Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

IRP Hook Rootkit Infection [Solved]


  • This topic is locked This topic is locked
26 replies to this topic

#1 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 24 November 2013 - 06:38 AM

Hi all,

Last month I had to do a Windows Repair Install as I had problems with my Windows Update not working.

It seemed to fix it but last week the same thing happened.

As well as no Updates I have problems with all 3 browsers failing to go to websites, there is a lot of processor activity and the PC is responding very slowly.

I updated my Zonealarm Free and AVG Free and ran a full AVG scan.

It came back with 9 infections which it could not remove.

They are all IRP Hook issues.

I tried running MalwareBytes and Spybot but no luck.

Hope you can help me get this sorted.

Regards

Adrian.

 

I have run the OTL.exe and following are the OTL.txt and Extras.txt log file contents.

 

*********************************************************************************************************

 

OTL logfile created on: 24/11/2013 11:04:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adrian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
15.98 Gb Total Physical Memory | 11.33 Gb Available Physical Memory | 70.89% Memory free
31.97 Gb Paging File | 27.92 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 2.05 Gb Free Space | 3.43% Space Free | Partition Type: NTFS
Drive D: | 1862.92 Gb Total Space | 693.78 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 699.41 Gb Free Space | 37.54% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 7.03 Gb Free Space | 9.43% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 2.34 Gb Free Space | 0.50% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 189.53 Gb Free Space | 40.69% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 1.48 Gb Free Space | 39.60% Space Free | Partition Type: FAT32
 
Computer Name: CHESTER | User Name: Adrian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Adrian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe (Conceiva Pty. Ltd.)
PRC - C:\Program Files (x86)\Conceiva\Mezzmo\Mezzmo.exe (Conceiva Pty. Ltd.)
PRC - E:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgcmgr.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - E:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - E:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\extension-functions.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\avformat-54.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\avfilter-3.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\swscale-2.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\avutil-52.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\avdevice-54.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\swresample-0.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\tag.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\libeay32.dll ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\ssleay32.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Conceiva\Mezzmo\hs_regex.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EPSON_PM_RPCV4_05) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Adrians_Media_Server) -- C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe (Conceiva Pty. Ltd.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- E:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- E:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTLE8023x64) -- C:\Windows\SysNative\drivers\Rtenic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D F7 0B 87 65 14 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {E33E6D96-5BA3-4BBF-88DF-A83CE3859977}
IE - HKCU\..\SearchScopes\{E33E6D96-5BA3-4BBF-88DF-A83CE3859977}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...ient=firefox-a"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: e-webprint%40epson.com:1.17.00
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://search.zoneal...tsId=&ver=&&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013/10/01 22:26:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/18 22:08:59 | 000,000,000 | ---D | M]
 
[2011/05/18 23:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Extensions
[2013/11/15 10:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\extensions
[2013/10/01 00:47:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/11/15 10:16:25 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2013/10/01 00:47:55 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2013/10/01 00:47:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\extensions\engine@conduit.com
[2013/10/01 00:47:54 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\extensions\ffxtlbr@zonealarm.com
[2013/10/01 00:47:55 | 000,000,000 | ---D | M] (conntoinnueyttosaave) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\extensions\sxfgv@hvqjei.net
[2013/03/21 18:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js
[2013/08/24 23:34:31 | 000,001,502 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\5ld7cmno.default\searchplugins\zonealarm.xml
[2013/10/01 00:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/01 22:26:47 | 000,000,000 | ---D | M] (E-Web Print) -- C:\PROGRAM FILES (X86)\EPSON SOFTWARE\E-WEB PRINT\FIREFOX ADD-ON
[2013/05/08 00:05:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/05/08 00:05:18 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/05/08 00:05:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/05/08 00:05:18 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/05/08 00:05:18 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/05/08 00:05:18 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/05/08 00:05:18 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
 
O1 HOSTS File: ([2013/09/20 23:42:29 | 000,449,801 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: 127.0.0.1    activate.adobe.com
O1 - Hosts: 127.0.0.1    3dns-3.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1    ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1    activate-sea.adobe.com
O1 - Hosts: 127.0.0.1    wip3.adobe.com
O1 - Hosts: 127.0.0.1    wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1    activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1    practivate.adobe.com
O1 - Hosts: 127.0.0.1    ereg.adobe.com
O1 - Hosts: 127.0.0.1    activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1    3dns-2.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns.adobe.com
O1 - Hosts: ::1    localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 15445 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [ZoneAlarm] E:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2530 Series" File not found
O4 - HKCU..\Run: [EPSON R230 Network] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIP.EXE /FU "C:\Windows\TEMP\E_SD2E8.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Mezzmo] C:\Program Files (x86)\Conceiva\Mezzmo\Mezzmo.exe (Conceiva Pty. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1307244420435 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98EDD3B4-2C75-4F13-A6E1-3AE1B080D010}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/05 10:16:22 | 000,000,000 | -H-D | M] - I:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 13:56:50 | 000,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/24 22:37:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
[2013/11/19 21:41:53 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\rkill
[2013/11/17 16:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/15 23:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/15 23:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/15 23:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/15 23:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/15 23:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/11/15 14:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/11/15 14:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mezzmo
[2013/10/30 09:20:46 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2013/10/30 09:20:45 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BIVE.DLL
[2013/10/29 23:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/10/29 23:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013/10/29 22:13:43 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Logitech
[2013/10/29 22:13:42 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Leadertech
[2013/10/29 22:11:56 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Logitech
[2013/10/29 22:11:56 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Logishrd
[2013/10/28 23:39:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013/10/28 23:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2013/10/28 23:32:13 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2013/10/28 23:32:13 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2013/10/28 23:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2013/10/28 23:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013/10/28 23:32:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013/10/28 23:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013/10/28 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\vlc
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/24 22:40:26 | 000,769,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/24 22:40:26 | 000,657,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/24 22:40:26 | 000,122,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/24 22:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/24 22:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
[2013/11/24 22:20:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/24 21:29:25 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 21:29:25 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 21:20:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/24 21:20:12 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2013/11/24 21:20:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/24 21:20:02 | 4281,929,726 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/17 23:50:40 | 000,002,289 | ---- | M] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/17 16:57:42 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/15 23:09:55 | 000,001,491 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/15 23:01:35 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/15 14:03:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/15 14:03:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/15 14:02:09 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Mezzmo.lnk
[2013/10/28 23:32:12 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/10/28 23:32:12 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013/10/28 23:32:11 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/10/28 23:32:11 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013/10/28 23:31:13 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2013/10/28 22:28:45 | 000,034,304 | ---- | M] () -- C:\Users\Adrian\Desktop\HUP Order Confirmation - 439769796.msg
[2013/10/28 00:09:38 | 000,001,302 | ---- | M] () -- C:\Users\Adrian\Desktop\vlc.exe - Shortcut.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/17 16:57:42 | 000,002,289 | ---- | C] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/17 16:57:42 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/15 23:09:55 | 000,001,491 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/15 23:01:35 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/10/28 23:31:13 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2013/10/28 22:28:45 | 000,034,304 | ---- | C] () -- C:\Users\Adrian\Desktop\HUP Order Confirmation - 439769796.msg
[2013/10/28 00:09:38 | 000,001,302 | ---- | C] () -- C:\Users\Adrian\Desktop\vlc.exe - Shortcut.lnk
[2013/10/01 01:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\aaclient.dll
[2013/10/01 00:40:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/06/06 15:21:14 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2012/10/07 16:06:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/10/07 16:06:22 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/09/02 00:35:53 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/12 23:49:59 | 000,000,412 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\All CPU Meter_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 13:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 14:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/01 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Audacity
[2013/10/01 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\AVG2014
[2013/10/01 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Azureus
[2013/10/01 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Check Point Software Technologies LTD
[2013/10/01 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\CheckPoint
[2013/10/01 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/10/01 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DAEMON Tools Lite
[2013/10/01 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Epson
[2013/10/01 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\FreeFileSync
[2013/10/01 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\ICAClient
[2013/10/01 00:47:45 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\iMobie
[2013/10/01 00:47:45 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\IrfanView
[2013/10/29 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Leadertech
[2013/10/01 00:47:55 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\NCH Swift Sound
[2013/10/01 00:47:55 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Need for Speed World
[2013/10/01 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Orbit
[2013/10/01 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\ProgSense
[2013/10/01 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/09/29 22:05:29 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Systweak
[2013/10/01 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\TeamViewer
[2013/10/01 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\TuneUp Software
[2013/11/17 16:57:27 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\uTorrent
[2013/10/01 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/02/17 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2010/11/21 18:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/11 07:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 16:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 17:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 14:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 14:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2010/11/21 18:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 18:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 18:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 18:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-D5E97654.PF  >
[2013/11/24 22:48:33 | 000,028,704 | ---- | M] () MD5=C2953E98839333519A1F16B37EE1EC21 -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf
 
< MD5 for: EXPLORER.ZIP  >
[2009/06/03 21:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2013/10/01 02:03:18 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/10/01 02:03:18 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2010/11/21 14:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2011/06/07 15:35:24 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2010/11/21 14:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/09/23 10:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/09/23 10:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/09/23 11:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/09/23 12:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2011/06/07 15:35:23 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2013/09/23 12:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/09/23 12:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/10/01 02:03:18 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/10/01 02:03:18 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/10/01 02:03:18 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/10/01 02:03:18 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/14 13:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 13:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-058FE8F5.PF  >
[2013/11/24 22:48:35 | 000,102,046 | ---- | M] () MD5=FB3561B25F4D1A3AFB9F938214CAEA26 -- C:\Windows\Prefetch\IEXPLORE.EXE-058FE8F5.pf
 
< MD5 for: IEXPLORE.EXE-A033F7A0.PF  >
[2013/11/24 22:48:36 | 000,192,910 | ---- | M] () MD5=8E1F6D3083DB6E9FA284D73AF420253D -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf
 
< MD5 for: SERVICES  >
[2009/06/11 08:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2013/09/06 01:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 12:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 12:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 18:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 18:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 15:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 15:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/11 07:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 07:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 18:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 07:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 18:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 08:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 18:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 07:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 18:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 08:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/14 07:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 07:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2010/11/21 18:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/11 08:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 14:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 14:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/21 18:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 18:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2010/11/21 18:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 18:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/14 07:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/14 07:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2011/11/02 21:28:23 | 000,000,180 | ---- | M] () -- C:\csb.log
[2011/07/06 22:34:54 | 000,000,157 | ---- | M] () -- C:\error.txt
[2013/11/24 21:20:02 | 4281,929,726 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/02 21:27:18 | 000,000,189 | ---- | M] () -- C:\Install.log
[2013/10/29 22:03:08 | 000,000,356 | ---- | M] () -- C:\LGSInst.Log
[2012/10/05 13:19:42 | 000,000,000 | -HS- | M] () -- C:\pagefile.sys
[2011/11/02 21:28:11 | 000,002,272 | ---- | M] () -- C:\RHDSetup.log
[2013/11/19 23:08:58 | 000,399,580 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_19.11.2013_23.07.28_log.txt
 
