216 0x0624 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
08:44:59.0246 0x0624 SessionEnv - ok
08:44:59.0277 0x0624 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:44:59.0301 0x0624 sffdisk - ok
08:44:59.0315 0x0624 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:44:59.0331 0x0624 sffp_mmc - ok
08:44:59.0342 0x0624 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:44:59.0375 0x0624 sffp_sd - ok
08:44:59.0400 0x0624 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:44:59.0426 0x0624 sfloppy - ok
08:44:59.0471 0x0624 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:44:59.0505 0x0624 SharedAccess - ok
08:44:59.0560 0x0624 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:44:59.0651 0x0624 ShellHWDetection - ok
08:44:59.0672 0x0624 [ C16173316918A1360DC22947C4FF6352, 9ABEA840494E880654E8979B582E2FD70CF8BDEBF526A678555AB5E94375B5FB ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
08:44:59.0711 0x0624 silabenm - ok
08:44:59.0725 0x0624 [ 4569C7774FDE5029A422B1431DAECB90, 14D325ADCD4495BD2C1F3A4DC51C31C0A310F49BF8D792F3A327F1D5CB9530AF ] silabser C:\Windows\system32\DRIVERS\silabser.sys
08:44:59.0753 0x0624 silabser - ok
08:44:59.0766 0x0624 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:44:59.0779 0x0624 sisagp - ok
08:44:59.0809 0x0624 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:44:59.0822 0x0624 SiSRaid2 - ok
08:44:59.0838 0x0624 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:44:59.0851 0x0624 SiSRaid4 - ok
08:44:59.0897 0x0624 [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:44:59.0911 0x0624 SkypeUpdate - ok
08:44:59.0926 0x0624 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:44:59.0954 0x0624 Smb - ok
08:44:59.0993 0x0624 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:45:00.0007 0x0624 SNMPTRAP - ok
08:45:00.0016 0x0624 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
08:45:00.0028 0x0624 spldr - ok
08:45:00.0072 0x0624 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
08:45:00.0127 0x0624 Spooler - ok
08:45:00.0322 0x0624 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
08:45:00.0444 0x0624 sppsvc - ok
08:45:00.0487 0x0624 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:45:00.0522 0x0624 sppuinotify - ok
08:45:00.0566 0x0624 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:45:00.0599 0x0624 srv - ok
08:45:00.0648 0x0624 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:45:00.0677 0x0624 srv2 - ok
08:45:00.0697 0x0624 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:45:00.0730 0x0624 srvnet - ok
08:45:00.0763 0x0624 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:45:00.0794 0x0624 SSDPSRV - ok
08:45:00.0809 0x0624 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:45:00.0843 0x0624 SstpSvc - ok
08:45:00.0874 0x0624 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:45:00.0885 0x0624 stexstor - ok
08:45:00.0929 0x0624 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
08:45:00.0966 0x0624 StiSvc - ok
08:45:01.0002 0x0624 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
08:45:01.0013 0x0624 swenum - ok
08:45:01.0032 0x0624 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
08:45:01.0084 0x0624 swprv - ok
08:45:01.0194 0x0624 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
08:45:01.0295 0x0624 SysMain - ok
08:45:01.0333 0x0624 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
08:45:01.0365 0x0624 TabletInputService - ok
08:45:01.0410 0x0624 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
08:45:01.0446 0x0624 TapiSrv - ok
08:45:01.0479 0x0624 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
08:45:01.0518 0x0624 TBS - ok
08:45:01.0601 0x0624 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:45:01.0642 0x0624 Tcpip - ok
08:45:01.0701 0x0624 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:45:01.0741 0x0624 TCPIP6 - ok
08:45:01.0782 0x0624 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:45:01.0804 0x0624 tcpipreg - ok
08:45:01.0839 0x0624 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:45:01.0882 0x0624 TDPIPE - ok
08:45:01.0931 0x0624 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:45:01.0968 0x0624 TDTCP - ok
08:45:02.0013 0x0624 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:45:02.0057 0x0624 tdx - ok
08:45:02.0114 0x0624 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:45:02.0126 0x0624 TermDD - ok
08:45:02.0173 0x0624 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
08:45:02.0225 0x0624 TermService - ok
08:45:02.0259 0x0624 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
08:45:02.0284 0x0624 Themes - ok
08:45:02.0302 0x0624 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
08:45:02.0331 0x0624 THREADORDER - ok
08:45:02.0343 0x0624 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
08:45:02.0378 0x0624 TrkWks - ok
08:45:02.0456 0x0624 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:45:02.0545 0x0624 TrustedInstaller - ok
08:45:02.0584 0x0624 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:45:02.0612 0x0624 tssecsrv - ok
08:45:02.0644 0x0624 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:45:02.0684 0x0624 TsUsbFlt - ok
08:45:02.0728 0x0624 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:45:02.0769 0x0624 tunnel - ok
08:45:02.0804 0x0624 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:45:02.0817 0x0624 uagp35 - ok
08:45:02.0862 0x0624 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:45:02.0902 0x0624 udfs - ok
08:45:02.0937 0x0624 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:45:02.0962 0x0624 UI0Detect - ok
08:45:02.0998 0x0624 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:45:03.0010 0x0624 uliagpkx - ok
08:45:03.0028 0x0624 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
08:45:03.0043 0x0624 umbus - ok
08:45:03.0060 0x0624 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:45:03.0085 0x0624 UmPass - ok
08:45:03.0107 0x0624 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
08:45:03.0141 0x0624 upnphost - ok
08:45:03.0181 0x0624 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:45:03.0220 0x0624 usbaudio - ok
08:45:03.0255 0x0624 [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:45:03.0290 0x0624 usbccgp - ok
08:45:03.0329 0x0624 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:45:03.0344 0x0624 usbcir - ok
08:45:03.0356 0x0624 [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:45:03.0371 0x0624 usbehci - ok
08:45:03.0387 0x0624 [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:45:03.0421 0x0624 usbhub - ok
08:45:03.0439 0x0624 [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:45:03.0465 0x0624 usbohci - ok
08:45:03.0500 0x0624 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:45:03.0560 0x0624 usbprint - ok
08:45:03.0608 0x0624 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
08:45:03.0670 0x0624 usbscan - ok
08:45:03.0694 0x0624 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:45:03.0735 0x0624 USBSTOR - ok
08:45:03.0770 0x0624 [ FC43C9C666A1F5F288091BF2140ADA59, F3F7950B97046E6A8DBA676C764C74F438F69781CC447C6D2F0CB658AB7D256E ] usbUDisc C:\Windows\system32\DRIVERS\USBDrv.sys
08:45:03.0781 0x0624 usbUDisc - ok
08:45:03.0808 0x0624 [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:45:03.0823 0x0624 usbuhci - ok
08:45:03.0855 0x0624 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
08:45:03.0881 0x0624 UxSms - ok
08:45:03.0895 0x0624 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc C:\Windows\system32\lsass.exe
08:45:03.0910 0x0624 VaultSvc - ok
08:45:03.0920 0x0624 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:45:03.0933 0x0624 vdrvroot - ok
08:45:03.0981 0x0624 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
08:45:04.0019 0x0624 vds - ok
08:45:04.0049 0x0624 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:45:04.0065 0x0624 vga - ok
08:45:04.0071 0x0624 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:45:04.0097 0x0624 VgaSave - ok
08:45:04.0144 0x0624 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:45:04.0188 0x0624 vhdmp - ok
08:45:04.0211 0x0624 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:45:04.0233 0x0624 viaagp - ok
08:45:04.0252 0x0624 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
08:45:04.0282 0x0624 ViaC7 - ok
08:45:04.0318 0x0624 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
08:45:04.0333 0x0624 viaide - ok
08:45:04.0347 0x0624 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:45:04.0360 0x0624 volmgr - ok
08:45:04.0380 0x0624 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:45:04.0400 0x0624 volmgrx - ok
08:45:04.0416 0x0624 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:45:04.0433 0x0624 volsnap - ok
08:45:04.0444 0x0624 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:45:04.0458 0x0624 vsmraid - ok
08:45:04.0533 0x0624 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
08:45:04.0589 0x0624 VSS - ok
08:45:04.0604 0x0624 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:45:04.0626 0x0624 vwifibus - ok
08:45:04.0660 0x0624 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:45:04.0677 0x0624 vwififlt - ok
08:45:04.0723 0x0624 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
08:45:04.0769 0x0624 W32Time - ok
08:45:04.0791 0x0624 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:45:04.0806 0x0624 WacomPen - ok
08:45:04.0827 0x0624 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:45:04.0860 0x0624 WANARP - ok
08:45:04.0876 0x0624 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:45:04.0903 0x0624 Wanarpv6 - ok
08:45:05.0024 0x0624 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:45:05.0078 0x0624 WatAdminSvc - ok
08:45:05.0154 0x0624 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
08:45:05.0217 0x0624 wbengine - ok
08:45:05.0264 0x0624 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:45:05.0294 0x0624 WbioSrvc - ok
08:45:05.0333 0x0624 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:45:05.0359 0x0624 wcncsvc - ok
08:45:05.0371 0x0624 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:45:05.0405 0x0624 WcsPlugInService - ok
08:45:05.0437 0x0624 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:45:05.0450 0x0624 Wd - ok
08:45:05.0500 0x0624 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:45:05.0526 0x0624 Wdf01000 - ok
08:45:05.0543 0x0624 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:45:05.0580 0x0624 WdiServiceHost - ok
08:45:05.0594 0x0624 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:45:05.0613 0x0624 WdiSystemHost - ok
08:45:05.0667 0x0624 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
08:45:05.0731 0x0624 WebClient - ok
08:45:05.0756 0x0624 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:45:05.0802 0x0624 Wecsvc - ok
08:45:05.0817 0x0624 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:45:05.0856 0x0624 wercplsupport - ok
08:45:05.0868 0x0624 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
08:45:05.0911 0x0624 WerSvc - ok
08:45:05.0940 0x0624 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:45:05.0973 0x0624 WfpLwf - ok
08:45:05.0988 0x0624 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:45:06.0000 0x0624 WIMMount - ok
08:45:06.0079 0x0624 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:45:06.0131 0x0624 WinDefend - ok
08:45:06.0138 0x0624 WinHttpAutoProxySvc - ok
08:45:06.0221 0x0624 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:45:06.0301 0x0624 Winmgmt - ok
08:45:06.0375 0x0624 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
08:45:06.0437 0x0624 WinRM - ok
08:45:06.0478 0x0624 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:45:06.0505 0x0624 WinUsb - ok
08:45:06.0569 0x0624 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:45:06.0609 0x0624 Wlansvc - ok
08:45:06.0716 0x0624 [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:45:06.0749 0x0624 wlcrasvc - ok
08:45:06.0864 0x0624 [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:45:06.0912 0x0624 wlidsvc - ok
08:45:06.0951 0x0624 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:45:06.0972 0x0624 WmiAcpi - ok
08:45:07.0029 0x0624 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:45:07.0072 0x0624 wmiApSrv - ok
08:45:07.0216 0x0624 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:45:07.0325 0x0624 WMPNetworkSvc - ok
08:45:07.0365 0x0624 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:45:07.0414 0x0624 WPCSvc - ok
08:45:07.0449 0x0624 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:45:07.0489 0x0624 WPDBusEnum - ok
08:45:07.0525 0x0624 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:45:07.0558 0x0624 ws2ifsl - ok
08:45:07.0575 0x0624 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
08:45:07.0598 0x0624 wscsvc - ok
08:45:07.0603 0x0624 WSearch - ok
08:45:07.0750 0x0624 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
08:45:07.0816 0x0624 wuauserv - ok
08:45:07.0858 0x0624 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:45:07.0878 0x0624 WudfPf - ok
08:45:07.0891 0x0624 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:45:07.0930 0x0624 WUDFRd - ok
08:45:07.0950 0x0624 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:45:07.0979 0x0624 wudfsvc - ok
08:45:08.0018 0x0624 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:45:08.0063 0x0624 WwanSvc - ok
08:45:08.0074 0x0624 ================ Scan global ===============================
08:45:08.0113 0x0624 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
08:45:08.0156 0x0624 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
08:45:08.0198 0x0624 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
08:45:08.0240 0x0624 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
08:45:08.0284 0x0624 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
08:45:08.0294 0x0624 [ Global ] - ok
08:45:08.0295 0x0624 ================ Scan MBR ==================================
08:45:08.0303 0x0624 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:45:08.0718 0x0624 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
08:45:08.0718 0x0624 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:45:11.0590 0x0624 ================ Scan VBR ==================================
08:45:11.0602 0x0624 [ 60AD8A8AA3221E06E720AB2972972C58 ] \Device\Harddisk0\DR0\Partition1
08:45:11.0603 0x0624 \Device\Harddisk0\DR0\Partition1 - ok
08:45:11.0625 0x0624 [ E2B0B34774576C57E471B4FE88918E8D ] \Device\Harddisk0\DR0\Partition2
08:45:11.0627 0x0624 \Device\Harddisk0\DR0\Partition2 - ok
08:45:11.0634 0x0624 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.3.219.0 ), 0x61000 ( enabled : updated )
08:45:11.0638 0x0624 Win FW state via NFP2: enabled
08:45:14.0458 0x0624 ============================================================
08:45:14.0458 0x0624 Scan finished
08:45:14.0458 0x0624 ============================================================
08:45:14.0467 0x1530 Detected object count: 1
08:45:14.0468 0x1530 Actual detected object count: 1
08:45:56.0192 0x1530 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:45:56.0192 0x1530 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:47:40.0505 0x11e8 ============================================================
08:47:40.0505 0x11e8 Scan started
08:47:40.0505 0x11e8 Mode: Manual; SigCheck; TDLFS;
08:47:40.0505 0x11e8 ============================================================
08:47:40.0505 0x11e8 KSN ping started
08:47:43.0377 0x11e8 KSN ping finished: true
08:47:43.0844 0x11e8 ================ Scan system memory ========================
08:47:43.0844 0x11e8 System memory - ok
08:47:43.0844 0x11e8 ================ Scan services =============================
08:47:44.0042 0x11e8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:47:44.0090 0x11e8 1394ohci - ok
08:47:44.0135 0x11e8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:47:44.0157 0x11e8 ACPI - ok
08:47:44.0195 0x11e8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:47:44.0210 0x11e8 AcpiPmi - ok
08:47:44.0317 0x11e8 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:47:44.0331 0x11e8 AdobeARMservice - ok
08:47:44.0383 0x11e8 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:47:44.0401 0x11e8 AdobeFlashPlayerUpdateSvc - ok
08:47:44.0449 0x11e8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:47:44.0471 0x11e8 adp94xx - ok
08:47:44.0497 0x11e8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:47:44.0515 0x11e8 adpahci - ok
08:47:44.0538 0x11e8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:47:44.0552 0x11e8 adpu320 - ok
08:47:44.0595 0x11e8 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:47:44.0611 0x11e8 AeLookupSvc - ok
08:47:44.0661 0x11e8 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
08:47:44.0683 0x11e8 AFD - ok
08:47:44.0726 0x11e8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
08:47:44.0762 0x11e8 agp440 - ok
08:47:44.0791 0x11e8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
08:47:44.0822 0x11e8 aic78xx - ok
08:47:44.0841 0x11e8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
08:47:44.0866 0x11e8 ALG - ok
08:47:44.0896 0x11e8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
08:47:44.0915 0x11e8 aliide - ok
08:47:44.0956 0x11e8 [ EBCCBCBF1DF132E4775E5D6E6DEA3ED0, 142A8C4D21BC4772C4B9E16A1EC8C82EB08CD3E8199D167D4F5F42A2BC415DE2 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:47:44.0986 0x11e8 AMD External Events Utility - ok
08:47:45.0002 0x11e8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:47:45.0016 0x11e8 amdagp - ok
08:47:45.0045 0x11e8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
08:47:45.0056 0x11e8 amdide - ok
08:47:45.0091 0x11e8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:47:45.0106 0x11e8 AmdK8 - ok
08:47:45.0504 0x11e8 [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:47:45.0715 0x11e8 amdkmdag - ok
08:47:45.0776 0x11e8 [ FB68E1B9CEC598F0F69503F3AEBB45DD, BCA3A89A7A570DAABB279ABF67E9DE889457BB2BFF586DB638AD419FF4DD14B2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:47:45.0837 0x11e8 amdkmdap - ok
08:47:45.0863 0x11e8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:47:45.0899 0x11e8 AmdPPM - ok
08:47:45.0932 0x11e8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:47:45.0953 0x11e8 amdsata - ok
08:47:45.0995 0x11e8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:47:46.0018 0x11e8 amdsbs - ok
08:47:46.0033 0x11e8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:47:46.0048 0x11e8 amdxata - ok
08:47:46.0083 0x11e8 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
08:47:46.0108 0x11e8 AppID - ok
08:47:46.0143 0x11e8 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:47:46.0167 0x11e8 AppIDSvc - ok
08:47:46.0205 0x11e8 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
08:47:46.0219 0x11e8 Appinfo - ok
08:47:46.0262 0x11e8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:47:46.0276 0x11e8 arc - ok
08:47:46.0291 0x11e8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:47:46.0305 0x11e8 arcsas - ok
08:47:46.0334 0x11e8 [ 3FCA5C1A8F33CF9857220CC3A3076A3E, 10160049A796031411F68984C8B0D21BD84F4433A0D71F2DCEC036647F8E0C6E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
08:47:46.0347 0x11e8 aswKbd - ok
08:47:46.0365 0x11e8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:47:46.0391 0x11e8 AsyncMac - ok
08:47:46.0418 0x11e8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
08:47:46.0431 0x11e8 atapi - ok
08:47:46.0712 0x11e8 [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:47:46.0925 0x11e8 atikmdag - ok
08:47:46.0994 0x11e8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:47:47.0030 0x11e8 AudioEndpointBuilder - ok
08:47:47.0052 0x11e8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:47:47.0088 0x11e8 Audiosrv - ok
08:47:47.0127 0x11e8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:47:47.0147 0x11e8 AxInstSV - ok
08:47:47.0205 0x11e8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
08:47:47.0274 0x11e8 b06bdrv - ok
08:47:47.0299 0x11e8 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
08:47:47.0330 0x11e8 b57nd60x - ok
08:47:47.0373 0x11e8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
08:47:47.0399 0x11e8 BDESVC - ok
08:47:47.0411 0x11e8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
08:47:47.0444 0x11e8 Beep - ok
08:47:47.0501 0x11e8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
08:47:47.0540 0x11e8 BFE - ok
08:47:47.0699 0x11e8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
08:47:47.0740 0x11e8 BITS - ok
08:47:47.0777 0x11e8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:47:47.0815 0x11e8 blbdrive - ok
08:47:47.0859 0x11e8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:47:47.0902 0x11e8 bowser - ok
08:47:47.0916 0x11e8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:47:47.0935 0x11e8 BrFiltLo - ok
08:47:47.0948 0x11e8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:47:47.0966 0x11e8 BrFiltUp - ok
08:47:48.0007 0x11e8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
08:47:48.0028 0x11e8 Browser - ok
08:47:48.0051 0x11e8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:47:48.0078 0x11e8 Brserid - ok
08:47:48.0093 0x11e8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:47:48.0110 0x11e8 BrSerWdm - ok
08:47:48.0126 0x11e8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:47:48.0143 0x11e8 BrUsbMdm - ok
08:47:48.0167 0x11e8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:47:48.0181 0x11e8 BrUsbSer - ok
08:47:48.0206 0x11e8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:47:48.0222 0x11e8 BTHMODEM - ok
08:47:48.0286 0x11e8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
08:47:48.0314 0x11e8 bthserv - ok
08:47:48.0339 0x11e8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:47:48.0367 0x11e8 cdfs - ok
08:47:48.0407 0x11e8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:47:48.0423 0x11e8 cdrom - ok
08:47:48.0456 0x11e8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
08:47:48.0481 0x11e8 CertPropSvc - ok
08:47:48.0501 0x11e8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:47:48.0518 0x11e8 circlass - ok
08:47:48.0557 0x11e8 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
08:47:48.0575 0x11e8 CLFS - ok
08:47:48.0664 0x11e8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:47:48.0701 0x11e8 clr_optimization_v2.0.50727_32 - ok
08:47:48.0766 0x11e8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:47:48.0787 0x11e8 clr_optimization_v4.0.30319_32 - ok
08:47:48.0822 0x11e8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:47:48.0836 0x11e8 CmBatt - ok
08:47:48.0876 0x11e8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:47:48.0888 0x11e8 cmdide - ok
08:47:48.0930 0x11e8 [ 42F158036BD4C2FF3122BF142E60E6FD, BE7671C6FCE488A625DBA4F4F507664A12A31CF5CA564CC38E4C05FD8A86FB5D ] CNG C:\Windows\system32\Drivers\cng.sys
08:47:48.0955 0x11e8 CNG - ok
08:47:48.0971 0x11e8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:47:48.0983 0x11e8 Compbatt - ok
08:47:49.0017 0x11e8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:47:49.0033 0x11e8 CompositeBus - ok
08:47:49.0038 0x11e8 COMSysApp - ok
08:47:49.0057 0x11e8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:47:49.0069 0x11e8 crcdisk - ok
08:47:49.0116 0x11e8 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:47:49.0132 0x11e8 CryptSvc - ok
08:47:49.0180 0x11e8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
08:47:49.0215 0x11e8 DcomLaunch - ok
08:47:49.0269 0x11e8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
08:47:49.0348 0x11e8 defragsvc - ok
08:47:49.0380 0x11e8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:47:49.0410 0x11e8 DfsC - ok
08:47:49.0455 0x11e8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:47:49.0477 0x11e8 Dhcp - ok
08:47:49.0520 0x11e8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
08:47:49.0549 0x11e8 discache - ok
08:47:49.0563 0x11e8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:47:49.0576 0x11e8 Disk - ok
08:47:49.0615 0x11e8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:47:49.0632 0x11e8 Dnscache - ok
08:47:49.0667 0x11e8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
08:47:49.0698 0x11e8 dot3svc - ok
08:47:49.0738 0x11e8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
08:47:49.0766 0x11e8 DPS - ok
08:47:49.0778 0x11e8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:47:49.0792 0x11e8 drmkaud - ok
08:47:49.0846 0x11e8 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:47:49.0874 0x11e8 DXGKrnl - ok
08:47:49.0916 0x11e8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
08:47:49.0997 0x11e8 EapHost - ok
08:47:50.0139 0x11e8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
08:47:50.0231 0x11e8 ebdrv - ok
08:47:50.0278 0x11e8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS C:\Windows\System32\lsass.exe
08:47:50.0293 0x11e8 EFS - ok
08:47:50.0366 0x11e8 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:47:50.0394 0x11e8 ehRecvr - ok
08:47:50.0432 0x11e8 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
08:47:50.0448 0x11e8 ehSched - ok
08:47:50.0493 0x11e8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:47:50.0514 0x11e8 elxstor - ok
08:47:50.0542 0x11e8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:47:50.0557 0x11e8 ErrDev - ok
08:47:50.0614 0x11e8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
08:47:50.0702 0x11e8 EventSystem - ok
08:47:50.0725 0x11e8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
08:47:50.0766 0x11e8 exfat - ok
08:47:50.0784 0x11e8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:47:50.0814 0x11e8 fastfat - ok
08:47:50.0867 0x11e8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
08:47:50.0894 0x11e8 Fax - ok
08:47:50.0912 0x11e8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:47:50.0925 0x11e8 fdc - ok
08:47:50.0960 0x11e8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
08:47:50.0986 0x11e8 fdPHost - ok
08:47:51.0000 0x11e8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
08:47:51.0027 0x11e8 FDResPub - ok
08:47:51.0036 0x11e8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:47:51.0070 0x11e8 FileInfo - ok
08:47:51.0094 0x11e8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:47:51.0121 0x11e8 Filetrace - ok
08:47:51.0171 0x11e8 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:47:51.0199 0x11e8 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
08:47:51.0199 0x11e8 Detect skipped due to KSN trusted
08:47:51.0200 0x11e8 FLEXnet Licensing Service - ok
08:47:51.0231 0x11e8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:47:51.0246 0x11e8 flpydisk - ok
08:47:51.0262 0x11e8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:47:51.0279 0x11e8 FltMgr - ok
08:47:51.0379 0x11e8 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
08:47:51.0454 0x11e8 FontCache - ok
08:47:51.0538 0x11e8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:47:51.0555 0x11e8 FontCache3.0.0.0 - ok
08:47:51.0594 0x11e8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:47:51.0606 0x11e8 FsDepends - ok
08:47:51.0637 0x11e8 [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:47:51.0649 0x11e8 fssfltr - ok
08:47:51.0749 0x11e8 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:47:51.0791 0x11e8 fsssvc - ok
08:47:51.0824 0x11e8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:47:51.0836 0x11e8 Fs_Rec - ok
08:47:51.0875 0x11e8 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:47:51.0892 0x11e8 fvevol - ok
08:47:51.0926 0x11e8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:47:51.0939 0x11e8 gagp30kx - ok
08:47:51.0986 0x11e8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
08:47:52.0025 0x11e8 gpsvc - ok
08:47:52.0147 0x11e8 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:47:52.0173 0x11e8 gupdate - ok
08:47:52.0194 0x11e8 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:47:52.0213 0x11e8 gupdatem - ok
08:47:52.0235 0x11e8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:47:52.0257 0x11e8 hcw85cir - ok
08:47:52.0308 0x11e8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:47:52.0345 0x11e8 HdAudAddService - ok
08:47:52.0361 0x11e8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:47:52.0379 0x11e8 HDAudBus - ok
08:47:52.0391 0x11e8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:47:52.0406 0x11e8 HidBatt - ok
08:47:52.0417 0x11e8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:47:52.0435 0x11e8 HidBth - ok
08:47:52.0451 0x11e8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:47:52.0467 0x11e8 HidIr - ok
08:47:52.0500 0x11e8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
08:47:52.0527 0x11e8 hidserv - ok
08:47:52.0546 0x11e8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:47:52.0561 0x11e8 HidUsb - ok
08:47:52.0605 0x11e8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
08:47:52.0631 0x11e8 hkmsvc - ok
08:47:52.0669 0x11e8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:47:52.0722 0x11e8 HomeGroupListener - ok
08:47:52.0775 0x11e8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:47:52.0811 0x11e8 HomeGroupProvider - ok
08:47:52.0850 0x11e8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:47:52.0868 0x11e8 HpSAMD - ok
08:47:52.0921 0x11e8 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:47:52.0958 0x11e8 HTTP - ok
08:47:52.0997 0x11e8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:47:53.0008 0x11e8 hwpolicy - ok
08:47:53.0045 0x11e8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:47:53.0061 0x11e8 i8042prt - ok
08:47:53.0091 0x11e8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:47:53.0111 0x11e8 iaStorV - ok
08:47:53.0153 0x11e8 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:47:53.0161 0x11e8 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
08:47:53.0161 0x11e8 Detect skipped due to KSN trusted
08:47:53.0161 0x11e8 IDriverT - ok
08:47:53.0333 0x11e8 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:47:53.0366 0x11e8 idsvc - ok
08:47:53.0395 0x11e8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:47:53.0410 0x11e8 iirsp - ok
08:47:53.0492 0x11e8 [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
08:47:53.0507 0x11e8 IJPLMSVC - ok
08:47:53.0570 0x11e8 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT C:\Windows\System32\ikeext.dll
08:47:53.0612 0x11e8 IKEEXT - ok
08:47:53.0653 0x11e8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
08:47:53.0665 0x11e8 intelide - ok
08:47:53.0680 0x11e8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:47:53.0695 0x11e8 intelppm - ok
08:47:53.0725 0x11e8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:47:53.0752 0x11e8 IPBusEnum - ok
08:47:53.0771 0x11e8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:47:53.0799 0x11e8 IpFilterDriver - ok
08:47:53.0866 0x11e8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:47:53.0936 0x11e8 iphlpsvc - ok
08:47:53.0975 0x11e8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:47:53.0994 0x11e8 IPMIDRV - ok
08:47:54.0022 0x11e8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:47:54.0056 0x11e8 IPNAT - ok
08:47:54.0076 0x11e8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:47:54.0093 0x11e8 IRENUM - ok
08:47:54.0126 0x11e8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:47:54.0139 0x11e8 isapnp - ok
08:47:54.0159 0x11e8 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:47:54.0175 0x11e8 iScsiPrt - ok
08:47:54.0182 0x11e8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:47:54.0195 0x11e8 kbdclass - ok
08:47:54.0212 0x11e8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:47:54.0227 0x11e8 kbdhid - ok
08:47:54.0243 0x11e8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso C:\Windows\system32\lsass.exe
08:47:54.0257 0x11e8 KeyIso - ok
08:47:54.0296 0x11e8 [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:47:54.0309 0x11e8 KSecDD - ok
08:47:54.0356 0x11e8 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35, CD50885B37F66EFEAE82158EC78AE1D0B58D1F6901E16A1B27D061DE266A09EF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:47:54.0400 0x11e8 KSecPkg - ok
08:47:54.0459 0x11e8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:47:54.0510 0x11e8 KtmRm - ok
08:47:54.0528 0x11e8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:47:54.0566 0x11e8 LanmanServer - ok
08:47:54.0607 0x11e8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:47:54.0635 0x11e8 LanmanWorkstation - ok
08:47:54.0671 0x11e8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:47:54.0698 0x11e8 lltdio - ok
08:47:54.0744 0x11e8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:47:54.0774 0x11e8 lltdsvc - ok
08:47:54.0782 0x11e8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:47:54.0807 0x11e8 lmhosts - ok
