Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hard Drive Mysteriously Filling Up With Data [Solved]

Started by Conrad 678 , Jan 22 2015 07:45 PM

This topic is locked

#1
Conrad 678

Posted 22 January 2015 - 07:45 PM

Member

Member
103 posts

I have a 1T hard drive that has been half empty up until a couple of days ago, and not it is mysteriously filling up with data, even though I haven't added any programs, or have even been on the computer that much. What can I do to resolve this?

Thanks!

Conrad

#2
dbreeze

Posted 22 January 2015 - 09:43 PM

Trusted Helper

Malware Removal
2,216 posts

Hi Conrad 678

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

You did not say if your system is 32 or 64 bit, so download both (if you don't know) and try to run each one. Only one will work on your system; that is the proper one to keep.

Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
If an update is available, the program will inform you and download the update. Allow it do this please.
Press the Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Conrad 678

Posted 23 January 2015 - 09:55 PM

Member

Topic Starter
Member
103 posts

Thanks dbreeze. Here are the 2 logs. Thank for your help.

Conrad

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by The Cross Family (administrator) on BALTHAZAAR on 23-01-2015 21:18:40
Running from C:\Users\The Cross Family\Desktop
Loaded Profiles: The Cross Family (Available profiles: The Cross Family)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\af65e71d-31c3-4462-81c1-ea97a71218ff.exe
(Farbar) C:\Users\The Cross Family\Desktop\FARBAR RECOVERY SCAN TOOL 64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The Cross Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The Cross Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The Cross Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The Cross Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-655021921-481352255-711363081-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-655021921-481352255-711363081-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-655021921-481352255-711363081-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=fp-yie11
HKU\S-1-5-21-655021921-481352255-711363081-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/?fr=fp-yie11
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope {AEEB4D6E-F934-4B71-BE9D-D6D55C3B247B} URL =
SearchScopes: HKU\S-1-5-21-655021921-481352255-711363081-1001 -> DefaultScope {7F9E2D3B-70C9-41D8-B9EF-71DF17886010} URL = http://www.google.co...1I7ADRA_enUS466
SearchScopes: HKU\S-1-5-21-655021921-481352255-711363081-1001 -> {19AEF087-A8F4-4B52-82C4-4CE8C43118DA} URL = https://search.yahoo...-8&fr=chr-yie11
SearchScopes: HKU\S-1-5-21-655021921-481352255-711363081-1001 -> {56215151-D805-41CB-92D7-4859E56FD385} URL = https://delicious.co...?p={searchTerms}
SearchScopes: HKU\S-1-5-21-655021921-481352255-711363081-1001 -> {776228B8-FE0C-48BC-A99A-7D399A39B280} URL = http://search.yahoo....&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-655021921-481352255-711363081-1001 -> {7F9E2D3B-70C9-41D8-B9EF-71DF17886010} URL = http://www.google.co...1I7ADRA_enUS466
SearchScopes: HKU\S-1-5-21-655021921-481352255-711363081-1001 -> {FE698C3E-102A-4D42-94B3-E3EA0B1637F7} URL = https://www.flickr.c...?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-655021921-481352255-711363081-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-04]
FF HKU\S-1-5-21-655021921-481352255-711363081-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (YouTube) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-24]
CHR Extension: (Google Search) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-24]
CHR Extension: (Avast Online Security) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-04]
CHR Extension: (Skype Click to Call) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-24]
CHR Extension: (Google Wallet) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]
CHR Extension: (Gmail) - C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-24]
CHR HKU\S-1-5-21-655021921-481352255-711363081-1001\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\The Cross Family\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\The Cross Family\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-13] (Avast Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
R3 FintekCIR; C:\Windows\System32\DRIVERS\FintekCIR.sys [30248 2009-11-13] (Fintek)
R3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [25080 2009-09-16] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-13] (Avast Software)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 21:18 - 2015-01-23 21:19 - 00021462 _____ () C:\Users\The Cross Family\Desktop\FRST.txt
2015-01-23 21:17 - 2015-01-23 21:18 - 00000000 ____D () C:\FRST
2015-01-23 21:17 - 2015-01-23 21:17 - 02126848 _____ (Farbar) C:\Users\The Cross Family\Desktop\FARBAR RECOVERY SCAN TOOL 64.exe
2015-01-16 17:29 - 2015-01-16 17:29 - 00000000 ____D () C:\Users\The Cross Family\AppData\Local\{BE5D39E0-5A02-4458-AB01-E496200EAAC3}
2015-01-16 17:29 - 2015-01-16 17:29 - 00000000 ____D () C:\Users\The Cross Family\AppData\Local\{3EB7F060-DF77-4AE3-8624-152B6D8BD424}
2015-01-16 17:15 - 2015-01-16 17:15 - 00000000 ____D () C:\Users\The Cross Family\AppData\Local\{BAF76B97-AD35-406A-A5E3-2923109BAA1D}
2015-01-15 21:17 - 2015-01-15 21:23 - 00000000 ____D () C:\Users\The Cross Family\Desktop\VIDEO_TS
2015-01-15 21:17 - 2014-12-11 09:22 - 00000000 ____D () C:\Users\The Cross Family\Desktop\AUDIO_TS
2015-01-15 21:15 - 2015-01-15 21:15 - 02661201 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2015-01-15_211519.ZIP
2015-01-14 18:19 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:19 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:19 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 18:19 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 18:19 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 18:19 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:19 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 18:19 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 18:18 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 18:18 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 18:18 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 18:18 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 18:18 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-11 23:54 - 2015-01-11 23:54 - 02661201 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2015-01-11_235358.ZIP
2015-01-10 18:59 - 2015-01-10 18:59 - 02574289 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2015-01-10_185946.ZIP
2014-12-25 12:23 - 2014-12-25 12:24 - 00172032 _____ () C:\Users\The Cross Family\Documents\Christmas Menu-2014.sig

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 21:18 - 2009-07-13 22:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 21:18 - 2009-07-13 22:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 21:17 - 2012-01-14 13:32 - 02051265 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 21:17 - 2009-07-13 23:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-04 19:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-23 21:11 - 2013-09-11 14:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 21:10 - 2014-01-05 15:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 21:10 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 21:10 - 2009-07-13 22:51 - 00430798 _____ () C:\Windows\setupact.log
2015-01-22 19:16 - 2012-01-07 19:36 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EEB956F7-701D-4F90-8997-5B37BB3CC214}
2015-01-22 19:14 - 2014-01-05 15:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-22 19:13 - 2014-05-05 17:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf68bb19efa59a.job
2015-01-22 19:13 - 2014-01-05 15:27 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 19:13 - 2014-01-05 15:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 13:38 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-16 17:29 - 2013-01-04 21:02 - 00000000 ____D () C:\Users\The Cross Family\AppData\Local\Windows Live
2015-01-16 17:28 - 2013-06-20 09:23 - 00000000 ____D () C:\Users\The Cross Family\AppData\Roaming\Real
2015-01-16 17:28 - 2013-06-20 09:23 - 00000000 ____D () C:\Program Files (x86)\Real
2015-01-16 17:28 - 2013-06-20 09:20 - 00000000 ____D () C:\ProgramData\Real
2015-01-16 17:28 - 2012-02-04 20:56 - 00000000 ____D () C:\Program Files (x86)\Web Publish
2015-01-16 17:06 - 2012-01-08 19:22 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-01-16 17:06 - 2012-01-08 19:22 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-01-16 17:06 - 2012-01-08 19:22 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-01-16 17:06 - 2012-01-08 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-01-15 21:15 - 2013-01-05 11:55 - 00000000 ____D () C:\Users\The Cross Family\AppData\Roaming\Blvd
2015-01-15 19:55 - 2014-12-13 13:04 - 00003366 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-655021921-481352255-711363081-1001
2015-01-15 19:55 - 2014-10-16 21:31 - 00003254 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-655021921-481352255-711363081-1001
2015-01-14 20:09 - 2013-08-18 21:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:59 - 2012-01-20 09:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2012-01-07 20:01 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 12:06 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======
2012-01-15 13:19 - 2012-01-15 13:19 - 2842674 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_111923.zdb
2012-01-15 16:10 - 2012-01-15 16:10 - 2842675 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_141048.zdb
2012-01-16 00:49 - 2012-01-16 00:49 - 2850107 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_224944.zdb
2012-01-18 09:52 - 2012-01-18 09:52 - 2862537 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-18_075206.zdb
2012-01-20 09:08 - 2012-01-20 09:08 - 2888193 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_070804.zdb
2012-01-20 15:14 - 2012-01-20 15:14 - 2888191 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_131452.zdb
2012-01-21 15:27 - 2012-01-21 15:27 - 2899672 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-21_132717.zdb
2012-01-22 21:51 - 2012-01-22 21:51 - 2901671 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-22_215154.zdb
2012-01-23 17:42 - 2012-01-23 17:42 - 2901671 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-23_174230.zdb
2012-01-24 16:33 - 2012-01-24 16:33 - 2902379 _____ () C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-24_163317.zdb
2014-06-25 10:41 - 2014-06-25 10:41 - 2678327 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2014-06-25_114105.ZIP
2014-07-04 07:51 - 2014-07-04 07:51 - 2570326 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2014-07-04_085104.ZIP
2014-07-07 06:29 - 2014-07-07 06:29 - 2656454 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2014-07-07_072937.ZIP
2014-07-08 19:32 - 2014-07-08 19:32 - 2656454 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2014-07-08_203247.ZIP
2014-08-22 09:41 - 2014-08-22 09:41 - 2570396 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2014-08-22_104110.ZIP
2014-08-22 20:29 - 2014-08-22 20:29 - 2656543 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2014-08-22_212949.ZIP
2014-11-27 17:31 - 2014-11-27 17:31 - 2571016 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2014-11-27_173117.ZIP
2015-01-10 18:59 - 2015-01-10 18:59 - 2574289 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2015-01-10_185946.ZIP
2015-01-11 23:54 - 2015-01-11 23:54 - 2661201 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2015-01-11_235358.ZIP
2015-01-15 21:15 - 2015-01-15 21:15 - 2661201 _____ () C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2015-01-15_211519.ZIP
2012-12-09 07:35 - 2012-12-09 07:36 - 95023320 ____T () C:\ProgramData\06811000sm.pad
2012-02-01 20:10 - 2014-01-24 15:03 - 0013230 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\06811000sm.pad