< %systemroot%\Fonts\*.com >
[2009/07/14 16:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 16:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 16:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 16:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/11 07:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 15:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS SSD
 Volume Serial Number is A2C9-B2B2
 Directory of C:\
14/07/2009  04:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  04:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  04:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  04:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  04:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  04:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  04:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  04:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  04:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Adrian
01/10/2013  12:41 AM    <JUNCTION>     Application Data [C:\Users\Adrian\AppData\Roaming]
01/10/2013  12:41 AM    <JUNCTION>     Cookies [C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Cookies]
01/10/2013  12:41 AM    <JUNCTION>     Local Settings [C:\Users\Adrian\AppData\Local]
01/10/2013  12:41 AM    <JUNCTION>     My Documents [C:\Users\Adrian\Documents]
01/10/2013  12:41 AM    <JUNCTION>     NetHood [C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/10/2013  12:41 AM    <JUNCTION>     PrintHood [C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/10/2013  12:41 AM    <JUNCTION>     Recent [C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Recent]
01/10/2013  12:41 AM    <JUNCTION>     SendTo [C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\SendTo]
01/10/2013  12:41 AM    <JUNCTION>     Start Menu [C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu]
01/10/2013  12:41 AM    <JUNCTION>     Templates [C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Adrian\AppData\Local
01/10/2013  12:41 AM    <JUNCTION>     Application Data [C:\Users\Adrian\AppData\Local]
01/10/2013  12:41 AM    <JUNCTION>     History [C:\Users\Adrian\AppData\Local\Microsoft\Windows\History]
01/10/2013  12:41 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Adrian\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Adrian\AppData\Roaming\Apple Computer\MobileSync
02/10/2013  12:21 AM    <JUNCTION>     Backup [E:\Backups\iphone backup]
               0 File(s)              0 bytes
 Directory of C:\Users\Adrian\Documents
01/10/2013  12:41 AM    <JUNCTION>     My Music [C:\Users\Adrian\Music]
01/10/2013  12:41 AM    <JUNCTION>     My Pictures [C:\Users\Adrian\Pictures]
01/10/2013  12:41 AM    <JUNCTION>     My Videos [C:\Users\Adrian\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  04:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  04:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  04:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  04:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  04:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  04:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  04:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  04:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  04:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  04:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  04:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  04:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  04:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  04:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  04:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  04:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  04:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  04:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  04:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  04:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  04:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  04:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  04:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  04:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  04:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
29/10/2013  10:02 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
29/10/2013  10:02 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
29/10/2013  10:02 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
29/10/2013  10:02 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
29/10/2013  10:02 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/10/2013  10:02 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/10/2013  10:02 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
29/10/2013  10:02 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
29/10/2013  10:02 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
29/10/2013  10:02 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
29/10/2013  10:02 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
29/10/2013  10:02 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
29/10/2013  10:02 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
29/10/2013  10:02 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
29/10/2013  10:02 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
29/10/2013  10:02 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
29/10/2013  10:02 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
29/10/2013  10:02 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
29/10/2013  10:02 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
29/10/2013  10:02 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
29/10/2013  10:02 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/10/2013  10:02 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/10/2013  10:02 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
29/10/2013  10:02 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
29/10/2013  10:02 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
29/10/2013  10:02 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
29/10/2013  10:02 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
29/10/2013  10:02 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
29/10/2013  10:02 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
29/10/2013  10:02 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
29/10/2013  10:02 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
29/10/2013  10:02 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              83 Dir(s)   3,051,798,528 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/07 15:39:08 | 000,000,221 | -HS- | M] () -- C:\Users\Adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/10/01 01:05:35 | 000,000,221 | -HS- | M] () -- C:\Users\Adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/11/24 22:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

*************************************************************************************************************

 

OTL Extras logfile created on: 24/11/2013 11:04:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adrian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
15.98 Gb Total Physical Memory | 11.33 Gb Available Physical Memory | 70.89% Memory free
31.97 Gb Paging File | 27.92 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 2.05 Gb Free Space | 3.43% Space Free | Partition Type: NTFS
Drive D: | 1862.92 Gb Total Space | 693.78 Gb Free Space | 37.24% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 699.41 Gb Free Space | 37.54% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 7.03 Gb Free Space | 9.43% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 2.34 Gb Free Space | 0.50% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 189.53 Gb Free Space | 40.69% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 1.48 Gb Free Space | 39.60% Space Free | Partition Type: FAT32
 
Computer Name: CHESTER | User Name: Adrian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ACE4C8-2759-49CD-A7C1-B91477DB3556}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{07E9724E-0DFB-414E-B388-2AB5A09A60D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{08FC0A58-3595-42AD-B369-1D71382BFCDD}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0973CAD6-AB0E-46F6-B31C-24EBEE37007F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0CCBB1E0-4C68-41E1-AA76-7F789812BA23}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{1A6EB1A0-1E07-4D9D-8EA7-226BAC877702}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{205FE23C-D184-47DE-9C7E-A175A17FC2C6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2255EFA6-2337-42F6-9E4D-7CC9BDE9EB48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{225A755D-F628-4167-ACA8-DB756C5FD58F}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{263DD6D2-C94D-4D08-B8E0-C8AFE9C4D95D}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{29F28555-F8F9-4390-BDE0-51BA0FEA12B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31B1D07C-C879-4D4E-922A-4C14B0F77E38}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{38FBACD9-4643-4BBC-A4FB-A73CFAC3AAAB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B1A3C32-DB3D-4E22-AEEE-6F4737C9EF50}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{426513F3-61D0-419A-9772-59F3DCA6DB3E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5766C767-4262-4F84-88C3-BA864920DDBD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59EF98EC-EA65-43F0-A8EA-8E0A8B74A84F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A53C791-B04F-47D7-ADB9-9180EAF4BBF8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B68E702-8D9D-4029-8908-842DCB7765F9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5E8F9738-E84C-4B74-84AF-B76AD75652DF}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{5FFF4DEB-5B71-4328-B4BC-6364CEB28E04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{671C55B4-6ABF-444A-8C4E-F0453D603E2C}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{713C0BBD-39B9-40BA-9A5E-FEA158E64189}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71FCDCC3-1430-4456-8D41-47D6902F739A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7931FE83-7BBF-4EF5-A14E-E14473D04F37}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{84A5F453-54E1-45A2-987F-368EF0608DEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87D56CB5-8543-4A07-8096-212DE33442F1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A35EEDA4-CCA6-464E-A924-3123EEF0030F}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{AE7E26B2-A6BF-4C3A-9761-779C49E0927B}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{ED31D703-20CF-40E9-B220-955C4351CF30}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FE831D4B-E0EA-43AA-A3A7-94B1D949F2AB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{144BA04C-1B09-4E2E-80AD-0E337FAA39F7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{14551163-B56E-4928-B70E-55DB8EC61C00}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{17A9E65F-9C86-461B-8AC9-33AC360B32F0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{185BB52D-67C6-4AC1-83C6-4DA0AA5BF0BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2293C95C-5B67-41E1-8D98-664A1824A945}" = protocol=6 | dir=in | app=e:\program files (x86)\utorrent\utorrent.exe |
"{24B2EB8E-CE8F-4111-B028-3E7B011205EA}" = protocol=17 | dir=in | app=e:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{28FE70F5-346B-48F1-AA69-C06FD781CD85}" = dir=in | app=e:\program files (x86)\itunes.exe |
"{29B1F9AF-7144-4BF8-A228-AB50645BFC12}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2CAB3A1B-1910-4D80-B920-CD291CB4574D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E73DA8D-AB41-4E8E-80E4-FAE825FBC898}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3488A50B-A999-4BBE-9F17-18BDF2DEE0EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{42079913-EFB3-4F2A-AB28-44B0BD51B8C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45D48331-178C-4D9B-8004-395DE719CEFD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{46658213-688D-4C3A-9CF4-DAAFA3872C09}" = protocol=6 | dir=in | app=e:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{48A02337-66DA-4162-9946-9BA0F72347A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4B1B31EA-D2BA-4469-BF4E-3D5B8BA9C511}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BF373D3-2CB8-474E-B00D-45A6B924CAAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CF1249C-36FC-435D-BAE8-E9E13E89B82C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4E69F24D-AAEA-48C2-AE2F-D751C493168A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5185C32E-1B82-4E6E-B1B2-6BDFC813336D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5446646D-01E2-4E93-9172-D64E4992940D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{62032BF4-0D5B-4C17-B5F2-5BB1DF89BC72}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67D93AD8-F7A3-4B16-AEEB-81D1AB35BC10}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6C2105EE-44A1-40E6-92E0-5A96781D06A0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{72064549-96E3-4404-97A8-DC1CB179F57E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7392D240-695D-4266-97B8-77D2A700B115}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{747FE02E-392E-45C3-A920-CF0628E9C75C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{76174B0D-FB03-41C3-8037-DEDDED68A662}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{896D0240-E314-4CA5-8B3A-4EF2662B84E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E2B190D-F78A-404C-AFA8-080EBFE58378}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{8F26216F-FAE6-47F5-BB3A-99FEBADD1F01}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FCB5EA2-4E6E-496C-AF14-780EBA732D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{A44D5BAC-9BEE-41E2-BBE8-E1584DBEDDD2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AEE5623F-5669-4EB9-91FF-F291FA73B4A6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AF6D2D84-582C-4BA1-A479-B764EDFBAD9E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B1FA2BED-BE58-46E6-A384-7D52D4E7FA78}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{BCB290D3-3242-49B2-BF87-79E46A0B80E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CA320884-1A0A-4012-BD68-0B8874E9F3D7}" = protocol=6 | dir=out | app=system |
"{CCADCF7F-2B7A-4D96-A96B-6C448C3A4D88}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{D2842362-DE13-488F-B272-C30DB8186699}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F049F308-CE7D-40CC-A959-A9CB71231EE0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F4ECDCD5-7704-482F-AF2F-8D7CA690F041}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F5C1F64C-BA3D-4296-AAA8-8C3B46265ECF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5F767F2-C9D2-4C72-A775-030CD2F8ECEC}" = protocol=17 | dir=in | app=e:\program files (x86)\utorrent\utorrent.exe |
"{F850B285-FA2F-4075-BD7F-CA03007E245C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D005A51-8EA5-42F8-B37B-FD30FEEF0D04}" = AVG 2014
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net  (02/15/2007 2.0.0.0)
"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006)
"AVG" = AVG 2014
"B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Remote Print" = EPSON Remote Print Uninstall
"EPSON WF-2530 Series" = EPSON WF-2530 Series Printer Uninstall
"Logitech Gaming Software" = Logitech Gaming Software 8.50
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"VLC media player" = VLC media player 2.1.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A312B5-1542-47B6-BFE9-F51358C39E86}" = Epson Easy Photo Print 2
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-service Plug-in
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash Redirection)
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver(USB)
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{434D0FA0-1558-4D8E-AC3D-BD1000008400}" = DiRT 3
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F6D20F0-CCE5-1492-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86_x64) WinSXS MSM
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{695C8469-7822-4B31-A673-5ED84815B649}" = Epson E-Web Print
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{844EFBA7-1C24-93B2-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86_x64) WinSXS MSM
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3B308B9-BE96-4334-816F-3D82B19A7DE2}" = Software Updater
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver(DV)
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{C47B36EC-0639-4462-A9CE-7809CF2F6100}" = ZoneAlarm Security
"{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}" = Epson Event Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4FB136D-2802-4578-A023-E7243BD0D7D5}" = ZoneAlarm Firewall
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"Epson Connect Guide" = Epson Connect Guide
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FreeFileSync" = FreeFileSync v3.17
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008400}" = DiRT 3
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Full)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 en-GB)" = Mozilla Firefox 20.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"SSC Service Utility_is1" = SSC Service Utility v4.30
"TeamViewer 8" = TeamViewer 8
"TmNationsForever_is1" = TmNationsForever
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WF-2530 Series Netg" = Epson Network Guide WF-2530 Series
"WF-2530 Series Useg" = Epson User's Guide WF-2530 Series
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mezzmo" = Mezzmo
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24/11/2013 8:05:27 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:05:27 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:05:28 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:05:30 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:05:35 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:05:45 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:05:51 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:05:56 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:09:04 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
Error - 24/11/2013 8:09:05 AM | Computer Name = Chester | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
 Database. The ESENT error was: -1011.
 