08:47:54.0830 0x11e8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:47:54.0843 0x11e8 LSI_FC - ok
08:47:54.0863 0x11e8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:47:54.0875 0x11e8 LSI_SAS - ok
08:47:54.0895 0x11e8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:47:54.0908 0x11e8 LSI_SAS2 - ok
08:47:54.0924 0x11e8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:47:54.0939 0x11e8 LSI_SCSI - ok
08:47:54.0956 0x11e8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
08:47:54.0983 0x11e8 luafv - ok
08:47:55.0018 0x11e8 [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
08:47:55.0029 0x11e8 LVPr2Mon - ok
08:47:55.0114 0x11e8 [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:47:55.0152 0x11e8 LVPrcSrv - ok
08:47:55.0204 0x11e8 [ 87ECCE893D8AEC5A9337B917742D339C, C5D5B4D0C4F206B67EF68D7D691B36A0249E7B41AE7DFD8445298A0F66A374A6 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
08:47:55.0222 0x11e8 LVRS - ok
08:47:55.0245 0x11e8 [ 23F8EF78BB9553E465A476F3CEE5CA18, 22E19B9F16EC555CCA091841711C8D1938F7EBCD8C6AC82E77375AE5EA96610C ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
08:47:55.0257 0x11e8 LVUSBSta - ok
08:47:55.0297 0x11e8 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:47:55.0318 0x11e8 Mcx2Svc - ok
08:47:55.0356 0x11e8 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:47:55.0371 0x11e8 megasas - ok
08:47:55.0395 0x11e8 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:47:55.0416 0x11e8 MegaSR - ok
08:47:55.0474 0x11e8 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:47:55.0486 0x11e8 Microsoft Office Groove Audit Service - ok
08:47:55.0524 0x11e8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
08:47:55.0552 0x11e8 MMCSS - ok
08:47:55.0571 0x11e8 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
08:47:55.0597 0x11e8 Modem - ok
08:47:55.0633 0x11e8 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:47:55.0649 0x11e8 monitor - ok
08:47:55.0682 0x11e8 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:47:55.0695 0x11e8 mouclass - ok
08:47:55.0735 0x11e8 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:47:55.0775 0x11e8 mouhid - ok
08:47:55.0824 0x11e8 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:47:55.0856 0x11e8 mountmgr - ok
08:47:55.0908 0x11e8 [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:47:55.0932 0x11e8 MpFilter - ok
08:47:55.0957 0x11e8 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
08:47:55.0971 0x11e8 mpio - ok
08:47:56.0083 0x11e8 MpKsl7957ead6 - ok
08:47:56.0114 0x11e8 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:47:56.0139 0x11e8 mpsdrv - ok
08:47:56.0201 0x11e8 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:47:56.0240 0x11e8 MpsSvc - ok
08:47:56.0271 0x11e8 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:47:56.0288 0x11e8 MRxDAV - ok
08:47:56.0322 0x11e8 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:47:56.0338 0x11e8 mrxsmb - ok
08:47:56.0384 0x11e8 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:47:56.0404 0x11e8 mrxsmb10 - ok
08:47:56.0416 0x11e8 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:47:56.0432 0x11e8 mrxsmb20 - ok
08:47:56.0474 0x11e8 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
08:47:56.0486 0x11e8 msahci - ok
08:47:56.0524 0x11e8 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:47:56.0538 0x11e8 msdsm - ok
08:47:56.0584 0x11e8 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
08:47:56.0636 0x11e8 MSDTC - ok
08:47:56.0691 0x11e8 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:47:56.0724 0x11e8 Msfs - ok
08:47:56.0732 0x11e8 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:47:56.0762 0x11e8 mshidkmdf - ok
08:47:56.0801 0x11e8 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:47:56.0813 0x11e8 msisadrv - ok
08:47:56.0850 0x11e8 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:47:56.0877 0x11e8 MSiSCSI - ok
08:47:56.0883 0x11e8 msiserver - ok
08:47:56.0901 0x11e8 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:47:56.0926 0x11e8 MSKSSRV - ok
08:47:56.0989 0x11e8 [ 0A7F86657755ADA92C57E597BF5151F7, E226DFF12C4930DF1D0F1D2E7CE7BFFDF62F6DC402200EEFE196D14172A59B63 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:47:57.0002 0x11e8 MsMpSvc - ok
08:47:57.0020 0x11e8 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:47:57.0045 0x11e8 MSPCLOCK - ok
08:47:57.0055 0x11e8 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:47:57.0081 0x11e8 MSPQM - ok
08:47:57.0104 0x11e8 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:47:57.0121 0x11e8 MsRPC - ok
08:47:57.0158 0x11e8 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:47:57.0169 0x11e8 mssmbios - ok
08:47:57.0208 0x11e8 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:47:57.0233 0x11e8 MSTEE - ok
08:47:57.0246 0x11e8 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:47:57.0259 0x11e8 MTConfig - ok
08:47:57.0279 0x11e8 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
08:47:57.0291 0x11e8 Mup - ok
08:47:57.0338 0x11e8 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
08:47:57.0373 0x11e8 napagent - ok
08:47:57.0423 0x11e8 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:47:57.0488 0x11e8 NativeWifiP - ok
08:47:57.0557 0x11e8 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:47:57.0591 0x11e8 NDIS - ok
08:47:57.0605 0x11e8 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:47:57.0632 0x11e8 NdisCap - ok
08:47:57.0652 0x11e8 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:47:57.0676 0x11e8 NdisTapi - ok
08:47:57.0714 0x11e8 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:47:57.0739 0x11e8 Ndisuio - ok
08:47:57.0776 0x11e8 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:47:57.0803 0x11e8 NdisWan - ok
08:47:57.0847 0x11e8 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:47:57.0873 0x11e8 NDProxy - ok
08:47:57.0909 0x11e8 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:47:57.0934 0x11e8 NetBIOS - ok
08:47:57.0972 0x11e8 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:47:58.0000 0x11e8 NetBT - ok
08:47:58.0016 0x11e8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon C:\Windows\system32\lsass.exe
08:47:58.0031 0x11e8 Netlogon - ok
08:47:58.0086 0x11e8 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
08:47:58.0174 0x11e8 Netman - ok
08:47:58.0207 0x11e8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
08:47:58.0259 0x11e8 netprofm - ok
08:47:58.0316 0x11e8 [ 370887E0E0DBD2B31164EDADB95C99DF, 0BBAF19DAA9A186B5857FD2D04876AD34FF62AB6933AE55E51B828C45F4CC97C ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
08:47:58.0348 0x11e8 netr28u - ok
08:47:58.0382 0x11e8 [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:47:58.0396 0x11e8 NetTcpPortSharing - ok
08:47:58.0438 0x11e8 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:47:58.0451 0x11e8 nfrd960 - ok
08:47:58.0487 0x11e8 [ C58DB40E4C95BE8EE727BE872BE6383F, D64AFF36EAA058880E7144E9BB122C01302DB6783DB725CD3810DDDA47336C0F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:47:58.0502 0x11e8 NisDrv - ok
08:47:58.0536 0x11e8 [ 249D12488F9EE43B0D812C87335E0EF2, 2B96C5E4DA36917B25AEFAC517A1CF987A506A56ECC117C4BA40207AF064FF71 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
08:47:58.0557 0x11e8 NisSrv - ok
08:47:58.0595 0x11e8 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:47:58.0616 0x11e8 NlaSvc - ok
08:47:58.0639 0x11e8 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:47:58.0665 0x11e8 Npfs - ok
08:47:58.0702 0x11e8 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
08:47:58.0778 0x11e8 nsi - ok
08:47:58.0826 0x11e8 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:47:58.0857 0x11e8 nsiproxy - ok
08:47:58.0933 0x11e8 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:47:58.0974 0x11e8 Ntfs - ok
08:47:58.0987 0x11e8 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
08:47:59.0012 0x11e8 Null - ok
08:47:59.0033 0x11e8 [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
08:47:59.0055 0x11e8 NVENETFD - ok
08:47:59.0061 0x11e8 nvlddmkm - ok
08:47:59.0083 0x11e8 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:47:59.0098 0x11e8 nvraid - ok
08:47:59.0136 0x11e8 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:47:59.0151 0x11e8 nvstor - ok
08:47:59.0182 0x11e8 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:47:59.0197 0x11e8 nv_agp - ok
08:47:59.0326 0x11e8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:47:59.0371 0x11e8 odserv - ok
08:47:59.0383 0x11e8 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:47:59.0402 0x11e8 ohci1394 - ok
08:47:59.0444 0x11e8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:47:59.0459 0x11e8 ose - ok
08:47:59.0512 0x11e8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:47:59.0538 0x11e8 p2pimsvc - ok
08:47:59.0556 0x11e8 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
08:47:59.0580 0x11e8 p2psvc - ok
08:47:59.0618 0x11e8 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:47:59.0633 0x11e8 Parport - ok
08:47:59.0666 0x11e8 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:47:59.0678 0x11e8 partmgr - ok
08:47:59.0691 0x11e8 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:47:59.0705 0x11e8 Parvdm - ok
08:47:59.0718 0x11e8 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:47:59.0740 0x11e8 PcaSvc - ok
08:47:59.0775 0x11e8 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
08:47:59.0790 0x11e8 pci - ok
08:47:59.0826 0x11e8 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
08:47:59.0837 0x11e8 pciide - ok
08:47:59.0858 0x11e8 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:47:59.0874 0x11e8 pcmcia - ok
08:47:59.0892 0x11e8 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
08:47:59.0905 0x11e8 pcw - ok
08:47:59.0933 0x11e8 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:47:59.0973 0x11e8 PEAUTH - ok
08:48:00.0010 0x11e8 [ B20F958B207E6AAAC5F70D04DD2C30D8, 5572A45B0327AD72E78CFD541433BBBB54358115019FEFB324607A4F21818959 ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
08:48:00.0020 0x11e8 pepifilter - ok
08:48:00.0210 0x11e8 [ DD184D9ADFE2A8A21741DBDFE9E22F5C, 0C22966973246248FD15A6C192AA1B731D018B4FDF1BD97FE9AA67A746C9440C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
08:48:00.0287 0x11e8 PID_PEPI - ok
08:48:00.0366 0x11e8 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
08:48:00.0430 0x11e8 pla - ok
08:48:00.0478 0x11e8 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:48:00.0500 0x11e8 PlugPlay - ok
08:48:00.0534 0x11e8 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:48:00.0549 0x11e8 PNRPAutoReg - ok
08:48:00.0586 0x11e8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:48:00.0608 0x11e8 PNRPsvc - ok
08:48:00.0634 0x11e8 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:48:00.0668 0x11e8 PolicyAgent - ok
08:48:00.0686 0x11e8 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
08:48:00.0714 0x11e8 Power - ok
08:48:00.0746 0x11e8 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:48:00.0773 0x11e8 PptpMiniport - ok
08:48:00.0786 0x11e8 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:48:00.0801 0x11e8 Processor - ok
08:48:00.0837 0x11e8 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:48:00.0857 0x11e8 ProfSvc - ok
08:48:00.0865 0x11e8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
08:48:00.0879 0x11e8 ProtectedStorage - ok
08:48:00.0903 0x11e8 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:48:00.0932 0x11e8 Psched - ok
08:48:01.0000 0x11e8 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:48:01.0041 0x11e8 ql2300 - ok
08:48:01.0062 0x11e8 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:48:01.0076 0x11e8 ql40xx - ok
08:48:01.0116 0x11e8 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
08:48:01.0138 0x11e8 QWAVE - ok
08:48:01.0155 0x11e8 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:48:01.0172 0x11e8 QWAVEdrv - ok
08:48:01.0270 0x11e8 [ B5909D985716A9CD8B75C12D6581426D, C8FF9936C77A840A9E3AB5D7393C4F142BA7DD3B542228B2A0DB85B732A4BFFB ] RapportCerberus_56758 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys
08:48:01.0319 0x11e8 RapportCerberus_56758 - ok
08:48:01.0427 0x11e8 [ A0F0C41EE3F367CF71B9A50388E77CFA, 7B08B0A725C26EFE4351707704775474B41FD2BC59F0BAC36ADFA0CC2D336C4A ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
08:48:01.0450 0x11e8 RapportEI - ok
08:48:01.0468 0x11e8 [ 7E2C84E45379406B74117D86C40048DA, A359953A2C1E7C5DEEF8E8D5082425C04064661B5D37ADAE6A3FD5CCDC4D3E5C ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
08:48:01.0482 0x11e8 RapportKELL - ok
08:48:01.0558 0x11e8 [ 96759B4647AC26E2FA9F8D256700B5DC, 6E8C0B42D2F0D0AAF4F3013AE25357D23EF796AEDA8DCD71C19113165168C1EF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
08:48:01.0599 0x11e8 RapportMgmtService - ok
08:48:01.0637 0x11e8 [ 21FD14972C7E0DE6966463F823F97881, F5C863E711B54B0EDD26E907495A793077D980AA16F824AB9B4B74060C544ACF ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
08:48:01.0653 0x11e8 RapportPG - ok
08:48:01.0666 0x11e8 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:48:01.0693 0x11e8 RasAcd - ok
08:48:01.0725 0x11e8 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:48:01.0751 0x11e8 RasAgileVpn - ok
08:48:01.0772 0x11e8 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
08:48:01.0803 0x11e8 RasAuto - ok
08:48:01.0814 0x11e8 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:48:01.0841 0x11e8 Rasl2tp - ok
08:48:01.0895 0x11e8 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
08:48:01.0978 0x11e8 RasMan - ok
08:48:01.0994 0x11e8 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:48:02.0025 0x11e8 RasPppoe - ok
08:48:02.0069 0x11e8 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:48:02.0098 0x11e8 RasSstp - ok
08:48:02.0141 0x11e8 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:48:02.0175 0x11e8 rdbss - ok
08:48:02.0194 0x11e8 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:48:02.0209 0x11e8 rdpbus - ok
08:48:02.0249 0x11e8 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:48:02.0273 0x11e8 RDPCDD - ok
08:48:02.0286 0x11e8 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:48:02.0310 0x11e8 RDPENCDD - ok
08:48:02.0321 0x11e8 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:48:02.0346 0x11e8 RDPREFMP - ok
08:48:02.0384 0x11e8 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:48:02.0398 0x11e8 RdpVideoMiniport - ok
08:48:02.0437 0x11e8 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:48:02.0455 0x11e8 RDPWD - ok
08:48:02.0494 0x11e8 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:48:02.0509 0x11e8 rdyboost - ok
08:48:02.0567 0x11e8 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:48:02.0636 0x11e8 RemoteAccess - ok
08:48:02.0670 0x11e8 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:48:02.0704 0x11e8 RemoteRegistry - ok
08:48:02.0743 0x11e8 [ 32D6AB810537CE38CBFFE04ED9F6709A, DD3FA382517CE18D490BD2D95A65DC6873A3BC41DABC53BBD41BAFBCFC85C652 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
08:48:02.0756 0x11e8 RimVSerPort - ok
08:48:02.0791 0x11e8 [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
08:48:02.0821 0x11e8 ROOTMODEM - ok
08:48:02.0839 0x11e8 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:48:02.0872 0x11e8 RpcEptMapper - ok
08:48:02.0911 0x11e8 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
08:48:02.0928 0x11e8 RpcLocator - ok
08:48:03.0020 0x11e8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
08:48:03.0083 0x11e8 RpcSs - ok
08:48:03.0097 0x11e8 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:48:03.0133 0x11e8 rspndr - ok
08:48:03.0147 0x11e8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs C:\Windows\system32\lsass.exe
08:48:03.0163 0x11e8 SamSs - ok
08:48:03.0182 0x11e8 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:48:03.0196 0x11e8 sbp2port - ok
08:48:03.0229 0x11e8 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:48:03.0257 0x11e8 SCardSvr - ok
08:48:03.0289 0x11e8 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:48:03.0314 0x11e8 scfilter - ok
08:48:03.0369 0x11e8 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
08:48:03.0415 0x11e8 Schedule - ok
08:48:03.0449 0x11e8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:48:03.0474 0x11e8 SCPolicySvc - ok
08:48:03.0489 0x11e8 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:48:03.0514 0x11e8 SDRSVC - ok
08:48:03.0558 0x11e8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:48:03.0627 0x11e8 secdrv - ok
08:48:03.0667 0x11e8 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
08:48:03.0710 0x11e8 seclogon - ok
08:48:03.0726 0x11e8 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
08:48:03.0773 0x11e8 SENS - ok
08:48:03.0810 0x11e8 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:48:03.0825 0x11e8 SensrSvc - ok
08:48:03.0833 0x11e8 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:48:03.0848 0x11e8 Serenum - ok
08:48:03.0879 0x11e8 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:48:03.0895 0x11e8 Serial - ok
08:48:03.0915 0x11e8 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:48:03.0929 0x11e8 sermouse - ok
08:48:03.0974 0x11e8 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
08:48:04.0002 0x11e8 SessionEnv - ok
08:48:04.0035 0x11e8 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:48:04.0050 0x11e8 sffdisk - ok
08:48:04.0065 0x11e8 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:48:04.0081 0x11e8 sffp_mmc - ok
08:48:04.0085 0x11e8 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:48:04.0101 0x11e8 sffp_sd - ok
08:48:04.0133 0x11e8 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:48:04.0147 0x11e8 sfloppy - ok
08:48:04.0187 0x11e8 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:48:04.0221 0x11e8 SharedAccess - ok
08:48:04.0266 0x11e8 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:48:04.0300 0x11e8 ShellHWDetection - ok
08:48:04.0322 0x11e8 [ C16173316918A1360DC22947C4FF6352, 9ABEA840494E880654E8979B582E2FD70CF8BDEBF526A678555AB5E94375B5FB ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
08:48:04.0334 0x11e8 silabenm - ok
08:48:04.0349 0x11e8 [ 4569C7774FDE5029A422B1431DAECB90, 14D325ADCD4495BD2C1F3A4DC51C31C0A310F49BF8D792F3A327F1D5CB9530AF ] silabser C:\Windows\system32\DRIVERS\silabser.sys
08:48:04.0363 0x11e8 silabser - ok
08:48:04.0383 0x11e8 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:48:04.0396 0x11e8 sisagp - ok
08:48:04.0426 0x11e8 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:48:04.0438 0x11e8 SiSRaid2 - ok
08:48:04.0455 0x11e8 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:48:04.0468 0x11e8 SiSRaid4 - ok
08:48:04.0513 0x11e8 [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:48:04.0528 0x11e8 SkypeUpdate - ok
08:48:04.0542 0x11e8 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:48:04.0570 0x11e8 Smb - ok
08:48:04.0609 0x11e8 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:48:04.0642 0x11e8 SNMPTRAP - ok
08:48:04.0654 0x11e8 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
08:48:04.0690 0x11e8 spldr - ok
08:48:04.0740 0x11e8 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
08:48:04.0768 0x11e8 Spooler - ok
08:48:04.0911 0x11e8 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
08:48:05.0017 0x11e8 sppsvc - ok
08:48:05.0062 0x11e8 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:48:05.0088 0x11e8 sppuinotify - ok
08:48:05.0132 0x11e8 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:48:05.0154 0x11e8 srv - ok
08:48:05.0198 0x11e8 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:48:05.0219 0x11e8 srv2 - ok
08:48:05.0230 0x11e8 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:48:05.0247 0x11e8 srvnet - ok
08:48:05.0280 0x11e8 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:48:05.0311 0x11e8 SSDPSRV - ok
08:48:05.0326 0x11e8 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:48:05.0353 0x11e8 SstpSvc - ok
08:48:05.0381 0x11e8 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:48:05.0394 0x11e8 stexstor - ok
08:48:05.0437 0x11e8 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
08:48:05.0467 0x11e8 StiSvc - ok
08:48:05.0501 0x11e8 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
08:48:05.0513 0x11e8 swenum - ok
08:48:05.0532 0x11e8 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
08:48:05.0567 0x11e8 swprv - ok
08:48:05.0631 0x11e8 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
08:48:05.0679 0x11e8 SysMain - ok
08:48:05.0716 0x11e8 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
08:48:05.0736 0x11e8 TabletInputService - ok
08:48:05.0776 0x11e8 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
08:48:05.0809 0x11e8 TapiSrv - ok
08:48:05.0848 0x11e8 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
08:48:05.0928 0x11e8 TBS - ok
08:48:06.0021 0x11e8 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:48:06.0061 0x11e8 Tcpip - ok
08:48:06.0113 0x11e8 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:48:06.0153 0x11e8 TCPIP6 - ok
08:48:06.0199 0x11e8 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:48:06.0212 0x11e8 tcpipreg - ok
08:48:06.0255 0x11e8 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:48:06.0269 0x11e8 TDPIPE - ok
08:48:06.0305 0x11e8 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:48:06.0319 0x11e8 TDTCP - ok
08:48:06.0356 0x11e8 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:48:06.0432 0x11e8 tdx - ok
08:48:06.0464 0x11e8 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:48:06.0482 0x11e8 TermDD - ok
08:48:06.0537 0x11e8 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
08:48:06.0583 0x11e8 TermService - ok
08:48:06.0618 0x11e8 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
08:48:06.0636 0x11e8 Themes - ok
08:48:06.0661 0x11e8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
08:48:06.0689 0x11e8 THREADORDER - ok
08:48:06.0718 0x11e8 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
08:48:06.0748 0x11e8 TrkWks - ok
08:48:06.0815 0x11e8 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:48:06.0844 0x11e8 TrustedInstaller - ok
08:48:06.0884 0x11e8 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:48:06.0899 0x11e8 tssecsrv - ok
08:48:06.0935 0x11e8 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:48:06.0950 0x11e8 TsUsbFlt - ok
08:48:06.0969 0x11e8 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:48:06.0996 0x11e8 tunnel - ok
08:48:07.0030 0x11e8 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:48:07.0042 0x11e8 uagp35 - ok
08:48:07.0087 0x11e8 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:48:07.0118 0x11e8 udfs - ok
08:48:07.0154 0x11e8 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:48:07.0170 0x11e8 UI0Detect - ok
08:48:07.0206 0x11e8 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:48:07.0218 0x11e8 uliagpkx - ok
08:48:07.0237 0x11e8 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
08:48:07.0251 0x11e8 umbus - ok
08:48:07.0268 0x11e8 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:48:07.0282 0x11e8 UmPass - ok
08:48:07.0306 0x11e8 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
08:48:07.0340 0x11e8 upnphost - ok
08:48:07.0381 0x11e8 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:48:07.0397 0x11e8 usbaudio - ok
08:48:07.0431 0x11e8 [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:48:07.0476 0x11e8 usbccgp - ok
08:48:07.0523 0x11e8 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:48:07.0563 0x11e8 usbcir - ok
08:48:07.0582 0x11e8 [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:48:07.0602 0x11e8 usbehci - ok
08:48:07.0623 0x11e8 [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:48:07.0648 0x11e8 usbhub - ok
08:48:07.0664 0x11e8 [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:48:07.0677 0x11e8 usbohci - ok
08:48:07.0708 0x11e8 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:48:07.0723 0x11e8 usbprint - ok
08:48:07.0757 0x11e8 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
08:48:07.0771 0x11e8 usbscan - ok
08:48:07.0785 0x11e8 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:48:07.0801 0x11e8 USBSTOR - ok
08:48:07.0836 0x11e8 [ FC43C9C666A1F5F288091BF2140ADA59, F3F7950B97046E6A8DBA676C764C74F438F69781CC447C6D2F0CB658AB7D256E ] usbUDisc C:\Windows\system32\DRIVERS\USBDrv.sys
08:48:07.0847 0x11e8 usbUDisc - ok
08:48:07.0867 0x11e8 [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:48:07.0880 0x11e8 usbuhci - ok
08:48:07.0914 0x11e8 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
08:48:07.0940 0x11e8 UxSms - ok
08:48:07.0953 0x11e8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc C:\Windows\system32\lsass.exe
08:48:07.0967 0x11e8 VaultSvc - ok
08:48:07.0979 0x11e8 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:48:07.0992 0x11e8 vdrvroot - ok
08:48:08.0055 0x11e8 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
08:48:08.0143 0x11e8 vds - ok
08:48:08.0175 0x11e8 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:48:08.0200 0x11e8 vga - ok
08:48:08.0208 0x11e8 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:48:08.0235 0x11e8 VgaSave - ok
08:48:08.0272 0x11e8 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:48:08.0288 0x11e8 vhdmp - ok
08:48:08.0301 0x11e8 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:48:08.0314 0x11e8 viaagp - ok
08:48:08.0335 0x11e8 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
08:48:08.0350 0x11e8 ViaC7 - ok
08:48:08.0385 0x11e8 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
08:48:08.0397 0x11e8 viaide - ok
08:48:08.0406 0x11e8 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:48:08.0418 0x11e8 volmgr - ok
08:48:08.0439 0x11e8 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:48:08.0458 0x11e8 volmgrx - ok
08:48:08.0474 0x11e8 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:48:08.0492 0x11e8 volsnap - ok
08:48:08.0501 0x11e8 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:48:08.0516 0x11e8 vsmraid - ok
08:48:08.0625 0x11e8 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
08:48:08.0718 0x11e8 VSS - ok
08:48:08.0738 0x11e8 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:48:08.0757 0x11e8 vwifibus - ok
08:48:08.0793 0x11e8 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:48:08.0812 0x11e8 vwififlt - ok
08:48:08.0857 0x11e8 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
08:48:08.0891 0x11e8 W32Time - ok
08:48:08.0908 0x11e8 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:48:08.0921 0x11e8 WacomPen - ok
08:48:08.0935 0x11e8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:48:08.0961 0x11e8 WANARP - ok
08:48:08.0968 0x11e8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:48:08.0994 0x11e8 Wanarpv6 - ok
08:48:09.0122 0x11e8 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:48:09.0192 0x11e8 WatAdminSvc - ok
08:48:09.0277 0x11e8 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
08:48:09.0328 0x11e8 wbengine - ok
08:48:09.0373 0x11e8 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:48:09.0394 0x11e8 WbioSrvc - ok
08:48:09.0433 0x11e8 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:48:09.0458 0x11e8 wcncsvc - ok
08:48:09.0470 0x11e8 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:48:09.0487 0x11e8 WcsPlugInService - ok
08:48:09.0521 0x11e8 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:48:09.0533 0x11e8 Wd - ok
08:48:09.0583 0x11e8 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:48:09.0609 0x11e8 Wdf01000 - ok
08:48:09.0627 0x11e8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:48:09.0646 0x11e8 WdiServiceHost - ok
08:48:09.0661 0x11e8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:48:09.0679 0x11e8 WdiSystemHost - ok
08:48:09.0721 0x11e8 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
08:48:09.0741 0x11e8 WebClient - ok
08:48:09.0755 0x11e8 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:48:09.0787 0x11e8 Wecsvc - ok
08:48:09.0800 0x11e8 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:48:09.0828 0x11e8 wercplsupport - ok
08:48:09.0842 0x11e8 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
08:48:09.0871 0x11e8 WerSvc - ok
08:48:09.0899 0x11e8 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:48:09.0924 0x11e8 WfpLwf - ok
08:48:09.0938 0x11e8 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:48:09.0950 0x11e8 WIMMount - ok
08:48:10.0051 0x11e8 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:48:10.0117 0x11e8 WinDefend - ok
08:48:10.0125 0x11e8 WinHttpAutoProxySvc - ok
08:48:10.0208 0x11e8 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:48:10.0241 0x11e8 Winmgmt - ok
08:48:10.0312 0x11e8 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
08:48:10.0368 0x11e8 WinRM - ok
08:48:10.0412 0x11e8 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:48:10.0427 0x11e8 WinUsb - ok
08:48:10.0500 0x11e8 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:48:10.0541 0x11e8 Wlansvc - ok
08:48:10.0641 0x11e8 [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:48:10.0672 0x11e8 wlcrasvc - ok
08:48:10.0827 0x11e8 [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:48:10.0906 0x11e8 wlidsvc - ok
08:48:10.0943 0x11e8 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:48:10.0957 0x11e8 WmiAcpi - ok
08:48:11.0002 0x11e8 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:48:11.0020 0x11e8 wmiApSrv - ok
08:48:11.0121 0x11e8 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:48:11.0163 0x11e8 WMPNetworkSvc - ok
08:48:11.0198 0x11e8 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:48:11.0213 0x11e8 WPCSvc - ok
08:48:11.0250 0x11e8 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:48:11.0267 0x11e8 WPDBusEnum - ok
08:48:11.0300 0x11e8 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:48:11.0374 0x11e8 ws2ifsl - ok
08:48:11.0409 0x11e8 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
08:48:11.0432 0x11e8 wscsvc - ok
08:48:11.0437 0x11e8 WSearch - ok
08:48:11.0555 0x11e8 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
08:48:11.0611 0x11e8 wuauserv - ok
08:48:11.0650 0x11e8 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:48:11.0665 0x11e8 WudfPf - ok
08:48:11.0683 0x11e8 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:48:11.0701 0x11e8 WUDFRd - ok
08:48:11.0716 0x11e8 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:48:11.0735 0x11e8 wudfsvc - ok
08:48:11.0777 0x11e8 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:48:11.0797 0x11e8 WwanSvc - ok
08:48:11.0808 0x11e8 ================ Scan global ===============================
08:48:11.0848 0x11e8 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
08:48:11.0898 0x11e8 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
08:48:11.0935 0x11e8 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
08:48:11.0974 0x11e8 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
08:48:12.0000 0x11e8 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
08:48:12.0011 0x11e8 [ Global ] - ok
08:48:12.0012 0x11e8 ================ Scan MBR ==================================
08:48:12.0020 0x11e8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:48:12.0444 0x11e8 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
08:48:12.0444 0x11e8 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:48:15.0239 0x11e8 ================ Scan VBR ==================================
08:48:15.0246 0x11e8 [ 60AD8A8AA3221E06E720AB2972972C58 ] \Device\Harddisk0\DR0\Partition1
08:48:15.0250 0x11e8 \Device\Harddisk0\DR0\Partition1 - ok
08:48:15.0276 0x11e8 [ E2B0B34774576C57E471B4FE88918E8D ] \Device\Harddisk0\DR0\Partition2
08:48:15.0278 0x11e8 \Device\Harddisk0\DR0\Partition2 - ok
08:48:15.0287 0x11e8 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.3.219.0 ), 0x61000 ( enabled : updated )
08:48:15.0291 0x11e8 Win FW state via NFP2: enabled
08:48:18.0106 0x11e8 ============================================================
08:48:18.0106 0x11e8 Scan finished
08:48:18.0106 0x11e8 ============================================================
08:48:18.0126 0x1444 Detected object count: 1
08:48:18.0126 0x1444 Actual detected object count: 1
08:49:54.0616 0x1444 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:49:54.0616 0x1444 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
OTL logfile created on: 10/28/13 9:10:28 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SHawn\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.48% Memory free
4.00 Gb Paging File | 2.33 Gb Available in Paging File | 58.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.22 Gb Total Space | 29.05 Gb Free Space | 21.49% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 25.25 Gb Free Space | 25.85% Space Free | Partition Type: NTFS