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 18:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by The Cross Family at 2015-01-23 21:19:43
Running from C:\Users\The Cross Family\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3100_3200_3300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
3100_3200_3300trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
3300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.5.0.4 (HKLM\...\ARIA Engine_is1) (Version: v1.5.0.4 - Plogue Art et Technologie, Inc)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Boulevard 2014 (HKLM-x32\...\{BA7B1397-786D-44FB-A1A4-702D7CCB60D5}) (Version: 19.03.102 - Main Street Software, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-655021921-481352255-711363081-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.3 - MakeMusic)
Finale PrintMusic 2010 (HKLM-x32\...\Finale PrintMusic 2010) (Version: 15.0.1.1 - MakeMusic)
Garritan ARIA Player vAppVersion=v1.504 (HKLM\...\__ARIA_1012___is1) (Version: v1.5.0.4 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v1.5.0.0 - Garritan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.11.31 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
The Print Shop 23 (HKLM-x32\...\{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}) (Version: 23.00 - Broderbund Software)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-655021921-481352255-711363081-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\The Cross Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-655021921-481352255-711363081-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\The Cross Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-655021921-481352255-711363081-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\The Cross Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-655021921-481352255-711363081-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\The Cross Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

16-12-2014 15:55:31 Windows Update
18-12-2014 07:00:26 Windows Update
23-12-2014 13:17:52 Windows Update
28-12-2014 00:34:27 Windows Update
03-01-2015 15:11:15 Windows Update
09-01-2015 09:40:20 Windows Update
14-01-2015 18:18:38 Windows Update
14-01-2015 19:59:08 Windows Update
16-01-2015 17:25:25 Removed Bonjour
16-01-2015 17:26:32 Removed Apple Application Support
20-01-2015 15:44:34 Windows Update
23-01-2015 21:15:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2013-11-01 19:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B92C90E-7FA2-4F09-B88D-19E5DBE8D1E0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1A920554-D87C-466F-A15F-15556646A0CB} - System32\Tasks\{7F0DCDF9-6846-4B1D-8E5B-66831A14F3F7} => Chrome.exe http://ui.skype.com/...?LastError=1618
Task: {3DD5DAA2-FB61-4887-8FE9-798944FCE480} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
Task: {4D06F294-5753-4DB7-8090-29FABE57ED18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.)
Task: {6066138C-9847-4C8C-B9F2-87EE5CBA4B7A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-655021921-481352255-711363081-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {66E60B70-0D43-4568-8871-5C408162CD20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.)
Task: {AAF40B51-FDAA-472B-90DF-4C4D3A7C6AE4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {AFF6BE24-6F22-4848-8002-017E687B5F58} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13] (AVAST Software)
Task: {BE29B335-F41F-4805-85BE-732F56E4B613} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {C96D8DCF-E0BA-4181-8B93-A634AC645CE8} - System32\Tasks\GoogleUpdateTaskMachineUA1cf68bb19efa59a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.)
Task: {D604579E-E5C7-48B2-ADA4-B194690B2324} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-655021921-481352255-711363081-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F52FB3C9-97F3-4235-8D95-38ACC7A91D53} - System32\Tasks\{FCADF5EA-83AF-4094-B9E9-7C6DEE31E223} => pcalua.exe -a "C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW040QKI\sp45602.exe" -d "C:\Users\The Cross Family\Desktop"
Task: {FABE9D3E-4DA7-4A05-AB6A-A27F7309CAD0} - System32\Tasks\{89BA761E-972E-43CA-B3D3-0F121C213B59} => pcalua.exe -a E:\setup.exe -d E:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf68bb19efa59a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-22 19:13 - 2015-01-22 19:13 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012202\algo.dll
2015-01-23 21:11 - 2015-01-23 21:11 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012301\algo.dll
2014-12-13 08:48 - 2014-12-13 08:48 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\The Cross Family\Documents\GIANT BOX O' FUN.nws:OECustomProperty
AlternateDataStreams: C:\Users\The Cross Family\Documents\Recipes, September 2012.nws:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\Windows\pss\Event Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-655021921-481352255-711363081-500 - Administrator - Disabled)
ASPNET (S-1-5-21-655021921-481352255-711363081-1006 - Limited - Enabled)
Guest (S-1-5-21-655021921-481352255-711363081-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-655021921-481352255-711363081-1004 - Limited - Enabled)
The Cross Family (S-1-5-21-655021921-481352255-711363081-1001 - Administrator - Enabled) => C:\Users\The Cross Family

==================== Faulty Device Manager Devices =============

Name: Photosmart 3300 series
Description: Photosmart 3300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Buttons and OSDs ACPI driver gen2
Description: Buttons and OSDs ACPI driver gen2
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ACPI
Service: ACPIService
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 09:10:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 02:10:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 02:10:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 02:10:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (01/23/2015 09:10:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee AP Service service failed to start due to the following error:
%%2

Error: (01/23/2015 09:10:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%14001

Error: (01/21/2015 01:37:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee AP Service service failed to start due to the following error:
%%2

Error: (01/21/2015 01:37:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%14001

Error: (01/20/2015 07:23:46 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/20/2015 07:23:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/20/2015 07:23:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/20/2015 07:22:44 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer KAPUSTALINI
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9AD6B9A8-E581-48E6-A247-C44C0395B8AD}.
The master browser is stopping or an election is being forced.

Error: (01/16/2015 05:27:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%14001

Microsoft Office Sessions:
=========================
Error: (01/23/2015 09:10:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Error: (01/21/2015 02:10:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Error: (01/21/2015 02:10:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\upgradedb.exe

Error: (01/21/2015 02:10:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.Outlook.client.exe

CodeIntegrity Errors:
===================================
Date: 2014-08-17 19:04:08.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\The Cross Family\Desktop\Dad's Music Stuff\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-17 19:04:08.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\The Cross Family\Desktop\Dad's Music Stuff\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-17 19:04:08.115
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\The Cross Family\Desktop\Dad's Music Stuff\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-16 18:06:15.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\The Cross Family\Desktop\Dad's Music Stuff\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-16 18:06:15.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\The Cross Family\Desktop\Dad's Music Stuff\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-01 20:16:51.675
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-01 20:16:51.495
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 52%
Total physical RAM: 3831.11 MB
Available physical RAM: 1820.12 MB
Total Pagefile: 7660.41 MB
Available Pagefile: 5152.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:3.12 GB) NTFS
Drive d: () (Fixed) (Total:12.67 GB) (Free:4.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:7.6 GB) (Free:2.62 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FB859069)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.6 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

#4
dbreeze

Posted 24 January 2015 - 01:49 AM

Trusted Helper

Malware Removal
2,216 posts

Wow, it could be that something tried to change the partition table of the drive. I'm not seeing a whole lot of malware on the system (there is some) but the size change is very odd. Check on this in a moment >>>>

First, Run a Fixlist script run >>>>

Download the attached fixlist.txt file (located at the bottom of this post ) and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

SECOND, A TDSSKiller scan >>>>

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Attached Files

Fixlist.txt 5.03KB 276 downloads

#5
Conrad 678

Posted 24 January 2015 - 01:45 PM

Member

Topic Starter
Member
103 posts

Here I is. Thanks!