[ Media Center Events ]
Error - 12/09/2011 8:55:05 AM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 10:55:05 PM - Error connecting to the internet.  10:55:05 PM -     Unable
 to contact server..  
 
Error - 12/09/2011 9:01:31 AM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 11:01:31 PM - Error connecting to the internet.  11:01:31 PM -     Unable
 to contact server..  
 
Error - 12/09/2011 1:28:55 PM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 3:28:55 AM - Error connecting to the internet.  3:28:55 AM -     Unable
 to contact server..  
 
Error - 12/09/2011 1:35:21 PM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 3:35:21 AM - Error connecting to the internet.  3:35:21 AM -     Unable
 to contact server..  
 
Error - 12/09/2011 2:50:28 PM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 4:50:28 AM - Error connecting to the internet.  4:50:28 AM -     Unable
 to contact server..  
 
Error - 12/09/2011 2:56:55 PM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 4:56:54 AM - Error connecting to the internet.  4:56:54 AM -     Unable
 to contact server..  
 
Error - 12/09/2011 4:07:35 PM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 6:07:35 AM - Error connecting to the internet.  6:07:35 AM -     Unable
 to contact server..  
 
Error - 12/09/2011 4:14:02 PM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 6:14:01 AM - Error connecting to the internet.  6:14:01 AM -     Unable
 to contact server..  
 
Error - 12/09/2011 5:20:09 PM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 7:20:09 AM - Error connecting to the internet.  7:20:09 AM -     Unable
 to contact server..  
 
Error - 12/09/2011 5:26:35 PM | Computer Name = Chester | Source = MCUpdate | ID = 0
Description = 7:26:35 AM - Error connecting to the internet.  7:26:35 AM -     Unable
 to contact server..  
 
[ System Events ]
Error - 17/11/2013 8:50:35 AM | Computer Name = Chester | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:47:55 PM on ?11/?17/?2013 was unexpected.
 
Error - 17/11/2013 8:50:48 AM | Computer Name = Chester | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%14001
 
Error - 18/11/2013 8:43:00 AM | Computer Name = Chester | Source = DCOM | ID = 10010
Description =
 
Error - 19/11/2013 6:38:13 AM | Computer Name = Chester | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%14001
 
Error - 19/11/2013 6:41:50 AM | Computer Name = Chester | Source = Service Control Manager | ID = 7034
Description = The AMD External Events Utility service terminated unexpectedly.  
It has done this 1 time(s).
 
Error - 19/11/2013 6:41:50 AM | Computer Name = Chester | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 19/11/2013 6:41:50 AM | Computer Name = Chester | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 19/11/2013 6:41:51 AM | Computer Name = Chester | Source = Service Control Manager | ID = 7031
Description = The Software Protection service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 120000 milliseconds:
 Restart the service.
 
Error - 24/11/2013 6:11:26 AM | Computer Name = Chester | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 24/11/2013 6:20:22 AM | Computer Name = Chester | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%14001
 
 
< End of report >
 


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 25 November 2013 - 03:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 

#3 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 25 November 2013 - 06:15 AM

Hi Marius,

Thanks for assisting.

I had some trouble with TDSSKiller locking up and had to restart the PC but it finally ran with no threats found.

Log file follows.

 