Computer Name: PHILLIP | User Name: SHawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/28 08:58:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHawn\Desktop\OTL.exe
PRC - [2013/10/17 00:57:41 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\SHawn\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/15 15:37:18 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SHawn\AppData\Local\Temp\Rar$EX01.916\TDSSKiller.exe
PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/08/12 10:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/28 10:19:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/14 17:28:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 17:27:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/08 21:02:43 | 000,415,184 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 21:02:42 | 013,584,336 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 21:02:41 | 004,055,504 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 21:01:50 | 000,698,832 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 21:01:49 | 000,099,792 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 21:01:47 | 001,604,560 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/09/12 07:42:26 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/12 07:42:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/20 09:23:54 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/08/14 18:36:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 18:36:09 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\439eb22c3f6967beb8a3364626883423\System.Xml.ni.dll
MOD - [2013/08/14 18:35:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 19:35:01 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/11 19:34:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/22 17:36:26 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3257.27114__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3257.27112__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:26 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:26 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3257.27114__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3257.27109__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3257.27109__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:23 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:22 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:22 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:20 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3218.28700__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/08/22 17:36:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/08/22 17:36:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/08/22 17:36:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/08/22 17:36:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/08/22 17:36:17 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/08/22 17:36:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2011/08/22 17:36:17 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/08/22 17:36:16 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/08/22 17:36:16 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/08/22 17:36:16 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/08/22 17:36:16 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/08/22 17:36:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/08/22 17:36:16 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/08/22 17:36:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2011/08/22 17:36:15 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/08/22 17:36:15 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/08/22 17:36:15 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2011/08/22 17:36:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/08/22 17:36:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/08/22 17:36:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/08/22 17:36:15 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Services (SafeList) ==========