13:40:01.0620 0x1464 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:40:05.0161 0x1464 ============================================================
13:40:05.0161 0x1464 Current date / time: 2015/01/24 13:40:05.0161
13:40:05.0161 0x1464 SystemInfo:
13:40:05.0161 0x1464
13:40:05.0161 0x1464 OS Version: 6.1.7601 ServicePack: 1.0
13:40:05.0161 0x1464 Product type: Workstation
13:40:05.0161 0x1464 ComputerName: BALTHAZAAR
13:40:05.0161 0x1464 UserName: The Cross Family
13:40:05.0161 0x1464 Windows directory: C:\Windows
13:40:05.0161 0x1464 System windows directory: C:\Windows
13:40:05.0161 0x1464 Running under WOW64
13:40:05.0161 0x1464 Processor architecture: Intel x64
13:40:05.0161 0x1464 Number of processors: 4
13:40:05.0161 0x1464 Page size: 0x1000
13:40:05.0161 0x1464 Boot type: Normal boot
13:40:05.0161 0x1464 ============================================================
13:40:07.0142 0x1464 KLMD registered as C:\Windows\system32\drivers\33934137.sys
13:40:07.0564 0x1464 System UUID: {7DB22061-6CEC-0CF3-7998-2A94FE74997A}
13:40:08.0515 0x1464 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:40:08.0593 0x1464 Drive \Device\Harddisk1\DR1 - Size: 0x1E7800000 ( 7.62 Gb ), SectorSize: 0x200, Cylinders: 0x3E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:40:08.0609 0x1464 ============================================================
13:40:08.0609 0x1464 \Device\Harddisk0\DR0:
13:40:08.0609 0x1464 MBR partitions:
13:40:08.0609 0x1464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:40:08.0609 0x1464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC350000
13:40:08.0609 0x1464 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72DAC9C1, BlocksNum 0x1959000
13:40:08.0609 0x1464 \Device\Harddisk1\DR1:
13:40:08.0609 0x1464 MBR partitions:
13:40:08.0609 0x1464 ============================================================
13:40:08.0687 0x1464 C: <-> \Device\Harddisk0\DR0\Partition2
13:40:08.0718 0x1464 D: <-> \Device\Harddisk0\DR0\Partition3
13:40:08.0718 0x1464 ============================================================
13:40:08.0718 0x1464 Initialize success
13:40:08.0718 0x1464 ============================================================
13:40:31.0697 0x0b58 ============================================================
13:40:31.0697 0x0b58 Scan started
13:40:31.0697 0x0b58 Mode: Manual; TDLFS;
13:40:31.0697 0x0b58 ============================================================
13:40:31.0697 0x0b58 KSN ping started
13:40:34.0520 0x0b58 KSN ping finished: true
13:40:35.0768 0x0b58 ================ Scan system memory ========================
13:40:35.0768 0x0b58 System memory - ok
13:40:35.0768 0x0b58 ================ Scan services =============================
13:40:35.0924 0x0b58 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:40:35.0940 0x0b58 1394ohci - ok
13:40:36.0034 0x0b58 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:40:36.0049 0x0b58 ACPI - ok
13:40:36.0080 0x0b58 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:40:36.0080 0x0b58 AcpiPmi - ok
13:40:36.0174 0x0b58 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:40:36.0190 0x0b58 AdobeARMservice - ok
13:40:36.0330 0x0b58 [ 73F937DCC68E13C752D59FE33BE62FC5, 60F6ED81FCB3655372A87311296E79139F9FA41B7A1473F54422EAD2C592C04C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:40:36.0346 0x0b58 AdobeFlashPlayerUpdateSvc - ok
13:40:36.0408 0x0b58 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:40:36.0424 0x0b58 adp94xx - ok
13:40:36.0455 0x0b58 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:40:36.0470 0x0b58 adpahci - ok
13:40:36.0486 0x0b58 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:40:36.0502 0x0b58 adpu320 - ok
13:40:36.0548 0x0b58 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:40:36.0548 0x0b58 AeLookupSvc - ok
13:40:36.0595 0x0b58 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
13:40:36.0611 0x0b58 AERTFilters - ok
13:40:36.0658 0x0b58 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:40:36.0673 0x0b58 AFD - ok
13:40:36.0704 0x0b58 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:40:36.0704 0x0b58 agp440 - ok
13:40:36.0751 0x0b58 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:40:36.0751 0x0b58 ALG - ok
13:40:36.0798 0x0b58 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:40:36.0798 0x0b58 aliide - ok
13:40:36.0829 0x0b58 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:40:36.0829 0x0b58 amdide - ok
13:40:36.0845 0x0b58 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:40:36.0845 0x0b58 AmdK8 - ok
13:40:36.0860 0x0b58 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:40:36.0860 0x0b58 AmdPPM - ok
13:40:36.0892 0x0b58 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:40:36.0907 0x0b58 amdsata - ok
13:40:36.0923 0x0b58 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:40:36.0938 0x0b58 amdsbs - ok
13:40:36.0954 0x0b58 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:40:36.0954 0x0b58 amdxata - ok
13:40:37.0001 0x0b58 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:40:37.0001 0x0b58 AppID - ok
13:40:37.0016 0x0b58 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:40:37.0016 0x0b58 AppIDSvc - ok
13:40:37.0048 0x0b58 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:40:37.0063 0x0b58 Appinfo - ok
13:40:37.0126 0x0b58 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:40:37.0126 0x0b58 Apple Mobile Device - ok
13:40:37.0172 0x0b58 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:40:37.0172 0x0b58 arc - ok
13:40:37.0204 0x0b58 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:40:37.0204 0x0b58 arcsas - ok
13:40:37.0375 0x0b58 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:40:37.0391 0x0b58 aspnet_state - ok
13:40:37.0422 0x0b58 [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:40:37.0422 0x0b58 aswHwid - ok
13:40:37.0469 0x0b58 [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:40:37.0469 0x0b58 aswMonFlt - ok
13:40:37.0484 0x0b58 [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:40:37.0500 0x0b58 aswRdr - ok
13:40:37.0516 0x0b58 [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:40:37.0516 0x0b58 aswRvrt - ok
13:40:37.0562 0x0b58 [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:40:37.0594 0x0b58 aswSnx - ok
13:40:37.0687 0x0b58 [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:40:37.0718 0x0b58 aswSP - ok
13:40:37.0796 0x0b58 [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:40:37.0796 0x0b58 aswStm - ok
13:40:37.0828 0x0b58 [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:40:37.0828 0x0b58 aswVmm - ok
13:40:37.0843 0x0b58 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:40:37.0843 0x0b58 AsyncMac - ok
13:40:37.0874 0x0b58 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:40:37.0874 0x0b58 atapi - ok
13:40:37.0937 0x0b58 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:40:37.0968 0x0b58 AudioEndpointBuilder - ok
13:40:37.0999 0x0b58 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:40:38.0015 0x0b58 AudioSrv - ok
13:40:38.0062 0x0b58 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:40:38.0062 0x0b58 avast! Antivirus - ok
13:40:38.0264 0x0b58 [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
13:40:38.0420 0x0b58 AvastVBoxSvc - ok
13:40:38.0530 0x0b58 [ 086CBBB45324D56AA7239046CD86149A, 602A5F993ED0D80B521BBE8343C8ABF1D6002268E20F2C62BE7EDE54A181B207 ] AVerAVF2        C:\Windows\system32\DRIVERS\AVerAVF2.sys
13:40:38.0561 0x0b58 AVerAVF2 - ok
13:40:38.0608 0x0b58 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:40:38.0608 0x0b58 AxInstSV - ok
13:40:38.0670 0x0b58 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:40:38.0686 0x0b58 b06bdrv - ok
13:40:38.0717 0x0b58 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:40:38.0717 0x0b58 b57nd60a - ok
13:40:38.0779 0x0b58 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:40:38.0779 0x0b58 BDESVC - ok
13:40:38.0795 0x0b58 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:40:38.0795 0x0b58 Beep - ok
13:40:38.0888 0x0b58 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:40:38.0920 0x0b58 BFE - ok
13:40:38.0998 0x0b58 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
13:40:39.0029 0x0b58 BITS - ok
13:40:39.0060 0x0b58 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:40:39.0076 0x0b58 blbdrive - ok
13:40:39.0091 0x0b58 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:40:39.0091 0x0b58 bowser - ok
13:40:39.0091 0x0b58 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:40:39.0091 0x0b58 BrFiltLo - ok
13:40:39.0138 0x0b58 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:40:39.0138 0x0b58 BrFiltUp - ok
13:40:39.0169 0x0b58 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:40:39.0185 0x0b58 BridgeMP - ok
13:40:39.0216 0x0b58 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:40:39.0232 0x0b58 Browser - ok
13:40:39.0263 0x0b58 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:40:39.0263 0x0b58 Brserid - ok
13:40:39.0294 0x0b58 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:40:39.0294 0x0b58 BrSerWdm - ok
13:40:39.0310 0x0b58 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:40:39.0310 0x0b58 BrUsbMdm - ok
13:40:39.0310 0x0b58 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:40:39.0310 0x0b58 BrUsbSer - ok
13:40:39.0325 0x0b58 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:40:39.0325 0x0b58 BTHMODEM - ok
13:40:39.0341 0x0b58 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:40:39.0341 0x0b58 bthserv - ok
13:40:39.0356 0x0b58 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:40:39.0356 0x0b58 cdfs - ok
13:40:39.0388 0x0b58 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
13:40:39.0403 0x0b58 cdrom - ok
13:40:39.0434 0x0b58 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:40:39.0434 0x0b58 CertPropSvc - ok
13:40:39.0466 0x0b58 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:40:39.0466 0x0b58 circlass - ok
13:40:39.0528 0x0b58 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:40:39.0544 0x0b58 CLFS - ok
13:40:39.0637 0x0b58 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:39.0637 0x0b58 clr_optimization_v2.0.50727_32 - ok
13:40:39.0731 0x0b58 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:40:39.0731 0x0b58 clr_optimization_v2.0.50727_64 - ok