23:10:42.0219 0x1bec  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
23:10:50.0331 0x1bec  ============================================================
23:10:50.0331 0x1bec  Current date / time: 2013/11/25 23:10:50.0331
23:10:50.0331 0x1bec  SystemInfo:
23:10:50.0331 0x1bec  
23:10:50.0331 0x1bec  OS Version: 6.1.7601 ServicePack: 1.0
23:10:50.0331 0x1bec  Product type: Workstation
23:10:50.0331 0x1bec  ComputerName: CHESTER
23:10:50.0331 0x1bec  UserName: Adrian
23:10:50.0331 0x1bec  Windows directory: C:\Windows
23:10:50.0331 0x1bec  System windows directory: C:\Windows
23:10:50.0331 0x1bec  Running under WOW64
23:10:50.0331 0x1bec  Processor architecture: Intel x64
23:10:50.0331 0x1bec  Number of processors: 8
23:10:50.0331 0x1bec  Page size: 0x1000
23:10:50.0331 0x1bec  Boot type: Normal boot
23:10:50.0331 0x1bec  ============================================================
23:10:50.0643 0x1bec  KLMD registered as C:\Windows\system32\drivers\19387988.sys
23:10:50.0705 0x1bec  System UUID: {240EF577-AE6C-42E6-0F79-D1786C62E2C2}
23:10:51.0345 0x1bec  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0xE01F4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
23:10:51.0345 0x1bec  Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:10:51.0376 0x1bec  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:10:51.0376 0x1bec  Drive \Device\Harddisk3\DR3 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:10:51.0750 0x1bec  Drive \Device\Harddisk4\DR4 - Size: 0x6AF00000 (1.67 Gb), SectorSize: 0x200, Cylinders: 0xDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:10:51.0750 0x1bec  Drive \Device\Harddisk5\DR5 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:10:51.0750 0x1bec  Drive \Device\Harddisk6\DR6 - Size: 0x7470A00000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:10:51.0750 0x1bec  ============================================================
23:10:51.0750 0x1bec  \Device\Harddisk0\DR0:
23:10:51.0750 0x1bec  MBR partitions:
23:10:51.0750 0x1bec  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:10:51.0750 0x1bec  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5000
23:10:51.0750 0x1bec  \Device\Harddisk1\DR1:
23:10:51.0750 0x1bec  MBR partitions:
23:10:51.0750 0x1bec  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
23:10:51.0750 0x1bec  \Device\Harddisk2\DR2:
23:10:51.0750 0x1bec  MBR partitions:
23:10:51.0750 0x1bec  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
23:10:51.0750 0x1bec  \Device\Harddisk3\DR3:
23:10:51.0750 0x1bec  MBR partitions:
23:10:51.0750 0x1bec  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
23:10:51.0750 0x1bec  \Device\Harddisk4\DR4:
23:10:51.0750 0x1bec  MBR partitions:
23:10:51.0750 0x1bec  \Device\Harddisk4\DR4\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3577C1
23:10:51.0750 0x1bec  \Device\Harddisk5\DR5:
23:10:51.0750 0x1bec  MBR partitions:
23:10:51.0750 0x1bec  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x950E482
23:10:51.0750 0x1bec  \Device\Harddisk6\DR6:
23:10:51.0750 0x1bec  MBR partitions:
23:10:51.0750 0x1bec  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
23:10:51.0750 0x1bec  ============================================================
23:10:51.0750 0x1bec  C: <-> \Device\Harddisk1\DR1\Partition1
23:10:51.0797 0x1bec  D: <-> \Device\Harddisk0\DR0\Partition2
23:10:51.0813 0x1bec  E: <-> \Device\Harddisk2\DR2\Partition1
23:10:52.0140 0x1bec  I: <-> \Device\Harddisk6\DR6\Partition1
23:10:52.0218 0x1bec  H: <-> \Device\Harddisk3\DR3\Partition1
23:10:52.0218 0x1bec  G: <-> \Device\Harddisk5\DR5\Partition1
23:10:52.0218 0x1bec  ============================================================
23:10:52.0218 0x1bec  Initialize success
23:10:52.0218 0x1bec  ============================================================
23:11:13.0531 0x15ec  ============================================================
23:11:13.0531 0x15ec  Scan started
23:11:13.0531 0x15ec  Mode: Manual;
23:11:13.0531 0x15ec  ============================================================
23:11:13.0531 0x15ec  KSN ping started
23:11:16.0198 0x15ec  KSN ping finished: true
23:11:16.0931 0x15ec  ================ Scan system memory ========================
23:11:16.0931 0x15ec  System memory - ok
23:11:16.0931 0x15ec  ================ Scan services =============================
23:11:16.0963 0x15ec  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:11:16.0963 0x15ec  1394ohci - ok
23:11:17.0009 0x15ec  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
23:11:17.0041 0x15ec  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
23:11:17.0041 0x15ec  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:11:17.0056 0x15ec  ACPI - ok
23:11:17.0056 0x15ec  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:11:17.0072 0x15ec  AcpiPmi - ok
23:11:17.0072 0x15ec  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:11:17.0072 0x15ec  AdobeARMservice - ok
23:11:17.0134 0x15ec  [ 438F31336B3DC248ABC632F1C8F34A24, 94C1218E7EC2EC6D4870A6FDC118097D7D3A359DA073DCD3A9770F399F830991 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:11:17.0165 0x15ec  AdobeFlashPlayerUpdateSvc - ok
23:11:17.0181 0x15ec  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:11:17.0212 0x15ec  adp94xx - ok
23:11:17.0228 0x15ec  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:11:17.0243 0x15ec  adpahci - ok
23:11:17.0243 0x15ec  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:11:17.0259 0x15ec  adpu320 - ok
23:11:17.0368 0x15ec  [ C9F63BDD5C73050D7C1DF5A5E9BE4602, B1B0B58B060388CC32F9B03CDE7339DD8A6B678ADC7790C45E52C06E71550985 ] Adrians_Media_Server C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe
23:11:17.0477 0x15ec  Adrians_Media_Server - ok
23:11:17.0743 0x15ec  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:11:17.0758 0x15ec  AeLookupSvc - ok
23:11:17.0758 0x15ec  [ 314C17917AC8523EC77A710215012A65, 725CF2D5F63C06F7704C24FE0CFA696215DADC6C0EC445D9671E82F8E23E56AD ] AFD             C:\Windows\system32\drivers\afd.sys
23:11:17.0789 0x15ec  AFD - ok
23:11:17.0789 0x15ec  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:11:17.0805 0x15ec  agp440 - ok
23:11:17.0805 0x15ec  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:11:17.0821 0x15ec  ALG - ok
23:11:17.0821 0x15ec  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:11:17.0821 0x15ec  aliide - ok
23:11:17.0836 0x15ec  [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:11:17.0899 0x15ec  AMD External Events Utility - ok
23:11:17.0899 0x15ec  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:11:17.0899 0x15ec  amdide - ok
23:11:17.0914 0x15ec  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:11:17.0914 0x15ec  AmdK8 - ok
23:11:18.0148 0x15ec  [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:11:18.0335 0x15ec  amdkmdag - ok
23:11:18.0351 0x15ec  [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:11:18.0367 0x15ec  amdkmdap - ok
23:11:18.0367 0x15ec  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:11:18.0382 0x15ec  AmdPPM - ok
23:11:18.0382 0x15ec  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:11:18.0398 0x15ec  amdsata - ok
23:11:18.0398 0x15ec  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:11:18.0413 0x15ec  amdsbs - ok
23:11:18.0413 0x15ec  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:11:18.0413 0x15ec  amdxata - ok
23:11:18.0429 0x15ec  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
23:11:18.0429 0x15ec  AppID - ok
23:11:18.0429 0x15ec  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:11:18.0445 0x15ec  AppIDSvc - ok
23:11:18.0445 0x15ec  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
23:11:18.0445 0x15ec  Appinfo - ok
23:11:18.0460 0x15ec  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:11:18.0460 0x15ec  Apple Mobile Device - ok
23:11:18.0460 0x15ec  [ 6BE11AD81D4527D299F0CB5F3731AABC, 9C01278D3336CD74B9672A2A9EF7AF836CB0E7F2EA5BC310E9ADDD1238B92229 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
23:11:18.0476 0x15ec  AppleCharger - ok
23:11:18.0476 0x15ec  [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
23:11:18.0476 0x15ec  AppleChargerSrv - ok
23:11:18.0491 0x15ec  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:11:18.0491 0x15ec  arc - ok
23:11:18.0491 0x15ec  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:11:18.0507 0x15ec  arcsas - ok
23:11:18.0507 0x15ec  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:11:18.0523 0x15ec  AsyncMac - ok
23:11:18.0523 0x15ec  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:11:18.0523 0x15ec  atapi - ok
23:11:18.0538 0x15ec  [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
23:11:18.0538 0x15ec  AtiHdmiService - ok
23:11:18.0569 0x15ec  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:11:18.0601 0x15ec  AudioEndpointBuilder - ok
23:11:18.0616 0x15ec  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:11:18.0632 0x15ec  AudioSrv - ok
23:11:18.0632 0x15ec  [ 0D75C5C4EBF3D8197448189A2F153116, 24BD42F6C243870E6FC4001B75330071C9B305444ADBFC670863348DAE757BC7 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
23:11:18.0647 0x15ec  Avgdiska - ok
23:11:18.0819 0x15ec  [ 332AEB8F6F9595C8886A7AA7A62322DC, CC2F2856257D10B72558660161732EB5FB5D8CCD8AC78EFED8263895A2529CC9 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
23:11:18.0881 0x15ec  AVGIDSAgent - ok
23:11:18.0881 0x15ec  [ 06963A6DE8B1C8F15A8E1053AE9505A4, 81D90B3FCEE90F19C2E1A2BD7B29C8DC28B3BD3D5C06D29E96EED39C671176C2 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:11:18.0897 0x15ec  AVGIDSDriver - ok
23:11:18.0897 0x15ec  [ E4F5607D1437FFDEE33CADA40D256D4F, 0BC90536283D4132A49BB437593273DB3F1A0C61C9643596011DED3978C53815 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
23:11:18.0913 0x15ec  AVGIDSHA - ok
23:11:18.0928 0x15ec  [ B010FF7C984FFFFFF019F2CF162F1DE8, 13CDA37B96DADEDD4DD4A9A50D9879613E2BA8405C73F13B56093BA9E679CD40 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
23:11:18.0928 0x15ec  Avgldx64 - ok
23:11:18.0975 0x15ec  [ F05BF4010D3F0E8C2D8CBFE45D7CFCE1, 85CE32BEDA3329227EED943329EA057C1ADD12E0612454680A5D38473AEA3E12 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
23:11:18.0975 0x15ec  Avgloga - ok
23:11:18.0991 0x15ec  [ 4B459C2FCF22ECE548766B2FCF46F62C, 7DC46572C688E19AD87372D2A3D3D526B4403E9C1739DC2DD11F3DD05B38CE5A ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
23:11:18.0991 0x15ec  Avgmfx64 - ok
23:11:19.0006 0x15ec  [ 66D00CC6F7D148980071F55F9056D450, 0BD462426ED14983F00D27CB67B1652052FF8F901054D0BB7DF71EFED48F17AC ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
23:11:19.0006 0x15ec  Avgrkx64 - ok
23:11:19.0022 0x15ec  [ 4E364FABBD147F59E5D524C9EA86D772, 5D2B1E35EDBF68C23C5BF38B8B7AC484E3430219E0072C4831F58A9E8386A5FD ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
23:11:19.0022 0x15ec  Avgtdia - ok
23:11:19.0037 0x15ec  [ 07646F5F37F18F1F978CE3B0378EF1C9, 0BC440C3E8E617FA5D70D28413F091678E9FD4CF9F87CB8ED686609A0291D95B ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
23:11:19.0037 0x15ec  avgwd - ok
23:11:19.0069 0x15ec  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:11:19.0069 0x15ec  AxInstSV - ok
23:11:19.0084 0x15ec  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:11:19.0115 0x15ec  b06bdrv - ok
23:11:19.0147 0x15ec  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:11:19.0162 0x15ec  b57nd60a - ok
23:11:19.0193 0x15ec  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:11:19.0209 0x15ec  BDESVC - ok
23:11:19.0209 0x15ec  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:11:19.0209 0x15ec  Beep - ok
23:11:19.0240 0x15ec  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:11:19.0256 0x15ec  BFE - ok
23:11:19.0271 0x15ec  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:11:19.0287 0x15ec  BITS - ok
23:11:19.0303 0x15ec  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:11:19.0303 0x15ec  blbdrive - ok
23:11:19.0318 0x15ec  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:11:19.0334 0x15ec  Bonjour Service - ok
23:11:19.0381 0x15ec  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:11:19.0396 0x15ec  bowser - ok
23:11:19.0396 0x15ec  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:11:19.0412 0x15ec  BrFiltLo - ok
23:11:19.0412 0x15ec  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:11:19.0412 0x15ec  BrFiltUp - ok
23:11:19.0427 0x15ec  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:11:19.0427 0x15ec  Browser - ok
23:11:19.0443 0x15ec  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:11:19.0459 0x15ec  Brserid - ok
23:11:19.0459 0x15ec  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:11:19.0474 0x15ec  BrSerWdm - ok
23:11:19.0474 0x15ec  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:11:19.0474 0x15ec  BrUsbMdm - ok
23:11:19.0474 0x15ec  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:11:19.0490 0x15ec  BrUsbSer - ok
23:11:19.0490 0x15ec  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:11:19.0490 0x15ec  BTHMODEM - ok
23:11:19.0505 0x15ec  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:11:19.0505 0x15ec  bthserv - ok
23:11:19.0521 0x15ec  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:11:19.0521 0x15ec  cdfs - ok
23:11:19.0521 0x15ec  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:11:19.0537 0x15ec  cdrom - ok
23:11:19.0537 0x15ec  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:11:19.0552 0x15ec  CertPropSvc - ok
23:11:19.0552 0x15ec  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:11:19.0552 0x15ec  circlass - ok
23:11:19.0568 0x15ec  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:11:19.0583 0x15ec  CLFS - ok
23:11:19.0583 0x15ec  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:11:19.0599 0x15ec  clr_optimization_v2.0.50727_32 - ok
23:11:19.0599 0x15ec  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:11:19.0615 0x15ec  clr_optimization_v2.0.50727_64 - ok
23:11:19.0615 0x15ec  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:11:19.0630 0x15ec  clr_optimization_v4.0.30319_32 - ok
23:11:19.0646 0x15ec  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:11:19.0661 0x15ec  clr_optimization_v4.0.30319_64 - ok
23:11:19.0661 0x15ec  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:11:19.0661 0x15ec  CmBatt - ok
23:11:19.0661 0x15ec  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:11:19.0677 0x15ec  cmdide - ok
23:11:19.0693 0x15ec  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
23:11:19.0708 0x15ec  CNG - ok
23:11:19.0708 0x15ec  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:11:19.0708 0x15ec  Compbatt - ok