SRV - [2013/10/14 21:22:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/28 10:19:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/23 23:01:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/07 05:34:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{648FC2F1-E773-4D10-8EAB-9197C7A9B6EF}\MpKsl7957ead6.sys -- (MpKsl7957ead6)
DRV - [2013/09/10 23:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 23:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 23:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/20 09:23:48 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/12/21 11:56:40 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/08 13:45:16 | 000,063,872 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009/10/08 13:45:16 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 19:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/04 10:31:28 | 000,746,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/04/30 20:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 19:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 19:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 A9 11 06 E0 9F CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SHawn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SHawn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://msn.ca/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Bobsled by T-Mobile = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgbddncklanadehifhcogjjfdolghnl\1.20.3.13868_0\
CHR - Extension: KeyBar 1.8 = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.21.1.507_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4264F02C-9CDD-4EFA-BDE9-D4FAD3A68E16}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52834E69-2AC2-453B-A82C-378FE6E31359}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/28 08:58:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SHawn\Desktop\OTL.exe
[2013/10/28 08:38:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SHawn\Desktop\tdsskiller.exe
[2013/10/27 17:03:31 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Roaming\Mozilla
[2013/10/27 13:12:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/27 12:03:00 | 000,000,000 | ---D | C] -- C:\511cc9072d2f0e169e97
[2013/10/27 11:35:52 | 000,000,000 | ---D | C] -- C:\a2f550b11f776f8b8abeb5
[2013/10/27 09:49:31 | 000,000,000 | ---D | C] -- C:\357d6b81005bee2fba50b1102d3e
[2013/10/26 10:01:40 | 000,000,000 | ---D | C] -- C:\c30aaae8a563c9d410af849b
[2013/10/14 21:22:28 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/10/12 21:54:55 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/12 21:54:52 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/12 21:54:51 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/12 21:54:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/10/12 21:54:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/12 21:54:46 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/12 21:54:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/10/12 21:54:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/10/12 21:54:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/10/12 21:54:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/10/12 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\{A3DE190D-5D42-4AC8-9C7B-CA24A7E1B12B}
[2013/10/12 21:07:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/10/12 21:07:11 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/12 21:06:50 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/10/12 21:06:50 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/10/12 21:06:49 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/10/12 21:06:40 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/12 21:06:36 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/12 21:06:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/10/12 21:06:35 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/10/12 21:06:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/12 21:06:32 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/10/12 21:06:22 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/12 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\LogMeIn Rescue Applet
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/28 09:03:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2433745752-1580000231-467868225-1000UA.job
[2013/10/28 08:58:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHawn\Desktop\OTL.exe
[2013/10/28 08:50:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/28 08:50:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/28 08:42:13 | 004,101,145 | ---- | M] () -- C:\Users\SHawn\Desktop\tdsskiller.zip
[2013/10/28 08:38:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SHawn\Desktop\tdsskiller.exe
[2013/10/28 08:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/28 08:19:55 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 08:19:55 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 08:14:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/28 08:14:19 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/27 19:57:34 | 000,056,320 | ---- | M] () -- C:\Users\SHawn\Documents\PhillipsCynthias.12t
[2013/10/27 19:00:22 | 000,000,512 | ---- | M] () -- C:\Users\SHawn\Desktop\MBR.dat
[2013/10/27 18:21:13 | 000,001,422 | ---- | M] () -- C:\Users\SHawn\Desktop\aswmbr - Shortcut.lnk
[2013/10/27 18:08:07 | 000,001,078 | ---- | M] () -- C:\Users\SHawn\Desktop\OTL 102513.lnk
[2013/10/27 18:07:22 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/27 18:07:22 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/27 18:06:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/27 01:03:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2433745752-1580000231-467868225-1000Core.job
[2013/10/18 20:59:46 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/14 21:22:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/14 21:22:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/10/14 21:22:30 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/09/29 09:04:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/28 08:42:10 | 004,101,145 | ---- | C] () -- C:\Users\SHawn\Desktop\tdsskiller.zip
[2013/10/27 19:57:16 | 000,056,320 | ---- | C] () -- C:\Users\SHawn\Documents\PhillipsCynthias.12t
[2013/10/27 18:20:23 | 000,001,422 | ---- | C] () -- C:\Users\SHawn\Desktop\aswmbr - Shortcut.lnk
[2013/10/27 18:08:07 | 000,001,078 | ---- | C] () -- C:\Users\SHawn\Desktop\OTL 102513.lnk
[2013/10/27 16:44:25 | 000,000,512 | ---- | C] () -- C:\Users\SHawn\Desktop\MBR.dat
[2013/08/23 13:27:51 | 000,007,624 | ---- | C] () -- C:\Users\SHawn\AppData\Local\Resmon.ResmonCfg
[2013/06/27 16:17:19 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 14:13:42 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 14:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/05/27 14:02:05 | 000,007,680 | ---- | C] () -- C:\Windows\System32\GBSinkps.dll
[2013/05/27 14:02:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\GBSink.dll
[2013/05/27 14:02:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GBProxy.exe
[2013/05/27 14:02:04 | 000,004,608 | ---- | C] () -- C:\Windows\System32\GBProxyps.dll
[2013/05/27 14:01:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\JPNXRES.dll
[2013/05/27 14:01:54 | 000,442,368 | ---- | C] () -- C:\Windows\System32\GBSinkCli.exe
[2013/05/27 14:01:54 | 000,184,320 | ---- | C] () -- C:\Windows\System32\JPNRES.dll
[2013/05/27 14:01:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\GBzipdll.dll
[2013/05/18 11:20:51 | 000,000,449 | ---- | C] () -- C:\Users\SHawn\.powerschool_gradebook.properties
[2013/05/18 11:17:44 | 000,000,012 | ---- | C] () -- C:\Users\SHawn\.gradebook_userdict.tlx
[2013/05/18 11:17:40 | 000,002,711 | ---- | C] () -- C:\Users\SHawn\powerschool-gradebook_custom_bundle.jar
[2013/05/18 11:17:40 | 000,002,700 | ---- | C] () -- C:\Users\SHawn\powerschool-gradebook_custom_bundle.jar.gz
[2012/12/21 11:32:53 | 000,000,685 | ---- | C] () -- C:\Users\SHawn\Libraries - Shortcut.lnk
[2010/09/12 21:41:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#8
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,301 posts
Thanks for the logs. The aswMBR log is OK. The last OTL log shows that Microsoft Security Essentials is still installed. If that isn't the antivirus that you want to keep we will take care of that after we have cleaned the machine. For now let's just leave it running :) The OTL fix that we previously ran killed part of the rootkit. TDSSKiller exposed the rest, so we ill kill it now. Please take your time and read the instructions carefully.