13:40:39.0809 0x0b58 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:40:39.0824 0x0b58 clr_optimization_v4.0.30319_32 - ok
13:40:39.0840 0x0b58 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:40:39.0856 0x0b58 clr_optimization_v4.0.30319_64 - ok
13:40:39.0871 0x0b58 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:40:39.0871 0x0b58 CmBatt - ok
13:40:39.0902 0x0b58 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:40:39.0902 0x0b58 cmdide - ok
13:40:39.0965 0x0b58 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:40:39.0980 0x0b58 CNG - ok
13:40:39.0996 0x0b58 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:40:39.0996 0x0b58 Compbatt - ok
13:40:40.0027 0x0b58 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:40:40.0027 0x0b58 CompositeBus - ok
13:40:40.0027 0x0b58 COMSysApp - ok
13:40:40.0043 0x0b58 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:40:40.0043 0x0b58 crcdisk - ok
13:40:40.0090 0x0b58 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:40:40.0105 0x0b58 CryptSvc - ok
13:40:40.0168 0x0b58 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:40:40.0183 0x0b58 DcomLaunch - ok
13:40:40.0246 0x0b58 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:40:40.0261 0x0b58 defragsvc - ok
13:40:40.0292 0x0b58 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:40:40.0308 0x0b58 DfsC - ok
13:40:40.0339 0x0b58 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:40:40.0355 0x0b58 Dhcp - ok
13:40:40.0355 0x0b58 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:40:40.0355 0x0b58 discache - ok
13:40:40.0402 0x0b58 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:40:40.0417 0x0b58 Disk - ok
13:40:40.0448 0x0b58 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:40:40.0464 0x0b58 Dnscache - ok
13:40:40.0495 0x0b58 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:40:40.0511 0x0b58 dot3svc - ok
13:40:40.0558 0x0b58 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:40:40.0573 0x0b58 DPS - ok
13:40:40.0604 0x0b58 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:40:40.0604 0x0b58 drmkaud - ok
13:40:40.0698 0x0b58 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:40:40.0729 0x0b58 DXGKrnl - ok
13:40:40.0760 0x0b58 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:40:40.0760 0x0b58 EapHost - ok
13:40:40.0979 0x0b58 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:40:41.0057 0x0b58 ebdrv - ok
13:40:41.0119 0x0b58 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
13:40:41.0135 0x0b58 EFS - ok
13:40:41.0228 0x0b58 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:40:41.0260 0x0b58 ehRecvr - ok
13:40:41.0291 0x0b58 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:40:41.0291 0x0b58 ehSched - ok
13:40:41.0353 0x0b58 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:40:41.0369 0x0b58 elxstor - ok
13:40:41.0400 0x0b58 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:40:41.0400 0x0b58 ErrDev - ok
13:40:41.0431 0x0b58 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:40:41.0447 0x0b58 EventSystem - ok
13:40:41.0478 0x0b58 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:40:41.0478 0x0b58 exfat - ok
13:40:41.0494 0x0b58 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:40:41.0509 0x0b58 fastfat - ok
13:40:41.0572 0x0b58 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:40:41.0603 0x0b58 Fax - ok
13:40:41.0665 0x0b58 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:40:41.0681 0x0b58 fdc - ok
13:40:41.0696 0x0b58 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:40:41.0696 0x0b58 fdPHost - ok
13:40:41.0696 0x0b58 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:40:41.0712 0x0b58 FDResPub - ok
13:40:41.0728 0x0b58 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:40:41.0728 0x0b58 FileInfo - ok
13:40:41.0743 0x0b58 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:40:41.0743 0x0b58 Filetrace - ok
13:40:41.0774 0x0b58 [ 35DAAD359197828D3CF3965764F5D82C, 03EFC98BCDBB568FDDE9FD0BAD604AEF2FFFA91484EBAEEA25CEA8BE0B72913C ] FintekCIR       C:\Windows\system32\DRIVERS\FintekCIR.sys
13:40:41.0774 0x0b58 FintekCIR - ok
13:40:41.0790 0x0b58 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:40:41.0790 0x0b58 flpydisk - ok
13:40:41.0821 0x0b58 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:40:41.0837 0x0b58 FltMgr - ok
13:40:41.0962 0x0b58 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:40:42.0008 0x0b58 FontCache - ok
13:40:42.0055 0x0b58 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:42.0055 0x0b58 FontCache3.0.0.0 - ok
13:40:42.0071 0x0b58 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:40:42.0071 0x0b58 FsDepends - ok
13:40:42.0086 0x0b58 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:40:42.0102 0x0b58 Fs_Rec - ok
13:40:42.0133 0x0b58 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:40:42.0133 0x0b58 fvevol - ok
13:40:42.0164 0x0b58 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:40:42.0164 0x0b58 gagp30kx - ok
13:40:42.0227 0x0b58 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:40:42.0227 0x0b58 GEARAspiWDM - ok
13:40:42.0305 0x0b58 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:40:42.0320 0x0b58 gpsvc - ok
13:40:42.0383 0x0b58 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:42.0398 0x0b58 gupdate - ok
13:40:42.0398 0x0b58 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:42.0414 0x0b58 gupdatem - ok
13:40:42.0445 0x0b58 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:40:42.0445 0x0b58 gusvc - ok
13:40:42.0461 0x0b58 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
13:40:42.0461 0x0b58 hamachi - ok
13:40:42.0476 0x0b58 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:40:42.0476 0x0b58 hcw85cir - ok
13:40:42.0539 0x0b58 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:40:42.0554 0x0b58 HDAudBus - ok
13:40:42.0617 0x0b58 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
13:40:42.0617 0x0b58 HECIx64 - ok
13:40:42.0648 0x0b58 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:40:42.0664 0x0b58 HidBatt - ok
13:40:42.0679 0x0b58 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:40:42.0679 0x0b58 HidBth - ok
13:40:42.0695 0x0b58 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:40:42.0710 0x0b58 HidIr - ok
13:40:42.0726 0x0b58 [ AC0E56C858B86732420A44827B7CE2C9, 97E7A97C014456D9C3F330CDBDC28EA9E52BEF5533E632B41D37A81BADA09D66 ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
13:40:42.0726 0x0b58 hidkmdf - ok
13:40:42.0757 0x0b58 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
13:40:42.0757 0x0b58 hidserv - ok
13:40:42.0804 0x0b58 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
13:40:42.0804 0x0b58 HidUsb - ok
13:40:42.0835 0x0b58 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:40:42.0835 0x0b58 hkmsvc - ok
13:40:42.0866 0x0b58 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:40:42.0866 0x0b58 HomeGroupListener - ok
13:40:42.0913 0x0b58 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:40:42.0913 0x0b58 HomeGroupProvider - ok
13:40:43.0022 0x0b58 [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:40:43.0038 0x0b58 hpqcxs08 - ok
13:40:43.0054 0x0b58 [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:40:43.0054 0x0b58 hpqddsvc - ok
13:40:43.0085 0x0b58 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:40:43.0085 0x0b58 HpSAMD - ok
13:40:43.0178 0x0b58 [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:40:43.0210 0x0b58 HPSLPSVC - ok
13:40:43.0241 0x0b58 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:40:43.0272 0x0b58 HTTP - ok
13:40:43.0303 0x0b58 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:40:43.0303 0x0b58 hwpolicy - ok
13:40:43.0319 0x0b58 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:40:43.0319 0x0b58 i8042prt - ok
13:40:43.0350 0x0b58 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:40:43.0366 0x0b58 iaStorV - ok
13:40:43.0459 0x0b58 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:40:43.0490 0x0b58 idsvc - ok
13:40:43.0537 0x0b58 IEEtwCollectorService - ok
13:40:43.0990 0x0b58 [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:40:44.0333 0x0b58 igfx - ok
13:40:44.0395 0x0b58 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:40:44.0395 0x0b58 iirsp - ok
13:40:44.0442 0x0b58 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:40:44.0458 0x0b58 IKEEXT - ok
13:40:44.0614 0x0b58 [ 28CEEFBD2C63F91DC17DED3E8D27ECF5, 8E39FDF63A8217437A4A08D5E353F9592331CC220ADB9509E410AF7B4295D155 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:40:44.0770 0x0b58 IntcAzAudAddService - ok
13:40:44.0801 0x0b58 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:40:44.0801 0x0b58 intelide - ok
13:40:44.0832 0x0b58 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:40:44.0832 0x0b58 intelppm - ok
13:40:44.0863 0x0b58 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:40:44.0863 0x0b58 IPBusEnum - ok
13:40:44.0894 0x0b58 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:44.0894 0x0b58 IpFilterDriver - ok
13:40:44.0972 0x0b58 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:40:44.0988 0x0b58 iphlpsvc - ok
13:40:45.0004 0x0b58 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:40:45.0004 0x0b58 IPMIDRV - ok
13:40:45.0019 0x0b58 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:40:45.0019 0x0b58 IPNAT - ok
13:40:45.0097 0x0b58 [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:40:45.0113 0x0b58 iPod Service - ok
13:40:45.0128 0x0b58 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:40:45.0128 0x0b58 IRENUM - ok
13:40:45.0144 0x0b58 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:40:45.0144 0x0b58 isapnp - ok
13:40:45.0191 0x0b58 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:40:45.0206 0x0b58 iScsiPrt - ok
13:40:45.0222 0x0b58 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
13:40:45.0222 0x0b58 kbdclass - ok
13:40:45.0238 0x0b58 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:40:45.0238 0x0b58 kbdhid - ok
13:40:45.0253 0x0b58 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
13:40:45.0269 0x0b58 KeyIso - ok
13:40:45.0300 0x0b58 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:40:45.0300 0x0b58 KSecDD - ok