23:11:19.0708 0x15ec  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:11:19.0724 0x15ec  CompositeBus - ok
23:11:19.0724 0x15ec  COMSysApp - ok
23:11:19.0724 0x15ec  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:11:19.0724 0x15ec  crcdisk - ok
23:11:19.0739 0x15ec  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:11:19.0739 0x15ec  CryptSvc - ok
23:11:19.0755 0x15ec  [ F02D7FD231AF76C69A8F09C619DEE384, 8A491BB0BFBD99804262A23E2687C58323A4042748CF201A32E35079FEDAF218 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
23:11:19.0755 0x15ec  ctxusbm - ok
23:11:19.0755 0x15ec  [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
23:11:19.0771 0x15ec  dc3d - ok
23:11:19.0786 0x15ec  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:11:19.0786 0x15ec  DcomLaunch - ok
23:11:19.0802 0x15ec  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:11:19.0817 0x15ec  defragsvc - ok
23:11:19.0817 0x15ec  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:11:19.0833 0x15ec  DfsC - ok
23:11:19.0833 0x15ec  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:11:19.0849 0x15ec  Dhcp - ok
23:11:19.0849 0x15ec  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:11:19.0849 0x15ec  discache - ok
23:11:19.0864 0x15ec  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
23:11:19.0864 0x15ec  Disk - ok
23:11:19.0864 0x15ec  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:11:19.0880 0x15ec  Dnscache - ok
23:11:19.0895 0x15ec  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:11:19.0895 0x15ec  dot3svc - ok
23:11:19.0911 0x15ec  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:11:19.0911 0x15ec  DPS - ok
23:11:19.0911 0x15ec  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:11:19.0927 0x15ec  drmkaud - ok
23:11:19.0942 0x15ec  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:11:19.0958 0x15ec  DXGKrnl - ok
23:11:19.0973 0x15ec  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:11:19.0973 0x15ec  EapHost - ok
23:11:20.0051 0x15ec  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:11:20.0114 0x15ec  ebdrv - ok
23:11:20.0129 0x15ec  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
23:11:20.0129 0x15ec  EFS - ok
23:11:20.0145 0x15ec  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:11:20.0161 0x15ec  ehRecvr - ok
23:11:20.0176 0x15ec  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:11:20.0192 0x15ec  ehSched - ok
23:11:20.0239 0x15ec  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:11:20.0317 0x15ec  elxstor - ok
23:11:20.0348 0x15ec  [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
23:11:20.0348 0x15ec  EpsonScanSvc - ok
23:11:20.0363 0x15ec  [ 1E345F2A2D95DA3190596E691CDE9342, 9D1D48F3B749ADA598D155E11E63CD52A4EEABF9BE92A1D997D25D07CF350084 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
23:11:20.0379 0x15ec  EPSON_PM_RPCV4_01 - ok
23:11:20.0379 0x15ec  [ A7E8186E04F38E836C19AC147F8B2ED0, 329639595F02060C215A6334FCE1651FB9B9B5679BA9052A487B57265608D162 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
23:11:20.0410 0x15ec  EPSON_PM_RPCV4_05 - ok
23:11:20.0410 0x15ec  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:11:20.0410 0x15ec  ErrDev - ok
23:11:20.0426 0x15ec  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:11:20.0426 0x15ec  EventSystem - ok
23:11:20.0441 0x15ec  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:11:20.0441 0x15ec  exfat - ok
23:11:20.0457 0x15ec  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:11:20.0473 0x15ec  fastfat - ok
23:11:20.0488 0x15ec  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:11:20.0504 0x15ec  Fax - ok
23:11:20.0504 0x15ec  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:11:20.0519 0x15ec  fdc - ok
23:11:20.0519 0x15ec  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:11:20.0519 0x15ec  fdPHost - ok
23:11:20.0519 0x15ec  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:11:20.0535 0x15ec  FDResPub - ok
23:11:20.0535 0x15ec  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:11:20.0535 0x15ec  FileInfo - ok
23:11:20.0535 0x15ec  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:11:20.0551 0x15ec  Filetrace - ok
23:11:20.0551 0x15ec  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:11:20.0551 0x15ec  flpydisk - ok
23:11:20.0566 0x15ec  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:11:20.0582 0x15ec  FltMgr - ok
23:11:20.0597 0x15ec  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
23:11:20.0629 0x15ec  FontCache - ok
23:11:20.0644 0x15ec  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:11:20.0660 0x15ec  FontCache3.0.0.0 - ok
23:11:20.0660 0x15ec  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:11:20.0660 0x15ec  FsDepends - ok
23:11:20.0660 0x15ec  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:11:20.0675 0x15ec  Fs_Rec - ok
23:11:20.0675 0x15ec  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:11:20.0691 0x15ec  fvevol - ok
23:11:20.0691 0x15ec  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:11:20.0691 0x15ec  gagp30kx - ok
23:11:20.0707 0x15ec  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:11:20.0707 0x15ec  GEARAspiWDM - ok
23:11:20.0722 0x15ec  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:11:20.0738 0x15ec  gpsvc - ok
23:11:20.0753 0x15ec  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:11:20.0753 0x15ec  gupdate - ok
23:11:20.0769 0x15ec  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:11:20.0769 0x15ec  gupdatem - ok
23:11:20.0769 0x15ec  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:11:20.0785 0x15ec  hcw85cir - ok
23:11:20.0785 0x15ec  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:11:20.0785 0x15ec  HDAudBus - ok
23:11:20.0800 0x15ec  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:11:20.0800 0x15ec  HidBatt - ok
23:11:20.0800 0x15ec  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:11:20.0816 0x15ec  HidBth - ok
23:11:20.0816 0x15ec  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:11:20.0816 0x15ec  HidIr - ok
23:11:20.0816 0x15ec  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:11:20.0831 0x15ec  hidserv - ok
23:11:20.0831 0x15ec  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:11:20.0831 0x15ec  HidUsb - ok
23:11:20.0847 0x15ec  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:11:20.0847 0x15ec  hkmsvc - ok
23:11:20.0847 0x15ec  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:11:20.0863 0x15ec  HomeGroupListener - ok
23:11:20.0863 0x15ec  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:11:20.0878 0x15ec  HomeGroupProvider - ok
23:11:20.0878 0x15ec  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:11:20.0894 0x15ec  HpSAMD - ok
23:11:20.0909 0x15ec  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:11:20.0925 0x15ec  HTTP - ok
23:11:20.0941 0x15ec  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:11:20.0941 0x15ec  hwpolicy - ok
23:11:20.0941 0x15ec  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:11:20.0956 0x15ec  i8042prt - ok
23:11:20.0956 0x15ec  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\drivers\iaStor.sys
23:11:20.0972 0x15ec  iaStor - ok
23:11:20.0972 0x15ec  [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:11:20.0972 0x15ec  IAStorDataMgrSvc - ok
23:11:20.0987 0x15ec  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:11:21.0003 0x15ec  iaStorV - ok
23:11:21.0003 0x15ec  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:11:21.0019 0x15ec  IDriverT - ok
23:11:21.0034 0x15ec  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:11:21.0065 0x15ec  idsvc - ok
23:11:21.0065 0x15ec  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:11:21.0081 0x15ec  iirsp - ok
23:11:21.0097 0x15ec  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:11:21.0112 0x15ec  IKEEXT - ok
23:11:21.0175 0x15ec  [ 03076F51AF9F78A272CCCDE03E9340CE, 60B6B236618FD8A0ACCC17EB086F0573A5CC4FFE78CE26702981580D5F68FB0D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:11:21.0206 0x15ec  IntcAzAudAddService - ok
23:11:21.0221 0x15ec  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:11:21.0221 0x15ec  intelide - ok
23:11:21.0221 0x15ec  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:11:21.0221 0x15ec  intelppm - ok
23:11:21.0237 0x15ec  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:11:21.0237 0x15ec  IPBusEnum - ok
23:11:21.0237 0x15ec  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:11:21.0253 0x15ec  IpFilterDriver - ok
23:11:21.0268 0x15ec  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:11:21.0377 0x15ec  iphlpsvc - ok
23:11:21.0393 0x15ec  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:11:21.0393 0x15ec  IPMIDRV - ok
23:11:21.0393 0x15ec  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:11:21.0409 0x15ec  IPNAT - ok
23:11:21.0424 0x15ec  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:11:21.0440 0x15ec  iPod Service - ok
23:11:21.0440 0x15ec  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:11:21.0455 0x15ec  IRENUM - ok
23:11:21.0455 0x15ec  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:11:21.0455 0x15ec  isapnp - ok
23:11:21.0471 0x15ec  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:11:21.0471 0x15ec  iScsiPrt - ok
23:11:21.0487 0x15ec  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:11:21.0487 0x15ec  kbdclass - ok
23:11:21.0487 0x15ec  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:11:21.0487 0x15ec  kbdhid - ok
23:11:21.0502 0x15ec  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
23:11:21.0502 0x15ec  KeyIso - ok
23:11:21.0502 0x15ec  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:11:21.0502 0x15ec  KSecDD - ok
23:11:21.0518 0x15ec  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:11:21.0518 0x15ec  KSecPkg - ok
23:11:21.0518 0x15ec  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:11:21.0533 0x15ec  ksthunk - ok
23:11:21.0533 0x15ec  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:11:21.0549 0x15ec  KtmRm - ok
23:11:21.0565 0x15ec  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:11:21.0580 0x15ec  LanmanServer - ok
23:11:21.0580 0x15ec  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:11:21.0580 0x15ec  LanmanWorkstation - ok
23:11:21.0596 0x15ec  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
23:11:21.0596 0x15ec  LGBusEnum - ok
23:11:21.0596 0x15ec  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
23:11:21.0596 0x15ec  LGVirHid - ok
23:11:21.0611 0x15ec  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:11:21.0611 0x15ec  lltdio - ok
23:11:21.0627 0x15ec  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:11:21.0627 0x15ec  lltdsvc - ok
23:11:21.0643 0x15ec  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:11:21.0643 0x15ec  lmhosts - ok
23:11:21.0643 0x15ec  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:11:21.0658 0x15ec  LSI_FC - ok
23:11:21.0658 0x15ec  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:11:21.0658 0x15ec  LSI_SAS - ok
23:11:21.0674 0x15ec  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:11:21.0674 0x15ec  LSI_SAS2 - ok
23:11:21.0674 0x15ec  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:11:21.0689 0x15ec  LSI_SCSI - ok
23:11:21.0689 0x15ec  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:11:21.0705 0x15ec  luafv - ok
23:11:21.0705 0x15ec  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
23:11:21.0721 0x15ec  mcdbus - ok
23:11:21.0721 0x15ec  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:11:21.0736 0x15ec  Mcx2Svc - ok
23:11:21.0736 0x15ec  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:11:21.0736 0x15ec  megasas - ok
23:11:21.0752 0x15ec  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:11:21.0752 0x15ec  MegaSR - ok
23:11:21.0767 0x15ec  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:11:21.0767 0x15ec  MEIx64 - ok
23:11:21.0767 0x15ec  Microsoft SharePoint Workspace Audit Service - ok
23:11:21.0783 0x15ec  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:11:21.0783 0x15ec  MMCSS - ok
23:11:21.0783 0x15ec  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:11:21.0783 0x15ec  Modem - ok
23:11:21.0799 0x15ec  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:11:21.0799 0x15ec  monitor - ok
23:11:21.0799 0x15ec  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:11:21.0814 0x15ec  mouclass - ok
23:11:21.0814 0x15ec  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:11:21.0814 0x15ec  mouhid - ok
23:11:21.0814 0x15ec  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:11:21.0830 0x15ec  mountmgr - ok
23:11:21.0830 0x15ec  [ 7EDBBB9351A38C6BB0FE98CFD44DB430, FF77429D7FF3429AD15FD29B4F0F1CF1DA66F69651BCA9525889EDD47AB0306D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:11:21.0845 0x15ec  MozillaMaintenance - ok
23:11:21.0845 0x15ec  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:11:21.0861 0x15ec  mpio - ok
23:11:21.0861 0x15ec  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:11:21.0861 0x15ec  mpsdrv - ok
23:11:21.0892 0x15ec  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:11:21.0923 0x15ec  MpsSvc - ok
23:11:21.0923 0x15ec  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:11:21.0939 0x15ec  MRxDAV - ok
23:11:21.0939 0x15ec  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:11:21.0955 0x15ec  mrxsmb - ok
23:11:21.0955 0x15ec  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:11:21.0970 0x15ec  mrxsmb10 - ok
23:11:21.0970 0x15ec  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:11:21.0986 0x15ec  mrxsmb20 - ok
23:11:21.0986 0x15ec  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:11:21.0986 0x15ec  msahci - ok
23:11:22.0001 0x15ec  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:11:22.0001 0x15ec  msdsm - ok
23:11:22.0017 0x15ec  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:11:22.0017 0x15ec  MSDTC - ok
23:11:22.0033 0x15ec  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:11:22.0033 0x15ec  Msfs - ok
23:11:22.0033 0x15ec  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:11:22.0033 0x15ec  mshidkmdf - ok
23:11:22.0033 0x15ec  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:11:22.0048 0x15ec  msisadrv - ok
23:11:22.0048 0x15ec  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:11:22.0064 0x15ec  MSiSCSI - ok
23:11:22.0064 0x15ec  msiserver - ok
23:11:22.0064 0x15ec  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:11:22.0064 0x15ec  MSKSSRV - ok
23:11:22.0079 0x15ec  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:11:22.0079 0x15ec  MSPCLOCK - ok