Step-1.

Delete the TDSS File System

  • Re-run TDSSKiller please with the same settings
  • On the Threats Detected screen, look for the following entry:
    TDSS File System
  • Change the action from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

    Posted Image
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
[2013/10/27 12:03:00 | 000,000,000 | ---D | C] -- C:\511cc9072d2f0e169e97
[2013/10/27 11:35:52 | 000,000,000 | ---D | C] -- C:\a2f550b11f776f8b8abeb5
[2013/10/27 09:49:31 | 000,000,000 | ---D | C] -- C:\357d6b81005bee2fba50b1102d3e
[2013/10/26 10:01:40 | 000,000,000 | ---D | C] -- C:\c30aaae8a563c9d410af849b

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • ComboFix will then extract it's files before beginning the scan.

    Posted Image
  • When the scan begins you will see a window like the image below. Although the program states that the scan typically doesn't take more than 10 minutes there are 50 stages or so that it goes through. On a severely infected machine it can take much longer so please be patient.

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The TDSSKiller log
2. The OTL fixes log
3. The ComboFix log
  • 0

#9
phillip245

phillip245

    Member

  • Member
  • PipPip
  • 31 posts
godawgs the instructions were great everything run good hope the logs look good Thanks; Phillip
20:33:34.0629 0x077c TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
20:33:41.0099 0x077c ============================================================
20:33:41.0099 0x077c Current date / time: 2013/10/28 20:33:41.0099
20:33:41.0099 0x077c SystemInfo:
20:33:41.0099 0x077c
20:33:41.0099 0x077c OS Version: 6.1.7601 ServicePack: 1.0
20:33:41.0100 0x077c Product type: Workstation
20:33:41.0100 0x077c ComputerName: PHILLIP
20:33:41.0100 0x077c UserName: SHawn
20:33:41.0100 0x077c Windows directory: C:\Windows
20:33:41.0100 0x077c System windows directory: C:\Windows
20:33:41.0100 0x077c Processor architecture: Intel x86
20:33:41.0100 0x077c Number of processors: 2
20:33:41.0100 0x077c Page size: 0x1000
20:33:41.0100 0x077c Boot type: Normal boot
20:33:41.0100 0x077c ============================================================
20:33:43.0787 0x077c System UUID: {FD2B53E9-9A51-666B-45C9-63F40B33CD16}
20:33:44.0666 0x077c Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:33:44.0754 0x077c ============================================================
20:33:44.0754 0x077c \Device\Harddisk0\DR0:
20:33:44.0757 0x077c MBR partitions:
20:33:44.0757 0x077c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x10E713B5
20:33:44.0764 0x077c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10E71433, BlocksNum 0xC34F28D
20:33:44.0764 0x077c ============================================================
20:33:44.0781 0x077c C: <-> \Device\Harddisk0\DR0\Partition1
20:33:44.0809 0x077c D: <-> \Device\Harddisk0\DR0\Partition2
20:33:44.0810 0x077c ============================================================
20:33:44.0810 0x077c Initialize success
20:33:44.0810 0x077c ============================================================
20:35:01.0254 0x05c8 ============================================================
20:35:01.0254 0x05c8 Scan started
20:35:01.0254 0x05c8 Mode: Manual; SigCheck; TDLFS;
20:35:01.0254 0x05c8 ============================================================
20:35:01.0254 0x05c8 KSN ping started
20:35:04.0084 0x05c8 KSN ping finished: true
20:35:04.0366 0x05c8 ================ Scan system memory ========================
20:35:04.0366 0x05c8 System memory - ok
20:35:04.0367 0x05c8 ================ Scan services =============================
20:35:04.0559 0x05c8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:35:04.0708 0x05c8 1394ohci - ok
20:35:04.0774 0x05c8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:35:04.0836 0x05c8 ACPI - ok
20:35:04.0868 0x05c8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:35:04.0974 0x05c8 AcpiPmi - ok
20:35:05.0098 0x05c8 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:35:05.0118 0x05c8 AdobeARMservice - ok
20:35:05.0215 0x05c8 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:35:05.0239 0x05c8 AdobeFlashPlayerUpdateSvc - ok
20:35:05.0316 0x05c8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:35:05.0392 0x05c8 adp94xx - ok
20:35:05.0430 0x05c8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:35:05.0466 0x05c8 adpahci - ok
20:35:05.0493 0x05c8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:35:05.0509 0x05c8 adpu320 - ok
20:35:05.0551 0x05c8 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:35:05.0681 0x05c8 AeLookupSvc - ok
20:35:05.0733 0x05c8 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
20:35:05.0768 0x05c8 AFD - ok
20:35:05.0804 0x05c8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:35:05.0818 0x05c8 agp440 - ok
20:35:05.0869 0x05c8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:35:05.0906 0x05c8 aic78xx - ok
20:35:05.0957 0x05c8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
20:35:06.0053 0x05c8 ALG - ok
20:35:06.0101 0x05c8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
20:35:06.0121 0x05c8 aliide - ok
20:35:06.0167 0x05c8 [ EBCCBCBF1DF132E4775E5D6E6DEA3ED0, 142A8C4D21BC4772C4B9E16A1EC8C82EB08CD3E8199D167D4F5F42A2BC415DE2 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:35:06.0242 0x05c8 AMD External Events Utility - ok
20:35:06.0258 0x05c8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:35:06.0272 0x05c8 amdagp - ok
20:35:06.0300 0x05c8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
20:35:06.0312 0x05c8 amdide - ok
20:35:06.0346 0x05c8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:35:06.0417 0x05c8 AmdK8 - ok
20:35:06.0799 0x05c8 [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:35:07.0191 0x05c8 amdkmdag - ok
20:35:07.0253 0x05c8 [ FB68E1B9CEC598F0F69503F3AEBB45DD, BCA3A89A7A570DAABB279ABF67E9DE889457BB2BFF586DB638AD419FF4DD14B2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:35:07.0368 0x05c8 amdkmdap - ok
20:35:07.0383 0x05c8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:35:07.0475 0x05c8 AmdPPM - ok
20:35:07.0595 0x05c8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:35:07.0611 0x05c8 amdsata - ok
20:35:07.0697 0x05c8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:35:07.0725 0x05c8 amdsbs - ok
20:35:07.0754 0x05c8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:35:07.0833 0x05c8 amdxata - ok
20:35:07.0921 0x05c8 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
20:35:08.0360 0x05c8 AppID - ok
20:35:08.0519 0x05c8 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:35:08.0581 0x05c8 AppIDSvc - ok
20:35:08.0642 0x05c8 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
20:35:08.0719 0x05c8 Appinfo - ok
20:35:08.0767 0x05c8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:35:08.0783 0x05c8 arc - ok
20:35:08.0804 0x05c8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:35:08.0820 0x05c8 arcsas - ok
20:35:08.0880 0x05c8 [ 3FCA5C1A8F33CF9857220CC3A3076A3E, 10160049A796031411F68984C8B0D21BD84F4433A0D71F2DCEC036647F8E0C6E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
20:35:08.0898 0x05c8 aswKbd - ok
20:35:08.0927 0x05c8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:35:09.0053 0x05c8 AsyncMac - ok
20:35:09.0082 0x05c8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
20:35:09.0097 0x05c8 atapi - ok
20:35:09.0378 0x05c8 [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:35:09.0589 0x05c8 atikmdag - ok
20:35:09.0680 0x05c8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:35:09.0783 0x05c8 AudioEndpointBuilder - ok
20:35:09.0818 0x05c8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:35:09.0867 0x05c8 Audiosrv - ok
20:35:09.0916 0x05c8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:35:09.0985 0x05c8 AxInstSV - ok
20:35:10.0037 0x05c8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:35:10.0119 0x05c8 b06bdrv - ok
20:35:10.0151 0x05c8 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:35:10.0187 0x05c8 b57nd60x - ok
20:35:10.0234 0x05c8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
20:35:10.0309 0x05c8 BDESVC - ok
20:35:10.0333 0x05c8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
20:35:10.0407 0x05c8 Beep - ok
20:35:10.0466 0x05c8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
20:35:10.0532 0x05c8 BFE - ok
20:35:10.0586 0x05c8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
20:35:10.0649 0x05c8 BITS - ok
20:35:10.0690 0x05c8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:35:10.0716 0x05c8 blbdrive - ok
20:35:10.0753 0x05c8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:35:10.0802 0x05c8 bowser - ok
20:35:10.0821 0x05c8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:35:10.0903 0x05c8 BrFiltLo - ok
20:35:10.0919 0x05c8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:35:10.0945 0x05c8 BrFiltUp - ok
20:35:10.0987 0x05c8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
20:35:11.0088 0x05c8 Browser - ok
20:35:11.0139 0x05c8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:35:11.0250 0x05c8 Brserid - ok
20:35:11.0273 0x05c8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:35:11.0308 0x05c8 BrSerWdm - ok
20:35:11.0323 0x05c8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:35:11.0359 0x05c8 BrUsbMdm - ok
20:35:11.0388 0x05c8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:35:11.0441 0x05c8 BrUsbSer - ok
20:35:11.0460 0x05c8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:35:11.0530 0x05c8 BTHMODEM - ok
20:35:11.0692 0x05c8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
20:35:11.0757 0x05c8 bthserv - ok
20:35:11.0803 0x05c8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:35:11.0865 0x05c8 cdfs - ok
20:35:11.0911 0x05c8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:35:11.0939 0x05c8 cdrom - ok
20:35:11.0985 0x05c8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
20:35:12.0021 0x05c8 CertPropSvc - ok
20:35:12.0064 0x05c8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:35:12.0081 0x05c8 circlass - ok
20:35:12.0120 0x05c8 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
20:35:12.0139 0x05c8 CLFS - ok
20:35:12.0234 0x05c8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:35:12.0267 0x05c8 clr_optimization_v2.0.50727_32 - ok
20:35:12.0344 0x05c8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:35:12.0383 0x05c8 clr_optimization_v4.0.30319_32 - ok
20:35:12.0418 0x05c8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:35:12.0458 0x05c8 CmBatt - ok
20:35:12.0498 0x05c8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:35:12.0515 0x05c8 cmdide - ok
20:35:12.0560 0x05c8 [ 42F158036BD4C2FF3122BF142E60E6FD, BE7671C6FCE488A625DBA4F4F507664A12A31CF5CA564CC38E4C05FD8A86FB5D ] CNG C:\Windows\system32\Drivers\cng.sys
20:35:12.0610 0x05c8 CNG - ok
20:35:12.0634 0x05c8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:35:12.0646 0x05c8 Compbatt - ok
20:35:12.0688 0x05c8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:35:12.0715 0x05c8 CompositeBus - ok
20:35:12.0727 0x05c8 COMSysApp - ok
20:35:12.0745 0x05c8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:35:12.0758 0x05c8 crcdisk - ok
20:35:12.0812 0x05c8 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:35:12.0898 0x05c8 CryptSvc - ok
20:35:12.0974 0x05c8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
20:35:13.0041 0x05c8 DcomLaunch - ok
20:35:13.0084 0x05c8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
20:35:13.0144 0x05c8 defragsvc - ok
20:35:13.0193 0x05c8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:35:13.0225 0x05c8 DfsC - ok
20:35:13.0266 0x05c8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:35:13.0319 0x05c8 Dhcp - ok
20:35:13.0357 0x05c8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
20:35:13.0389 0x05c8 discache - ok
20:35:13.0416 0x05c8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:35:13.0430 0x05c8 Disk - ok
20:35:13.0469 0x05c8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:35:13.0505 0x05c8 Dnscache - ok
20:35:13.0546 0x05c8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
20:35:13.0640 0x05c8 dot3svc - ok
20:35:13.0693 0x05c8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
20:35:13.0745 0x05c8 DPS - ok
20:35:13.0790 0x05c8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:35:13.0806 0x05c8 drmkaud - ok
20:35:13.0865 0x05c8 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:35:13.0913 0x05c8 DXGKrnl - ok
20:35:13.0966 0x05c8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
20:35:14.0001 0x05c8 EapHost - ok
20:35:14.0191 0x05c8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:35:14.0358 0x05c8 ebdrv - ok
20:35:14.0407 0x05c8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS C:\Windows\System32\lsass.exe
20:35:14.0426 0x05c8 EFS - ok
20:35:14.0502 0x05c8 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:35:14.0671 0x05c8 ehRecvr - ok
20:35:14.0711 0x05c8 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
20:35:14.0776 0x05c8 ehSched - ok
20:35:14.0843 0x05c8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:35:14.0889 0x05c8 elxstor - ok
20:35:14.0921 0x05c8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:35:14.0945 0x05c8 ErrDev - ok
20:35:15.0000 0x05c8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
20:35:15.0058 0x05c8 EventSystem - ok
20:35:15.0086 0x05c8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
20:35:15.0117 0x05c8 exfat - ok
20:35:15.0137 0x05c8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:35:15.0180 0x05c8 fastfat - ok
20:35:15.0264 0x05c8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
20:35:15.0383 0x05c8 Fax - ok
20:35:15.0423 0x05c8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:35:15.0456 0x05c8 fdc - ok
20:35:15.0498 0x05c8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
20:35:15.0537 0x05c8 fdPHost - ok
20:35:15.0553 0x05c8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
20:35:15.0591 0x05c8 FDResPub - ok
20:35:15.0606 0x05c8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:35:15.0620 0x05c8 FileInfo - ok
20:35:15.0631 0x05c8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:35:15.0673 0x05c8 Filetrace - ok
20:35:15.0750 0x05c8 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:35:15.0809 0x05c8 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
20:35:18.0745 0x05c8 Detect skipped due to KSN trusted
20:35:18.0746 0x05c8 FLEXnet Licensing Service - ok
20:35:18.0792 0x05c8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:35:18.0839 0x05c8 flpydisk - ok
20:35:18.0866 0x05c8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:35:18.0887 0x05c8 FltMgr - ok
20:35:18.0980 0x05c8 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
20:35:19.0098 0x05c8 FontCache - ok
20:35:19.0183 0x05c8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:35:19.0217 0x05c8 FontCache3.0.0.0 - ok
20:35:19.0264 0x05c8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:35:19.0302 0x05c8 FsDepends - ok
20:35:19.0348 0x05c8 [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:35:19.0366 0x05c8 fssfltr - ok
20:35:19.0474 0x05c8 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:35:19.0542 0x05c8 fsssvc - ok
20:35:19.0577 0x05c8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:35:19.0589 0x05c8 Fs_Rec - ok
20:35:19.0635 0x05c8 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:35:19.0658 0x05c8 fvevol - ok
20:35:19.0696 0x05c8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:35:19.0710 0x05c8 gagp30kx - ok
20:35:19.0763 0x05c8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
20:35:19.0815 0x05c8 gpsvc - ok
20:35:19.0950 0x05c8 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:19.0990 0x05c8 gupdate - ok
20:35:20.0021 0x05c8 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:20.0039 0x05c8 gupdatem - ok
20:35:20.0070 0x05c8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:35:20.0174 0x05c8 hcw85cir - ok
20:35:20.0243 0x05c8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:35:20.0292 0x05c8 HdAudAddService - ok
20:35:20.0322 0x05c8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:35:20.0353 0x05c8 HDAudBus - ok
20:35:20.0369 0x05c8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:35:20.0397 0x05c8 HidBatt - ok
20:35:20.0412 0x05c8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:35:20.0446 0x05c8 HidBth - ok
20:35:20.0478 0x05c8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:35:20.0523 0x05c8 HidIr - ok
20:35:20.0552 0x05c8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
20:35:20.0581 0x05c8 hidserv - ok
20:35:20.0616 0x05c8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:35:20.0682 0x05c8 HidUsb - ok
20:35:20.0726 0x05c8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
20:35:20.0817 0x05c8 hkmsvc - ok
20:35:20.0865 0x05c8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:35:20.0922 0x05c8 HomeGroupListener - ok
20:35:20.0964 0x05c8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:35:21.0008 0x05c8 HomeGroupProvider - ok
20:35:21.0051 0x05c8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:35:21.0071 0x05c8 HpSAMD - ok
20:35:21.0131 0x05c8 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:35:21.0184 0x05c8 HTTP - ok
20:35:21.0223 0x05c8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:35:21.0235 0x05c8 hwpolicy - ok
20:35:21.0281 0x05c8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:35:21.0307 0x05c8 i8042prt - ok
20:35:21.0334 0x05c8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:35:21.0365 0x05c8 iaStorV - ok
20:35:21.0421 0x05c8 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:35:21.0431 0x05c8 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:35:24.0393 0x05c8 Detect skipped due to KSN trusted
20:35:24.0393 0x05c8 IDriverT - ok
20:35:24.0491 0x05c8 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:35:24.0538 0x05c8 idsvc - ok
20:35:24.0629 0x05c8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:35:24.0643 0x05c8 iirsp - ok
20:35:24.0750 0x05c8 [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
20:35:24.0767 0x05c8 IJPLMSVC - ok
20:35:24.0852 0x05c8 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT C:\Windows\System32\ikeext.dll
20:35:24.0957 0x05c8 IKEEXT - ok
20:35:24.0996 0x05c8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
20:35:25.0009 0x05c8 intelide - ok
20:35:25.0047 0x05c8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:35:25.0078 0x05c8 intelppm - ok
20:35:25.0109 0x05c8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:35:25.0142 0x05c8 IPBusEnum - ok
20:35:25.0163 0x05c8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:35:25.0209 0x05c8 IpFilterDriver - ok
20:35:25.0258 0x05c8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:35:25.0310 0x05c8 iphlpsvc - ok
20:35:25.0342 0x05c8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:35:25.0375 0x05c8 IPMIDRV - ok
20:35:25.0406 0x05c8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:35:25.0449 0x05c8 IPNAT - ok
20:35:25.0460 0x05c8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:35:25.0511 0x05c8 IRENUM - ok
20:35:25.0543 0x05c8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:35:25.0557 0x05c8 isapnp - ok
20:35:25.0576 0x05c8 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:35:25.0595 0x05c8 iScsiPrt - ok
20:35:25.0620 0x05c8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:35:25.0633 0x05c8 kbdclass - ok
20:35:25.0689 0x05c8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:35:25.0737 0x05c8 kbdhid - ok
20:35:25.0760 0x05c8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso C:\Windows\system32\lsass.exe
20:35:25.0781 0x05c8 KeyIso - ok
20:35:25.0823 0x05c8 [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:35:25.0842 0x05c8 KSecDD - ok
20:35:25.0886 0x05c8 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35, CD50885B37F66EFEAE82158EC78AE1D0B58D1F6901E16A1B27D061DE266A09EF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:35:25.0903 0x05c8 KSecPkg - ok
20:35:25.0950 0x05c8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:35:26.0000 0x05c8 KtmRm - ok
20:35:26.0028 0x05c8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:35:26.0067 0x05c8 LanmanServer - ok
20:35:26.0100 0x05c8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:35:26.0138 0x05c8 LanmanWorkstation - ok
20:35:26.0182 0x05c8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:35:26.0260 0x05c8 lltdio - ok
20:35:26.0311 0x05c8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:35:26.0360 0x05c8 lltdsvc - ok
20:35:26.0374 0x05c8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:35:26.0406 0x05c8 lmhosts - ok
20:35:26.0438 0x05c8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:35:26.0468 0x05c8 LSI_FC - ok
20:35:26.0554 0x05c8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:35:26.0618 0x05c8 LSI_SAS - ok
20:35:26.0731 0x05c8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:35:26.0761 0x05c8 LSI_SAS2 - ok
20:35:26.0785 0x05c8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:35:26.0808 0x05c8 LSI_SCSI - ok
20:35:26.0832 0x05c8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
20:35:26.0887 0x05c8 luafv - ok
20:35:26.0943 0x05c8 [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:35:26.0955 0x05c8 LVPr2Mon - ok
20:35:27.0001 0x05c8 [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:35:27.0016 0x05c8 LVPrcSrv - ok
20:35:27.0069 0x05c8 [ 87ECCE893D8AEC5A9337B917742D339C, C5D5B4D0C4F206B67EF68D7D691B36A0249E7B41AE7DFD8445298A0F66A374A6 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
20:35:27.0088 0x05c8 LVRS - ok
20:35:27.0111 0x05c8 [ 23F8EF78BB9553E465A476F3CEE5CA18, 22E19B9F16EC555CCA091841711C8D1938F7EBCD8C6AC82E77375AE5EA96610C ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
20:35:27.0124 0x05c8 LVUSBSta - ok
20:35:27.0165 0x05c8 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:35:27.0182 0x05c8 Mcx2Svc - ok
20:35:27.0215 0x05c8 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:35:27.0228 0x05c8 megasas - ok
20:35:27.0252 0x05c8 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:35:27.0272 0x05c8 MegaSR - ok
20:35:27.0352 0x05c8 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:35:27.0400 0x05c8 Microsoft Office Groove Audit Service - ok
20:35:27.0450 0x05c8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
20:35:27.0488 0x05c8 MMCSS - ok
20:35:27.0504 0x05c8 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
20:35:27.0545 0x05c8 Modem - ok
20:35:27.0592 0x05c8 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:35:27.0608 0x05c8 monitor - ok
20:35:27.0649 0x05c8 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:35:27.0663 0x05c8 mouclass - ok
20:35:27.0717 0x05c8 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:35:27.0742 0x05c8 mouhid - ok
20:35:27.0780 0x05c8 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:35:27.0793 0x05c8 mountmgr - ok
20:35:27.0855 0x05c8 [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:35:27.0922 0x05c8 MpFilter - ok
20:35:27.0941 0x05c8 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
20:35:27.0960 0x05c8 mpio - ok
20:35:27.0989 0x05c8 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:35:28.0019 0x05c8 mpsdrv - ok
20:35:28.0069 0x05c8 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:35:28.0138 0x05c8 MpsSvc - ok
20:35:28.0171 0x05c8 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:35:28.0244 0x05c8 MRxDAV - ok
20:35:28.0289 0x05c8 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:35:28.0367 0x05c8 mrxsmb - ok
20:35:28.0425 0x05c8 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:35:28.0470 0x05c8 mrxsmb10 - ok
20:35:28.0493 0x05c8 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:35:28.0523 0x05c8 mrxsmb20 - ok
20:35:28.0566 0x05c8 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
20:35:28.0582 0x05c8 msahci - ok
20:35:28.0616 0x05c8 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:35:28.0635 0x05c8 msdsm - ok
20:35:28.0689 0x05c8 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
20:35:28.0722 0x05c8 MSDTC - ok
20:35:28.0766 0x05c8 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:35:28.0799 0x05c8 Msfs - ok
20:35:28.0815 0x05c8 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:35:28.0855 0x05c8 mshidkmdf - ok
20:35:28.0893 0x05c8 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:35:28.0909 0x05c8 msisadrv - ok
20:35:28.0951 0x05c8 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:35:28.0997 0x05c8 MSiSCSI - ok
20:35:29.0001 0x05c8 msiserver - ok
20:35:29.0042 0x05c8 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:35:29.0069 0x05c8 MSKSSRV - ok
20:35:29.0148 0x05c8 [ 0A7F86657755ADA92C57E597BF5151F7, E226DFF12C4930DF1D0F1D2E7CE7BFFDF62F6DC402200EEFE196D14172A59B63 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:35:29.0162 0x05c8 MsMpSvc - ok
20:35:29.0179 0x05c8 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:35:29.0216 0x05c8 MSPCLOCK - ok
20:35:29.0231 0x05c8 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:35:29.0266 0x05c8 MSPQM - ok
20:35:29.0288 0x05c8 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:35:29.0304 0x05c8 MsRPC - ok
20:35:29.0341 0x05c8 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:35:29.0354 0x05c8 mssmbios - ok
20:35:29.0367 0x05c8 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:35:29.0393 0x05c8 MSTEE - ok
20:35:29.0404 0x05c8 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:35:29.0427 0x05c8 MTConfig - ok
20:35:29.0446 0x05c8 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
20:35:29.0459 0x05c8 Mup - ok
20:35:29.0505 0x05c8 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
20:35:29.0548 0x05c8 napagent - ok
20:35:29.0598 0x05c8 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:35:29.0673 0x05c8 NativeWifiP - ok
20:35:29.0743 0x05c8 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:35:29.0792 0x05c8 NDIS - ok
20:35:29.0822 0x05c8 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:35:29.0862 0x05c8 NdisCap - ok
20:35:29.0885 0x05c8 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:35:29.0918 0x05c8 NdisTapi - ok
20:35:29.0956 0x05c8 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:35:29.0988 0x05c8 Ndisuio - ok
20:35:30.0026 0x05c8 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:35:30.0055 0x05c8 NdisWan - ok
20:35:30.0098 0x05c8 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:35:30.0124 0x05c8 NDProxy - ok
20:35:30.0167 0x05c8 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:35:30.0248 0x05c8 NetBIOS - ok
20:35:30.0298 0x05c8 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:35:30.0346 0x05c8 NetBT - ok
20:35:30.0358 0x05c8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon C:\Windows\system32\lsass.exe
20:35:30.0373 0x05c8 Netlogon - ok
20:35:30.0419 0x05c8 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
20:35:30.0463 0x05c8 Netman - ok
20:35:30.0487 0x05c8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
20:35:30.0542 0x05c8 netprofm - ok
20:35:30.0608 0x05c8 [ 370887E0E0DBD2B31164EDADB95C99DF, 0BBAF19DAA9A186B5857FD2D04876AD34FF62AB6933AE55E51B828C45F4CC97C ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
20:35:30.0667 0x05c8 netr28u - ok
20:35:30.0699 0x05c8 [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:35:30.0714 0x05c8 NetTcpPortSharing - ok
20:35:30.0763 0x05c8 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:35:30.0788 0x05c8 nfrd960 - ok
20:35:30.0833 0x05c8 [ C58DB40E4C95BE8EE727BE872BE6383F, D64AFF36EAA058880E7144E9BB122C01302DB6783DB725CD3810DDDA47336C0F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:35:30.0870 0x05c8 NisDrv - ok
20:35:30.0904 0x05c8 [ 249D12488F9EE43B0D812C87335E0EF2, 2B96C5E4DA36917B25AEFAC517A1CF987A506A56ECC117C4BA40207AF064FF71 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
20:35:30.0939 0x05c8 NisSrv - ok
20:35:30.0971 0x05c8 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:35:31.0004 0x05c8 NlaSvc - ok
20:35:31.0014 0x05c8 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:35:31.0042 0x05c8 Npfs - ok
20:35:31.0076 0x05c8 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
20:35:31.0109 0x05c8 nsi - ok
20:35:31.0151 0x05c8 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:35:31.0188 0x05c8 nsiproxy - ok
20:35:31.0261 0x05c8 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:35:31.0321 0x05c8 Ntfs - ok
20:35:31.0337 0x05c8 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
20:35:31.0376 0x05c8 Null - ok
20:35:31.0416 0x05c8 [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
20:35:31.0449 0x05c8 NVENETFD - ok
20:35:31.0454 0x05c8 nvlddmkm - ok
20:35:31.0475 0x05c8 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:35:31.0491 0x05c8 nvraid - ok
20:35:31.0528 0x05c8 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:35:31.0543 0x05c8 nvstor - ok
20:35:31.0586 0x05c8 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:35:31.0637 0x05c8 nv_agp - ok
20:35:31.0809 0x05c8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:35:31.0852 0x05c8 odserv - ok
20:35:31.0868 0x05c8 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:35:31.0902 0x05c8 ohci1394 - ok
20:35:31.0954 0x05c8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:35:31.0979 0x05c8 ose - ok
20:35:32.0029 0x05c8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:35:32.0106 0x05c8 p2pimsvc - ok
20:35:32.0140 0x05c8 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
20:35:32.0174 0x05c8 p2psvc - ok