13:40:45.0347 0x0b58 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:40:45.0347 0x0b58 KSecPkg - ok
13:40:45.0362 0x0b58 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:40:45.0362 0x0b58 ksthunk - ok
13:40:45.0409 0x0b58 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:40:45.0409 0x0b58 KtmRm - ok
13:40:45.0518 0x0b58 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:40:45.0534 0x0b58 LanmanServer - ok
13:40:45.0550 0x0b58 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:40:45.0565 0x0b58 LanmanWorkstation - ok
13:40:45.0581 0x0b58 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:40:45.0596 0x0b58 lltdio - ok
13:40:45.0643 0x0b58 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:40:45.0643 0x0b58 lltdsvc - ok
13:40:45.0674 0x0b58 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:40:45.0674 0x0b58 lmhosts - ok
13:40:45.0690 0x0b58 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:40:45.0706 0x0b58 LSI_FC - ok
13:40:45.0721 0x0b58 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:40:45.0721 0x0b58 LSI_SAS - ok
13:40:45.0737 0x0b58 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:40:45.0737 0x0b58 LSI_SAS2 - ok
13:40:45.0752 0x0b58 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:40:45.0752 0x0b58 LSI_SCSI - ok
13:40:45.0799 0x0b58 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:40:45.0799 0x0b58 luafv - ok
13:40:45.0846 0x0b58 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:40:45.0846 0x0b58 Mcx2Svc - ok
13:40:45.0877 0x0b58 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:40:45.0877 0x0b58 megasas - ok
13:40:45.0908 0x0b58 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:40:45.0908 0x0b58 MegaSR - ok
13:40:45.0940 0x0b58 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:40:45.0955 0x0b58 MMCSS - ok
13:40:45.0971 0x0b58 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:40:45.0971 0x0b58 Modem - ok
13:40:45.0986 0x0b58 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:40:45.0986 0x0b58 monitor - ok
13:40:46.0002 0x0b58 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
13:40:46.0018 0x0b58 mouclass - ok
13:40:46.0018 0x0b58 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:40:46.0018 0x0b58 mouhid - ok
13:40:46.0049 0x0b58 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:40:46.0049 0x0b58 mountmgr - ok
13:40:46.0064 0x0b58 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:40:46.0080 0x0b58 mpio - ok
13:40:46.0096 0x0b58 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:40:46.0096 0x0b58 mpsdrv - ok
13:40:46.0142 0x0b58 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:40:46.0158 0x0b58 MpsSvc - ok
13:40:46.0189 0x0b58 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:40:46.0189 0x0b58 MRxDAV - ok
13:40:46.0205 0x0b58 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:46.0220 0x0b58 mrxsmb - ok
13:40:46.0236 0x0b58 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:46.0252 0x0b58 mrxsmb10 - ok
13:40:46.0267 0x0b58 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:46.0267 0x0b58 mrxsmb20 - ok
13:40:46.0298 0x0b58 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:40:46.0314 0x0b58 msahci - ok
13:40:46.0330 0x0b58 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:40:46.0330 0x0b58 msdsm - ok
13:40:46.0345 0x0b58 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:40:46.0345 0x0b58 MSDTC - ok
13:40:46.0376 0x0b58 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:40:46.0376 0x0b58 Msfs - ok
13:40:46.0392 0x0b58 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:40:46.0392 0x0b58 mshidkmdf - ok
13:40:46.0408 0x0b58 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:40:46.0408 0x0b58 msisadrv - ok
13:40:46.0439 0x0b58 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:40:46.0454 0x0b58 MSiSCSI - ok
13:40:46.0454 0x0b58 msiserver - ok
13:40:46.0470 0x0b58 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:40:46.0486 0x0b58 MSKSSRV - ok
13:40:46.0486 0x0b58 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:46.0501 0x0b58 MSPCLOCK - ok
13:40:46.0501 0x0b58 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:40:46.0501 0x0b58 MSPQM - ok
13:40:46.0532 0x0b58 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:40:46.0548 0x0b58 MsRPC - ok
13:40:46.0564 0x0b58 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:40:46.0564 0x0b58 mssmbios - ok
13:40:46.0564 0x0b58 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:40:46.0564 0x0b58 MSTEE - ok
13:40:46.0595 0x0b58 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:40:46.0595 0x0b58 MTConfig - ok
13:40:46.0610 0x0b58 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:40:46.0610 0x0b58 Mup - ok
13:40:46.0673 0x0b58 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:40:46.0688 0x0b58 napagent - ok
13:40:46.0720 0x0b58 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:40:46.0735 0x0b58 NativeWifiP - ok
13:40:46.0782 0x0b58 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:40:46.0813 0x0b58 NDIS - ok
13:40:46.0829 0x0b58 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:46.0829 0x0b58 NdisCap - ok
13:40:46.0860 0x0b58 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:46.0860 0x0b58 NdisTapi - ok
13:40:46.0876 0x0b58 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:46.0876 0x0b58 Ndisuio - ok
13:40:46.0907 0x0b58 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:46.0907 0x0b58 NdisWan - ok
13:40:46.0938 0x0b58 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:40:46.0938 0x0b58 NDProxy - ok
13:40:46.0954 0x0b58 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:40:46.0954 0x0b58 Net Driver HPZ12 - ok
13:40:46.0969 0x0b58 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:40:46.0985 0x0b58 NetBIOS - ok
13:40:47.0000 0x0b58 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:40:47.0000 0x0b58 NetBT - ok
13:40:47.0016 0x0b58 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
13:40:47.0016 0x0b58 Netlogon - ok
13:40:47.0063 0x0b58 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:40:47.0078 0x0b58 Netman - ok
13:40:47.0110 0x0b58 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:47.0125 0x0b58 NetMsmqActivator - ok
13:40:47.0125 0x0b58 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:47.0141 0x0b58 NetPipeActivator - ok
13:40:47.0203 0x0b58 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:40:47.0234 0x0b58 netprofm - ok
13:40:47.0344 0x0b58 [ B72BB9496A126FCFC7FC5945DED9B411, FA5CC4E93761FB2B59B9B34C699B1486560BDB39280AB1125DE42DB7C4BE303A ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
13:40:47.0375 0x0b58 netr28x - ok
13:40:47.0375 0x0b58 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:47.0390 0x0b58 NetTcpActivator - ok
13:40:47.0390 0x0b58 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:47.0406 0x0b58 NetTcpPortSharing - ok
13:40:47.0484 0x0b58 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:40:47.0484 0x0b58 nfrd960 - ok
13:40:47.0531 0x0b58 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:40:47.0546 0x0b58 NlaSvc - ok
13:40:47.0546 0x0b58 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:40:47.0562 0x0b58 Npfs - ok
13:40:47.0593 0x0b58 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:40:47.0624 0x0b58 nsi - ok
13:40:47.0656 0x0b58 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:40:47.0702 0x0b58 nsiproxy - ok
13:40:47.0812 0x0b58 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:40:47.0874 0x0b58 Ntfs - ok
13:40:47.0890 0x0b58 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:40:47.0905 0x0b58 Null - ok
13:40:47.0952 0x0b58 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:40:47.0968 0x0b58 nvraid - ok
13:40:47.0983 0x0b58 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:40:47.0999 0x0b58 nvstor - ok
13:40:48.0014 0x0b58 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:40:48.0014 0x0b58 nv_agp - ok
13:40:48.0030 0x0b58 [ 1490B742E560E337AC6D2F80CE9FE14B, DD12429EA600F882D6A92B8830049A37BA0273F6DB9A924F82489B84173E5523 ] NW1950          C:\Windows\system32\DRIVERS\NW1950.sys
13:40:48.0030 0x0b58 NW1950 - ok
13:40:48.0061 0x0b58 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:40:48.0061 0x0b58 ohci1394 - ok
13:40:48.0108 0x0b58 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:48.0108 0x0b58 ose - ok
13:40:48.0373 0x0b58 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:40:48.0592 0x0b58 osppsvc - ok
13:40:48.0685 0x0b58 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:40:48.0701 0x0b58 p2pimsvc - ok
13:40:48.0763 0x0b58 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:40:48.0779 0x0b58 p2psvc - ok
13:40:48.0810 0x0b58 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:40:48.0810 0x0b58 Parport - ok
13:40:48.0857 0x0b58 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:40:48.0857 0x0b58 partmgr - ok
13:40:48.0904 0x0b58 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:40:48.0919 0x0b58 PcaSvc - ok
13:40:48.0935 0x0b58 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:40:48.0950 0x0b58 pci - ok
13:40:48.0966 0x0b58 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:40:48.0966 0x0b58 pciide - ok
13:40:48.0982 0x0b58 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:40:48.0997 0x0b58 pcmcia - ok
13:40:49.0013 0x0b58 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:40:49.0013 0x0b58 pcw - ok
13:40:49.0044 0x0b58 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:40:49.0060 0x0b58 PEAUTH - ok
13:40:49.0153 0x0b58 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:40:49.0169 0x0b58 PerfHost - ok
13:40:49.0294 0x0b58 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:40:49.0356 0x0b58 pla - ok
13:40:49.0403 0x0b58 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:40:49.0418 0x0b58 PlugPlay - ok
13:40:49.0450 0x0b58 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:40:49.0450 0x0b58 Pml Driver HPZ12 - ok
13:40:49.0465 0x0b58 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:40:49.0481 0x0b58 PNRPAutoReg - ok
13:40:49.0496 0x0b58 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:40:49.0512 0x0b58 PNRPsvc - ok
13:40:49.0543 0x0b58 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:40:49.0559 0x0b58 PolicyAgent - ok