23:11:22.0079 0x15ec  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:11:22.0079 0x15ec  MSPQM - ok
23:11:22.0095 0x15ec  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:11:22.0111 0x15ec  MsRPC - ok
23:11:22.0111 0x15ec  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:11:22.0111 0x15ec  mssmbios - ok
23:11:22.0126 0x15ec  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:11:22.0126 0x15ec  MSTEE - ok
23:11:22.0126 0x15ec  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:11:22.0126 0x15ec  MTConfig - ok
23:11:22.0142 0x15ec  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:11:22.0142 0x15ec  Mup - ok
23:11:22.0157 0x15ec  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:11:22.0173 0x15ec  napagent - ok
23:11:22.0189 0x15ec  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:11:22.0204 0x15ec  NativeWifiP - ok
23:11:22.0220 0x15ec  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:11:22.0251 0x15ec  NDIS - ok
23:11:22.0251 0x15ec  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:11:22.0251 0x15ec  NdisCap - ok
23:11:22.0251 0x15ec  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:11:22.0267 0x15ec  NdisTapi - ok
23:11:22.0267 0x15ec  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:11:22.0267 0x15ec  Ndisuio - ok
23:11:22.0282 0x15ec  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:11:22.0282 0x15ec  NdisWan - ok
23:11:22.0298 0x15ec  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:11:22.0298 0x15ec  NDProxy - ok
23:11:22.0298 0x15ec  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:11:22.0298 0x15ec  NetBIOS - ok
23:11:22.0313 0x15ec  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:11:22.0329 0x15ec  NetBT - ok
23:11:22.0329 0x15ec  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
23:11:22.0329 0x15ec  Netlogon - ok
23:11:22.0345 0x15ec  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:11:22.0345 0x15ec  Netman - ok
23:11:22.0360 0x15ec  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:11:22.0376 0x15ec  netprofm - ok
23:11:22.0376 0x15ec  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:11:22.0501 0x15ec  NetTcpPortSharing - ok
23:11:22.0501 0x15ec  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:11:22.0501 0x15ec  nfrd960 - ok
23:11:22.0516 0x15ec  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:11:22.0516 0x15ec  NlaSvc - ok
23:11:22.0532 0x15ec  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:11:22.0532 0x15ec  Npfs - ok
23:11:22.0532 0x15ec  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:11:22.0532 0x15ec  nsi - ok
23:11:22.0547 0x15ec  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:11:22.0547 0x15ec  nsiproxy - ok
23:11:22.0579 0x15ec  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:11:22.0625 0x15ec  Ntfs - ok
23:11:22.0625 0x15ec  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:11:22.0625 0x15ec  Null - ok
23:11:22.0625 0x15ec  [ F5BC2345E8C89D4E90FAFD23A2239935, A6646BFB2A112C4C2556CEC6A3163B7943E08F42CB41C8A700C72CD797F7F1F1 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
23:11:22.0641 0x15ec  nusb3hub - ok
23:11:22.0641 0x15ec  [ 5D42578241BC2A9B4A64837077436D5F, D3D9F81DFE98834634331D9C95596AF27323371737860CAB45ABFAE4BA78E966 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:11:22.0657 0x15ec  nusb3xhc - ok
23:11:22.0657 0x15ec  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:11:22.0672 0x15ec  nvraid - ok
23:11:22.0672 0x15ec  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:11:22.0688 0x15ec  nvstor - ok
23:11:22.0688 0x15ec  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:11:22.0703 0x15ec  nv_agp - ok
23:11:22.0703 0x15ec  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:11:22.0719 0x15ec  ohci1394 - ok
23:11:22.0735 0x15ec  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:11:22.0750 0x15ec  ose - ok
23:11:22.0953 0x15ec  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:11:23.0234 0x15ec  osppsvc - ok
23:11:23.0249 0x15ec  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:11:23.0265 0x15ec  p2pimsvc - ok
23:11:23.0265 0x15ec  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:11:23.0281 0x15ec  p2psvc - ok
23:11:23.0296 0x15ec  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
23:11:23.0296 0x15ec  Parport - ok
23:11:23.0296 0x15ec  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:11:23.0312 0x15ec  partmgr - ok
23:11:23.0327 0x15ec  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:11:23.0343 0x15ec  PcaSvc - ok
23:11:23.0359 0x15ec  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:11:23.0374 0x15ec  pci - ok
23:11:23.0390 0x15ec  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:11:23.0390 0x15ec  pciide - ok
23:11:23.0390 0x15ec  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:11:23.0405 0x15ec  pcmcia - ok
23:11:23.0421 0x15ec  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:11:23.0421 0x15ec  pcw - ok
23:11:23.0437 0x15ec  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:11:23.0452 0x15ec  PEAUTH - ok
23:11:23.0483 0x15ec  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:11:23.0483 0x15ec  PerfHost - ok
23:11:23.0515 0x15ec  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:11:23.0546 0x15ec  pla - ok
23:11:23.0561 0x15ec  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:11:23.0577 0x15ec  PlugPlay - ok
23:11:23.0577 0x15ec  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:11:23.0577 0x15ec  PNRPAutoReg - ok
23:11:23.0593 0x15ec  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:11:23.0593 0x15ec  PNRPsvc - ok
23:11:23.0608 0x15ec  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:11:23.0624 0x15ec  PolicyAgent - ok
23:11:23.0624 0x15ec  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:11:23.0639 0x15ec  Power - ok
23:11:23.0639 0x15ec  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:11:23.0655 0x15ec  PptpMiniport - ok
23:11:23.0655 0x15ec  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:11:23.0655 0x15ec  Processor - ok
23:11:23.0671 0x15ec  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:11:23.0671 0x15ec  ProfSvc - ok
23:11:23.0686 0x15ec  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
23:11:23.0686 0x15ec  ProtectedStorage - ok
23:11:23.0686 0x15ec  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:11:23.0686 0x15ec  Psched - ok
23:11:23.0717 0x15ec  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:11:23.0764 0x15ec  ql2300 - ok
23:11:23.0764 0x15ec  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:11:23.0780 0x15ec  ql40xx - ok
23:11:23.0780 0x15ec  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:11:23.0795 0x15ec  QWAVE - ok
23:11:23.0795 0x15ec  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:11:23.0811 0x15ec  QWAVEdrv - ok
23:11:23.0811 0x15ec  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:11:23.0811 0x15ec  RasAcd - ok
23:11:23.0842 0x15ec  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:11:23.0842 0x15ec  RasAgileVpn - ok
23:11:23.0873 0x15ec  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:11:23.0873 0x15ec  RasAuto - ok
23:11:23.0889 0x15ec  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:11:23.0920 0x15ec  Rasl2tp - ok
23:11:23.0951 0x15ec  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:11:24.0029 0x15ec  RasMan - ok
23:11:24.0029 0x15ec  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:11:24.0061 0x15ec  RasPppoe - ok
23:11:24.0061 0x15ec  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:11:24.0092 0x15ec  RasSstp - ok
23:11:24.0107 0x15ec  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:11:24.0154 0x15ec  rdbss - ok
23:11:24.0154 0x15ec  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:11:24.0154 0x15ec  rdpbus - ok
23:11:24.0170 0x15ec  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:11:24.0170 0x15ec  RDPCDD - ok
23:11:24.0201 0x15ec  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:11:24.0217 0x15ec  RDPENCDD - ok
23:11:24.0217 0x15ec  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:11:24.0232 0x15ec  RDPREFMP - ok
23:11:24.0263 0x15ec  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:11:24.0295 0x15ec  RDPWD - ok
23:11:24.0326 0x15ec  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:11:24.0357 0x15ec  rdyboost - ok
23:11:24.0373 0x15ec  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:11:24.0404 0x15ec  RemoteAccess - ok
23:11:24.0419 0x15ec  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:11:24.0482 0x15ec  RemoteRegistry - ok
23:11:24.0482 0x15ec  [ 5790BCA445CC40DF8B38C2C48608AAC2, E8CC273ECF44B6638FEC7AF443745C04E03580B5C6ECFE45648F18BA2B9B89E7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:11:24.0482 0x15ec  RimUsb - ok
23:11:24.0497 0x15ec  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:11:24.0497 0x15ec  RpcEptMapper - ok
23:11:24.0497 0x15ec  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:11:24.0497 0x15ec  RpcLocator - ok
23:11:24.0513 0x15ec  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:11:24.0513 0x15ec  RpcSs - ok
23:11:24.0529 0x15ec  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:11:24.0529 0x15ec  rspndr - ok
23:11:24.0544 0x15ec  [ BA935BB90DE389D62A9C1212ECCA64BC, 6092C4A921B9553C3CED6D56F2543FA0AEEC2D79A64BED339AFEE82610970B98 ] RTLE8023x64     C:\Windows\system32\DRIVERS\Rtenic64.sys
23:11:24.0544 0x15ec  RTLE8023x64 - ok
23:11:24.0560 0x15ec  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
23:11:24.0560 0x15ec  SamSs - ok
23:11:24.0560 0x15ec  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:11:24.0560 0x15ec  sbp2port - ok
23:11:24.0575 0x15ec  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:11:24.0591 0x15ec  SCardSvr - ok
23:11:24.0591 0x15ec  [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D, 64A07303E538A1EE439D4AAD0DEBBD6037219D37B884026701A06E59A729E9C9 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
23:11:24.0591 0x15ec  SCDEmu - ok
23:11:24.0591 0x15ec  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:11:24.0607 0x15ec  scfilter - ok
23:11:24.0622 0x15ec  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:11:24.0653 0x15ec  Schedule - ok
23:11:24.0669 0x15ec  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:11:24.0669 0x15ec  SCPolicySvc - ok
23:11:24.0669 0x15ec  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:11:24.0685 0x15ec  SDRSVC - ok
23:11:25.0184 0x15ec  [ 95AA9E165C7DE1B64A11E8B18E91E499, 505BB51F358EAE5835071A89069530DFDA99E9C5220EA6A648842C15E74E4907 ] SDScannerService E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
23:11:25.0215 0x15ec  SDScannerService - ok
23:11:25.0246 0x15ec  [ D31398D4BB4907B517B6E784C2100C4A, 36BDB2BFAC2C0ADF8C6DF6D1511ECF43C8F6ED7D4D76244DC5232AD97BA5E9C9 ] SDUpdateService E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
23:11:25.0277 0x15ec  SDUpdateService - ok
23:11:25.0293 0x15ec  [ 6AE8E702D1027A9627DDE2B77BB9992B, 5EA68E2A487D252A68DB0861E7FAFA69956D266CBAA5A1D77751F7E6BD4169B7 ] SDWSCService    E:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
23:11:25.0309 0x15ec  SDWSCService - ok
23:11:25.0309 0x15ec  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:11:25.0309 0x15ec  secdrv - ok
23:11:25.0309 0x15ec  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:11:25.0324 0x15ec  seclogon - ok
23:11:25.0324 0x15ec  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:11:25.0324 0x15ec  SENS - ok
23:11:25.0340 0x15ec  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:11:25.0340 0x15ec  SensrSvc - ok
23:11:25.0340 0x15ec  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:11:25.0340 0x15ec  Serenum - ok
23:11:25.0355 0x15ec  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:11:25.0355 0x15ec  Serial - ok
23:11:25.0355 0x15ec  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:11:25.0371 0x15ec  sermouse - ok
23:11:25.0371 0x15ec  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:11:25.0387 0x15ec  SessionEnv - ok
23:11:25.0387 0x15ec  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:11:25.0387 0x15ec  sffdisk - ok
23:11:25.0387 0x15ec  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:11:25.0387 0x15ec  sffp_mmc - ok
23:11:25.0402 0x15ec  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:11:25.0402 0x15ec  sffp_sd - ok
23:11:25.0402 0x15ec  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:11:25.0418 0x15ec  sfloppy - ok
23:11:25.0418 0x15ec  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:11:25.0433 0x15ec  SharedAccess - ok
23:11:25.0449 0x15ec  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:11:25.0465 0x15ec  ShellHWDetection - ok
23:11:25.0465 0x15ec  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:11:25.0465 0x15ec  SiSRaid2 - ok
23:11:25.0480 0x15ec  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:11:25.0480 0x15ec  SiSRaid4 - ok
23:11:25.0480 0x15ec  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:11:25.0496 0x15ec  Smb - ok
23:11:25.0496 0x15ec  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:11:25.0496 0x15ec  SNMPTRAP - ok
23:11:25.0511 0x15ec  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:11:25.0511 0x15ec  spldr - ok
23:11:25.0527 0x15ec  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:11:25.0543 0x15ec  Spooler - ok
23:11:25.0605 0x15ec  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:11:25.0683 0x15ec  sppsvc - ok
23:11:25.0683 0x15ec  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:11:25.0699 0x15ec  sppuinotify - ok
23:11:25.0699 0x15ec  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:11:25.0714 0x15ec  srv - ok
23:11:25.0730 0x15ec  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:11:25.0745 0x15ec  srv2 - ok
23:11:25.0745 0x15ec  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:11:25.0761 0x15ec  srvnet - ok
23:11:25.0761 0x15ec  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:11:25.0777 0x15ec  SSDPSRV - ok
23:11:25.0777 0x15ec  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:11:25.0808 0x15ec  SstpSvc - ok
23:11:25.0808 0x15ec  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:11:25.0808 0x15ec  stexstor - ok
23:11:25.0823 0x15ec  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:11:25.0839 0x15ec  stisvc - ok
23:11:25.0855 0x15ec  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:11:25.0855 0x15ec  swenum - ok
23:11:25.0870 0x15ec  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:11:25.0870 0x15ec  swprv - ok
23:11:25.0901 0x15ec  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:11:25.0948 0x15ec  SysMain - ok