20:35:32.0217 0x05c8 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:35:32.0234 0x05c8 Parport - ok
20:35:32.0266 0x05c8 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:35:32.0280 0x05c8 partmgr - ok
20:35:32.0291 0x05c8 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:35:32.0305 0x05c8 Parvdm - ok
20:35:32.0319 0x05c8 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:35:32.0343 0x05c8 PcaSvc - ok
20:35:32.0383 0x05c8 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
20:35:32.0400 0x05c8 pci - ok
20:35:32.0434 0x05c8 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
20:35:32.0447 0x05c8 pciide - ok
20:35:32.0466 0x05c8 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:35:32.0484 0x05c8 pcmcia - ok
20:35:32.0500 0x05c8 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
20:35:32.0514 0x05c8 pcw - ok
20:35:32.0558 0x05c8 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:35:32.0623 0x05c8 PEAUTH - ok
20:35:32.0669 0x05c8 [ B20F958B207E6AAAC5F70D04DD2C30D8, 5572A45B0327AD72E78CFD541433BBBB54358115019FEFB324607A4F21818959 ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
20:35:32.0700 0x05c8 pepifilter - ok
20:35:32.0882 0x05c8 [ DD184D9ADFE2A8A21741DBDFE9E22F5C, 0C22966973246248FD15A6C192AA1B731D018B4FDF1BD97FE9AA67A746C9440C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
20:35:33.0023 0x05c8 PID_PEPI - ok
20:35:33.0107 0x05c8 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
20:35:33.0204 0x05c8 pla - ok
20:35:33.0253 0x05c8 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:35:33.0311 0x05c8 PlugPlay - ok
20:35:33.0342 0x05c8 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:35:33.0365 0x05c8 PNRPAutoReg - ok
20:35:33.0386 0x05c8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:35:33.0410 0x05c8 PNRPsvc - ok
20:35:33.0458 0x05c8 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:35:33.0517 0x05c8 PolicyAgent - ok
20:35:33.0562 0x05c8 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
20:35:33.0685 0x05c8 Power - ok
20:35:33.0729 0x05c8 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:35:33.0775 0x05c8 PptpMiniport - ok
20:35:33.0793 0x05c8 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:35:33.0810 0x05c8 Processor - ok
20:35:33.0854 0x05c8 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:35:33.0893 0x05c8 ProfSvc - ok
20:35:33.0906 0x05c8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
20:35:33.0920 0x05c8 ProtectedStorage - ok
20:35:33.0945 0x05c8 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:35:33.0975 0x05c8 Psched - ok
20:35:34.0058 0x05c8 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:35:34.0125 0x05c8 ql2300 - ok
20:35:34.0145 0x05c8 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:35:34.0162 0x05c8 ql40xx - ok
20:35:34.0199 0x05c8 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
20:35:34.0239 0x05c8 QWAVE - ok
20:35:34.0263 0x05c8 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:35:34.0292 0x05c8 QWAVEdrv - ok
20:35:34.0446 0x05c8 [ B5909D985716A9CD8B75C12D6581426D, C8FF9936C77A840A9E3AB5D7393C4F142BA7DD3B542228B2A0DB85B732A4BFFB ] RapportCerberus_56758 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys
20:35:34.0504 0x05c8 RapportCerberus_56758 - ok
20:35:34.0610 0x05c8 [ A0F0C41EE3F367CF71B9A50388E77CFA, 7B08B0A725C26EFE4351707704775474B41FD2BC59F0BAC36ADFA0CC2D336C4A ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:35:34.0635 0x05c8 RapportEI - ok
20:35:34.0652 0x05c8 [ 7E2C84E45379406B74117D86C40048DA, A359953A2C1E7C5DEEF8E8D5082425C04064661B5D37ADAE6A3FD5CCDC4D3E5C ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
20:35:34.0666 0x05c8 RapportKELL - ok
20:35:34.0758 0x05c8 [ 96759B4647AC26E2FA9F8D256700B5DC, 6E8C0B42D2F0D0AAF4F3013AE25357D23EF796AEDA8DCD71C19113165168C1EF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
20:35:34.0825 0x05c8 RapportMgmtService - ok
20:35:34.0871 0x05c8 [ 21FD14972C7E0DE6966463F823F97881, F5C863E711B54B0EDD26E907495A793077D980AA16F824AB9B4B74060C544ACF ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:35:34.0889 0x05c8 RapportPG - ok
20:35:34.0899 0x05c8 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:35:34.0941 0x05c8 RasAcd - ok
20:35:34.0983 0x05c8 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:35:35.0015 0x05c8 RasAgileVpn - ok
20:35:35.0039 0x05c8 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
20:35:35.0081 0x05c8 RasAuto - ok
20:35:35.0097 0x05c8 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:35:35.0131 0x05c8 Rasl2tp - ok
20:35:35.0177 0x05c8 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
20:35:35.0239 0x05c8 RasMan - ok
20:35:35.0260 0x05c8 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:35:35.0289 0x05c8 RasPppoe - ok
20:35:35.0337 0x05c8 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:35:35.0422 0x05c8 RasSstp - ok
20:35:35.0466 0x05c8 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:35:35.0525 0x05c8 rdbss - ok
20:35:35.0543 0x05c8 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:35:35.0560 0x05c8 rdpbus - ok
20:35:35.0598 0x05c8 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:35:35.0623 0x05c8 RDPCDD - ok
20:35:35.0652 0x05c8 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:35:35.0684 0x05c8 RDPENCDD - ok
20:35:35.0721 0x05c8 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:35:35.0752 0x05c8 RDPREFMP - ok
20:35:35.0826 0x05c8 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:35:35.0862 0x05c8 RdpVideoMiniport - ok
20:35:35.0910 0x05c8 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:35:35.0986 0x05c8 RDPWD - ok
20:35:36.0038 0x05c8 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:35:36.0073 0x05c8 rdyboost - ok
20:35:36.0114 0x05c8 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:35:36.0151 0x05c8 RemoteAccess - ok
20:35:36.0186 0x05c8 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:35:36.0229 0x05c8 RemoteRegistry - ok
20:35:36.0267 0x05c8 [ 32D6AB810537CE38CBFFE04ED9F6709A, DD3FA382517CE18D490BD2D95A65DC6873A3BC41DABC53BBD41BAFBCFC85C652 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
20:35:36.0298 0x05c8 RimVSerPort - ok
20:35:36.0340 0x05c8 [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
20:35:36.0380 0x05c8 ROOTMODEM - ok
20:35:36.0397 0x05c8 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:35:36.0435 0x05c8 RpcEptMapper - ok
20:35:36.0477 0x05c8 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
20:35:36.0526 0x05c8 RpcLocator - ok
20:35:36.0566 0x05c8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
20:35:36.0622 0x05c8 RpcSs - ok
20:35:36.0672 0x05c8 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:35:36.0716 0x05c8 rspndr - ok
20:35:36.0730 0x05c8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs C:\Windows\system32\lsass.exe
20:35:36.0750 0x05c8 SamSs - ok
20:35:36.0774 0x05c8 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:35:36.0789 0x05c8 sbp2port - ok
20:35:36.0829 0x05c8 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:35:36.0860 0x05c8 SCardSvr - ok
20:35:36.0897 0x05c8 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:35:36.0948 0x05c8 scfilter - ok
20:35:37.0010 0x05c8 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
20:35:37.0163 0x05c8 Schedule - ok
20:35:37.0182 0x05c8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:35:37.0212 0x05c8 SCPolicySvc - ok
20:35:37.0247 0x05c8 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:35:37.0323 0x05c8 SDRSVC - ok
20:35:37.0367 0x05c8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:35:37.0410 0x05c8 secdrv - ok
20:35:37.0441 0x05c8 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
20:35:37.0474 0x05c8 seclogon - ok
20:35:37.0492 0x05c8 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
20:35:37.0530 0x05c8 SENS - ok
20:35:37.0568 0x05c8 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:35:37.0625 0x05c8 SensrSvc - ok
20:35:37.0650 0x05c8 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:35:37.0672 0x05c8 Serenum - ok
20:35:37.0704 0x05c8 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:35:37.0721 0x05c8 Serial - ok
20:35:37.0739 0x05c8 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:35:37.0764 0x05c8 sermouse - ok
20:35:37.0807 0x05c8 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
20:35:37.0839 0x05c8 SessionEnv - ok
20:35:37.0876 0x05c8 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:35:37.0928 0x05c8 sffdisk - ok
20:35:37.0948 0x05c8 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:35:37.0988 0x05c8 sffp_mmc - ok
20:35:38.0000 0x05c8 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:35:38.0037 0x05c8 sffp_sd - ok
20:35:38.0083 0x05c8 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:35:38.0112 0x05c8 sfloppy - ok
20:35:38.0165 0x05c8 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:35:38.0218 0x05c8 SharedAccess - ok
20:35:38.0265 0x05c8 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:35:38.0313 0x05c8 ShellHWDetection - ok
20:35:38.0338 0x05c8 [ C16173316918A1360DC22947C4FF6352, 9ABEA840494E880654E8979B582E2FD70CF8BDEBF526A678555AB5E94375B5FB ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
20:35:38.0366 0x05c8 silabenm - ok
20:35:38.0382 0x05c8 [ 4569C7774FDE5029A422B1431DAECB90, 14D325ADCD4495BD2C1F3A4DC51C31C0A310F49BF8D792F3A327F1D5CB9530AF ] silabser C:\Windows\system32\DRIVERS\silabser.sys
20:35:38.0407 0x05c8 silabser - ok
20:35:38.0424 0x05c8 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:35:38.0438 0x05c8 sisagp - ok
20:35:38.0484 0x05c8 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:35:38.0498 0x05c8 SiSRaid2 - ok
20:35:38.0512 0x05c8 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:35:38.0527 0x05c8 SiSRaid4 - ok
20:35:38.0587 0x05c8 [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:35:38.0604 0x05c8 SkypeUpdate - ok
20:35:38.0633 0x05c8 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:35:38.0662 0x05c8 Smb - ok
20:35:38.0708 0x05c8 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:35:38.0724 0x05c8 SNMPTRAP - ok
20:35:38.0765 0x05c8 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
20:35:38.0779 0x05c8 spldr - ok
20:35:38.0830 0x05c8 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
20:35:38.0893 0x05c8 Spooler - ok
20:35:39.0089 0x05c8 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
20:35:39.0268 0x05c8 sppsvc - ok
20:35:39.0311 0x05c8 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:35:39.0346 0x05c8 sppuinotify - ok
20:35:39.0390 0x05c8 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:35:39.0490 0x05c8 srv - ok
20:35:39.0549 0x05c8 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:35:39.0626 0x05c8 srv2 - ok
20:35:39.0656 0x05c8 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:35:39.0700 0x05c8 srvnet - ok
20:35:39.0730 0x05c8 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:35:39.0775 0x05c8 SSDPSRV - ok
20:35:39.0791 0x05c8 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:35:39.0833 0x05c8 SstpSvc - ok
20:35:39.0873 0x05c8 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:35:39.0886 0x05c8 stexstor - ok
20:35:39.0945 0x05c8 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
20:35:39.0991 0x05c8 StiSvc - ok
20:35:40.0026 0x05c8 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
20:35:40.0039 0x05c8 swenum - ok
20:35:40.0055 0x05c8 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
20:35:40.0100 0x05c8 swprv - ok
20:35:40.0224 0x05c8 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
20:35:40.0346 0x05c8 SysMain - ok
20:35:40.0382 0x05c8 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:35:40.0407 0x05c8 TabletInputService - ok
20:35:40.0459 0x05c8 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
20:35:40.0523 0x05c8 TapiSrv - ok
20:35:40.0553 0x05c8 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
20:35:40.0618 0x05c8 TBS - ok
20:35:40.0725 0x05c8 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:35:40.0803 0x05c8 Tcpip - ok
20:35:40.0942 0x05c8 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:35:40.0990 0x05c8 TCPIP6 - ok
20:35:41.0031 0x05c8 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:35:41.0053 0x05c8 tcpipreg - ok
20:35:41.0096 0x05c8 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:35:41.0127 0x05c8 TDPIPE - ok
20:35:41.0163 0x05c8 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:35:41.0190 0x05c8 TDTCP - ok
20:35:41.0228 0x05c8 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:35:41.0268 0x05c8 tdx - ok
20:35:41.0288 0x05c8 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:35:41.0303 0x05c8 TermDD - ok
20:35:41.0358 0x05c8 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
20:35:41.0424 0x05c8 TermService - ok
20:35:41.0467 0x05c8 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
20:35:41.0492 0x05c8 Themes - ok
20:35:41.0509 0x05c8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
20:35:41.0538 0x05c8 THREADORDER - ok
20:35:41.0559 0x05c8 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
20:35:41.0603 0x05c8 TrkWks - ok
20:35:41.0665 0x05c8 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:35:41.0707 0x05c8 TrustedInstaller - ok
20:35:41.0751 0x05c8 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:35:41.0817 0x05c8 tssecsrv - ok
20:35:41.0877 0x05c8 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:35:41.0939 0x05c8 TsUsbFlt - ok
20:35:41.0995 0x05c8 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:35:42.0052 0x05c8 tunnel - ok
20:35:42.0086 0x05c8 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:35:42.0101 0x05c8 uagp35 - ok
20:35:42.0145 0x05c8 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:35:42.0194 0x05c8 udfs - ok
20:35:42.0245 0x05c8 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:35:42.0295 0x05c8 UI0Detect - ok
20:35:42.0337 0x05c8 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:35:42.0352 0x05c8 uliagpkx - ok
20:35:42.0386 0x05c8 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
20:35:42.0402 0x05c8 umbus - ok
20:35:42.0434 0x05c8 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:35:42.0477 0x05c8 UmPass - ok
20:35:42.0540 0x05c8 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
20:35:42.0618 0x05c8 upnphost - ok
20:35:42.0672 0x05c8 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:35:42.0794 0x05c8 usbaudio - ok
20:35:42.0830 0x05c8 [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:35:42.0864 0x05c8 usbccgp - ok
20:35:42.0911 0x05c8 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:35:42.0940 0x05c8 usbcir - ok
20:35:42.0955 0x05c8 [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:35:42.0970 0x05c8 usbehci - ok
20:35:42.0994 0x05c8 [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:35:43.0037 0x05c8 usbhub - ok
20:35:43.0054 0x05c8 [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:35:43.0073 0x05c8 usbohci - ok
20:35:43.0115 0x05c8 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:35:43.0149 0x05c8 usbprint - ok
20:35:43.0208 0x05c8 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\drivers\usbscan.sys
20:35:43.0309 0x05c8 usbscan - ok
20:35:43.0326 0x05c8 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:35:43.0441 0x05c8 USBSTOR - ok
20:35:43.0494 0x05c8 [ FC43C9C666A1F5F288091BF2140ADA59, F3F7950B97046E6A8DBA676C764C74F438F69781CC447C6D2F0CB658AB7D256E ] usbUDisc C:\Windows\system32\DRIVERS\USBDrv.sys
20:35:43.0530 0x05c8 usbUDisc - ok
20:35:43.0557 0x05c8 [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:35:43.0578 0x05c8 usbuhci - ok
20:35:43.0614 0x05c8 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
20:35:43.0698 0x05c8 UxSms - ok
20:35:43.0710 0x05c8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc C:\Windows\system32\lsass.exe
20:35:43.0730 0x05c8 VaultSvc - ok
20:35:43.0752 0x05c8 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:35:43.0771 0x05c8 vdrvroot - ok
20:35:43.0825 0x05c8 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
20:35:43.0879 0x05c8 vds - ok
20:35:43.0915 0x05c8 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:35:43.0931 0x05c8 vga - ok
20:35:43.0946 0x05c8 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:35:43.0975 0x05c8 VgaSave - ok
20:35:44.0012 0x05c8 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:35:44.0031 0x05c8 vhdmp - ok
20:35:44.0059 0x05c8 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:35:44.0073 0x05c8 viaagp - ok
20:35:44.0092 0x05c8 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:35:44.0121 0x05c8 ViaC7 - ok
20:35:44.0159 0x05c8 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
20:35:44.0171 0x05c8 viaide - ok
20:35:44.0187 0x05c8 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:35:44.0202 0x05c8 volmgr - ok
20:35:44.0221 0x05c8 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:35:44.0250 0x05c8 volmgrx - ok
20:35:44.0264 0x05c8 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:35:44.0286 0x05c8 volsnap - ok
20:35:44.0305 0x05c8 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:35:44.0322 0x05c8 vsmraid - ok
20:35:44.0423 0x05c8 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
20:35:44.0546 0x05c8 VSS - ok
20:35:44.0586 0x05c8 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:35:44.0679 0x05c8 vwifibus - ok
20:35:44.0708 0x05c8 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:35:44.0743 0x05c8 vwififlt - ok
20:35:44.0789 0x05c8 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
20:35:44.0833 0x05c8 W32Time - ok
20:35:44.0856 0x05c8 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:35:44.0872 0x05c8 WacomPen - ok
20:35:44.0900 0x05c8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:35:44.0928 0x05c8 WANARP - ok
20:35:44.0942 0x05c8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:35:44.0967 0x05c8 Wanarpv6 - ok
20:35:45.0051 0x05c8 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:35:45.0111 0x05c8 WatAdminSvc - ok
20:35:45.0183 0x05c8 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
20:35:45.0314 0x05c8 wbengine - ok
20:35:45.0376 0x05c8 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:35:45.0436 0x05c8 WbioSrvc - ok
20:35:45.0482 0x05c8 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:35:45.0519 0x05c8 wcncsvc - ok
20:35:45.0536 0x05c8 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:35:45.0603 0x05c8 WcsPlugInService - ok
20:35:45.0636 0x05c8 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:35:45.0649 0x05c8 Wd - ok
20:35:45.0699 0x05c8 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:35:45.0730 0x05c8 Wdf01000 - ok
20:35:45.0743 0x05c8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:35:45.0778 0x05c8 WdiServiceHost - ok
20:35:45.0792 0x05c8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:35:45.0811 0x05c8 WdiSystemHost - ok
20:35:45.0852 0x05c8 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
20:35:45.0930 0x05c8 WebClient - ok
20:35:45.0946 0x05c8 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:35:45.0980 0x05c8 Wecsvc - ok
20:35:45.0991 0x05c8 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:35:46.0018 0x05c8 wercplsupport - ok
20:35:46.0041 0x05c8 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
20:35:46.0077 0x05c8 WerSvc - ok
20:35:46.0114 0x05c8 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:35:46.0147 0x05c8 WfpLwf - ok
20:35:46.0162 0x05c8 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:35:46.0174 0x05c8 WIMMount - ok
20:35:46.0276 0x05c8 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:35:46.0373 0x05c8 WinDefend - ok
20:35:46.0387 0x05c8 WinHttpAutoProxySvc - ok
20:35:46.0473 0x05c8 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:35:46.0522 0x05c8 Winmgmt - ok
20:35:46.0588 0x05c8 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
20:35:46.0669 0x05c8 WinRM - ok
20:35:46.0726 0x05c8 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:35:46.0754 0x05c8 WinUsb - ok
20:35:46.0826 0x05c8 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:35:46.0915 0x05c8 Wlansvc - ok
20:35:47.0023 0x05c8 [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:35:47.0057 0x05c8 wlcrasvc - ok
20:35:47.0196 0x05c8 [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:35:47.0291 0x05c8 wlidsvc - ok
20:35:47.0325 0x05c8 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:35:47.0347 0x05c8 WmiAcpi - ok
20:35:47.0384 0x05c8 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:35:47.0413 0x05c8 wmiApSrv - ok
20:35:47.0527 0x05c8 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:35:47.0685 0x05c8 WMPNetworkSvc - ok
20:35:47.0730 0x05c8 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:35:47.0841 0x05c8 WPCSvc - ok
20:35:47.0881 0x05c8 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:35:47.0942 0x05c8 WPDBusEnum - ok
20:35:47.0973 0x05c8 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:35:48.0007 0x05c8 ws2ifsl - ok
20:35:48.0023 0x05c8 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
20:35:48.0081 0x05c8 wscsvc - ok
20:35:48.0085 0x05c8 WSearch - ok
20:35:48.0199 0x05c8 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
20:35:48.0293 0x05c8 wuauserv - ok
20:35:48.0331 0x05c8 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:35:48.0399 0x05c8 WudfPf - ok
20:35:48.0537 0x05c8 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:35:48.0598 0x05c8 WUDFRd - ok
20:35:48.0632 0x05c8 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:35:48.0671 0x05c8 wudfsvc - ok
20:35:48.0708 0x05c8 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:35:48.0736 0x05c8 WwanSvc - ok
20:35:48.0761 0x05c8 ================ Scan global ===============================
20:35:48.0802 0x05c8 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
20:35:48.0840 0x05c8 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:35:48.0855 0x05c8 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:35:48.0888 0x05c8 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:35:48.0929 0x05c8 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
20:35:48.0939 0x05c8 [ Global ] - ok
20:35:48.0940 0x05c8 ================ Scan MBR ==================================
20:35:48.0952 0x05c8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:35:49.0425 0x05c8 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
20:35:49.0425 0x05c8 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:35:52.0211 0x05c8 ================ Scan VBR ==================================
20:35:52.0218 0x05c8 [ 60AD8A8AA3221E06E720AB2972972C58 ] \Device\Harddisk0\DR0\Partition1
20:35:52.0221 0x05c8 \Device\Harddisk0\DR0\Partition1 - ok
20:35:52.0249 0x05c8 [ E2B0B34774576C57E471B4FE88918E8D ] \Device\Harddisk0\DR0\Partition2
20:35:52.0251 0x05c8 \Device\Harddisk0\DR0\Partition2 - ok
20:35:52.0252 0x05c8 Waiting for KSN requests completion. In queue: 7
20:35:53.0252 0x05c8 Waiting for KSN requests completion. In queue: 7
20:35:54.0252 0x05c8 Waiting for KSN requests completion. In queue: 7
20:35:55.0285 0x05c8 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.3.219.0 ), 0x61000 ( enabled : updated )
20:35:55.0362 0x05c8 Win FW state via NFP2: enabled
20:35:58.0231 0x05c8 ============================================================
20:35:58.0231 0x05c8 Scan finished
20:35:58.0231 0x05c8 ============================================================
20:35:58.0246 0x1088 Detected object count: 1
20:35:58.0246 0x1088 Actual detected object count: 1
20:36:24.0170 0x1088 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:36:24.0187 0x1088 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
20:36:24.0206 0x1088 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
20:36:24.0222 0x1088 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:36:24.0238 0x1088 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
20:36:24.0457 0x1088 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
20:36:24.0465 0x1088 \Device\Harddisk0\DR0\TDLFS - deleted
20:36:24.0465 0x1088 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
C:\511cc9072d2f0e169e97\ZH-TW folder moved successfully.
C:\511cc9072d2f0e169e97\ZH-CN folder moved successfully.
C:\511cc9072d2f0e169e97\x86 folder moved successfully.
C:\511cc9072d2f0e169e97\VI-VN folder moved successfully.
C:\511cc9072d2f0e169e97\UK-UA folder moved successfully.
C:\511cc9072d2f0e169e97\TR-TR folder moved successfully.
C:\511cc9072d2f0e169e97\TH-TH folder moved successfully.
C:\511cc9072d2f0e169e97\SV-SE folder moved successfully.
C:\511cc9072d2f0e169e97\sr-Latn-CS folder moved successfully.
C:\511cc9072d2f0e169e97\SK-SK folder moved successfully.
C:\511cc9072d2f0e169e97\SCEP folder moved successfully.
C:\511cc9072d2f0e169e97\RU-RU folder moved successfully.
C:\511cc9072d2f0e169e97\RO-RO folder moved successfully.
C:\511cc9072d2f0e169e97\qps-plocm folder moved successfully.
C:\511cc9072d2f0e169e97\qps-ploc folder moved successfully.
C:\511cc9072d2f0e169e97\PT-PT folder moved successfully.
C:\511cc9072d2f0e169e97\PT-BR folder moved successfully.
C:\511cc9072d2f0e169e97\PL-PL folder moved successfully.
C:\511cc9072d2f0e169e97\NL-NL folder moved successfully.
C:\511cc9072d2f0e169e97\NB-NO folder moved successfully.
C:\511cc9072d2f0e169e97\MSEPrerelease folder moved successfully.
C:\511cc9072d2f0e169e97\MSE folder moved successfully.
C:\511cc9072d2f0e169e97\LV-LV folder moved successfully.
C:\511cc9072d2f0e169e97\LT-LT folder moved successfully.
C:\511cc9072d2f0e169e97\KO-KR folder moved successfully.
C:\511cc9072d2f0e169e97\JA-JP folder moved successfully.
C:\511cc9072d2f0e169e97\IT-IT folder moved successfully.
C:\511cc9072d2f0e169e97\INTUNE folder moved successfully.
C:\511cc9072d2f0e169e97\HU-HU folder moved successfully.
C:\511cc9072d2f0e169e97\HR-HR folder moved successfully.
C:\511cc9072d2f0e169e97\FR-FR folder moved successfully.
C:\511cc9072d2f0e169e97\FI-FI folder moved successfully.
C:\511cc9072d2f0e169e97\FEP folder moved successfully.
C:\511cc9072d2f0e169e97\ET-EE folder moved successfully.
C:\511cc9072d2f0e169e97\ES-ES folder moved successfully.
C:\511cc9072d2f0e169e97\EPP folder moved successfully.
C:\511cc9072d2f0e169e97\EN-US folder moved successfully.
C:\511cc9072d2f0e169e97\EL-GR folder moved successfully.
C:\511cc9072d2f0e169e97\DE-DE folder moved successfully.
C:\511cc9072d2f0e169e97\DA-DK folder moved successfully.
C:\511cc9072d2f0e169e97\CS-CZ folder moved successfully.
C:\511cc9072d2f0e169e97\BG-BG folder moved successfully.
C:\511cc9072d2f0e169e97 folder moved successfully.
C:\a2f550b11f776f8b8abeb5 folder moved successfully.
C:\357d6b81005bee2fba50b1102d3e folder moved successfully.
C:\c30aaae8a563c9d410af849b\ZH-TW folder moved successfully.
C:\c30aaae8a563c9d410af849b\ZH-CN folder moved successfully.
C:\c30aaae8a563c9d410af849b\x86 folder moved successfully.
C:\c30aaae8a563c9d410af849b\VI-VN folder moved successfully.
C:\c30aaae8a563c9d410af849b\UK-UA folder moved successfully.
C:\c30aaae8a563c9d410af849b\TR-TR folder moved successfully.
C:\c30aaae8a563c9d410af849b\TH-TH folder moved successfully.
C:\c30aaae8a563c9d410af849b\SV-SE folder moved successfully.
C:\c30aaae8a563c9d410af849b\sr-Latn-CS folder moved successfully.
C:\c30aaae8a563c9d410af849b\SK-SK folder moved successfully.
C:\c30aaae8a563c9d410af849b\SCEP folder moved successfully.
C:\c30aaae8a563c9d410af849b\RU-RU folder moved successfully.
C:\c30aaae8a563c9d410af849b\RO-RO folder moved successfully.
C:\c30aaae8a563c9d410af849b\qps-plocm folder moved successfully.
C:\c30aaae8a563c9d410af849b\qps-ploc folder moved successfully.
C:\c30aaae8a563c9d410af849b\PT-PT folder moved successfully.
C:\c30aaae8a563c9d410af849b\PT-BR folder moved successfully.
C:\c30aaae8a563c9d410af849b\PL-PL folder moved successfully.
C:\c30aaae8a563c9d410af849b\NL-NL folder moved successfully.
C:\c30aaae8a563c9d410af849b\NB-NO folder moved successfully.
C:\c30aaae8a563c9d410af849b\MSEPrerelease folder moved successfully.
C:\c30aaae8a563c9d410af849b\MSE folder moved successfully.
C:\c30aaae8a563c9d410af849b\LV-LV folder moved successfully.
C:\c30aaae8a563c9d410af849b\LT-LT folder moved successfully.
C:\c30aaae8a563c9d410af849b\KO-KR folder moved successfully.
C:\c30aaae8a563c9d410af849b\JA-JP folder moved successfully.
C:\c30aaae8a563c9d410af849b\IT-IT folder moved successfully.
C:\c30aaae8a563c9d410af849b\INTUNE folder moved successfully.
C:\c30aaae8a563c9d410af849b\HU-HU folder moved successfully.
C:\c30aaae8a563c9d410af849b\HR-HR folder moved successfully.
C:\c30aaae8a563c9d410af849b\FR-FR folder moved successfully.
C:\c30aaae8a563c9d410af849b\FI-FI folder moved successfully.
C:\c30aaae8a563c9d410af849b\FEP folder moved successfully.
C:\c30aaae8a563c9d410af849b\ET-EE folder moved successfully.
C:\c30aaae8a563c9d410af849b\ES-ES folder moved successfully.
C:\c30aaae8a563c9d410af849b\EPP folder moved successfully.
C:\c30aaae8a563c9d410af849b\EN-US folder moved successfully.
C:\c30aaae8a563c9d410af849b\EL-GR folder moved successfully.
C:\c30aaae8a563c9d410af849b\DE-DE folder moved successfully.
C:\c30aaae8a563c9d410af849b\DA-DK folder moved successfully.
C:\c30aaae8a563c9d410af849b\CS-CZ folder moved successfully.
C:\c30aaae8a563c9d410af849b\BG-BG folder moved successfully.
C:\c30aaae8a563c9d410af849b folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: SHawn
->Temp folder emptied: 109810408 bytes
->Temporary Internet Files folder emptied: 103258153 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 263816122 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125806 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 188383345 bytes