13:40:49.0590 0x0b58 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:40:49.0590 0x0b58 Power - ok
13:40:49.0637 0x0b58 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:40:49.0652 0x0b58 PptpMiniport - ok
13:40:49.0715 0x0b58 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:40:49.0715 0x0b58 Processor - ok
13:40:49.0762 0x0b58 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:40:49.0777 0x0b58 ProfSvc - ok
13:40:49.0793 0x0b58 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:40:49.0793 0x0b58 ProtectedStorage - ok
13:40:49.0824 0x0b58 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:40:49.0824 0x0b58 Psched - ok
13:40:49.0886 0x0b58 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:40:49.0949 0x0b58 ql2300 - ok
13:40:49.0980 0x0b58 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:40:49.0980 0x0b58 ql40xx - ok
13:40:49.0996 0x0b58 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:40:49.0996 0x0b58 QWAVE - ok
13:40:50.0011 0x0b58 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:40:50.0027 0x0b58 QWAVEdrv - ok
13:40:50.0027 0x0b58 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:40:50.0027 0x0b58 RasAcd - ok
13:40:50.0074 0x0b58 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:40:50.0074 0x0b58 RasAgileVpn - ok
13:40:50.0089 0x0b58 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:40:50.0105 0x0b58 RasAuto - ok
13:40:50.0136 0x0b58 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:50.0136 0x0b58 Rasl2tp - ok
13:40:50.0152 0x0b58 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:40:50.0167 0x0b58 RasMan - ok
13:40:50.0198 0x0b58 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:50.0198 0x0b58 RasPppoe - ok
13:40:50.0214 0x0b58 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:40:50.0214 0x0b58 RasSstp - ok
13:40:50.0261 0x0b58 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:40:50.0276 0x0b58 rdbss - ok
13:40:50.0292 0x0b58 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:40:50.0292 0x0b58 rdpbus - ok
13:40:50.0323 0x0b58 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:50.0323 0x0b58 RDPCDD - ok
13:40:50.0339 0x0b58 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:40:50.0339 0x0b58 RDPENCDD - ok
13:40:50.0354 0x0b58 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:40:50.0354 0x0b58 RDPREFMP - ok
13:40:50.0448 0x0b58 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:40:50.0448 0x0b58 RdpVideoMiniport - ok
13:40:50.0495 0x0b58 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:40:50.0510 0x0b58 RDPWD - ok
13:40:50.0542 0x0b58 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:40:50.0542 0x0b58 rdyboost - ok
13:40:50.0573 0x0b58 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:40:50.0573 0x0b58 RemoteAccess - ok
13:40:50.0604 0x0b58 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:40:50.0604 0x0b58 RemoteRegistry - ok
13:40:50.0620 0x0b58 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:40:50.0635 0x0b58 RpcEptMapper - ok
13:40:50.0651 0x0b58 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:40:50.0651 0x0b58 RpcLocator - ok
13:40:50.0713 0x0b58 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
13:40:50.0729 0x0b58 RpcSs - ok
13:40:50.0791 0x0b58 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:40:50.0791 0x0b58 rspndr - ok
13:40:50.0822 0x0b58 [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:40:50.0838 0x0b58 RTL8167 - ok
13:40:50.0854 0x0b58 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
13:40:50.0854 0x0b58 SamSs - ok
13:40:50.0885 0x0b58 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:40:50.0885 0x0b58 sbp2port - ok
13:40:50.0900 0x0b58 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:40:50.0916 0x0b58 SCardSvr - ok
13:40:50.0963 0x0b58 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:40:50.0963 0x0b58 scfilter - ok
13:40:51.0025 0x0b58 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:40:51.0072 0x0b58 Schedule - ok
13:40:51.0088 0x0b58 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:40:51.0088 0x0b58 SCPolicySvc - ok
13:40:51.0119 0x0b58 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:40:51.0119 0x0b58 SDRSVC - ok
13:40:51.0134 0x0b58 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:40:51.0150 0x0b58 secdrv - ok
13:40:51.0166 0x0b58 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:40:51.0166 0x0b58 seclogon - ok
13:40:51.0181 0x0b58 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
13:40:51.0181 0x0b58 SENS - ok
13:40:51.0181 0x0b58 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:40:51.0197 0x0b58 SensrSvc - ok
13:40:51.0212 0x0b58 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:40:51.0212 0x0b58 Serenum - ok
13:40:51.0228 0x0b58 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:40:51.0228 0x0b58 Serial - ok
13:40:51.0259 0x0b58 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:40:51.0259 0x0b58 sermouse - ok
13:40:51.0290 0x0b58 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:40:51.0306 0x0b58 SessionEnv - ok
13:40:51.0322 0x0b58 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:40:51.0322 0x0b58 sffdisk - ok
13:40:51.0337 0x0b58 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:40:51.0337 0x0b58 sffp_mmc - ok
13:40:51.0353 0x0b58 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:40:51.0353 0x0b58 sffp_sd - ok
13:40:51.0353 0x0b58 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:40:51.0353 0x0b58 sfloppy - ok
13:40:51.0415 0x0b58 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:40:51.0431 0x0b58 SharedAccess - ok
13:40:51.0524 0x0b58 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:40:51.0540 0x0b58 ShellHWDetection - ok
13:40:51.0556 0x0b58 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:40:51.0571 0x0b58 SiSRaid2 - ok
13:40:51.0587 0x0b58 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:40:51.0587 0x0b58 SiSRaid4 - ok
13:40:51.0618 0x0b58 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:40:51.0618 0x0b58 Smb - ok
13:40:51.0649 0x0b58 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:40:51.0649 0x0b58 SNMPTRAP - ok
13:40:51.0680 0x0b58 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:40:51.0680 0x0b58 spldr - ok
13:40:51.0758 0x0b58 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:40:51.0790 0x0b58 Spooler - ok
13:40:51.0930 0x0b58 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:40:52.0055 0x0b58 sppsvc - ok
13:40:52.0086 0x0b58 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:40:52.0086 0x0b58 sppuinotify - ok
13:40:52.0117 0x0b58 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:40:52.0133 0x0b58 srv - ok
13:40:52.0148 0x0b58 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:40:52.0164 0x0b58 srv2 - ok
13:40:52.0180 0x0b58 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:40:52.0180 0x0b58 srvnet - ok
13:40:52.0195 0x0b58 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:40:52.0211 0x0b58 SSDPSRV - ok
13:40:52.0226 0x0b58 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:40:52.0226 0x0b58 SstpSvc - ok
13:40:52.0242 0x0b58 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:40:52.0242 0x0b58 stexstor - ok
13:40:52.0273 0x0b58 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:40:52.0289 0x0b58 StillCam - ok
13:40:52.0336 0x0b58 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:40:52.0367 0x0b58 stisvc - ok
13:40:52.0414 0x0b58 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:40:52.0414 0x0b58 swenum - ok
13:40:52.0460 0x0b58 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:40:52.0476 0x0b58 swprv - ok
13:40:52.0585 0x0b58 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:40:52.0694 0x0b58 SysMain - ok
13:40:52.0788 0x0b58 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:40:52.0804 0x0b58 TabletInputService - ok
13:40:52.0835 0x0b58 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:40:52.0850 0x0b58 TapiSrv - ok
13:40:52.0850 0x0b58 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:40:52.0897 0x0b58 TBS - ok
13:40:53.0006 0x0b58 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:40:53.0084 0x0b58 Tcpip - ok
13:40:53.0162 0x0b58 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:40:53.0209 0x0b58 TCPIP6 - ok
13:40:53.0240 0x0b58 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:40:53.0240 0x0b58 tcpipreg - ok
13:40:53.0272 0x0b58 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:40:53.0272 0x0b58 TDPIPE - ok
13:40:53.0287 0x0b58 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:40:53.0287 0x0b58 TDTCP - ok
13:40:53.0318 0x0b58 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:40:53.0318 0x0b58 tdx - ok
13:40:53.0334 0x0b58 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:40:53.0334 0x0b58 TermDD - ok
13:40:53.0381 0x0b58 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
13:40:53.0396 0x0b58 TermService - ok
13:40:53.0443 0x0b58 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:40:53.0443 0x0b58 Themes - ok
13:40:53.0537 0x0b58 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:40:53.0537 0x0b58 THREADORDER - ok
13:40:53.0568 0x0b58 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:40:53.0584 0x0b58 TrkWks - ok
13:40:53.0662 0x0b58 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:40:53.0662 0x0b58 TrustedInstaller - ok
13:40:53.0693 0x0b58 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:40:53.0693 0x0b58 tssecsrv - ok
13:40:53.0724 0x0b58 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:40:53.0740 0x0b58 TsUsbFlt - ok
13:40:53.0771 0x0b58 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:40:53.0771 0x0b58 tunnel - ok
13:40:53.0786 0x0b58 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:40:53.0802 0x0b58 uagp35 - ok
13:40:53.0833 0x0b58 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:40:53.0849 0x0b58 udfs - ok
13:40:53.0880 0x0b58 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:40:53.0880 0x0b58 UI0Detect - ok
13:40:53.0911 0x0b58 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:40:53.0911 0x0b58 uliagpkx - ok
13:40:53.0942 0x0b58 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
13:40:53.0942 0x0b58 umbus - ok