23:11:25.0948 0x15ec  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:11:25.0964 0x15ec  TabletInputService - ok
23:11:25.0964 0x15ec  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:11:25.0979 0x15ec  TapiSrv - ok
23:11:25.0979 0x15ec  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:11:25.0995 0x15ec  TBS - ok
23:11:26.0026 0x15ec  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:11:26.0073 0x15ec  Tcpip - ok
23:11:26.0135 0x15ec  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:11:26.0151 0x15ec  TCPIP6 - ok
23:11:26.0167 0x15ec  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:11:26.0167 0x15ec  tcpipreg - ok
23:11:26.0167 0x15ec  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:11:26.0182 0x15ec  TDPIPE - ok
23:11:26.0182 0x15ec  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:11:26.0182 0x15ec  TDTCP - ok
23:11:26.0198 0x15ec  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:11:26.0198 0x15ec  tdx - ok
23:11:26.0291 0x15ec  [ F67C21CC4195F6AFC447418FE163E156, 01D245952C1AF2B365DBA6C36AFE0FFB2332480B6A1D7D4B43A0DE4FB7535B0B ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
23:11:26.0416 0x15ec  TeamViewer8 - ok
23:11:26.0432 0x15ec  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:11:26.0432 0x15ec  TermDD - ok
23:11:26.0463 0x15ec  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
23:11:26.0494 0x15ec  TermService - ok
23:11:26.0494 0x15ec  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:11:26.0494 0x15ec  Themes - ok
23:11:26.0510 0x15ec  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:11:26.0510 0x15ec  THREADORDER - ok
23:11:26.0510 0x15ec  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:11:26.0525 0x15ec  TrkWks - ok
23:11:26.0525 0x15ec  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:11:26.0525 0x15ec  TrustedInstaller - ok
23:11:26.0541 0x15ec  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:11:26.0541 0x15ec  tssecsrv - ok
23:11:26.0541 0x15ec  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:11:26.0557 0x15ec  TsUsbFlt - ok
23:11:26.0557 0x15ec  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:11:26.0557 0x15ec  TsUsbGD - ok
23:11:26.0572 0x15ec  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:11:26.0572 0x15ec  tunnel - ok
23:11:26.0572 0x15ec  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:11:26.0588 0x15ec  uagp35 - ok
23:11:26.0603 0x15ec  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:11:26.0603 0x15ec  udfs - ok
23:11:26.0619 0x15ec  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:11:26.0619 0x15ec  UI0Detect - ok
23:11:26.0635 0x15ec  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:11:26.0666 0x15ec  uliagpkx - ok
23:11:26.0681 0x15ec  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:11:26.0697 0x15ec  umbus - ok
23:11:26.0713 0x15ec  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:11:26.0744 0x15ec  UmPass - ok
23:11:26.0775 0x15ec  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:11:26.0822 0x15ec  upnphost - ok
23:11:26.0822 0x15ec  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:11:26.0837 0x15ec  USBAAPL64 - ok
23:11:26.0837 0x15ec  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:11:26.0853 0x15ec  usbaudio - ok
23:11:26.0853 0x15ec  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:11:26.0869 0x15ec  usbccgp - ok
23:11:26.0869 0x15ec  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:11:26.0869 0x15ec  usbcir - ok
23:11:26.0884 0x15ec  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:11:26.0884 0x15ec  usbehci - ok
23:11:26.0900 0x15ec  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:11:26.0900 0x15ec  usbhub - ok
23:11:26.0915 0x15ec  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:11:26.0915 0x15ec  usbohci - ok
23:11:26.0915 0x15ec  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:11:26.0931 0x15ec  usbprint - ok
23:11:26.0931 0x15ec  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:11:26.0931 0x15ec  usbscan - ok
23:11:26.0931 0x15ec  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:11:26.0947 0x15ec  USBSTOR - ok
23:11:26.0947 0x15ec  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:11:26.0947 0x15ec  usbuhci - ok
23:11:26.0962 0x15ec  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:11:26.0962 0x15ec  UxSms - ok
23:11:26.0962 0x15ec  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
23:11:26.0962 0x15ec  VaultSvc - ok
23:11:26.0962 0x15ec  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:11:26.0978 0x15ec  vdrvroot - ok
23:11:26.0993 0x15ec  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:11:27.0009 0x15ec  vds - ok
23:11:27.0009 0x15ec  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:11:27.0009 0x15ec  vga - ok
23:11:27.0087 0x15ec  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:11:27.0087 0x15ec  VgaSave - ok
23:11:27.0087 0x15ec  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:11:27.0103 0x15ec  vhdmp - ok
23:11:27.0103 0x15ec  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:11:27.0118 0x15ec  viaide - ok
23:11:27.0118 0x15ec  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:11:27.0118 0x15ec  volmgr - ok
23:11:27.0134 0x15ec  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:11:27.0149 0x15ec  volmgrx - ok
23:11:27.0149 0x15ec  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:11:27.0165 0x15ec  volsnap - ok
23:11:27.0181 0x15ec  [ 2EC986F883C8450FA2C5F22524775E40, C4845543CFEA1BA8ACF89B03B445A85D7BEBAB63FA13B1D9E68F86330025B413 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
23:11:27.0181 0x15ec  Vsdatant - ok
23:11:27.0196 0x15ec  vsmon - ok
23:11:27.0212 0x15ec  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:11:27.0212 0x15ec  vsmraid - ok
23:11:27.0243 0x15ec  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:11:27.0274 0x15ec  VSS - ok
23:11:27.0274 0x15ec  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:11:27.0274 0x15ec  vwifibus - ok
23:11:27.0290 0x15ec  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:11:27.0305 0x15ec  W32Time - ok
23:11:27.0305 0x15ec  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:11:27.0321 0x15ec  WacomPen - ok
23:11:27.0321 0x15ec  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:11:27.0337 0x15ec  WANARP - ok
23:11:27.0337 0x15ec  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:11:27.0337 0x15ec  Wanarpv6 - ok
23:11:27.0368 0x15ec  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:11:27.0461 0x15ec  WatAdminSvc - ok
23:11:27.0493 0x15ec  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:11:27.0539 0x15ec  wbengine - ok
23:11:27.0539 0x15ec  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:11:27.0555 0x15ec  WbioSrvc - ok
23:11:27.0571 0x15ec  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:11:27.0571 0x15ec  wcncsvc - ok
23:11:27.0571 0x15ec  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:11:27.0586 0x15ec  WcsPlugInService - ok
23:11:27.0586 0x15ec  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:11:27.0586 0x15ec  Wd - ok
23:11:27.0602 0x15ec  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:11:27.0633 0x15ec  Wdf01000 - ok
23:11:27.0633 0x15ec  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:11:27.0649 0x15ec  WdiServiceHost - ok
23:11:27.0649 0x15ec  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:11:27.0649 0x15ec  WdiSystemHost - ok
23:11:27.0664 0x15ec  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:11:27.0695 0x15ec  WebClient - ok
23:11:27.0711 0x15ec  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:11:27.0711 0x15ec  Wecsvc - ok
23:11:27.0727 0x15ec  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:11:27.0727 0x15ec  wercplsupport - ok
23:11:27.0727 0x15ec  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:11:27.0742 0x15ec  WerSvc - ok
23:11:27.0742 0x15ec  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:11:27.0742 0x15ec  WfpLwf - ok
23:11:27.0758 0x15ec  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:11:27.0758 0x15ec  WIMMount - ok
23:11:27.0758 0x15ec  WinDefend - ok
23:11:27.0758 0x15ec  WinHttpAutoProxySvc - ok
23:11:27.0773 0x15ec  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:11:27.0789 0x15ec  Winmgmt - ok
23:11:27.0820 0x15ec  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:11:27.0867 0x15ec  WinRM - ok
23:11:27.0883 0x15ec  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:11:27.0883 0x15ec  WinUsb - ok
23:11:27.0898 0x15ec  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:11:27.0929 0x15ec  Wlansvc - ok
23:11:27.0929 0x15ec  [ 471E9D3356CE865B8B57CB2C5FBC4E0B, FE02A1F7727E5E9FC1EEC083AFCE7FD31CF9C8C62F5D916F963B73D09CAA1E50 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
23:11:27.0945 0x15ec  WmBEnum - ok
23:11:27.0945 0x15ec  [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
23:11:27.0945 0x15ec  WmFilter - ok
23:11:27.0961 0x15ec  [ AC4331AF118A720F13C9C5CABBFE27BD, 2C5F453996B00078F3E8E731F6B3DD4529831BDA2146EAFC66727C9460E85112 ] WmHidLo         C:\Windows\system32\drivers\WmHidLo.sys
23:11:27.0961 0x15ec  WmHidLo - ok
23:11:27.0961 0x15ec  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:11:27.0961 0x15ec  WmiAcpi - ok
23:11:27.0976 0x15ec  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:11:27.0992 0x15ec  wmiApSrv - ok
23:11:27.0992 0x15ec  WMPNetworkSvc - ok
23:11:27.0992 0x15ec  [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
23:11:27.0992 0x15ec  WmVirHid - ok
23:11:28.0007 0x15ec  [ 2E757D8BD58CE534526A3CAC930EC60D, A07E1595644366986757227D0F6707D54415656B982345D9B1BD0C342059597C ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
23:11:28.0007 0x15ec  WmXlCore - ok
23:11:28.0007 0x15ec  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:11:28.0007 0x15ec  WPCSvc - ok
23:11:28.0023 0x15ec  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:11:28.0023 0x15ec  WPDBusEnum - ok
23:11:28.0023 0x15ec  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:11:28.0039 0x15ec  ws2ifsl - ok
23:11:28.0039 0x15ec  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:11:28.0039 0x15ec  wscsvc - ok
23:11:28.0039 0x15ec  WSearch - ok
23:11:28.0085 0x15ec  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:11:28.0148 0x15ec  wuauserv - ok
23:11:28.0148 0x15ec  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:11:28.0148 0x15ec  WudfPf - ok
23:11:28.0163 0x15ec  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:11:28.0163 0x15ec  WUDFRd - ok
23:11:28.0179 0x15ec  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:11:28.0179 0x15ec  wudfsvc - ok
23:11:28.0195 0x15ec  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:11:28.0226 0x15ec  WwanSvc - ok
23:11:28.0241 0x15ec  [ EBD35BDCE49B94EB247213610094F399, 15A86FD702BED180CD92A78374C8A2D658A93B46EEC99BBC716CE618782E5A0B ] ZAPrivacyService E:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
23:11:28.0351 0x15ec  ZAPrivacyService - ok
23:11:28.0912 0x15ec  ================ Scan global ===============================
23:11:28.0928 0x15ec  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:11:28.0928 0x15ec  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:11:29.0037 0x15ec  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:11:29.0037 0x15ec  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:11:29.0053 0x15ec  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:11:29.0068 0x15ec  [ Global ] - ok
23:11:29.0068 0x15ec  ================ Scan MBR ==================================
23:11:29.0068 0x15ec  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:11:29.0599 0x15ec  \Device\Harddisk0\DR0 - ok
23:11:29.0599 0x15ec  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:11:29.0599 0x15ec  \Device\Harddisk1\DR1 - ok
23:11:29.0599 0x15ec  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
23:11:29.0614 0x15ec  \Device\Harddisk2\DR2 - ok
23:11:29.0614 0x15ec  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
23:11:29.0614 0x15ec  \Device\Harddisk3\DR3 - ok
23:11:29.0614 0x15ec  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk4\DR4
23:11:29.0614 0x15ec  \Device\Harddisk4\DR4 - ok
23:11:29.0989 0x15ec  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk5\DR5
23:11:30.0035 0x15ec  \Device\Harddisk5\DR5 - ok
23:11:30.0035 0x15ec  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
23:11:30.0035 0x15ec  \Device\Harddisk6\DR6 - ok
23:11:30.0035 0x15ec  ================ Scan VBR ==================================
23:11:30.0035 0x15ec  [ 59FE4570BDF95B78D30D91C2B9B8CF7E ] \Device\Harddisk0\DR0\Partition1
23:11:30.0035 0x15ec  \Device\Harddisk0\DR0\Partition1 - ok
23:11:30.0035 0x15ec  [ CFF4C247F40F4AE60611F5C79E1222CA ] \Device\Harddisk0\DR0\Partition2
23:11:30.0035 0x15ec  \Device\Harddisk0\DR0\Partition2 - ok
23:11:30.0035 0x15ec  [ 7A21AC4927AD7EA73B64A0F0AC615A05 ] \Device\Harddisk1\DR1\Partition1
23:11:30.0051 0x15ec  \Device\Harddisk1\DR1\Partition1 - ok
23:11:30.0051 0x15ec  [ 73562F064DB09FD2D776B2B56DC6082A ] \Device\Harddisk2\DR2\Partition1
23:11:30.0051 0x15ec  \Device\Harddisk2\DR2\Partition1 - ok
23:11:30.0051 0x15ec  [ 9656EFF4B74C82FADC1590A2A2F74017 ] \Device\Harddisk3\DR3\Partition1
23:11:30.0051 0x15ec  \Device\Harddisk3\DR3\Partition1 - ok
23:11:30.0051 0x15ec  [ D9F7D4391C1C812682A4D1887DBF62F1 ] \Device\Harddisk4\DR4\Partition1
23:11:30.0051 0x15ec  \Device\Harddisk4\DR4\Partition1 - ok
23:11:30.0051 0x15ec  [ 4FB87BCCED67931690BE073112A65F5F ] \Device\Harddisk5\DR5\Partition1
23:11:30.0051 0x15ec  \Device\Harddisk5\DR5\Partition1 - ok
23:11:30.0051 0x15ec  [ 7554F17EEE96DC433382177D27DBD872 ] \Device\Harddisk6\DR6\Partition1
23:11:30.0067 0x15ec  \Device\Harddisk6\DR6\Partition1 - ok
23:11:30.0067 0x15ec  Waiting for KSN requests completion. In queue: 281
23:11:31.0081 0x15ec  Waiting for KSN requests completion. In queue: 281
23:11:32.0095 0x15ec  Waiting for KSN requests completion. In queue: 281
23:11:33.0109 0x15ec  Waiting for KSN requests completion. In queue: 281
23:11:34.0169 0x15ec  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x41000 ( enabled : updated )
23:11:34.0185 0x15ec  FW detected via SS2: ZoneAlarm Free Firewall Firewall, E:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 11.0.768.0 ), 0x41010 ( enabled )
23:11:37.0071 0x15ec  ============================================================
23:11:37.0071 0x15ec  Scan finished
23:11:37.0071 0x15ec  ============================================================
23:11:37.0071 0x0c5c  Detected object count: 0
23:11:37.0071 0x0c5c  Actual detected object count: 0
 



#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 25 November 2013 - 06:31 AM

Please post up the log from AVG showing these detections.


Proud Member of UNITE & TB
 

#5 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 25 November 2013 - 06:49 AM

I cant seem to find a lof file anywhere?

I am using AVG 2014 build 4158.

 

How can I find the log file?

 

Regards

Adrian



#6 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 25 November 2013 - 07:13 AM

I was able to re run the rootkit scan and export the results.

See below.

 

Anti-Rootkit scan
Medium priority;"9";"0";"9"
Started:;"26/11/2013, 12:07:40 AM"
Finished:;"26/11/2013, 12:07:42 AM"
Total object scanned:;"1074"
User who launched the scan:;"Adrian"

Status;"Priority";"Name";"Description";"Result"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_CLOSE -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_WRITE -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_READ -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_PNP -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_POWER -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_SYSTEM_CONTROL -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_CREATE -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"
Infected;"Medium";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710";"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Infected"



#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 25 November 2013 - 07:26 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 

#8 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 26 November 2013 - 06:31 AM

Your last post does not surprise me too much given that other use this PC while I am away!

I personally have only installed legit software.

I have done the best I can with regards to removing what looked suspect and that I didnt recognise but please let me know if you see more evidence so I can clean it up.

The only one which I think might still be suspect is my Microsoft Office 2010 version which I purchased a licence for some time back through work. In one attempt to repair the PC I did a restore to a previous point and ever since it wont recognize the serial number I have to enable it.

 

Where to from here?



#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 26 November 2013 - 08:48 AM

C:\Windows\system32\DRIVERS\hidusb.sys

C:\Windows\system32\DRIVERS\HIDCLASS.SYS

 

Please upload these files here: http://www.bleepingc...php?channel=156


Proud Member of UNITE & TB
 

#10 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 26 November 2013 - 04:46 PM

The two files have been uploaded as requested.


    Advertisements

Register to Remove


#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 27 November 2013 - 04:36 AM

You have a CD emulation software running. To prevent being detected by copy protection software, these emulators have to hide from them.
 

 

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

 

This behaviour is identified as rootkit activity.

 

Nothing harmful on your computer. Let´s do a final check:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#12 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 27 November 2013 - 09:00 AM

ESET Scan completed and results below.

I checked for any CD emulation software and found none?

Could that be a left over driver from the past?

 

Also note that from tomorrow I will be away for work for 2 weeks so I wont be able to perform any further testing or repairs until I return. I will leave the PC shutdown until I return.

I realise that there is a 3 day no response clause which will close the call but unfortunately I cant do anything about it.

Any assistance you can provide in the next reply I will carry out when I return.

Thanks for your help so far.

Adrian.

 

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll    a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll    probably a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe    a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll    a variant of Win32/Toolbar.Montiera.F application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll    a variant of Win32/Toolbar.Escort.A application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe    multiple threats
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Program Files (x86)\uTorrentBar\ldrtbuTor.dll    a variant of Win32/Toolbar.Conduit.P application
C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll    Win32/Toolbar.Conduit.O application
C:\Program Files (x86)\uTorrentBar\tbuTor.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Program Files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe    Win32/Toolbar.Conduit.Q application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\ZoneAlarm_Security\ldrtbZone.dll    a variant of Win32/Toolbar.Conduit.P application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\ZoneAlarm_Security\prxtbZon0.dll    Win32/Toolbar.Conduit.O application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\ZoneAlarm_Security\tbZone.dll    a variant of Win32/Toolbar.Conduit.B application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\ZoneAlarm_Security\ZoneAlarm_SecurityToolbarHelper.exe    Win32/Toolbar.Conduit.Q application
C:\System Volume Information\SystemRestore\FRStaging\Users\Adrian\AppData\Local\Conduit\CT2645238\ZoneAlarm_SecurityAutoUpdateHelper.exe    multiple threats
C:\System Volume Information\SystemRestore\FRStaging\Users\Adrian\AppData\Local\Temp\tbVuze.dll    a variant of Win32/Toolbar.Conduit.B application
C:\System Volume Information\SystemRestore\FRStaging\Users\Adrian\AppData\LocalLow\ZoneAlarm_Security\ldrtbZon0.dll    a variant of Win32/Toolbar.Conduit.P application
C:\System Volume Information\SystemRestore\FRStaging\Users\Adrian\AppData\LocalLow\ZoneAlarm_Security\ldrtbZon2.dll    a variant of Win32/Toolbar.Conduit.P application
C:\System Volume Information\SystemRestore\FRStaging\Users\Adrian\AppData\LocalLow\ZoneAlarm_Security\ldrtbZone.dll    a variant of Win32/Toolbar.Conduit.P application
C:\System Volume Information\SystemRestore\FRStaging\Users\Adrian\AppData\LocalLow\ZoneAlarm_Security\tbZon0.dll    a variant of Win32/Toolbar.Conduit.B application
C:\System Volume Information\SystemRestore\FRStaging\Users\Adrian\AppData\LocalLow\ZoneAlarm_Security\tbZon2.dll    a variant of Win32/Toolbar.Conduit.B application
C:\System Volume Information\SystemRestore\FRStaging\Users\Adrian\AppData\LocalLow\ZoneAlarm_Security\tbZone.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Users\Adrian\AppData\LocalLow\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Users\Adrian\AppData\LocalLow\uTorrentBar\ldrtbuTo0.dll    a variant of Win32/Toolbar.Conduit.P application
C:\Users\Adrian\AppData\LocalLow\uTorrentBar\ldrtbuTo2.dll    a variant of Win32/Toolbar.Conduit.P application
C:\Users\Adrian\AppData\LocalLow\uTorrentBar\ldrtbuTor.dll    a variant of Win32/Toolbar.Conduit.P application
C:\Users\Adrian\AppData\LocalLow\uTorrentBar\tbuTo0.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Users\Adrian\AppData\LocalLow\uTorrentBar\tbuTo2.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Users\Adrian\AppData\LocalLow\uTorrentBar\tbuTor.dll    a variant of Win32/Toolbar.Conduit.B application
 



#13 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 27 November 2013 - 10:00 AM

You have PowerISO installed which brings cd emulation technics with it.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 

#14 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 29 November 2013 - 04:25 AM

Thanks.

As per my last post I am now away from home until 12th Dec and will carry out thoise tests on my return.

Hope the thread reamins active until then.

 

Regarding the PowerISO, I could not find anything close to this name in the Remove Programs under Control Panel, or the start all programs menu when I searched in the programs folders?

Not sure where else to look for it.

 

Cheers

Adrian



#15 Scorpion799

Scorpion799

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 03 December 2013 - 04:14 AM

Reply is to keep topic alive until I can return to pc.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users