Total Files Cleaned = 635.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10282013_203908

Files\Folders moved on Reboot...
File move failed. C:\Users\SHawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ComboFix 13-10-28.01 - SHawn 10/28/13 20:59:33.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2048.1174 [GMT -3:00]
Running from: c:\users\SHawn\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\programdata\wxDfast
c:\programdata\wxDfast\content.js
c:\programdata\wxDfast\settings.ini
c:\users\SHawn\AppData\Roaming\LocalLow
c:\users\SHawn\AppData\Roaming\LocalLow\GBTemp\svrver.ini
c:\users\SHawn\AppData\Roaming\SearchProtect
c:\users\SHawn\AppData\Roaming\SearchProtect\bin\msvcp100.dll
c:\users\SHawn\AppData\Roaming\SearchProtect\bin\msvcr100.dll
c:\users\SHawn\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\users\SHawn\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\SHawn\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
.
.
((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-29 )))))))))))))))))))))))))))))))
.
.
2013-10-29 00:15 . 2013-10-29 00:15 -------- d-----w- c:\users\SHawn\AppData\Local\temp
2013-10-29 00:15 . 2013-10-29 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-28 23:36 . 2013-10-28 23:36 -------- d-----w- C:\TDSSKiller_Quarantine
2013-10-28 21:24 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD474D4A-F68D-4CF1-9573-4ADFEE85B6F4}\mpengine.dll
2013-10-27 17:52 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-27 16:12 . 2013-10-27 16:12 -------- d-----w- C:\_OTL
2013-10-19 11:11 . 2013-10-17 14:14 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADF0E522-1BBC-4983-8B93-AB0ABEF216CF}\gapaengine.dll
2013-10-15 19:50 . 2013-10-15 19:50 -------- d-----w- c:\program files\GUM4161.tmp
2013-10-15 19:50 . 2013-10-15 19:50 50053120 ----a-w- c:\program files\GUT4162.tmp
2013-10-15 00:22 . 2013-10-15 00:22 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-13 00:07 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-13 00:07 . 2013-07-03 04:02 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-13 00:07 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-13 00:07 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-13 00:07 . 2013-09-14 00:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-13 00:07 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-13 00:07 . 2013-09-08 02:03 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-13 00:05 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-13 00:05 . 2013-07-12 10:07 80896 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-13 00:05 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-12 12:35 . 2013-10-12 13:27 -------- d-----w- c:\users\SHawn\AppData\Local\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-15 00:22 . 2012-07-11 20:02 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-15 00:22 . 2011-06-18 22:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-26 11:59 . 2013-09-26 12:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-26 11:59 . 2012-07-11 11:26 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-26 11:59 . 2011-06-26 16:04 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-11 02:18 . 2013-09-11 02:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-05 21:49 . 2012-10-20 11:31 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-30 07:47 . 2010-04-07 02:33 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-05 01:56 . 2013-09-12 00:15 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50 . 2013-09-12 00:15 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-12 00:15 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-12 00:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-12 00:15 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-12 00:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 00:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 00:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 00:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 20:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 20:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 20:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 20:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 20:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 20:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
.
c:\users\SHawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2012-09-27 19:02 1279120 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConduitFloatingPlugin_gpaiibklhaneknloaoccoidbaffjjlnb]
1617-11-28 14:41 287008 ----a-w- c:\program files\Conduit\CT3286042\plugins\TBVerifier.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-08-12 13:11 995176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VivoxHDN]
2011-12-19 13:22 8508264 ----a-w- c:\users\SHawn\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\SHawn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376]
R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [2013-09-11 97008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-10-08 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-10-08 63872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [2010-12-21 13824]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswKbd;aswKbd; [x]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [2013-08-20 330960]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-09-11 148688]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-09-11 222416]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-09-11 1435928]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-04 746496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 00:22]
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 01:15]
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 01:15]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433745752-1580000231-467868225-1000Core.job
- c:\users\SHawn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-07 02:26]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433745752-1580000231-467868225-1000UA.job
- c:\users\SHawn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-07 02:26]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-dleamon - c:\program files\Dell V310-V510 Series\dleamon.exe
MSConfigStartUp-EzPrint - c:\program files\Dell V310-V510 Series\ezprint.exe
MSConfigStartUp-OtShot - c:\program files\OtShot\otshot.exe
MSConfigStartUp-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
AddRemove-Browsersafeguard - c:\program files\Browsersafeguard\uninstall.browsersafeguard.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-28 21:20:55
ComboFix-quarantined-files.txt 2013-10-29 00:20
.
Pre-Run: 34,369,941,504 bytes free
Post-Run: 34,126,659,584 bytes free
.
- - End Of File - - 4C828F3DBFDA16A1D6AC2FBDAD6ECA6D
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#10
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,301 posts
I'm glad everything ran OK. The logs look better but we still have some work to do. TDSSKiller got the rest of the rootkit, but I want to do one additional scan to make sure there aren't any other variants. Plus some additional scans.


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console<---VERY IMPORTANT
  • NOTE: Since you don't have a 64-bit system the Include 64-bit Scans box should not be available.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
2. The AdwCleaner[R0].txt log
3. The FSS.txt log
  • 0
<

Advertisement


#11
phillip245

phillip245

    Member

  • Member
  • PipPip
  • 31 posts
godawgs got all of the logs hope they are helpful thank you again for all your time and effort.

Phillip

OTL logfile created on: 10/29/13 7:29:22 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SHawn\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.76% Memory free
4.00 Gb Paging File | 2.38 Gb Available in Paging File | 59.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.22 Gb Total Space | 30.43 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 28.59 Gb Free Space | 29.27% Space Free | Partition Type: NTFS

Computer Name: PHILLIP | User Name: SHawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/29 16:24:04 | 000,375,072 | ---- | M] (Conduit Ltd.) -- C:\Users\SHawn\AppData\Local\NativeMessaging\CT3286042\1_0_0_2\TBMessagingHost.exe
PRC - [2013/10/28 08:58:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHawn\Desktop\OTL.exe
PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/08/12 10:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/28 10:19:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/14 17:28:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 17:27:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/08 21:02:43 | 000,415,184 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 21:02:41 | 004,055,504 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 21:01:50 | 000,698,832 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 21:01:49 | 000,099,792 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 21:01:47 | 001,604,560 | ---- | M] () -- C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/09/12 07:42:26 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/12 07:42:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/20 09:23:54 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/08/14 18:36:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 18:36:09 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\439eb22c3f6967beb8a3364626883423\System.Xml.ni.dll
MOD - [2013/08/14 18:35:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 19:35:01 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/11 19:34:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/22 17:36:26 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3257.27114__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:26 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3257.27112__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:26 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3257.27113__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:26 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3257.27114__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3257.27109__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3257.27109__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011/08/22 17:36:25 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011/08/22 17:36:25 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011/08/22 17:36:25 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011/08/22 17:36:23 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:22 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:22 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/08/22 17:36:20 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/08/22 17:36:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3218.28700__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/08/22 17:36:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/08/22 17:36:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/08/22 17:36:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/08/22 17:36:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/08/22 17:36:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/08/22 17:36:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/08/22 17:36:17 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/08/22 17:36:17 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/08/22 17:36:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2011/08/22 17:36:17 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/08/22 17:36:16 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/08/22 17:36:16 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/08/22 17:36:16 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/08/22 17:36:16 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/08/22 17:36:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/08/22 17:36:16 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/08/22 17:36:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/08/22 17:36:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/08/22 17:36:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2011/08/22 17:36:15 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/08/22 17:36:15 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/08/22 17:36:15 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2011/08/22 17:36:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/08/22 17:36:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/08/22 17:36:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/08/22 17:36:15 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Services (SafeList) ==========