13:40:53.0974 0x0b58 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:40:53.0974 0x0b58 UmPass - ok
13:40:54.0020 0x0b58 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:40:54.0036 0x0b58 upnphost - ok
13:40:54.0067 0x0b58 [ AA33FC47ED58C34E6E9261E4F850B7EB, C6388127CAA695434ABFB6C59A53C8544E67E414012DE5F21B36D035BB1BACC8 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:40:54.0067 0x0b58 USBAAPL64 - ok
13:40:54.0098 0x0b58 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:40:54.0098 0x0b58 usbaudio - ok
13:40:54.0130 0x0b58 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:40:54.0130 0x0b58 usbccgp - ok
13:40:54.0161 0x0b58 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
13:40:54.0161 0x0b58 usbcir - ok
13:40:54.0176 0x0b58 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:40:54.0176 0x0b58 usbehci - ok
13:40:54.0208 0x0b58 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:40:54.0223 0x0b58 usbhub - ok
13:40:54.0239 0x0b58 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:40:54.0254 0x0b58 usbohci - ok
13:40:54.0254 0x0b58 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:40:54.0270 0x0b58 usbprint - ok
13:40:54.0301 0x0b58 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:40:54.0301 0x0b58 USBSTOR - ok
13:40:54.0317 0x0b58 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:40:54.0317 0x0b58 usbuhci - ok
13:40:54.0364 0x0b58 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:40:54.0364 0x0b58 usbvideo - ok
13:40:54.0395 0x0b58 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:40:54.0395 0x0b58 UxSms - ok
13:40:54.0410 0x0b58 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
13:40:54.0410 0x0b58 VaultSvc - ok
13:40:54.0504 0x0b58 [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
13:40:54.0520 0x0b58 VBoxAswDrv - ok
13:40:54.0551 0x0b58 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:40:54.0566 0x0b58 vdrvroot - ok
13:40:54.0644 0x0b58 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:40:54.0660 0x0b58 vds - ok
13:40:54.0691 0x0b58 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:40:54.0691 0x0b58 vga - ok
13:40:54.0707 0x0b58 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:40:54.0722 0x0b58 VgaSave - ok
13:40:54.0754 0x0b58 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:40:54.0754 0x0b58 vhdmp - ok
13:40:54.0785 0x0b58 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:40:54.0785 0x0b58 viaide - ok
13:40:54.0800 0x0b58 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:40:54.0816 0x0b58 volmgr - ok
13:40:54.0832 0x0b58 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:40:54.0847 0x0b58 volmgrx - ok
13:40:54.0863 0x0b58 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:40:54.0878 0x0b58 volsnap - ok
13:40:54.0894 0x0b58 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:40:54.0910 0x0b58 vsmraid - ok
13:40:54.0972 0x0b58 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:40:55.0034 0x0b58 VSS - ok
13:40:55.0034 0x0b58 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:40:55.0034 0x0b58 vwifibus - ok
13:40:55.0081 0x0b58 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:40:55.0081 0x0b58 vwififlt - ok
13:40:55.0112 0x0b58 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:40:55.0112 0x0b58 vwifimp - ok
13:40:55.0175 0x0b58 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:40:55.0175 0x0b58 W32Time - ok
13:40:55.0222 0x0b58 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:40:55.0222 0x0b58 WacomPen - ok
13:40:55.0268 0x0b58 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:40:55.0268 0x0b58 WANARP - ok
13:40:55.0284 0x0b58 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:40:55.0284 0x0b58 Wanarpv6 - ok
13:40:55.0378 0x0b58 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:40:55.0518 0x0b58 WatAdminSvc - ok
13:40:55.0580 0x0b58 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:40:55.0643 0x0b58 wbengine - ok
13:40:55.0658 0x0b58 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:40:55.0674 0x0b58 WbioSrvc - ok
13:40:55.0690 0x0b58 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:40:55.0705 0x0b58 wcncsvc - ok
13:40:55.0705 0x0b58 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:40:55.0721 0x0b58 WcsPlugInService - ok
13:40:55.0721 0x0b58 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:40:55.0736 0x0b58 Wd - ok
13:40:55.0783 0x0b58 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:40:55.0814 0x0b58 Wdf01000 - ok
13:40:55.0861 0x0b58 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:40:55.0877 0x0b58 WdiServiceHost - ok
13:40:55.0892 0x0b58 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:40:55.0892 0x0b58 WdiSystemHost - ok
13:40:55.0939 0x0b58 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:40:55.0939 0x0b58 WebClient - ok
13:40:55.0970 0x0b58 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:40:55.0970 0x0b58 Wecsvc - ok
13:40:55.0986 0x0b58 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:40:56.0002 0x0b58 wercplsupport - ok
13:40:56.0017 0x0b58 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:40:56.0017 0x0b58 WerSvc - ok
13:40:56.0033 0x0b58 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:40:56.0033 0x0b58 WfpLwf - ok
13:40:56.0048 0x0b58 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:40:56.0048 0x0b58 WIMMount - ok
13:40:56.0080 0x0b58 WinDefend - ok
13:40:56.0095 0x0b58 WinHttpAutoProxySvc - ok
13:40:56.0189 0x0b58 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:40:56.0204 0x0b58 Winmgmt - ok
13:40:56.0282 0x0b58 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
13:40:56.0360 0x0b58 WinRM - ok
13:40:56.0392 0x0b58 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:40:56.0407 0x0b58 WinUsb - ok
13:40:56.0438 0x0b58 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:40:56.0470 0x0b58 Wlansvc - ok
13:40:56.0626 0x0b58 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:40:56.0688 0x0b58 wlidsvc - ok
13:40:56.0766 0x0b58 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:40:56.0766 0x0b58 WmiAcpi - ok
13:40:56.0828 0x0b58 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:40:56.0828 0x0b58 wmiApSrv - ok
13:40:56.0860 0x0b58 WMPNetworkSvc - ok
13:40:56.0891 0x0b58 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:40:56.0891 0x0b58 WPCSvc - ok
13:40:56.0906 0x0b58 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:40:56.0906 0x0b58 WPDBusEnum - ok
13:40:56.0922 0x0b58 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:40:56.0922 0x0b58 ws2ifsl - ok
13:40:56.0938 0x0b58 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
13:40:56.0938 0x0b58 wscsvc - ok
13:40:56.0953 0x0b58 WSearch - ok
13:40:57.0094 0x0b58 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:40:57.0187 0x0b58 wuauserv - ok
13:40:57.0218 0x0b58 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:40:57.0218 0x0b58 WudfPf - ok
13:40:57.0234 0x0b58 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:57.0234 0x0b58 WUDFRd - ok
13:40:57.0265 0x0b58 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:40:57.0281 0x0b58 wudfsvc - ok
13:40:57.0296 0x0b58 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:40:57.0312 0x0b58 WwanSvc - ok
13:40:57.0359 0x0b58 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:40:57.0374 0x0b58 YahooAUService - ok
13:40:57.0390 0x0b58 ================ Scan global ===============================
13:40:57.0437 0x0b58 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:40:57.0484 0x0b58 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:40:57.0515 0x0b58 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:40:57.0562 0x0b58 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:40:57.0608 0x0b58 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:40:57.0640 0x0b58 [ Global ] - ok
13:40:57.0640 0x0b58 ================ Scan MBR ==================================
13:40:57.0640 0x0b58 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:40:57.0998 0x0b58 \Device\Harddisk0\DR0 - ok
13:40:58.0014 0x0b58 [ 694BCDB1A8BDEC09ACCA31DD230DC2EC ] \Device\Harddisk1\DR1
13:40:58.0139 0x0b58 \Device\Harddisk1\DR1 - ok
13:40:58.0139 0x0b58 ================ Scan VBR ==================================
13:40:58.0170 0x0b58 [ 5AEC9F2248B9A4D4621F56B29E47E1D9 ] \Device\Harddisk0\DR0\Partition1
13:40:58.0217 0x0b58 \Device\Harddisk0\DR0\Partition1 - ok
13:40:58.0217 0x0b58 [ 76D35AA6B77719B181297588D21B3B98 ] \Device\Harddisk0\DR0\Partition2
13:40:58.0264 0x0b58 \Device\Harddisk0\DR0\Partition2 - ok
13:40:58.0264 0x0b58 [ 13DE12A5736F1FA7025C92A63777374F ] \Device\Harddisk0\DR0\Partition3
13:40:58.0264 0x0b58 \Device\Harddisk0\DR0\Partition3 - ok
13:40:58.0264 0x0b58 ================ Scan generic autorun ======================
13:40:58.0482 0x0b58 [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:40:58.0700 0x0b58 AvastUI.exe - ok
13:40:58.0825 0x0b58 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:40:58.0856 0x0b58 Adobe ARM - ok
13:40:58.0903 0x0b58 [ 39F6F8493668D6A3A05F4107E1E7CF16, 6DFA8363830FC1915785754697BDC112C5063B4EB4DCF8AE4B66644A6A10EE0D ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
13:40:58.0903 0x0b58 Adobe Acrobat Speed Launcher - ok
13:40:58.0981 0x0b58 [ 58CF2F32D0F35337F338714EFACE3C36, E51488B104380F6CBEF02D498BCD81774797489D656F3B017C071845AFD88F2C ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
13:40:59.0012 0x0b58 Acrobat Assistant 8.0 - ok
13:40:59.0075 0x0b58 [ BAF535F843A3E790E04A7613811B55BC, 764608E1BC657FBBBB3E0DC5D36F0701CAA9D28BE15E416DF84AD3EFC7EB85D9 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:40:59.0090 0x0b58 iTunesHelper - ok
13:40:59.0090 0x0b58 Waiting for KSN requests completion. In queue: 52
13:41:00.0104 0x0b58 Waiting for KSN requests completion. In queue: 52
13:41:01.0118 0x0b58 Waiting for KSN requests completion. In queue: 52
13:41:02.0164 0x0b58 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
13:41:02.0226 0x0b58 Win FW state via NFP2: enabled
13:41:04.0784 0x0b58 ============================================================
13:41:04.0784 0x0b58 Scan finished
13:41:04.0784 0x0b58 ============================================================
13:41:04.0800 0x1090 Detected object count: 0
13:41:04.0800 0x1090 Actual detected object count: 0

#6
dbreeze

Posted 24 January 2015 - 10:09 PM

Trusted Helper

Malware Removal
2,216 posts

Conrad 678,

Thank you for the TDSSkiller scan; it confirmed that the hard drive should be fine and that there is no rootkits / bootkits affecting the drive size itself. I have brought this puzzle up to out Tech staff here and will get a solution back to you soon. I just wanted to let you know what is going on.

#7
dbreeze

Posted 25 January 2015 - 12:52 AM

Trusted Helper

Malware Removal
2,216 posts

Let's try a couple of tests on the hard drive(s) ....

FIRST, a chkdsk run >>>>

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check and then reboot. Disk check should run. Normally takes a few hours but may not take very long if the C: is as small as it says. Repeat for D.

SECOND, a scan Speccy >>>>

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Uninstall Speccy.

#8
dbreeze

Posted 02 February 2015 - 12:53 AM

Trusted Helper

Malware Removal
2,216 posts

Are you still needing assistance with this problem?

Did the Chkdsk runs find any thing?

#9
Conrad 678

Posted 02 February 2015 - 07:26 AM

Member

Topic Starter
Member
103 posts

No, Nothing showed up.

Yes, I still need assistance. The hard drive is totally full.

Thanks!

Conrad

#10
dbreeze

Posted 02 February 2015 - 09:36 AM

Trusted Helper

Malware Removal
2,216 posts

In reference to the article here, can you take a screen shot of the disk management window / screen and post it here, please.

There is a nice thread on how to post a screen shot here at Geeks To Go at this location. Thank you.

#11
Conrad 678

Posted 02 February 2015 - 04:39 PM

Member

Topic Starter
Member
103 posts

I hope this is what you are looking for.

Thanks!

Conrad

Attached Thumbnails

#12
dbreeze

Posted 02 February 2015 - 10:30 PM

Trusted Helper

Malware Removal
2,216 posts

That is exactly what I needed to see.

STEP# 1

Go back to Disk Management and right click on drive letter C:.

Select Extend Volume from the menu.

You can select the entire available amount or choose a smaller amount to begin with (say 800000 [which is 800GB]).

Again, I direct you to this site here for help if you need it (but Windows has help for tis feature built in).

STEP# 2

Go to the following site and get WinDirStat: https://windirstat.info/

The direct download link is http://sourceforge.n...latest/download . Right click on the download and select Run as Administator to install the program. Accept the defaults and once it runs, click on C: drive and click OK. Wait until it says 100% and the little pacmen stop moving. You can turn off and on the colored Tree Map by toggling the F9 key. The Listed Tree View will show the file types and / or directories with the highest disk space usage. You know your system better than anyone else; are there any findings that surprise you? What are the top 5 directories and the top 5 file types using space on C: drive?

#13
Conrad 678

Posted 03 February 2015 - 06:53 PM

Member

Topic Starter
Member
103 posts

I m not quite sure what I am looking for. The three top files are:

Windows 35.7%

System Volume Information 23.9

User 23.1%

All the others are pretty small.

#14
dbreeze

Posted 03 February 2015 - 07:42 PM

Trusted Helper

Malware Removal
2,216 posts

Did you do STEP# 1?

#15
Conrad 678

Posted 03 February 2015 - 08:21 PM

Member

Topic Starter
Member
103 posts

I just redid it. Now it says there is no space to shrink, but when I look at the C disc, it still says it's 100% full. None of the values of the top three changed appreciably.