SRV - [2013/10/14 21:22:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/28 10:19:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/23 23:01:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/07 05:34:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SHawn\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/09/10 23:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 23:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 23:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/20 09:23:48 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/12/21 11:56:40 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/08 13:45:16 | 000,063,872 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009/10/08 13:45:16 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 19:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/04 10:31:28 | 000,746,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/04/30 20:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 19:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 19:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 A9 11 06 E0 9F CD 01 [binary data]
IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/...q={searchTerms}
IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/...q={searchTerms}
IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SHawn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SHawn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://msn.ca/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SHawn\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\SHawn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Bobsled by T-Mobile = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgbddncklanadehifhcogjjfdolghnl\1.20.3.13868_0\
CHR - Extension: KeyBar 1.8 = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.21.1.507_0\
CHR - Extension: KeyBar 1.8 = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.22.0.588_0\
CHR - Extension: KeyBar 1.8 = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb\10.22.0.588_0\nativeMessaging\nmHost
CHR - Extension: Chrome In-App Payments service = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/28 21:15:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2433745752-1580000231-467868225-1000..\Run: [TBHostSupport] C:\Users\SHawn\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2433745752-1580000231-467868225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4264F02C-9CDD-4EFA-BDE9-D4FAD3A68E16}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52834E69-2AC2-453B-A82C-378FE6E31359}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/10/29 16:24:27 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\TBHostSupport
[2013/10/29 16:24:27 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\NativeMessaging
[2013/10/28 21:21:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/28 21:20:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/28 21:20:59 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\temp
[2013/10/28 20:56:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/28 20:56:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/28 20:56:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/28 20:56:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/28 20:55:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/28 20:54:16 | 005,137,071 | R--- | C] (Swearware) -- C:\Users\SHawn\Desktop\ComboFix.exe
[2013/10/28 20:36:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/10/28 20:33:14 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SHawn\Desktop\tdsskiller (1).exe
[2013/10/28 09:25:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\SHawn\Desktop\aswmbr.exe
[2013/10/28 08:58:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SHawn\Desktop\OTL.exe
[2013/10/28 08:38:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SHawn\Desktop\tdsskiller.exe
[2013/10/27 17:03:31 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Roaming\Mozilla
[2013/10/27 13:12:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/14 21:22:28 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/10/12 21:54:55 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/12 21:54:52 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/12 21:54:51 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/12 21:54:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/10/12 21:54:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/12 21:54:46 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/12 21:54:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/10/12 21:54:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/10/12 21:54:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/10/12 21:54:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/10/12 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\{A3DE190D-5D42-4AC8-9C7B-CA24A7E1B12B}
[2013/10/12 21:07:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/10/12 21:07:11 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/12 21:06:50 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/10/12 21:06:50 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/10/12 21:06:49 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/10/12 21:06:40 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/12 21:06:36 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/12 21:06:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/10/12 21:06:35 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/10/12 21:06:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/12 21:06:32 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/10/12 21:06:22 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/12 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\SHawn\AppData\Local\LogMeIn Rescue Applet
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/29 19:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 19:21:35 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2433745752-1580000231-467868225-1000UA.job
[2013/10/29 19:21:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/29 18:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 09:08:27 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 07:53:53 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 07:53:53 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 07:48:22 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/28 21:15:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/28 20:55:11 | 005,137,071 | R--- | M] (Swearware) -- C:\Users\SHawn\Desktop\ComboFix.exe
[2013/10/28 20:33:19 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SHawn\Desktop\tdsskiller (1).exe
[2013/10/28 09:27:09 | 000,001,078 | ---- | M] () -- C:\Users\SHawn\Desktop\OTL1.lnk
[2013/10/28 09:26:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\SHawn\Desktop\aswmbr.exe
[2013/10/28 08:58:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHawn\Desktop\OTL.exe
[2013/10/28 08:38:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SHawn\Desktop\tdsskiller.exe
[2013/10/27 19:57:34 | 000,056,320 | ---- | M] () -- C:\Users\SHawn\Documents\PhillipsCynthias.12t
[2013/10/27 19:00:22 | 000,000,512 | ---- | M] () -- C:\Users\SHawn\Desktop\MBR.dat
[2013/10/27 18:07:22 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/27 18:07:22 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/27 18:06:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/27 18:06:12 | 000,002,117 | ---- | M] () -- C:\Users\SHawn\Desktop\Microsoft Security Essentials.lnk
[2013/10/27 01:03:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2433745752-1580000231-467868225-1000Core.job
[2013/10/18 20:59:46 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/14 21:22:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/14 21:22:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/10/14 21:22:30 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/28 20:56:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/28 20:56:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/28 20:56:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/28 20:56:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/28 20:56:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/28 09:27:09 | 000,001,078 | ---- | C] () -- C:\Users\SHawn\Desktop\OTL1.lnk
[2013/10/27 19:57:16 | 000,056,320 | ---- | C] () -- C:\Users\SHawn\Documents\PhillipsCynthias.12t
[2013/10/27 16:44:25 | 000,000,512 | ---- | C] () -- C:\Users\SHawn\Desktop\MBR.dat
[2013/08/23 13:27:51 | 000,007,624 | ---- | C] () -- C:\Users\SHawn\AppData\Local\Resmon.ResmonCfg
[2013/06/27 16:17:19 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 14:13:42 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 14:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/05/27 14:02:05 | 000,007,680 | ---- | C] () -- C:\Windows\System32\GBSinkps.dll
[2013/05/27 14:02:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\GBSink.dll
[2013/05/27 14:02:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GBProxy.exe
[2013/05/27 14:02:04 | 000,004,608 | ---- | C] () -- C:\Windows\System32\GBProxyps.dll
[2013/05/27 14:01:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\JPNXRES.dll
[2013/05/27 14:01:54 | 000,442,368 | ---- | C] () -- C:\Windows\System32\GBSinkCli.exe
[2013/05/27 14:01:54 | 000,184,320 | ---- | C] () -- C:\Windows\System32\JPNRES.dll
[2013/05/27 14:01:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\GBzipdll.dll
[2013/05/18 11:20:51 | 000,000,449 | ---- | C] () -- C:\Users\SHawn\.powerschool_gradebook.properties
[2013/05/18 11:17:44 | 000,000,012 | ---- | C] () -- C:\Users\SHawn\.gradebook_userdict.tlx
[2013/05/18 11:17:40 | 000,002,711 | ---- | C] () -- C:\Users\SHawn\powerschool-gradebook_custom_bundle.jar
[2013/05/18 11:17:40 | 000,002,700 | ---- | C] () -- C:\Users\SHawn\powerschool-gradebook_custom_bundle.jar.gz
[2012/12/21 11:32:53 | 000,000,685 | ---- | C] () -- C:\Users\SHawn\Libraries - Shortcut.lnk
[2010/09/12 21:41:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 08:35:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 08:35:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/09/30 15:00:20 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\AnvSoft
[2010/04/23 23:05:45 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Autodesk
[2012/10/11 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\AVG
[2012/04/27 20:14:49 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Babylon
[2013/04/24 11:31:31 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\BHOK IT Consulting
[2013/10/12 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\BitTorrent
[2012/12/16 13:54:41 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\calibre
[2013/09/13 09:22:51 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Canon
[2011/10/11 20:32:35 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Goto.Games
[2010/09/08 15:03:17 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Leadertech
[2010/04/07 00:38:29 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Opera
[2010/04/14 20:14:59 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\StreamTorrent
[2012/10/11 09:54:22 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\TuneUp Software
[2012/04/23 18:23:48 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\uTorrent
[2010/11/30 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\SHawn\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 22:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 01:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 22:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 09:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 09:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 02:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 22:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 18:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/09 01:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 09:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 09:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 02:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 22:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 22:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 22:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 09:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/13 22:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 22:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 22:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 22:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 13:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 22:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 07:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 02:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 02:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 22:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 09:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 09:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 22:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 02:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 22:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 09:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 09:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 09:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 09:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 22:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 01:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 09:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 09:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 09:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 09:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 09:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 09:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 09:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 09:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 22:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 19:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 09:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 22:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 09:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 02:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 02:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 02:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 02:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 03:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 09:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\Windows.old\Windows\system32\dllcache\qmgr.dll
[2004/08/04 09:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\Windows.old\Windows\system32\qmgr.dll
[2009/07/13 22:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2008/04/13 21:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\Windows.old\Windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[2010/11/20 09:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
[2010/11/20 09:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 09:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SERVICES >
[2004/08/04 09:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\Windows.old\Windows\system32\drivers\etc\services
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2013/09/03 10:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 14:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\Windows.old\Windows\system32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 23:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 23:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2007/10/25 22:11:00 | 000,001,602 | ---- | M] () MD5=A4391A64C9340FE233C49E1E109AB2BB -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.LZP >
[2008/02/10 20:09:28 | 000,085,234 | ---- | M] () MD5=31BE0BECC312D0F62248DD290FA5B10D -- C:\_OTL\MovedFiles\10272013_131224\C_$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\ISE\smartmodel\nt\image\pcnt\services\services.lzp

< MD5 for: SERVICES.MOF >
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 23:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 23:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2004/08/04 09:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\Windows.old\Windows\system32\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2004/08/04 09:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\Windows.old\Windows\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 02:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2007/10/25 22:35:31 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=6E8CA4FCB30282F216F5DB9DD58A5F81 -- C:\Windows.old\Windows\system32\winlogon.exe
[2009/07/13 22:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 09:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows.old\Windows\system32\dllcache\winsock.dll
[2004/08/04 09:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows.old\Windows\system32\winsock.dll
[2009/07/13 18:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 18:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/13 18:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< MD5 for: WINSOCK.H >
[2007/01/08 17:15:08 | 000,016,844 | ---- | M] () MD5=1B1E1C121D482250CEADFDA6DF171877 -- C:\_OTL\MovedFiles\10272013_131224\C_$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\DSP_Tools\AccelDSP\lib\C\gcc\include\winsock.h
[2008/02/10 20:13:46 | 000,016,152 | ---- | M] () MD5=2FA437AA1B3630560D6F842958896144 -- C:\_OTL\MovedFiles\10272013_131224\C_$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\ISE\gnu\MinGW\2.0.0-3\nt\include\winsock.h
[2008/02/10 20:13:46 | 000,016,309 | ---- | M] () MD5=DCD0A00E37AC6E431229C35D0C6CD500 -- C:\_OTL\MovedFiles\10272013_131224\C_$Recycle.bin\S-1-5-21-2433745752-1580000231-467868225-1000\$RTOAHHR\10.1\ISE\gnu\MinGW\5.0.0\nt\include\winsock.h

< MD5 for: WSHELPER.DLL >
[2009/07/13 22:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 22:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 30A8-B7E7
Directory of C:\
07/14/09 01:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/09 01:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/09 01:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/09 01:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/09 01:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/09 01:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/09 01:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/09 01:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/09 01:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/09 01:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/09 01:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/09 01:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/09 01:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/09 01:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/09 01:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/09 01:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/09 01:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/09 01:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/09 01:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/09 01:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/09 01:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/09 01:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/09 01:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/09 01:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/09 01:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/09 01:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/09 01:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/09 01:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/09 01:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/09 01:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/09 01:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/09 01:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/09 01:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\SHawn
04/06/10 10:37 PM <JUNCTION> Application Data [C:\Users\SHawn\AppData\Roaming]
04/06/10 10:37 PM <JUNCTION> Cookies [C:\Users\SHawn\AppData\Roaming\Microsoft\Windows\Cookies]
04/06/10 10:37 PM <JUNCTION> Local Settings [C:\Users\SHawn\AppData\Local]
04/06/10 10:37 PM <JUNCTION> My Documents [C:\Users\SHawn\Documents]
04/06/10 10:37 PM <JUNCTION> NetHood [C:\Users\SHawn\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/06/10 10:37 PM <JUNCTION> PrintHood [C:\Users\SHawn\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/06/10 10:37 PM <JUNCTION> Recent [C:\Users\SHawn\AppData\Roaming\Microsoft\Windows\Recent]
04/06/10 10:37 PM <JUNCTION> SendTo [C:\Users\SHawn\AppData\Roaming\Microsoft\Windows\SendTo]
04/06/10 10:37 PM <JUNCTION> Start Menu [C:\Users\SHawn\AppData\Roaming\Microsoft\Windows\Start Menu]
04/06/10 10:37 PM <JUNCTION> Templates [C:\Users\SHawn\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\SHawn\AppData\Local
04/06/10 10:37 PM <JUNCTION> Application Data [C:\Users\SHawn\AppData\Local]
04/06/10 10:37 PM <JUNCTION> History [C:\Users\SHawn\AppData\Local\Microsoft\Windows\History]
04/06/10 10:37 PM <JUNCTION> Temporary Internet Files [C:\Users\SHawn\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\SHawn\Documents
04/06/10 10:37 PM <JUNCTION> My Music [C:\Users\SHawn\Music]
04/06/10 10:37 PM <JUNCTION> My Pictures [C:\Users\SHawn\Pictures]
04/06/10 10:37 PM <JUNCTION> My Videos [C:\Users\SHawn\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
04/06/10 11:14 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/06/10 11:14 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
04/06/10 11:14 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
04/06/10 11:14 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/06/10 11:14 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/06/10 11:14 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
04/06/10 11:14 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
04/06/10 11:14 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
04/06/10 11:14 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
04/06/10 11:14 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/06/10 11:14 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/06/10 11:14 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
04/06/10 11:14 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
04/06/10 11:14 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
04/06/10 11:14 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\assembly\GAC_32\System.EnterpriseServices
10/17/09 04:07 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a [C:\Windows.old\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\assembly\GAC_MSIL\IEExecRemote
10/17/09 04:07 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a [C:\Windows.old\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 34,343,665,664 bytes free

< End of report >

# AdwCleaner v3.010 - Report created 29/10/2013 at 20:07:40
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : SHawn - PHILLIP
# Running from : C:\Users\SHawn\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

Folder Found : C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Folder Found : C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Folder Found : C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Searchprotect
Folder Found C:\Program Files\VisualBee_V.12
Folder Found C:\Program Files\Wajam
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\VisualBee
Folder Found C:\Users\SHawn\AppData\Local\Babylon
Folder Found C:\Users\SHawn\AppData\Local\Conduit
Folder Found C:\Users\SHawn\AppData\Local\visualbeeexe
Folder Found C:\Users\SHawn\AppData\Local\Wajam
Folder Found C:\Users\SHawn\AppData\LocalLow\Conduit
Folder Found C:\Users\SHawn\AppData\LocalLow\uTorrentControl2
Folder Found C:\Users\SHawn\AppData\LocalLow\VisualBee_V.12
Folder Found C:\Users\SHawn\AppData\Roaming\Babylon
Folder Found C:\Users\SHawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found C:\Users\SHawn\AppData\Roaming\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Found : HKCU\Software\AppDataLow\Software\VisualBee_V.12
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKCU\Software\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{53C4024F-5A2E-4F2A-B33E-E8784D730938}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Software\Wajam
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{53C4024F-5A2E-4F2A-B33E-E8784D730938}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C22E4D13-E98A-488B-A9D8-B51C15A35A23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CF49CBE-4287-452E-A829-25FCB90F21B8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C62D5D99-67F0-4A8F-9937-78D2BBBB929C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5E61CE0-80F2-4BC5-AA90-12AD0E7B0C55}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D90E1502-CC83-4872-AFA3-731B205D7D14}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader56473[1]_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader56473[1]_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C4024F-5A2E-4F2A-B33E-E8784D730938}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C22E4D13-E98A-488B-A9D8-B51C15A35A23}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\uTorrentControl2
Key Found : HKLM\Software\visualbee
Key Found : HKLM\Software\VisualBee_V.12
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{53C4024F-5A2E-4F2A-B33E-E8784D730938}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_jpkgnchjblgnciiopegmabnakdoapgkj]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{53C4024F-5A2E-4F2A-B33E-E8784D730938}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{53C4024F-5A2E-4F2A-B33E-E8784D730938}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3287811&octid=CT3287811&SearchSource=61&CUI=UN16448099801335417&UM=2&UP=SP93B55063-E0F2-4B7F-961A-DDCB2A62D7BC
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=CA&userid=d34fb298-69a3-4c45-9814-1e47de1aa0c6&searchtype=ds&q={searchTerms}

-\\ Google Chrome v

[ File : C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9449 octets] - [29/10/2013 20:07:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9509 octets] ##########

Farbar Service Scanner Version: 24-10-2013
Ran by SHawn (administrator) on 29-10-2013 at 20:44:12
Running from "C:\Users\SHawn\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-12 21:07] - [2013-09-13 21:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-12 21:07] - [2013-09-07 23:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 07:31] - [2013-07-09 01:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 08:00] - [2013-05-27 01:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#12
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,301 posts
You are welcome. Thanks for the logs. After this run please tell me how the computer is running.


I see evidence of the following Peer-to-Peer program(s) installed:

uTorrent
BitTorrent
uTorrentControl2
or uTorrent Toolbar

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.

Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

uTorrent
BitTorrent
uTorrentControl2
or uTorrent Toolbar

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Users\SHawn\AppData\Roaming\uTorrent
C:\Users\SHawn\AppData\Roaming\BitTorrent


2. Close Windows Explorer.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
To disable MBAM

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2013/10/29 16:24:04 | 000,375,072 | ---- | M] (Conduit Ltd.) -- C:\Users\SHawn\AppData\Local\NativeMessaging\CT3286042\1_0_0_2\TBMessagingHost.exe
DRV - [2013/05/09 05:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF
O4 - HKU\S-1-5-21-2433745752-1580000231-467868225-1000..\Run: [TBHostSupport] C:\Users\SHawn\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)

:FILES
C:\Users\SHawn\AppData\Local\TBHostSupport
C:\Users\SHawn\AppData\Local\NativeMessaging
C:\Users\Default\AppData\Roaming\TuneUp Software
C:\Users\Default User\AppData\Roaming\TuneUp Software
C:\Users\SHawn\AppData\Roaming\AVG
C:\Users\SHawn\AppData\Roaming\Babylon
C:\Users\SHawn\AppData\Roaming\TuneUp Software

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[S0].txt log
3. The JRT.txt log
4. Tell me how the computer is running now.
  • 0

#13
phillip245

phillip245

    Member

  • Member
  • PipPip
  • 31 posts
godawgs: I have a few issues that have come up 1)I believe my keyboard has just quit working.I am replying from my laptop,I will try to resolve the keyboard tomorrow. 2)when i reboot the computer I get a box up that says Quote there was a problem starting C:\Users\Shawn\AppData\Local\conduit\BackgroundContainer\BackgroundContainer.dll The specified module could not be found. I just click OK with the mouse and continue. I uninstalled Bit Torrent in Control panel but could not find U Torrent Toolbar or uTorrentControl2. I looked for the folders in C:\Users\Shawn but cannot find \AppData\Roaming\uTorrent or BitTorrent folders. 3)Tried to run JRT for 45 mins. but it just kept saying " Press any key to continue " nothing happened.

I will send the logs from my regular computer but this is from the laptop. I will try to get another keyboard soon.

Thanks Phillip
  • 0

#14
phillip245

phillip245

    Member

  • Member
  • PipPip
  • 31 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named TBMessagingHost.exe was found!
Error: Unable to stop service aswKbd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswKbd deleted successfully.
C:\Windows\System32\drivers\aswKbd.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com deleted successfully.
File C:\Program Files\Alwil Software\Avast5\WebRep\FF not found.
Registry value HKEY_USERS\S-1-5-21-2433745752-1580000231-467868225-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport not found.
C:\Users\SHawn\AppData\Local\TBHostSupport\TBHostSupport.dll moved successfully.
========== FILES ==========
C:\Users\SHawn\AppData\Local\TBHostSupport folder moved successfully.
C:\Users\SHawn\AppData\Local\NativeMessaging\CT3287811\1_0_0_2 folder moved successfully.
C:\Users\SHawn\AppData\Local\NativeMessaging\CT3287811 folder moved successfully.
C:\Users\SHawn\AppData\Local\NativeMessaging\CT3286042\1_0_0_2 folder moved successfully.
C:\Users\SHawn\AppData\Local\NativeMessaging\CT3286042 folder moved successfully.
C:\Users\SHawn\AppData\Local\NativeMessaging folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software folder moved successfully.
File\Folder C:\Users\Default User\AppData\Roaming\TuneUp Software not found.
C:\Users\SHawn\AppData\Roaming\AVG\AWL2012\TuningIndex folder moved successfully.
C:\Users\SHawn\AppData\Roaming\AVG\AWL2012\StartUp Manager folder moved successfully.
C:\Users\SHawn\AppData\Roaming\AVG\AWL2012\Dashboard folder moved successfully.
C:\Users\SHawn\AppData\Roaming\AVG\AWL2012\Backups folder moved successfully.
C:\Users\SHawn\AppData\Roaming\AVG\AWL2012 folder moved successfully.
C:\Users\SHawn\AppData\Roaming\AVG folder moved successfully.
C:\Users\SHawn\AppData\Roaming\Babylon folder moved successfully.
C:\Users\SHawn\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\SHawn\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\SHawn\AppData\Roaming\TuneUp Software folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: SHawn
->Temp folder emptied: 38414072 bytes
->Temporary Internet Files folder emptied: 20642645 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 62118465 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145754 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3409142 bytes

Total Files Cleaned = 119.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10302013_195826

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
# AdwCleaner v3.010 - Report created 30/10/2013 at 20:08:55
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : SHawn - PHILLIP
# Running from : C:\Users\SHawn\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\SHawn\AppData\Local\Babylon
Folder Deleted : C:\Users\SHawn\AppData\Local\Conduit
Folder Deleted : C:\Users\SHawn\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\SHawn\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\SHawn\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\SHawn\AppData\LocalLow\uTorrentControl2

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader56473[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader56473[1]_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_jpkgnchjblgnciiopegmabnakdoapgkj]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CF49CBE-4287-452E-A829-25FCB90F21B8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C62D5D99-67F0-4A8F-9937-78D2BBBB929C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\uTorrentControl2

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v

[ File : C:\Users\SHawn\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9589 octets] - [29/10/2013 20:07:40]
AdwCleaner[R1].txt - [5279 octets] - [30/10/2013 20:08:00]
AdwCleaner[S0].txt - [5137 octets] - [30/10/2013 20:08:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5197 octets] ##########
  • 0

#15
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,301 posts
Hi Phillip,

I think the removal of the Avast antivirus driver aswKbd.sys is causing the problem with the keyboard. Do you have any key board function if you boot into Safe Mode?
  • 0

Advertisement




Similar Topics: OS will not open [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured