Jump to content

System32 folder opens at Startup


Recommended Posts

Hello: System32 folder opens at startup. Noticed a DRVSTORE file folder that appears in blue text dated 10/30/2013. Machine runs slow but MBAM quickscan detected nothing. The Dell ControlPoint check that runs at startup takes much longer to complete and sometimes doesn't even show up in the taskbar anymore. I'm updating Windows now.

Thank you in advance,

moonshadow

=========================

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.21.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

sshiigi :: DFB69GJ1 [administrator]

Protection: Enabled

11/21/2013 4:10:14 AM

mbam-log-2013-11-21 (04-10-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 387348

Time elapsed: 25 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Thanks Marius: The post was too long so the TDSSKILLER log will follow separately.  No objects were detected by TDSSKILLER.

 

moonshadow

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by sshiigi (administrator) on DFB69GJ1 on 21-11-2013 08:29:23
Running from C:\Documents and Settings\sshiigi\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(IDT, Inc.) c:\drivers\audio\r205445\stacsv.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
(Dell, Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Creative Technology Ltd.) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe
() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Axentra Corporation) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [200704 2008-10-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-01] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] - C:\WINDOWS\system32\AESTFltr.exe [471040 2008-12-01] (Andrea Electronics Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe [105472 2008-05-14] (Wave Systems Corp.)
HKLM\...\Run: [secureUpgrade] - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [243000 2008-06-24] (Wave Systems Corp.)
HKLM\...\Run: [EmbassySecurityCheck] - C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe [79160 2008-06-24] (Wave Systems Corp.)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [598016 2008-08-18] (Dell, Inc.)
HKLM\...\Run: [DCPstrApp] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe [6656 2008-08-04] (Broadcom Corporation)
HKLM\...\Run: [DellConnectionManager] - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [1454080 2008-10-01] (Smith Micro Software, Inc.)
HKLM\...\Run: [intelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1351680 2008-07-10] (Intel® Corporation)
HKLM\...\Run: [intelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1191936 2008-07-10] (Intel® Corporation)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [442536 2008-10-17] (Creative Technology Ltd.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [98304 2009-03-07] (Apple Computer, Inc.)
HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [iMEKRMIG6.1] - C:\WINDOWS\ime\imkr6_1\imekrmig.exe [44032 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [brStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-12-10] (Memeo Inc.)
HKLM\...\Run: [seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [73728 2011-11-03] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Antivirus] - "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [iSUSPM] -  -scheduler
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-06] (Google Inc.)
HKU\Administrator\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\Administrator\...\Run: [browserSafeguard] - C:\Program Files\Browsersafeguard\Browsersafeguard.exe
HKU\Administrator\...\Run: [searchProtect] - C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe
HKU\Administrator\...\Run: [ConduitFloatingPlugin_eibleipkbineaadpnemmalkahodjhdbd] - "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3314312\plugins\TBVerifier.dll",RunConduitFloatingPlugin eibleipkbineaadpnemmalkahodjhdbd
HKU\administrator.CBCI\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\Default User\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Jason\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\Kazuyo\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\Kazuyo\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Kazuyo\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-03-06] (Google Inc.)
HKU\Scott\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\sshiigi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
SearchScopes: HKCU - {E5F5D888-2587-E012-A817-7038F5690F26} URL = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-114-0-1UPWK
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://monitor.bbirdmsp.com/inc/kaxRemote.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default
FF SelectedSearchEngine: SecureSearch


FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 1072
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Lavasoft Search Plugin - C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: IE Tab - C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: Ad-Aware Security Add-on - C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{B26FA4AF-A08A-11E1-826F-B8AC6F996F26}] - C:\Documents and Settings\sshiigi\Local Settings\Application Data\{B26FA4AF-A08A-11E1-826F-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Documents and Settings\sshiigi\Local Settings\Application Data\{B26FA4AF-A08A-11E1-826F-B8AC6F996F26}\

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\sshiigi\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\sshiigi\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM\...\Chrome\Extension: [eibleipkbineaadpnemmalkahodjhdbd] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [miijoamjkkkkmnjhklgiiohpeeckdofp] - C:\Documents and Settings\Kazuyo\Local Settings\Application Data\CRE\miijoamjkkkkmnjhklgiiohpeeckdofp.crx

========================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [133968 2007-04-19] (Intel Corporation)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [406808 2008-09-04] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [808296 2008-11-11] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [20840 2008-11-11] (Broadcom Corporation)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [451872 2008-11-11] (Dell Inc.)
S2 gupdate1c99ecddb6280e6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-06] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-12-10] (Memeo)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [901120 2008-07-10] (Intel® Corporation)
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [638976 2008-04-25] (Wave Systems Corp.)
R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [90112 2008-10-01] (Smith Micro Software, Inc.)
R2 STacSV; c:\drivers\audio\r205445\stacsv.exe [241746 2008-12-01] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1249280 2008-03-10] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [786432 2008-06-12] (Wave Systems Corp.)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [352256 2008-07-10] (Intel® Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 AESTAud; C:\Windows\System32\drivers\AESTAud.sys [112128 2008-12-01] (Andrea Electronics Corporation)
S3 AsfAlrt; C:\WINDOWS\system32\Drivers\AsfAlrt.sys [42832 2007-04-19] (Intel Corporation)
R3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-15] (Brother Industries Ltd.)
S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534440 2008-08-18] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2008-08-18] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991016 2008-08-18] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156392 2008-08-18] (Broadcom Corporation.)
S3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [37032 2008-08-18] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2008-08-18] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CCIDFILTER; C:\Windows\System32\DRIVERS\ccidflt.sys [12840 2008-11-11] (Broadcom Corporation)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [32808 2008-11-11] (Broadcom Corporation)
R2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R3 e1yexpress; C:\Windows\System32\DRIVERS\e1y5132.sys [244368 2008-06-30] (Intel Corporation)
R1 FsVga; C:\Windows\System32\DRIVERS\fsvga.sys [12160 2008-04-14] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-04-30] (GFI Software)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-07-06] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-07-06] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-07-06] (HP)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-22] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-22] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-02-20] (Intel Corporation )
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3630080 2008-08-06] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 OA001Afx; C:\WINDOWS\system32\Drivers\OA001Afx.sys [134144 2009-05-28] (Creative Technology Ltd.)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [281472 2010-01-28] (Creative Technology Ltd.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-04-18] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-05-26] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-05-26] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-08-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 sbaphd; C:\Windows\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software)
R2 sbapifs; C:\Windows\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [93816 2011-12-19] (GFI Software)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1392819 2008-12-01] (IDT, Inc.)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [172344 2008-06-24] (Wave Systems Corp.)
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-21 08:29 - 2013-11-21 08:30 - 00034040 _____ C:\Documents and Settings\sshiigi\Desktop\FRST.txt
2013-11-21 08:29 - 2013-11-21 08:29 - 00000000 ____D C:\FRST
2013-11-21 08:26 - 2013-11-21 08:26 - 01090881 _____ (Farbar) C:\Documents and Settings\sshiigi\Desktop\FRST.exe
2013-11-21 06:16 - 2013-11-21 06:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-21 06:15 - 2013-11-21 06:15 - 00140508 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-21 06:15 - 2013-11-21 06:15 - 00130892 _____ C:\WINDOWS\KB2900986.log
2013-11-21 06:15 - 2013-11-21 06:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-21 06:15 - 2013-11-21 06:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-21 06:14 - 2013-11-21 06:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-21 06:13 - 2013-11-21 06:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-11-21 06:13 - 2013-11-21 06:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-21 06:12 - 2013-11-21 06:13 - 00133303 _____ C:\WINDOWS\KB2868038.log
2013-11-21 06:12 - 2013-11-21 06:12 - 00131581 _____ C:\WINDOWS\KB2862335.log
2013-11-21 06:12 - 2013-11-21 06:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-11-21 06:12 - 2013-11-21 06:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-11-21 06:11 - 2013-11-21 06:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-11-21 06:04 - 2013-11-21 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-11-21 05:58 - 2013-11-21 05:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-11-21 05:57 - 2013-11-21 05:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-11-21 05:54 - 2013-11-21 05:55 - 00006649 _____ C:\WINDOWS\KB2834904-v2.log
2013-11-21 05:54 - 2013-11-21 05:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-11-21 05:54 - 2013-11-21 05:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-11-21 05:47 - 2013-11-21 05:47 - 00007807 _____ C:\WINDOWS\KB2863058.log
2013-11-21 05:47 - 2013-11-21 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-11-21 05:47 - 2013-11-21 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-11-21 05:47 - 2013-11-21 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-11-21 05:47 - 2013-11-21 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-11-21 05:44 - 2013-11-21 05:45 - 00006646 _____ C:\WINDOWS\KB2834886.log
2013-11-21 05:44 - 2013-11-21 05:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-11-21 05:35 - 2013-11-21 05:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813347-v2$
2013-11-21 05:33 - 2013-11-21 06:15 - 00140739 _____ C:\WINDOWS\iis6.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00129331 _____ C:\WINDOWS\FaxSetup.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00062076 _____ C:\WINDOWS\ocgen.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00059244 _____ C:\WINDOWS\tsoc.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00043087 _____ C:\WINDOWS\comsetup.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00039710 _____ C:\WINDOWS\msmqinst.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00026103 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00022743 _____ C:\WINDOWS\netfxocm.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00008925 _____ C:\WINDOWS\MedCtrOC.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00007616 _____ C:\WINDOWS\updspapi.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00007182 _____ C:\WINDOWS\ocmsn.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00006531 _____ C:\WINDOWS\tabletoc.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00006489 _____ C:\WINDOWS\msgsocm.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-21 05:33 - 2013-11-21 06:15 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-21 05:33 - 2013-11-21 05:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-11-21 05:31 - 2013-11-21 06:15 - 00138526 _____ C:\WINDOWS\KB2876331.log
2013-11-21 05:31 - 2013-11-21 06:14 - 00138568 _____ C:\WINDOWS\KB2868626.log
2013-11-21 05:30 - 2013-11-21 06:13 - 00136435 _____ C:\WINDOWS\KB2862152.log
2013-11-21 05:30 - 2013-11-21 06:11 - 00135944 _____ C:\WINDOWS\KB2847311.log
2013-11-21 05:30 - 2013-08-08 14:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-11-21 05:30 - 2013-07-16 14:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-11-21 05:30 - 2013-07-16 14:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-11-21 05:30 - 2013-07-02 16:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-11-21 05:30 - 2009-03-18 01:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-11-21 05:29 - 2013-11-21 05:58 - 00015887 _____ C:\WINDOWS\KB2864063.log
2013-11-21 05:29 - 2013-11-21 05:58 - 00015366 _____ C:\WINDOWS\KB2876217.log
2013-11-21 05:29 - 2013-11-21 05:54 - 00014630 _____ C:\WINDOWS\KB2850869.log
2013-11-21 05:28 - 2013-11-21 05:47 - 00015441 _____ C:\WINDOWS\KB2859537.log
2013-11-21 05:28 - 2013-11-21 05:47 - 00012625 _____ C:\WINDOWS\KB2845187.log
2013-11-21 05:27 - 2013-11-21 05:35 - 00016788 _____ C:\WINDOWS\KB2813347-v2.log
2013-11-21 05:26 - 2013-11-21 05:33 - 00015331 _____ C:\WINDOWS\KB2820917.log
2013-11-07 10:42 - 2013-11-07 10:45 - 00000000 ____D C:\Documents and Settings\sshiigi\My Documents\4J & Ty
2013-11-06 09:15 - 2013-11-06 09:15 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-06 09:15 - 2013-11-06 09:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-11-06 09:15 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-11-06 09:15 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-06 09:15 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-06 09:15 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-06 09:15 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-06 09:14 - 2013-11-06 09:15 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-11-05 18:50 - 2013-11-05 18:50 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
2013-11-05 14:27 - 2013-11-05 14:27 - 00001544 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-05 14:27 - 2013-11-05 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-05 14:26 - 2013-11-05 14:27 - 00000000 ____D C:\Program Files\iTunes
2013-11-05 14:26 - 2013-11-05 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-05 14:26 - 2013-11-05 14:26 - 00000000 ____D C:\Program Files\iPod
2013-11-05 13:55 - 2013-11-05 13:55 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2013-11-05 13:55 - 2013-11-05 13:55 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2013-10-30 11:11 - 2013-10-30 11:12 - 00002405 _____ C:\Documents and Settings\sshiigi\Desktop\Microsoft Office Picture Manager.lnk
2013-10-30 08:48 - 2013-10-31 08:08 - 00000000 ____D C:\Documents and Settings\sshiigi\Application Data\Apple Computer
2013-10-30 08:47 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2013-10-30 08:44 - 2013-11-05 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2013-10-30 08:43 - 2013-11-12 13:55 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-30 08:43 - 2013-10-30 08:43 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Program Files\Apple Software Update
2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Documents and Settings\sshiigi\Local Settings\Application Data\Apple
2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2013-10-30 08:42 - 2012-12-13 14:50 - 06112864 _____ (Apple, Inc.) C:\WINDOWS\system32\usbaaplrc.dll
2013-10-30 08:42 - 2012-12-13 14:50 - 00045056 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl.sys
2013-10-30 08:41 - 2013-10-30 08:41 - 00000000 ____D C:\Program Files\Bonjour
2013-10-30 08:40 - 2013-11-05 14:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-30 08:40 - 2013-10-30 08:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2013-10-29 10:13 - 2013-10-29 10:13 - 00014336 ___SH C:\Documents and Settings\sshiigi\My Documents\Thumbs.db
2013-10-23 10:14 - 2013-10-23 10:14 - 00000000 ____D C:\Documents and Settings\sshiigi\Local Settings\Application Data\Logishrd
2013-10-23 10:13 - 2013-10-23 10:13 - 00000000 ____D C:\Program Files\Logitech

==================== One Month Modified Files and Folders =======

2013-11-21 08:30 - 2013-11-21 08:29 - 00034040 _____ C:\Documents and Settings\sshiigi\Desktop\FRST.txt
2013-11-21 08:29 - 2013-11-21 08:29 - 00000000 ____D C:\FRST
2013-11-21 08:27 - 2010-03-05 23:33 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA4994F7-D9D9-49BE-BF8A-1123A84B76A0}.job
2013-11-21 08:26 - 2013-11-21 08:26 - 01090881 _____ (Farbar) C:\Documents and Settings\sshiigi\Desktop\FRST.exe
2013-11-21 08:25 - 2008-04-25 11:28 - 01281464 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-21 07:30 - 2013-04-30 13:17 - 00001617 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2013-11-21 07:28 - 2009-03-06 16:42 - 00000000 _____ C:\Documents and Settings\sshiigi\Local Settings\Application Data\WavXMapDrive.bat
2013-11-21 07:28 - 2009-02-27 15:15 - 00190150 _____ C:\WINDOWS\system32\nvapps.xml
2013-11-21 07:28 - 2009-02-27 09:17 - 00125681 _____ C:\WINDOWS\system32\nvModes.001
2013-11-21 07:28 - 2008-04-25 06:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-21 07:27 - 2009-02-27 10:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-21 07:27 - 2008-04-25 11:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-21 07:27 - 2008-04-24 23:25 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-21 07:27 - 2008-04-24 23:25 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-21 07:27 - 2008-04-24 23:21 - 00341832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-21 07:25 - 2009-03-06 16:42 - 00000278 ___SH C:\Documents and Settings\sshiigi\ntuser.ini
2013-11-21 07:25 - 2008-04-25 11:32 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-21 06:23 - 2013-11-21 06:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-21 06:18 - 2008-04-25 11:34 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-11-21 06:15 - 2013-11-21 06:15 - 00140508 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-21 06:15 - 2013-11-21 06:15 - 00130892 _____ C:\WINDOWS\KB2900986.log
2013-11-21 06:15 - 2013-11-21 06:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-21 06:15 - 2013-11-21 06:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-21 06:15 - 2013-11-21 05:33 - 00140739 _____ C:\WINDOWS\iis6.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00129331 _____ C:\WINDOWS\FaxSetup.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00062076 _____ C:\WINDOWS\ocgen.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00059244 _____ C:\WINDOWS\tsoc.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00043087 _____ C:\WINDOWS\comsetup.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00039710 _____ C:\WINDOWS\msmqinst.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00026103 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00022743 _____ C:\WINDOWS\netfxocm.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00008925 _____ C:\WINDOWS\MedCtrOC.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00007616 _____ C:\WINDOWS\updspapi.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00007182 _____ C:\WINDOWS\ocmsn.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00006531 _____ C:\WINDOWS\tabletoc.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00006489 _____ C:\WINDOWS\msgsocm.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-21 06:15 - 2013-11-21 05:33 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-21 06:15 - 2013-11-21 05:31 - 00138526 _____ C:\WINDOWS\KB2876331.log
2013-11-21 06:15 - 2009-06-30 23:56 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-21 06:14 - 2013-11-21 06:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-21 06:14 - 2013-11-21 05:31 - 00138568 _____ C:\WINDOWS\KB2868626.log
2013-11-21 06:13 - 2013-11-21 06:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-11-21 06:13 - 2013-11-21 06:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-21 06:13 - 2013-11-21 06:12 - 00133303 _____ C:\WINDOWS\KB2868038.log
2013-11-21 06:13 - 2013-11-21 05:30 - 00136435 _____ C:\WINDOWS\KB2862152.log
2013-11-21 06:13 - 2013-03-30 17:09 - 00171598 _____ C:\WINDOWS\setupapi.log
2013-11-21 06:12 - 2013-11-21 06:12 - 00131581 _____ C:\WINDOWS\KB2862335.log
2013-11-21 06:12 - 2013-11-21 06:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-11-21 06:12 - 2013-11-21 06:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-11-21 06:11 - 2013-11-21 06:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-11-21 06:11 - 2013-11-21 05:30 - 00135944 _____ C:\WINDOWS\KB2847311.log
2013-11-21 06:09 - 2008-04-24 23:22 - 00005580 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-21 06:04 - 2013-11-21 06:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-11-21 06:04 - 2010-06-03 22:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-11-21 06:01 - 2008-04-25 06:16 - 00000658 _____ C:\WINDOWS\win.ini
2013-11-21 05:58 - 2013-11-21 05:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-11-21 05:58 - 2013-11-21 05:29 - 00015887 _____ C:\WINDOWS\KB2864063.log
2013-11-21 05:58 - 2013-11-21 05:29 - 00015366 _____ C:\WINDOWS\KB2876217.log
2013-11-21 05:57 - 2013-11-21 05:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-11-21 05:55 - 2013-11-21 05:54 - 00006649 _____ C:\WINDOWS\KB2834904-v2.log
2013-11-21 05:55 - 2013-11-21 05:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-11-21 05:54 - 2013-11-21 05:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-11-21 05:54 - 2013-11-21 05:29 - 00014630 _____ C:\WINDOWS\KB2850869.log
2013-11-21 05:47 - 2013-11-21 05:47 - 00007807 _____ C:\WINDOWS\KB2863058.log
2013-11-21 05:47 - 2013-11-21 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-11-21 05:47 - 2013-11-21 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-11-21 05:47 - 2013-11-21 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-11-21 05:47 - 2013-11-21 05:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-11-21 05:47 - 2013-11-21 05:28 - 00015441 _____ C:\WINDOWS\KB2859537.log
2013-11-21 05:47 - 2013-11-21 05:28 - 00012625 _____ C:\WINDOWS\KB2845187.log
2013-11-21 05:47 - 2009-02-27 09:25 - 00255224 _____ C:\WINDOWS\system32\TZLog.log
2013-11-21 05:45 - 2013-11-21 05:44 - 00006646 _____ C:\WINDOWS\KB2834886.log
2013-11-21 05:44 - 2013-11-21 05:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-11-21 05:44 - 2008-04-25 11:39 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-11-21 05:35 - 2013-11-21 05:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813347-v2$
2013-11-21 05:35 - 2013-11-21 05:27 - 00016788 _____ C:\WINDOWS\KB2813347-v2.log
2013-11-21 05:33 - 2013-11-21 05:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-11-21 05:33 - 2013-11-21 05:26 - 00015331 _____ C:\WINDOWS\KB2820917.log
2013-11-21 05:27 - 2009-02-27 09:20 - 00000000 ____D C:\WINDOWS\$hf_mig$
2013-11-21 05:12 - 2008-04-25 11:26 - 00000000 ____D C:\WINDOWS\Registration
2013-11-21 03:46 - 2011-02-22 00:02 - 00000336 _____ C:\WINDOWS\BRCALIB.INI
2013-11-21 03:42 - 2009-03-08 00:14 - 00002521 _____ C:\Documents and Settings\sshiigi\Desktop\Outlook 2003.lnk
2013-11-21 03:07 - 2009-03-06 16:09 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-21 02:13 - 2013-04-30 15:19 - 00002292 _____ C:\WINDOWS\LkmdfCoInst.log
2013-11-21 02:13 - 2013-04-30 15:19 - 00001136 _____ C:\WINDOWS\setupact.log
2013-11-21 02:12 - 2011-05-09 22:53 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2013-11-20 16:24 - 2009-02-27 09:17 - 00125681 _____ C:\WINDOWS\system32\nvModes.dat
2013-11-15 14:42 - 2009-03-08 14:52 - 00000000 ____D C:\Documents and Settings\sshiigi\Local Settings\Application Data\CutePDF Writer
2013-11-14 14:04 - 2010-02-21 20:10 - 00001815 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-11-14 07:19 - 2012-03-31 08:50 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-14 07:19 - 2012-03-31 08:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-14 07:19 - 2011-05-19 17:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-14 07:19 - 2009-03-07 19:04 - 00000000 ____D C:\Documents and Settings\sshiigi\Local Settings\Application Data\Adobe
2013-11-13 07:30 - 2013-06-22 23:43 - 00000948 _____ C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-11-12 13:55 - 2013-10-30 08:43 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-12 12:27 - 2009-03-06 16:38 - 00000000 ____D C:\Program Files\Google
2013-11-07 15:50 - 2009-03-08 17:59 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-07 10:45 - 2013-11-07 10:42 - 00000000 ____D C:\Documents and Settings\sshiigi\My Documents\4J & Ty
2013-11-06 09:15 - 2013-11-06 09:15 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-06 09:15 - 2013-11-06 09:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-11-06 09:15 - 2013-11-06 09:14 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-11-06 09:15 - 2013-07-19 08:15 - 00000000 ____D C:\Program Files\Java
2013-11-05 18:50 - 2013-11-05 18:50 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
2013-11-05 14:27 - 2013-11-05 14:27 - 00001544 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-11-05 14:27 - 2013-11-05 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-05 14:27 - 2013-11-05 14:26 - 00000000 ____D C:\Program Files\iTunes
2013-11-05 14:27 - 2013-11-05 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-05 14:26 - 2013-11-05 14:26 - 00000000 ____D C:\Program Files\iPod
2013-11-05 14:26 - 2013-10-30 08:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2013-11-05 14:26 - 2013-10-30 08:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-05 13:55 - 2013-11-05 13:55 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2013-11-05 13:55 - 2013-11-05 13:55 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2013-10-31 08:08 - 2013-10-30 08:48 - 00000000 ____D C:\Documents and Settings\sshiigi\Application Data\Apple Computer
2013-10-30 11:12 - 2013-10-30 11:11 - 00002405 _____ C:\Documents and Settings\sshiigi\Desktop\Microsoft Office Picture Manager.lnk
2013-10-30 08:48 - 2012-05-27 04:06 - 00000000 ____D C:\Documents and Settings\sshiigi\Local Settings\Application Data\Apple Computer
2013-10-30 08:43 - 2013-10-30 08:43 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Program Files\Apple Software Update
2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Documents and Settings\sshiigi\Local Settings\Application Data\Apple
2013-10-30 08:43 - 2013-10-30 08:43 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2013-10-30 08:43 - 2013-10-30 08:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2013-10-30 08:41 - 2013-10-30 08:41 - 00000000 ____D C:\Program Files\Bonjour
2013-10-30 06:17 - 2009-03-08 14:49 - 00000000 ____D C:\Documents and Settings\sshiigi\My Documents\2Scott Home
2013-10-29 10:13 - 2013-10-29 10:13 - 00014336 ___SH C:\Documents and Settings\sshiigi\My Documents\Thumbs.db
2013-10-23 10:14 - 2013-10-23 10:14 - 00000000 ____D C:\Documents and Settings\sshiigi\Local Settings\Application Data\Logishrd
2013-10-23 10:14 - 2013-04-30 15:19 - 00020386 _____ C:\WINDOWS\LDPINST.LOG
2013-10-23 10:14 - 2011-05-09 22:52 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-10-23 10:14 - 2009-02-27 15:15 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-10-23 10:13 - 2013-10-23 10:13 - 00000000 ____D C:\Program Files\Logitech
2013-10-23 10:13 - 2011-05-09 22:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
2013-10-23 10:13 - 2011-05-09 22:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Logishrd

Files to move or delete:
====================
C:\Documents and Settings\Kazuyo\gotomypc_540.exe
C:\Documents and Settings\sshiigi\gotomypc_540.exe

Some content of TEMP:
====================
C:\Documents and Settings\sshiigi\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\sshiigi\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013
Ran by sshiigi at 2013-11-21 08:31:40
Running from C:\Documents and Settings\sshiigi\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Lavasoft Ad-Aware (Disabled - Up to date) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware (Disabled) {FF1CD5B7-1553-4625-A258-1775385CED33}

==================== Installed Programs ======================

7300 (Version: 47.0.1.000)
7300_Help (Version: 47.0.1.000)
7300Trb (Version: 47.0.1.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware Antivirus (Version: 10.5.2.4379)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 11 (Version: 11)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
All Day Battery Life Configuration (Version: 1.1.0)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
BioAPI Framework (Version: 1.0.1)
biolsp patch (Version: 01.00.02.0005)
Bonjour (Version: 3.0.0.10)
Broadcom USH Host Components (Version: 1.6.8.12)
Brother MFL-Pro Suite MFC-9970CDW (Version: 1.0.2.0)
BufferChm (Version: 45.4.157.000)
CCleaner (Version: 4.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 45.4.157.000)
Coupon Printer for Windows (Version: 5.0.0.1)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
CutePDF Writer 2.8
Dell Control Point (Version: 1.2.4)
Dell ControlPoint Connection Manager (Version: 1.1.1)
Dell ControlPoint Security Manager (Version: 1.2.4)
Dell ControlPoint System Manager (Version: 1.1.00000)
Dell Embassy Trust Suite by Wave Systems (Version: 03.00.01.003)
Dell Security Device Driver Pack (Version: 1.01.30)
Dell Touchpad (Version: 7.2.101.215)
Dell Webcam Central (Version: 1.01.04)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
Document Manager Lite (Version: 06.07.00.104)
DocumentViewer (Version: 45.4.157.000)
EMBASSY Security Center (Version: 03.07.00.074)
EMBASSY Security Setup (Version: 03.07.00.057)
eReg (Version: 1.20.138.34)
ERUNT 1.1j
ESC Home Page Plugin (Version: 03.02.00.028)
Fax (Version: 47.0.1.000)
Gemalto (Version: 01.00.00.0010)
Google Chrome (Version: 31.0.1650.57)
Google Chrome Frame (Version: 31.0.1650.57)
Google Earth (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Updater (Version: 2.4.2432.1652)
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880)
HP Image Zone 4.7 (Version: 4.7)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
InstantShare (Version: 45.4.157.000)
Integrated Webcam Driver (1.08.01.0129)   (Version: 1.08.01.0129)
Intel PROSet Wireless
Intel® Network Connections 13.0.42.0 (Version: 13.0.42.0)
Intel® PRO Alerting Agent (Version: 12.0.3)
Intel® PROSet/Wireless WiFi Software (Version: 12.00.4000)
Intel® Matrix Storage Manager
iTunes (Version: 11.1.3.8)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
join.me (HKCU Version: 1.3.1.426)
Junk Mail filter update (Version: 14.0.8089.726)
KeyBar 1.22 Toolbar for IE (Version: 6.17.0.33)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Logitech SetPoint 6.61 (Version: 6.61.15)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Memeo Instant Backup (Version: 4.60.0.7876)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NTRU TCG Software Stack (Version: 2.1.27)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Open Freely (Version: 1.0)
PanoStandAlone (Version: 45.4.157.000)
PaperPort Image Printer (Version: 1.00.0001)
PhotoGallery (Version: 45.4.157.000)
PowerDVD (Version: 8.1)
Preboot Manager (Version: 2.4.0.244)
Private Information Manager (Version: 06.02.00.053)
ProductContext (Version: 47.0.1.000)
QFolder (Version: 1.00.0000)
Quicken 2008 (Version: 17.1.4.11)
QuickTime
Readme (Version: 47.0.1.000)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
Scansoft PDF Professional
Seagate Dashboard (Version: 1.1.0.1548)
Secure Update (Version: 05.05.00.015)
Security Wizards (Version: 01.05.00.039)
Segoe UI (Version: 14.0.4327.805)
SkinsHP1 (Version: 45.4.157.000)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.6 (Version: 6.6.106)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
SUPERAntiSpyware Free Edition (Version: 4.26.0.1004)
TrayApp (Version: 45.4.157.000)
Trusted Drive Manager (Version: 2.4.0.276)
tsp patch (Version: 01.00.00.0000)
TurboTax 2008
TurboTax 2008 whiiper (Version: 008.000.0121)
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 whiiper (Version: 009.000.0748)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax Home & Business 2007
Type to Learn 4
U3Launcher (Version: 1.0.0)
Unload (Version: 4.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971930) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2813347-v2) (Version: 2)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Wave Infrastructure Installer (Version: 06.00.34.0000)
Wave Support Software (Version: 05.08.00.052)
WD Diagnostics (Version: 1.09.0002)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
WIDCOMM Bluetooth Software (Version: 5.5.0.3208)
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live OneCare safety scanner
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows Small Business Server 2011 Standard ClientAgent (Version: 6.1.7900.1)
Windows Small Business Server 2011 Standard WMI Provider (Version: 6.1.7900.1)
XML Paper Specification Shared Components Pack 1.0

==================== Restore Points  =========================

19-10-2013 10:53:17 System Checkpoint
19-10-2013 10:56:11 After Fixing Desktop Hide - Trojan.Agent
20-10-2013 08:39:19 After AdwCleaner Quarantine Folder Deleted
21-10-2013 17:44:55 System Checkpoint
22-10-2013 18:15:58 System Checkpoint
23-10-2013 23:25:51 System Checkpoint
25-10-2013 00:18:48 System Checkpoint
26-10-2013 00:21:22 System Checkpoint
28-10-2013 10:31:53 System Checkpoint
28-10-2013 10:45:13 SAS
29-10-2013 17:17:54 System Checkpoint
30-10-2013 17:22:02 System Checkpoint
30-10-2013 18:44:23 Installed iTunes
31-10-2013 20:37:32 System Checkpoint
01-11-2013 20:49:41 System Checkpoint
03-11-2013 11:50:54 System Checkpoint
04-11-2013 12:20:22 System Checkpoint
05-11-2013 12:57:02 System Checkpoint
06-11-2013 17:23:55 System Checkpoint
06-11-2013 19:14:03 Installed Java 7 Update 45
07-11-2013 19:51:20 System Checkpoint
08-11-2013 20:30:28 System Checkpoint
12-11-2013 08:15:56 System Checkpoint
13-11-2013 17:23:59 System Checkpoint
14-11-2013 17:36:43 System Checkpoint
15-11-2013 17:37:45 System Checkpoint
16-11-2013 18:08:22 System Checkpoint
18-11-2013 17:34:24 System Checkpoint
21-11-2013 15:33:12 Software Distribution Service 3.0

==================== Hosts content: ==========================

2008-04-25 06:16 - 2013-10-16 06:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA4994F7-D9D9-49BE-BF8A-1123A84B76A0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-07-10 16:15 - 2008-07-10 16:15 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-03-06 16:31 - 2012-03-11 14:55 - 00088656 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2008-10-01 00:26 - 2008-10-01 00:26 - 00495616 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMMessages.dll
2008-10-01 00:28 - 2008-10-01 00:28 - 00438272 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMPROFILEMANAGER.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-05 23:55 - 2009-04-05 23:55 - 00755712 ____N () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-04-05 23:58 - 2009-04-05 23:58 - 00471040 ____N () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-04-14 08:59 - 2010-04-14 08:59 - 00854016 ____N () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-14 08:59 - 2010-04-14 08:59 - 00471040 ____N () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2007-07-23 11:04 - 2007-07-23 11:04 - 00068080 ____N () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2008-05-14 13:40 - 2008-05-14 13:40 - 00262144 ____N () C:\WINDOWS\system32\wxvault.dll
2012-05-15 16:01 - 2013-10-01 14:16 - 00190752 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
2012-05-15 16:01 - 2013-10-01 14:16 - 00178464 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2011-02-22 00:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-07-10 16:25 - 2008-07-10 16:25 - 00057344 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
2008-08-15 04:46 - 2008-08-15 04:46 - 02854912 ____N () C:\WINDOWS\system32\btwicons.dll
2008-08-18 07:12 - 2008-08-18 07:12 - 00098304 ____N () C:\Program Files\Dell\Dell ControlPoint\SmithMicro.Common.dll
2008-08-18 07:12 - 2008-08-18 07:12 - 00016384 ____N () C:\Program Files\Dell\Dell ControlPoint\Dell.DcpPlugin.dll
2008-07-28 14:03 - 2008-07-28 14:03 - 00010752 ____N () C:\WINDOWS\system32\Wavx_ESC_Logging.dll
2008-03-10 11:47 - 2008-03-10 11:47 - 00004608 ____N () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2008-10-01 00:29 - 2008-10-01 00:29 - 00098304 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\UCMPlugin\SmithMicro.Common.dll
2008-10-01 00:24 - 2008-10-01 00:24 - 00098304 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Common.dll
2008-10-01 00:24 - 2008-10-01 00:24 - 00200704 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Application.dll
2008-10-01 00:26 - 2008-10-01 00:26 - 03567616 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.SharedUI.dll
2008-10-01 00:24 - 2008-10-01 00:24 - 00077824 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.dll
2008-10-01 00:25 - 2008-10-01 00:25 - 00028672 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.VpnController.dll
2008-10-01 00:25 - 2008-10-01 00:25 - 00040960 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\VpnWrapper.dll
2008-10-01 00:25 - 2008-10-01 00:25 - 00028672 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.AsyncOperations.dll
2011-11-03 08:09 - 2011-11-03 08:09 - 00102912 _____ () C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-11-03 08:10 - 2011-11-03 08:10 - 00025600 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-11-03 08:10 - 2011-11-03 08:10 - 00015360 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
2011-11-03 08:10 - 2011-11-03 08:10 - 00014848 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
2010-12-10 15:50 - 2010-12-10 15:50 - 02896608 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
2010-12-10 15:50 - 2010-12-10 15:50 - 00026848 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 12:59 - 2010-03-22 12:59 - 00504293 _____ () C:\Program Files\Memeo\AutoBackup\sqlite3.dll
2010-04-20 07:22 - 2010-04-20 07:22 - 00241664 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2010-04-20 07:22 - 2010-04-20 07:22 - 00971776 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e97e1748\mscorlib.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_041cb938\system.windows.forms.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_6ece45b0\system.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f841a956\system.drawing.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_8c229c00\system.xml.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2013 07:27:37 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (11/21/2013 07:27:36 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (11/21/2013 07:27:36 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (11/21/2013 06:09:14 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

Error: (11/21/2013 06:09:14 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (11/21/2013 06:09:10 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (11/21/2013 06:09:10 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (11/21/2013 06:09:09 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The
Error code is the first DWORD in Data section.

Error: (11/21/2013 06:09:09 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (11/21/2013 05:52:27 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

System errors:
=============
Error: (11/21/2013 08:12:50 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 60 minutes.
NtpClient has no source of accurate time.

Error: (11/21/2013 07:42:49 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (11/21/2013 07:28:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (11/21/2013 07:27:48 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (11/21/2013 07:27:48 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (11/21/2013 07:27:36 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain CBCI due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/21/2013 07:25:55 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register with DCOM within the required timeout.

Error: (11/21/2013 07:08:10 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain CBCI due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/21/2013 06:53:27 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 240 minutes.
NtpClient has no source of accurate time.

Error: (11/21/2013 05:37:34 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Microsoft Office Sessions:
=========================
Error: (11/21/2013 07:27:37 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (11/21/2013 07:27:36 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (11/21/2013 07:27:36 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (11/21/2013 06:09:14 AM) (Source: LoadPerf)(User: )
Description: ASP.NETASP.NET

Error: (11/21/2013 06:09:14 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (11/21/2013 06:09:10 AM) (Source: LoadPerf)(User: )
Description: aspnet_stateASP.NET State Service

Error: (11/21/2013 06:09:10 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (11/21/2013 06:09:09 AM) (Source: LoadPerf)(User: )
Description: ASP.NET_2.0.50727ASP.NET_2.0.50727

Error: (11/21/2013 06:09:09 AM) (Source: LoadPerf)(User: )
Description: Performance

Error: (11/21/2013 05:52:27 AM) (Source: LoadPerf)(User: )
Description: ASP.NETASP.NET

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 2035.83 MB
Available physical RAM: 886.71 MB
Total Pagefile: 3927.79 MB
Available Pagefile: 2535.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.73 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.75 GB) (Free:153.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive x: (GoFlex Home Public) (Network) (Total:1863.01 GB) (Free:1807 GB) NTFS
Drive y: (GoFlex Home Backup) (Network) (Total:1863.01 GB) (Free:1807 GB) NTFS
Drive z: (GoFlex Home Personal) (Network) (Total:1863.01 GB) (Free:1807 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=141 MB) - (Type=DE)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Marius:  Post still too long.  TDSSKILLER log has been separated.

 

 

09:18:26.0609 0x15dc  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
09:18:33.0062 0x15dc  ============================================================
09:18:33.0062 0x15dc  Current date / time: 2013/11/21 09:18:33.0062
09:18:33.0062 0x15dc  SystemInfo:
09:18:33.0062 0x15dc 
09:18:33.0062 0x15dc  OS Version: 5.1.2600 ServicePack: 3.0
09:18:33.0062 0x15dc  Product type: Workstation
09:18:33.0062 0x15dc  ComputerName: DFB69GJ1
09:18:33.0062 0x15dc  UserName: sshiigi
09:18:33.0062 0x15dc  Windows directory: C:\WINDOWS
09:18:33.0062 0x15dc  System windows directory: C:\WINDOWS
09:18:33.0062 0x15dc  Processor architecture: Intel x86
09:18:33.0062 0x15dc  Number of processors: 2
09:18:33.0062 0x15dc  Page size: 0x1000
09:18:33.0062 0x15dc  Boot type: Normal boot
09:18:33.0062 0x15dc  ============================================================
09:18:33.0312 0x15dc  KLMD registered as C:\WINDOWS\system32\drivers\28552175.sys
09:18:33.0703 0x15dc  System UUID: {B3ADC92A-A292-2CD6-B513-F70E80D8133D}
09:18:34.0625 0x15dc  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:18:34.0640 0x15dc  ============================================================
09:18:34.0640 0x15dc  \Device\Harddisk0\DR0:
09:18:34.0656 0x15dc  MBR partitions:
09:18:34.0656 0x15dc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x46992, BlocksNum 0x1D17DBEF
09:18:34.0656 0x15dc  ============================================================
09:18:34.0734 0x15dc  C: <-> \Device\Harddisk0\DR0\Partition1
09:18:34.0765 0x15dc  ============================================================
09:18:34.0765 0x15dc  Initialize success
09:18:34.0765 0x15dc  ============================================================
09:18:39.0828 0x1094  ============================================================
09:18:39.0828 0x1094  Scan started
09:18:39.0828 0x1094  Mode: Manual;
09:18:39.0828 0x1094  ============================================================
09:18:39.0828 0x1094  KSN ping started
09:18:41.0578 0x1094  KSN ping finished: true
09:18:43.0546 0x1094  ================ Scan system memory ========================
09:18:44.0421 0x1094  System memory - ok
09:18:44.0421 0x1094  ================ Scan services =============================
09:18:44.0578 0x1094  Abiosdsk - ok
09:18:44.0609 0x1094  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:18:44.0625 0x1094  abp480n5 - ok
09:18:44.0750 0x1094  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:18:44.0750 0x1094  ACPI - ok
09:18:44.0765 0x1094  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:18:44.0765 0x1094  ACPIEC - ok
09:18:44.0921 0x1094  [ 9D90344179ED6A05959DE40FC934A022, 6F1108F9081E96DD302FAE2304203CB9DAF9BD9984A6352331065778BB90B167 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
09:18:44.0984 0x1094  Ad-Aware Service - ok
09:18:45.0046 0x1094  [ 438F31336B3DC248ABC632F1C8F34A24, 94C1218E7EC2EC6D4870A6FDC118097D7D3A359DA073DCD3A9770F399F830991 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:18:45.0062 0x1094  AdobeFlashPlayerUpdateSvc - ok
09:18:45.0093 0x1094  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:18:45.0093 0x1094  adpu160m - ok
09:18:45.0140 0x1094  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:18:45.0156 0x1094  aec - ok
09:18:45.0171 0x1094  [ 20F078136F3BDC4C0405C0527B769303, 7A0BB6BA4E9D28EAA1ACB7D8537E83394365950AC36D524AFC9EE21520B6C21D ] AESTAud         C:\WINDOWS\system32\drivers\AESTAud.sys
09:18:45.0171 0x1094  AESTAud - ok
09:18:45.0218 0x1094  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:18:45.0234 0x1094  AFD - ok
09:18:45.0265 0x1094  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
09:18:45.0265 0x1094  agp440 - ok
09:18:45.0281 0x1094  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:18:45.0281 0x1094  agpCPQ - ok
09:18:45.0296 0x1094  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:18:45.0296 0x1094  Aha154x - ok
09:18:45.0312 0x1094  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:18:45.0312 0x1094  aic78u2 - ok
09:18:45.0328 0x1094  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:18:45.0328 0x1094  aic78xx - ok
09:18:45.0359 0x1094  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:18:45.0359 0x1094  Alerter - ok
09:18:45.0375 0x1094  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
09:18:45.0390 0x1094  ALG - ok
09:18:45.0406 0x1094  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
09:18:45.0406 0x1094  AliIde - ok
09:18:45.0421 0x1094  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:18:45.0421 0x1094  alim1541 - ok
09:18:45.0437 0x1094  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:18:45.0453 0x1094  amdagp - ok
09:18:45.0468 0x1094  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
09:18:45.0468 0x1094  amsint - ok
09:18:45.0500 0x1094  [ B83F9DA84F7079451C1C6A4A2F140920, 34F7ADDC69EDA30C5285F2570F4ADB31EC8CE9A7D73E5C477AD0232BC6E09DAF ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:18:45.0515 0x1094  ApfiltrService - ok
09:18:45.0578 0x1094  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:18:45.0578 0x1094  Apple Mobile Device - ok
09:18:45.0609 0x1094  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:18:45.0625 0x1094  AppMgmt - ok
09:18:45.0656 0x1094  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:18:45.0656 0x1094  Arp1394 - ok
09:18:45.0687 0x1094  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
09:18:45.0687 0x1094  asc - ok
09:18:45.0703 0x1094  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:18:45.0703 0x1094  asc3350p - ok
09:18:45.0718 0x1094  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:18:45.0718 0x1094  asc3550 - ok
09:18:45.0765 0x1094  [ 9AD6EF4D591211A93848103368125B41, 3498D054773E94626615505784C3F3A617B31C2FF9AD2F739DDFB35E05ACDE3D ] ASFAgent        C:\Program Files\Intel\ASF Agent\ASFAgent.exe
09:18:45.0781 0x1094  ASFAgent - ok
09:18:45.0796 0x1094  [ ACEE9813685F4A03EE5A160057DD61A8, 20CA1A6AA0BAE7B5A3871026C59711D5EEA79DD764A59A31425654A8B1C62373 ] AsfAlrt         C:\WINDOWS\system32\Drivers\AsfAlrt.sys
09:18:45.0796 0x1094  AsfAlrt - ok
09:18:45.0875 0x1094  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:18:45.0875 0x1094  aspnet_state - ok
09:18:45.0875 0x1094  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:18:45.0890 0x1094  AsyncMac - ok
09:18:45.0921 0x1094  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:18:45.0921 0x1094  atapi - ok
09:18:45.0921 0x1094  Atdisk - ok
09:18:45.0953 0x1094  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:18:45.0953 0x1094  Atmarpc - ok
09:18:45.0984 0x1094  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:18:45.0984 0x1094  AudioSrv - ok
09:18:46.0031 0x1094  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:18:46.0031 0x1094  audstub - ok
09:18:46.0046 0x1094  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:18:46.0046 0x1094  Beep - ok
09:18:46.0125 0x1094  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
09:18:46.0156 0x1094  BITS - ok
09:18:46.0234 0x1094  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:18:46.0250 0x1094  Bonjour Service - ok
09:18:46.0281 0x1094  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
09:18:46.0281 0x1094  Browser - ok
09:18:46.0312 0x1094  [ 92A964547B96D697E5E9ED43B4297F5A, 01A84802B68253FF093EAFED5B85DE716BB85EBD080D92D4814B6FB39286CD24 ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
09:18:46.0312 0x1094  BrScnUsb - ok
09:18:46.0375 0x1094  [ 9F80879913DC2712FD0C4D734E3F519B, AECEB7F5B24CA5334B9FE862D939046BAA7E18626505A7887B1DA060D28D87FC ] BrSerIb         C:\WINDOWS\system32\DRIVERS\BrSerIb.sys
09:18:46.0375 0x1094  BrSerIb - ok
09:18:46.0375 0x1094  [ B67512DA42C0C90BF236D5485226C1C7, 1179B7B15753A63E26301766340C66D3D9E76E30901C92775AFC490BD948E909 ] BrUsbSIb        C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys
09:18:46.0375 0x1094  BrUsbSIb - ok
09:18:46.0484 0x1094  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
09:18:46.0500 0x1094  BrYNSvc - ok
09:18:46.0562 0x1094  [ F688BBBE8E3E7E03E35CAABD66616DDB, 44B4ED19BFDD0CEA932EA7E77CCE2C54E0BE8ED280CC319788CF8FDDFACA1A50 ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
09:18:46.0609 0x1094  btaudio - ok
09:18:46.0656 0x1094  [ 2F9F111D31AA3FBBE5781D829A4524E6, 6B43195DA5FEE904E2DE73F15956B6F005190F36EC3921D41871D88F6B8A21EF ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
09:18:46.0656 0x1094  BTDriver - ok
09:18:46.0765 0x1094  [ 38A3331E2F690D4CDC9DE0604B9416E5, F991F460EE5B43F53E00A50426C242661A0DBB5C8E837A671609BA9A14C107C9 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:18:46.0843 0x1094  BTKRNL - ok
09:18:46.0984 0x1094  [ D48148110AE078CB7221D0FCF20ADFEC, F036F951808C0DBDC4669A7BCBBB775B725DF0D7DA79B39F80B3A5080080203D ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
09:18:47.0015 0x1094  btwdins - ok
09:18:47.0062 0x1094  [ 80F61DE965C116051614AC2F04222FF7, 010201E19B96DA3937C168051205728AF47FA96C89D1553F1F67739227B086E5 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:18:47.0078 0x1094  BTWDNDIS - ok
09:18:47.0109 0x1094  [ 5922BAE0CD84924B9CD7E6BB515EE070, 7ECC86EDFAF6E1A3769EC57A127CA6CB4AF0BD11F99BDB3AD534675E049CC53C ] btwmodem        C:\WINDOWS\system32\DRIVERS\btwmodem.sys
09:18:47.0109 0x1094  btwmodem - ok
09:18:47.0140 0x1094  [ D5AF663711660D32EC230C6AAF7B6B83, 0924E62C7F369E8882CB107BCD9A93410E72E4E064A306670EF3517EB8165D0C ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
09:18:47.0156 0x1094  BTWUSB - ok
09:18:47.0265 0x1094  [ 4C2A9823C48882BCE93E26105E1434E2, 425371C28B9FCC7150DB3FCEC1CFF8A9B6DBE91940010ECF1645D998FB52D703 ] buttonsvc32     C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
09:18:47.0296 0x1094  buttonsvc32 - ok
09:18:47.0312 0x1094  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:18:47.0312 0x1094  cbidf - ok
09:18:47.0312 0x1094  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:18:47.0312 0x1094  cbidf2k - ok
09:18:47.0343 0x1094  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:18:47.0343 0x1094  CCDECODE - ok
09:18:47.0375 0x1094  [ D006B6A67B8DAED85E6D91783E9B45D6, EA928046B3A0B55F86525B60376C24F5A892EC1FDB4799199FFF7F27A0FCEE04 ] CCIDFILTER      C:\WINDOWS\system32\DRIVERS\ccidflt.sys
09:18:47.0375 0x1094  CCIDFILTER - ok
09:18:47.0406 0x1094  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:18:47.0406 0x1094  cd20xrnt - ok
09:18:47.0437 0x1094  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:18:47.0437 0x1094  Cdaudio - ok
09:18:47.0453 0x1094  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:18:47.0453 0x1094  Cdfs - ok
09:18:47.0500 0x1094  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:18:47.0500 0x1094  Cdrom - ok
09:18:47.0531 0x1094  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:18:47.0531 0x1094  CiSvc - ok
09:18:47.0546 0x1094  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:18:47.0546 0x1094  ClipSrv - ok
09:18:47.0562 0x1094  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:18:47.0593 0x1094  clr_optimization_v2.0.50727_32 - ok
09:18:47.0593 0x1094  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:18:47.0593 0x1094  CmBatt - ok
09:18:47.0609 0x1094  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:18:47.0609 0x1094  CmdIde - ok
09:18:47.0625 0x1094  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:18:47.0625 0x1094  Compbatt - ok
09:18:47.0625 0x1094  COMSysApp - ok
09:18:47.0656 0x1094  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:18:47.0656 0x1094  Cpqarray - ok
09:18:47.0734 0x1094  [ 9D57165906778C9E5E0ECB34B311564B, E158E54ED63C1A1DB67FA3A4E67F1CE6934F9861D4B7DCD5F111AB47C9EEC0FE ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
09:18:47.0765 0x1094  Credential Vault Host Control Service - ok
09:18:47.0765 0x1094  [ E31E97859DEEE648D5867EADFBDBF25A, A0874F1B7B21CBAC76F7632DC60F5E233719194BB3E06A5AE816663AA6CFFF71 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
09:18:47.0765 0x1094  Credential Vault Host Storage - ok
09:18:47.0796 0x1094  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:18:47.0812 0x1094  CryptSvc - ok
09:18:47.0828 0x1094  [ DC6429FBC73B0B0B38CC5386C8A607ED, AD4B8F41124CCCC90D4586CC2CD15F3B9070CDA8814BC2D09771FEAB2C2978C0 ] cvusbdrv        C:\WINDOWS\system32\Drivers\cvusbdrv.sys
09:18:47.0828 0x1094  cvusbdrv - ok
09:18:47.0859 0x1094  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:18:47.0859 0x1094  dac2w2k - ok
09:18:47.0890 0x1094  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:18:47.0890 0x1094  dac960nt - ok
09:18:47.0953 0x1094  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:18:47.0968 0x1094  DcomLaunch - ok
09:18:48.0046 0x1094  [ CE597E34D62C603871E2F2F5155A88E5, B692DE64FE16137AEBD0A1C3FA69B02F53B98A4BF1E3654AE496F39E34DFF99A ] dcpsysmgrsvc    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
09:18:48.0062 0x1094  dcpsysmgrsvc - ok
09:18:48.0125 0x1094  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:18:48.0140 0x1094  Dhcp - ok
09:18:48.0187 0x1094  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:18:48.0187 0x1094  Disk - ok
09:18:48.0218 0x1094  [ A0500678A33802D8954153839301D539, C0EC7164985DD805A08EC13D30E2596017AF76C97BD912A635AEEF1762D49564 ] DLABMFSM        C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
09:18:48.0218 0x1094  DLABMFSM - ok
09:18:48.0234 0x1094  [ B8D2F68CAC54D46281399F9092644794, A5CEA410D0EEB6A3E1FC003DEFB2E5DAE8761CCC280B741306E3D7AA5D57EDF3 ] DLABOIOM        C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
09:18:48.0234 0x1094  DLABOIOM - ok
09:18:48.0250 0x1094  [ 0EE93AB799D1CB4EC90B36F3612FE907, 8BEAC6C686429F67D9147E8D1E675F9E993650F8037DE6D9A9829784E8116C6F ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:18:48.0250 0x1094  DLACDBHM - ok
09:18:48.0250 0x1094  [ 87413B94AE1FABC117C4E8AE6725134E, 8B34AE7CB31DA7F215B5F94D74EBD7CDBB1B239763417BD1A43B2F21830074E0 ] DLADResM        C:\WINDOWS\system32\Drivers\DLADResM.SYS
09:18:48.0250 0x1094  DLADResM - ok
09:18:48.0265 0x1094  [ 766A148235BE1C0039C974446E4C0EDC, C9823A75083BE88B5F35D09B0F188856F6FBE37098787E61F780D1950E1B8C63 ] DLAIFS_M        C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
09:18:48.0265 0x1094  DLAIFS_M - ok
09:18:48.0281 0x1094  [ 38267CCA177354F1C64450A43A4F7627, DEC627B16BB13273ADD6F629CD99BB138081C276AD539206BBA8723092E7FEE0 ] DLAOPIOM        C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
09:18:48.0281 0x1094  DLAOPIOM - ok
09:18:48.0281 0x1094  [ FD363369FD313B46B5AEAB1A688B52E9, 67E8F268727555F2FA9EACE32131A924DC164ADAED320AF5999B5647701EC0E7 ] DLAPoolM        C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
09:18:48.0281 0x1094  DLAPoolM - ok
09:18:48.0296 0x1094  [ 336AE18F0912EF4FBE5518849E004D74, 652F47AF0401B8EE8303B3D3113B87C18313EFA0F4F20793A140411CD6984F22 ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
09:18:48.0296 0x1094  DLARTL_M - ok
09:18:48.0296 0x1094  [ FD85F682C1CC2A7CA878C7A448E6D87E, FF63F13DD5203B262A7CC442CD8CC9E7611BB246DC5E79676379742B88E1B0DD ] DLAUDFAM        C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
09:18:48.0296 0x1094  DLAUDFAM - ok
09:18:48.0328 0x1094  [ AF389CE587B6BF5BBDCD6F6ABE5EABC0, 58D4A7886FD114E65D5B2E80F451160A5092FF91A81CED314F959E51A8F98BFE ] DLAUDF_M        C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
09:18:48.0328 0x1094  DLAUDF_M - ok
09:18:48.0343 0x1094  dmadmin - ok
09:18:48.0406 0x1094  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:18:48.0437 0x1094  dmboot - ok
09:18:48.0437 0x1094  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:18:48.0453 0x1094  dmio - ok
09:18:48.0468 0x1094  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:18:48.0468 0x1094  dmload - ok
09:18:48.0484 0x1094  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:18:48.0484 0x1094  dmserver - ok
09:18:48.0515 0x1094  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:18:48.0515 0x1094  DMusic - ok
09:18:48.0578 0x1094  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:18:48.0578 0x1094  Dnscache - ok
09:18:48.0609 0x1094  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:18:48.0609 0x1094  Dot3svc - ok
09:18:48.0625 0x1094  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:18:48.0625 0x1094  dpti2o - ok
09:18:48.0640 0x1094  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:18:48.0640 0x1094  drmkaud - ok
09:18:48.0640 0x1094  [ 5D3B71BB2BB0009D65D290E2EF374BD3, 8D3A6164654975CEB85306A9FA24C554BD8BDF786CB8AC670D2E1314C567EF0A ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:18:48.0656 0x1094  DRVMCDB - ok
09:18:48.0656 0x1094  [ C591BA9F96F40A1FD6494DAFDCD17185, 645BAACFF58131674559959B594FC7DB2400F1009FC0338C4AD54CB41B0B384C ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:18:48.0656 0x1094  DRVNDDM - ok
09:18:48.0703 0x1094  [ 10CBD2B278CE365B41DE378632CB5DDB, AAB1BB5DC3FF11308C46D6C60D8C83E89FDA6EB5D16BD05E171700BC4433BA79 ] e1yexpress      C:\WINDOWS\system32\DRIVERS\e1y5132.sys
09:18:48.0718 0x1094  e1yexpress - ok
09:18:48.0750 0x1094  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:18:48.0750 0x1094  EapHost - ok
09:18:48.0781 0x1094  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:18:48.0796 0x1094  ERSvc - ok
09:18:48.0843 0x1094  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
09:18:48.0859 0x1094  Eventlog - ok
09:18:48.0906 0x1094  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
09:18:48.0921 0x1094  EventSystem - ok
09:18:49.0062 0x1094  [ 2D41D7250F73272946DE04FF7A19761E, 2688B19CB7048068D5C3CC27B7D8A88FAAF5D5BCD5DA017259C78FD47CCEF958 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:18:49.0093 0x1094  EvtEng - ok
09:18:49.0156 0x1094  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:18:49.0156 0x1094  Fastfat - ok
09:18:49.0187 0x1094  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:18:49.0203 0x1094  FastUserSwitchingCompatibility - ok
09:18:49.0234 0x1094  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
09:18:49.0250 0x1094  Fax - ok
09:18:49.0250 0x1094  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
09:18:49.0265 0x1094  Fdc - ok
09:18:49.0265 0x1094  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:18:49.0265 0x1094  Fips - ok
09:18:49.0281 0x1094  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:18:49.0296 0x1094  Flpydisk - ok
09:18:49.0296 0x1094  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:18:49.0312 0x1094  FltMgr - ok
09:18:49.0359 0x1094  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:18:49.0375 0x1094  FontCache3.0.0.0 - ok
09:18:49.0390 0x1094  [ 455F778EE14368468560BD7CB8C854D0, 06FAED65D9949BBD98A4DA8ECE5B24C08646EB6C4E09D84CD32A474B206B180C ] FsVga           C:\WINDOWS\system32\DRIVERS\fsvga.sys
09:18:49.0390 0x1094  FsVga - ok
09:18:49.0390 0x1094  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:18:49.0390 0x1094  Fs_Rec - ok
09:18:49.0421 0x1094  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:18:49.0421 0x1094  Ftdisk - ok
09:18:49.0468 0x1094  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:18:49.0468 0x1094  GEARAspiWDM - ok
09:18:49.0515 0x1094  [ FE4D369172AC1CC19C876BDB5BDC31A3, B02D58846C11D63DED9D211A271B1A01788FA162E8CD34645DBEFF136173FB92 ] gfiark          C:\WINDOWS\system32\drivers\gfiark.sys
09:18:49.0515 0x1094  gfiark - ok
09:18:49.0531 0x1094  [ 483924F92E55A5F9423201EC635E2CED, FEDAC3616709F081A0FA48E2BF521CBCC35E11E523EBADDEACA7308AD14338B3 ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
09:18:49.0531 0x1094  gfibto - ok
09:18:49.0546 0x1094  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:18:49.0546 0x1094  Gpc - ok
09:18:49.0625 0x1094  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate1c99ecddb6280e6 C:\Program Files\Google\Update\GoogleUpdate.exe
09:18:49.0640 0x1094  gupdate1c99ecddb6280e6 - ok
09:18:49.0640 0x1094  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:18:49.0640 0x1094  gupdatem - ok
09:18:49.0703 0x1094  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:18:49.0718 0x1094  gusvc - ok
09:18:49.0734 0x1094  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:18:49.0734 0x1094  HDAudBus - ok
09:18:49.0812 0x1094  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:18:49.0812 0x1094  helpsvc - ok
09:18:49.0843 0x1094  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
09:18:49.0843 0x1094  HidServ - ok
09:18:49.0859 0x1094  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:18:49.0859 0x1094  hidusb - ok
09:18:49.0890 0x1094  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:18:49.0890 0x1094  hkmsvc - ok
09:18:49.0906 0x1094  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
09:18:49.0906 0x1094  hpn - ok
09:18:49.0937 0x1094  [ 9F1D80908658EB7F1BF70809E0B51470, 84FD62D34BC63BA41027DD2164B1E4F86BC8783E8A601E9F189627A4B3D54AAA ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:18:49.0937 0x1094  HPZid412 - ok
09:18:49.0968 0x1094  [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3, 886A5222940A6E14B359B45AA158390468B601FB58949E7F5BEC93B5459AF689 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:18:49.0968 0x1094  HPZipr12 - ok
09:18:49.0984 0x1094  [ CF1B7951B4EC8D13F3C93B74BB2B461B, 3A1B8A9A9AB0E916288AD6198C377E3A4D278DB3D8DCD4299F0ADC83973F0495 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:18:50.0000 0x1094  HPZius12 - ok
09:18:50.0046 0x1094  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:18:50.0062 0x1094  HTTP - ok
09:18:50.0109 0x1094  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:18:50.0125 0x1094  HTTPFilter - ok
09:18:50.0125 0x1094  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
09:18:50.0125 0x1094  i2omgmt - ok
09:18:50.0171 0x1094  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:18:50.0171 0x1094  i2omp - ok
09:18:50.0218 0x1094  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:18:50.0218 0x1094  i8042prt - ok
09:18:50.0343 0x1094  [ F79525634B192F5A18DE503568F94EF3, B02CAF3D03F813F78F2D0C2E24777AF64A59BD79D86AC1BE30825E5B95231E3E ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:18:50.0375 0x1094  IAANTMON - ok
09:18:50.0453 0x1094  [ BAABB0301949774A66B955C65319635A, EEFF6FA5A09CD4FF40E404C9B52EC7DC9EA444B9810D4318B66216B18E6F1F10 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
09:18:50.0468 0x1094  iaStor - ok
09:18:50.0609 0x1094  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:18:50.0671 0x1094  idsvc - ok
09:18:50.0734 0x1094  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:18:50.0734 0x1094  Imapi - ok
09:18:50.0812 0x1094  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:18:50.0828 0x1094  ImapiService - ok
09:18:50.0859 0x1094  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:18:50.0859 0x1094  ini910u - ok
09:18:50.0906 0x1094  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
09:18:50.0906 0x1094  IntelIde - ok
09:18:50.0953 0x1094  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:18:50.0953 0x1094  intelppm - ok
09:18:51.0062 0x1094  [ 7BDB4E00E1CB174B56E5B2C31DDE68A7, C7FC4B2A3245DCD4E01B8DC9F7AA8D4FBDD5D1B4F5A00B8895B2EC5E9068D91A ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:18:51.0062 0x1094  IntuitUpdateService - ok
09:18:51.0093 0x1094  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:18:51.0109 0x1094  Ip6Fw - ok
09:18:51.0140 0x1094  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:18:51.0140 0x1094  IpFilterDriver - ok
09:18:51.0187 0x1094  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:18:51.0187 0x1094  IpInIp - ok
09:18:51.0234 0x1094  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:18:51.0250 0x1094  IpNat - ok
09:18:51.0359 0x1094  [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:18:51.0453 0x1094  iPod Service - ok
09:18:51.0484 0x1094  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:18:51.0500 0x1094  IPSec - ok
09:18:51.0515 0x1094  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:18:51.0515 0x1094  IRENUM - ok
09:18:51.0562 0x1094  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:18:51.0562 0x1094  isapnp - ok
09:18:51.0671 0x1094  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:18:51.0687 0x1094  JavaQuickStarterService - ok
09:18:51.0718 0x1094  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:18:51.0718 0x1094  Kbdclass - ok
09:18:51.0734 0x1094  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:18:51.0734 0x1094  kbdhid - ok
09:18:51.0781 0x1094  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:18:51.0796 0x1094  kmixer - ok
09:18:51.0812 0x1094  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:18:51.0828 0x1094  KSecDD - ok
09:18:51.0859 0x1094  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
09:18:51.0875 0x1094  LanmanServer - ok
09:18:51.0921 0x1094  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:18:51.0921 0x1094  lanmanworkstation - ok
09:18:51.0984 0x1094  [ CF9F4EFDF34FA5BF96FA2AB8F2255CE8, C7CBA35B2D2E4AA7C4B0C8AA79F96D8CEC519FF0E32CD3E6AC109B83E215872D ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
09:18:51.0984 0x1094  LBeepKE - ok
09:18:52.0093 0x1094  [ FF9E074CCC950398C7D293E1D4D003B3, 542104549F47BB99E9B93503485E7FDA50CAECB6B8C05D00752446DBE69A006B ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:18:52.0109 0x1094  LBTServ - ok
09:18:52.0156 0x1094  [ 59CED2543392EB10B2E8FEAE87A5D248, 3C412D8CB95AF1591D97884B6E3A1761C9EBC8FB66FC44820B47AB7AAEDB195F ] LEqdUsb         C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
09:18:52.0156 0x1094  LEqdUsb - ok
09:18:52.0187 0x1094  [ 26163F0F1C2636AE3FFF7C54600204A5, ED0BC7A1B70706896E2CF4909ECE472C3F28D515ECA8251CE907129CBAEE678B ] LHidEqd         C:\WINDOWS\system32\Drivers\LHidEqd.Sys
09:18:52.0187 0x1094  LHidEqd - ok
09:18:52.0187 0x1094  [ 74EA099C3D9DAD3A657BD89ED4A81C6D, AE0AED792857458CBBEDAD02462FDB5B687D06F5A33547A3EBB39812513BCEDA ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
09:18:52.0187 0x1094  LHidFilt - ok
09:18:52.0234 0x1094  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:18:52.0234 0x1094  LmHosts - ok
09:18:52.0234 0x1094  [ E9D42CDD5BD22BE28247B77953735650, A3CB9B62278830A40150C079370431B71BF5D04240CCE48D116D467D94006402 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
09:18:52.0250 0x1094  LMouFilt - ok
09:18:52.0296 0x1094  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys

 

Link to post
Share on other sites

Marius:  Remaining TDSSKILLER log:

  

======================================================= 

09:18:52.0296 0x1094  MBAMProtector - ok
09:18:52.0390 0x1094  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:18:52.0421 0x1094  MBAMScheduler - ok
09:18:52.0500 0x1094  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:18:52.0546 0x1094  MBAMService - ok
09:18:52.0593 0x1094  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:18:52.0593 0x1094  MBAMSwissArmy - ok
09:18:52.0703 0x1094  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:18:52.0750 0x1094  MDM - ok
09:18:52.0796 0x1094  [ 0377F70E41FEFA850B96A8FB157C5681, 6F194EB39BD8B4AB5A83BAB505D59C3AD77D8F3093023DF9D19606C7C324B2C6 ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
09:18:52.0796 0x1094  MemeoBackgroundService - ok
09:18:52.0843 0x1094  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:18:52.0843 0x1094  Messenger - ok
09:18:52.0890 0x1094  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:18:52.0890 0x1094  mnmdd - ok
09:18:52.0921 0x1094  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:18:52.0937 0x1094  mnmsrvc - ok
09:18:52.0968 0x1094  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:18:52.0968 0x1094  Modem - ok
09:18:53.0015 0x1094  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:18:53.0015 0x1094  Mouclass - ok
09:18:53.0031 0x1094  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:18:53.0031 0x1094  mouhid - ok
09:18:53.0046 0x1094  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:18:53.0062 0x1094  MountMgr - ok
09:18:53.0109 0x1094  [ 7EDBBB9351A38C6BB0FE98CFD44DB430, FF77429D7FF3429AD15FD29B4F0F1CF1DA66F69651BCA9525889EDD47AB0306D ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:18:53.0125 0x1094  MozillaMaintenance - ok
09:18:53.0156 0x1094  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:18:53.0156 0x1094  mraid35x - ok
09:18:53.0171 0x1094  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:18:53.0187 0x1094  MRxDAV - ok
09:18:53.0281 0x1094  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:18:53.0328 0x1094  MRxSmb - ok
09:18:53.0375 0x1094  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:18:53.0375 0x1094  MSDTC - ok
09:18:53.0390 0x1094  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:18:53.0390 0x1094  Msfs - ok
09:18:53.0390 0x1094  MSIServer - ok
09:18:53.0437 0x1094  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:18:53.0437 0x1094  MSKSSRV - ok
09:18:53.0453 0x1094  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:18:53.0453 0x1094  MSPCLOCK - ok
09:18:53.0468 0x1094  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:18:53.0468 0x1094  MSPQM - ok
09:18:53.0515 0x1094  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:18:53.0515 0x1094  mssmbios - ok
09:18:53.0531 0x1094  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
09:18:53.0531 0x1094  MSTEE - ok
09:18:53.0562 0x1094  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:18:53.0578 0x1094  Mup - ok
09:18:53.0625 0x1094  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:18:53.0625 0x1094  NABTSFEC - ok
09:18:53.0656 0x1094  [ A467E1DEB3BB2B57426C8A5993BA933E, B727FFBEE51FAB5A4DE61888ABF76CD0911C04AC3E60CC156778413C110C5E9C ] NAL             C:\WINDOWS\system32\Drivers\iqvw32.sys
09:18:53.0656 0x1094  NAL - ok
09:18:53.0687 0x1094  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:18:53.0703 0x1094  napagent - ok
09:18:53.0734 0x1094  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:18:53.0734 0x1094  NDIS - ok
09:18:53.0765 0x1094  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:18:53.0765 0x1094  NdisIP - ok
09:18:53.0796 0x1094  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:18:53.0796 0x1094  NdisTapi - ok
09:18:53.0843 0x1094  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:18:53.0843 0x1094  Ndisuio - ok
09:18:53.0843 0x1094  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:18:53.0859 0x1094  NdisWan - ok
09:18:53.0875 0x1094  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:18:53.0890 0x1094  NDProxy - ok
09:18:53.0906 0x1094  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:18:53.0906 0x1094  NetBIOS - ok
09:18:53.0921 0x1094  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:18:53.0937 0x1094  NetBT - ok
09:18:53.0968 0x1094  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:18:53.0968 0x1094  NetDDE - ok
09:18:53.0984 0x1094  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:18:53.0984 0x1094  NetDDEdsdm - ok
09:18:54.0015 0x1094  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:18:54.0015 0x1094  Netlogon - ok
09:18:54.0031 0x1094  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
09:18:54.0031 0x1094  Netman - ok
09:18:54.0078 0x1094  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:18:54.0093 0x1094  NetTcpPortSharing - ok
09:18:54.0281 0x1094  [ CFE1981A47A2F7650A1EF8917DC4D1C3, E4AD8D7A6E5389D6A3B37606AEC25B3B3E8042E293C34336C2C10E203F4FD439 ] NETw5x32        C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
09:18:54.0437 0x1094  NETw5x32 - ok
09:18:54.0468 0x1094  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:18:54.0468 0x1094  NIC1394 - ok
09:18:54.0546 0x1094  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:18:54.0546 0x1094  Nla - ok
09:18:54.0593 0x1094  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:18:54.0593 0x1094  Npfs - ok
09:18:54.0671 0x1094  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:18:54.0703 0x1094  Ntfs - ok
09:18:54.0734 0x1094  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:18:54.0734 0x1094  NtLmSsp - ok
09:18:54.0781 0x1094  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:18:54.0812 0x1094  NtmsSvc - ok
09:18:54.0843 0x1094  [ CF7E041663119E09D2E118521ADA9300, 0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
09:18:54.0843 0x1094  NuidFltr - ok
09:18:54.0859 0x1094  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:18:54.0859 0x1094  Null - ok
09:18:55.0437 0x1094  [ 25167771F5AFAD71808B0080FE4F2312, 8477FF9F50F81716322CF39DB265B8C210060AE146EF244B7DDBAE9BFCFE2BDF ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:18:56.0187 0x1094  nv - ok
09:18:56.0281 0x1094  [ 6D409284F20E21C613FD697C0640F760, 3C7F63D98CA063650013E4E352E84B09CCFB11B2713F28BD30BA0782A74879A5 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
09:18:56.0296 0x1094  NVSvc - ok
09:18:56.0312 0x1094  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:18:56.0312 0x1094  NwlnkFlt - ok
09:18:56.0328 0x1094  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:18:56.0328 0x1094  NwlnkFwd - ok
09:18:56.0375 0x1094  [ 0F538DF1673E5216F3BAACB6911D9D0F, 640A0BA1F897E7F927A01E44408202EF4884D2FE68E4CCB185F315D2B6F2E262 ] OA001Afx        C:\WINDOWS\system32\Drivers\OA001Afx.sys
09:18:56.0375 0x1094  OA001Afx - ok
09:18:56.0390 0x1094  [ 2CF21D5F8F1B74BB1922135AC2B12DDB, A6D6296A5477CB2AF7252CB1A0C4B5C384D0BFAE9F4860CAB466209BDC72C747 ] OA001Ufd        C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys
09:18:56.0406 0x1094  OA001Ufd - ok
09:18:56.0421 0x1094  [ 159E5A08A6A5231863CDDBD787A4EABB, 9CBCE596CCAB22D40B6EEF62619D89CFC721C7BE8859251D90DA6B075EFB7457 ] OA001Vid        C:\WINDOWS\system32\DRIVERS\OA001Vid.sys
09:18:56.0421 0x1094  OA001Vid - ok
09:18:56.0484 0x1094  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:18:56.0484 0x1094  ohci1394 - ok
09:18:56.0531 0x1094  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:18:56.0531 0x1094  ose - ok
09:18:56.0562 0x1094  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
09:18:56.0562 0x1094  Parport - ok
09:18:56.0578 0x1094  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:18:56.0578 0x1094  PartMgr - ok
09:18:56.0625 0x1094  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:18:56.0640 0x1094  ParVdm - ok
09:18:56.0640 0x1094  [ 4088C1ECD1F54281A92FA663B0FDC36F, DF6EF6C6ACBF7604681D86D352773E8C11937995C512761C66D50DB126F581C2 ] PBADRV          C:\WINDOWS\system32\DRIVERS\PBADRV.sys
09:18:56.0640 0x1094  PBADRV - ok
09:18:56.0671 0x1094  [ 1961590AA191B6B7DCF18A6A693AF7B8, 69DB6D42DB4EB8C77DC927FA946D115C19A936ADBD2F5677CBB5039401D6EFD0 ] PCASp50         C:\WINDOWS\system32\Drivers\PCASp50.sys
09:18:56.0671 0x1094  PCASp50 - ok
09:18:56.0687 0x1094  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:18:56.0687 0x1094  PCI - ok
09:18:56.0687 0x1094  PCIDump - ok
09:18:56.0703 0x1094  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:18:56.0703 0x1094  PCIIde - ok
09:18:56.0718 0x1094  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:18:56.0718 0x1094  Pcmcia - ok
09:18:56.0828 0x1094  [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
09:18:56.0843 0x1094  PDFProFiltSrvPP - ok
09:18:56.0890 0x1094  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
09:18:56.0890 0x1094  perc2 - ok
09:18:56.0906 0x1094  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:18:56.0906 0x1094  perc2hib - ok
09:18:56.0953 0x1094  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:18:56.0953 0x1094  PlugPlay - ok
09:18:57.0015 0x1094  [ 9D84376931440F3679BEEF2A414FA493, C800227A67C3C10A26114DB54F5390D2A475D36BE65E87CB890A6819B0BB4884 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
09:18:57.0015 0x1094  Pml Driver HPZ12 - ok
09:18:57.0031 0x1094  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:18:57.0031 0x1094  PolicyAgent - ok
09:18:57.0093 0x1094  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:18:57.0093 0x1094  PptpMiniport - ok
09:18:57.0109 0x1094  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:18:57.0109 0x1094  ProtectedStorage - ok
09:18:57.0109 0x1094  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:18:57.0109 0x1094  PSched - ok
09:18:57.0125 0x1094  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:18:57.0125 0x1094  Ptilink - ok
09:18:57.0187 0x1094  [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:18:57.0187 0x1094  PxHelp20 - ok
09:18:57.0218 0x1094  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:18:57.0234 0x1094  ql1080 - ok
09:18:57.0234 0x1094  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:18:57.0250 0x1094  Ql10wnt - ok
09:18:57.0250 0x1094  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:18:57.0250 0x1094  ql12160 - ok
09:18:57.0265 0x1094  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:18:57.0265 0x1094  ql1240 - ok
09:18:57.0296 0x1094  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:18:57.0296 0x1094  ql1280 - ok
09:18:57.0312 0x1094  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:18:57.0312 0x1094  RasAcd - ok
09:18:57.0343 0x1094  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:18:57.0359 0x1094  RasAuto - ok
09:18:57.0390 0x1094  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:18:57.0390 0x1094  Rasl2tp - ok
09:18:57.0406 0x1094  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:18:57.0421 0x1094  RasMan - ok
09:18:57.0421 0x1094  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:18:57.0437 0x1094  RasPppoe - ok
09:18:57.0437 0x1094  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:18:57.0437 0x1094  Raspti - ok
09:18:57.0453 0x1094  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:18:57.0468 0x1094  Rdbss - ok
09:18:57.0468 0x1094  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:18:57.0468 0x1094  RDPCDD - ok
09:18:57.0484 0x1094  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:18:57.0484 0x1094  rdpdr - ok
09:18:57.0546 0x1094  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:18:57.0546 0x1094  RDPWD - ok
09:18:57.0578 0x1094  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:18:57.0593 0x1094  RDSessMgr - ok
09:18:57.0625 0x1094  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:18:57.0640 0x1094  redbook - ok
09:18:57.0734 0x1094  [ ED8C9F16E10C1E4C4C5D16CD04966E24, B7A289C14A08FA89C35776BFF53277CF5EEF4C59246B6221B99327E5B0547CD9 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:18:57.0765 0x1094  RegSrvc - ok
09:18:57.0796 0x1094  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:18:57.0796 0x1094  RemoteAccess - ok
09:18:57.0828 0x1094  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:18:57.0828 0x1094  RemoteRegistry - ok
09:18:57.0890 0x1094  [ 355AAC141B214BEF1DBC1483AFD9BD50, EB9AF96E81C1644C0190D269119BE71C63B60D50153C6EA2659B488C4456DBDF ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:18:57.0890 0x1094  rimmptsk - ok
09:18:57.0921 0x1094  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:18:57.0921 0x1094  RpcLocator - ok
09:18:57.0968 0x1094  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
09:18:57.0984 0x1094  RpcSs - ok
09:18:58.0031 0x1094  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:18:58.0046 0x1094  RSVP - ok
09:18:58.0109 0x1094  [ D7F1F8D85F31CBB74442EC30177885CC, 388372F0CCD1A890BE64B590D533F49634903AC9F5373D1A541E3E1BDB968C1B ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
09:18:58.0156 0x1094  S24EventMonitor - ok
09:18:58.0156 0x1094  [ 1F950F97DBF5E0BA4FBBFAF074D3B47C, 5710630EE601C89A442CF1F3635A025208A9EF05B146E724B6B6421029B78EA9 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:18:58.0156 0x1094  s24trans - ok
09:18:58.0171 0x1094  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:18:58.0171 0x1094  SamSs - ok
09:18:58.0234 0x1094  [ 5BF35C4EA3F00FA8D3F1E5BF03D24584, F2B57EACE3E5259793D245243530537123EA87304432B91F12C1397F14D5D8D6 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:18:58.0234 0x1094  SASDIFSV - ok
09:18:58.0265 0x1094  [ A22F08C98AC2F44587BF3A1FB52BF8CD, 9FEBA5491AE674C7B37C5089E491E2FF74A444DA902E3CE2B15867DDE5166901 ] SASENUM         C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
09:18:58.0265 0x1094  SASENUM - ok
09:18:58.0296 0x1094  [ C7D81C10D3BEFEEE41F3408714637438, ED46B3DE3195B80B34AF0506B2B2940EBC6F243EAC8FC7C485C594DE88E058B2 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
09:18:58.0296 0x1094  SASKUTIL - ok
09:18:58.0531 0x1094  [ 99FC1599F89A80216E41175B8CA44D89, 20306278CF081E58002D6ADCC07CA65D7651C8D059392337562612EDFAC5BEB5 ] SBAMSvc         C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
09:18:58.0703 0x1094  SBAMSvc - ok
09:18:58.0734 0x1094  [ 862EEC4DFFF55AB124C9F4C758BECC39, 540CB49B73D35B78B4679ABC5A141D24653EC739017CE85ACC7B2F6FF425CD26 ] sbaphd          C:\WINDOWS\system32\drivers\sbaphd.sys
09:18:58.0734 0x1094  sbaphd - ok
09:18:58.0796 0x1094  [ 87574F4C899E8AEDDDC1EDF71D3E045E, F5C1A296D1756B2B8D1C5226C6DB1CF515E985E41F303479EA5D0A723116601B ] sbapifs         C:\WINDOWS\system32\drivers\sbapifs.sys
09:18:58.0796 0x1094  sbapifs - ok
09:18:58.0843 0x1094  [ 1AFD7178AB9C4FCE2D332DA7AA474FA6, 3BB060060354C1E3591EB0722A1251A6C269B78C0B7CACAD07D23BBF00E16EB2 ] sbhips          C:\WINDOWS\system32\drivers\sbhips.sys
09:18:58.0843 0x1094  sbhips - ok
09:18:58.0843 0x1094  SBRE - ok
09:18:58.0890 0x1094  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:18:58.0890 0x1094  SCardSvr - ok
09:18:58.0921 0x1094  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:18:58.0921 0x1094  Schedule - ok
09:18:58.0984 0x1094  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:18:58.0984 0x1094  sdbus - ok
09:18:59.0046 0x1094  [ A1A26E8EC51E199D873D85F3E2B6FC65, 0F1DDAE5191EF6191295CA6690ED0CE6F401D44CC3C192D135C48C20173450CD ] SeagateDashboardService C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
09:18:59.0046 0x1094  SeagateDashboardService - ok
09:18:59.0078 0x1094  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:18:59.0078 0x1094  Secdrv - ok
09:18:59.0078 0x1094  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:18:59.0078 0x1094  seclogon - ok
09:18:59.0187 0x1094  [ E80163F46AE96CC0A05FB9F3F55DEB18, A8802359CDE45843D40A737C2F5041687AAC9BBB5AFD92DA06EB84F123294CB5 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
09:18:59.0218 0x1094  SecureStorageService - ok
09:18:59.0250 0x1094  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
09:18:59.0250 0x1094  SENS - ok
09:18:59.0265 0x1094  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:18:59.0265 0x1094  Serenum - ok
09:18:59.0265 0x1094  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:18:59.0281 0x1094  Serial - ok
09:18:59.0312 0x1094  [ 0FA803C64DF0914B41F807EA276BF2A6, 847B1CD47ADF9E4AE298E74CC53A7F9DB4E58F43919D3A2BBFFE07244134778D ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
09:18:59.0312 0x1094  sffdisk - ok
09:18:59.0328 0x1094  [ C17C331E435ED8737525C86A7557B3AC, F1DEB2CA5D8E02280782B354A31E148E3A2F2B5F57AD6C575875DE20F6D3C930 ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
09:18:59.0328 0x1094  sffp_sd - ok
09:18:59.0343 0x1094  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:18:59.0343 0x1094  Sfloppy - ok
09:18:59.0421 0x1094  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:18:59.0453 0x1094  SharedAccess - ok
09:18:59.0468 0x1094  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:18:59.0484 0x1094  ShellHWDetection - ok
09:18:59.0484 0x1094  Simbad - ok
09:18:59.0531 0x1094  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:18:59.0531 0x1094  sisagp - ok
09:18:59.0578 0x1094  [ F2B755D3835089590E8113F48AA931F7, 59F4D43CBE4252EEE86F9CFD92361484CCE2F61A292F094C7A6ECDF411D7D2C4 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
09:18:59.0593 0x1094  SkypeUpdate - ok
09:18:59.0609 0x1094  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:18:59.0609 0x1094  SLIP - ok
09:18:59.0656 0x1094  [ 24D62FC9201D172F69C47355D185213B, 40351B39D164C398C9CD8031FF48B8A36D520969551E2A36CD1649B4BCDD13F4 ] SMManager       C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
09:18:59.0656 0x1094  SMManager - ok
09:18:59.0703 0x1094  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:18:59.0703 0x1094  Sparrow - ok
09:18:59.0734 0x1094  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:18:59.0750 0x1094  splitter - ok
09:18:59.0796 0x1094  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:18:59.0796 0x1094  Spooler - ok
09:18:59.0812 0x1094  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:18:59.0828 0x1094  sr - ok
09:18:59.0875 0x1094  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:18:59.0875 0x1094  srservice - ok
09:18:59.0921 0x1094  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:18:59.0937 0x1094  Srv - ok
09:18:59.0937 0x1094  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:18:59.0953 0x1094  SSDPSRV - ok
09:18:59.0984 0x1094  [ CB2449150A5EA17CAA0B94363D9440CC, 7D852C5EB84738B9D1A5A096E54279DAFA1BC0407D8A6F66A79F38CB269D2E1F ] STacSV          c:\drivers\audio\r205445\stacsv.exe
09:19:00.0000 0x1094  STacSV - ok
09:19:00.0093 0x1094  [ 886C708C91DB573656D64C626468D707, F613A773D66F8CAC853779C16709D52D7C36368201D55719B0158D5657846457 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
09:19:00.0156 0x1094  STHDA - ok
09:19:00.0171 0x1094  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:19:00.0187 0x1094  stisvc - ok
09:19:00.0234 0x1094  [ DE3E7A2345EBAA3CE8E6957DFB55FB15, DEFA772F7B08ADE3FCC4FDEDE14FD388E32E7395F44E67E3DAB2CD26E417D5C9 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:19:00.0234 0x1094  stllssvr - ok
09:19:00.0250 0x1094  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:19:00.0250 0x1094  streamip - ok
09:19:00.0281 0x1094  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:19:00.0281 0x1094  swenum - ok
09:19:00.0328 0x1094  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:19:00.0328 0x1094  swmidi - ok
09:19:00.0328 0x1094  SwPrv - ok
09:19:00.0359 0x1094  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
09:19:00.0359 0x1094  symc810 - ok
09:19:00.0375 0x1094  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:19:00.0390 0x1094  symc8xx - ok
09:19:00.0406 0x1094  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:19:00.0406 0x1094  sym_hi - ok
09:19:00.0421 0x1094  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:19:00.0437 0x1094  sym_u3 - ok
09:19:00.0468 0x1094  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:19:00.0468 0x1094  sysaudio - ok
09:19:00.0515 0x1094  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:19:00.0531 0x1094  SysmonLog - ok
09:19:00.0593 0x1094  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:19:00.0625 0x1094  TapiSrv - ok
09:19:00.0687 0x1094  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:19:00.0734 0x1094  Tcpip - ok
09:19:00.0875 0x1094  [ BA9202E263A6FC1FFD7889FEA186A2C4, 8085E1F5144F8E54EDBA283E3BACCFDC2D560B9BFBCC5C2BD0143E1A17646DAA ] tcsd_win32.exe  C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:19:00.0984 0x1094  tcsd_win32.exe - ok
09:19:01.0093 0x1094  [ EA63BF38938AD9917BEB1846D6D15C84, 96A4EC6F605B01C6D0F9A4B5199E43CE7DC6535D6C245E0AABB27783CE7A0559 ] TdmService      C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
09:19:01.0171 0x1094  TdmService - ok
09:19:01.0218 0x1094  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:19:01.0218 0x1094  TDPIPE - ok
09:19:01.0250 0x1094  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:19:01.0250 0x1094  TDTCP - ok
09:19:01.0265 0x1094  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:19:01.0281 0x1094  TermDD - ok
09:19:01.0328 0x1094  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
09:19:01.0343 0x1094  TermService - ok
09:19:01.0390 0x1094  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:19:01.0406 0x1094  Themes - ok
09:19:01.0437 0x1094  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
09:19:01.0453 0x1094  TlntSvr - ok
09:19:01.0484 0x1094  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
09:19:01.0484 0x1094  TosIde - ok
09:19:01.0500 0x1094  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:19:01.0515 0x1094  TrkWks - ok
09:19:01.0546 0x1094  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:19:01.0546 0x1094  Udfs - ok
09:19:01.0593 0x1094  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
09:19:01.0593 0x1094  ultra - ok
09:19:01.0625 0x1094  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:19:01.0656 0x1094  Update - ok
09:19:01.0703 0x1094  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:19:01.0718 0x1094  upnphost - ok
09:19:01.0734 0x1094  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
09:19:01.0750 0x1094  UPS - ok
09:19:01.0796 0x1094  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
09:19:01.0796 0x1094  USBAAPL - ok
09:19:01.0843 0x1094  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
09:19:01.0859 0x1094  usbaudio - ok
09:19:01.0890 0x1094  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:19:01.0890 0x1094  usbccgp - ok
09:19:01.0937 0x1094  [ 150442FA5224DC338028543E2FFFA7B4, 9A93CCE5E936A79C237B84D50C8E4D7F3CAAB2F5C91E70DB96E1889713384DB6 ] USBCCID         C:\WINDOWS\system32\DRIVERS\usbccid.sys
09:19:01.0937 0x1094  USBCCID - ok
09:19:01.0968 0x1094  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:19:01.0968 0x1094  usbehci - ok
09:19:02.0015 0x1094  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:19:02.0031 0x1094  usbhub - ok
09:19:02.0078 0x1094  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:19:02.0078 0x1094  usbprint - ok
09:19:02.0109 0x1094  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:19:02.0109 0x1094  usbscan - ok
09:19:02.0140 0x1094  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:19:02.0140 0x1094  USBSTOR - ok
09:19:02.0171 0x1094  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:19:02.0171 0x1094  usbuhci - ok
09:19:02.0203 0x1094  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
09:19:02.0203 0x1094  usbvideo - ok
09:19:02.0218 0x1094  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:19:02.0218 0x1094  VgaSave - ok
09:19:02.0234 0x1094  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:19:02.0234 0x1094  viaagp - ok
09:19:02.0250 0x1094  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
09:19:02.0250 0x1094  ViaIde - ok
09:19:02.0281 0x1094  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:19:02.0281 0x1094  VolSnap - ok
09:19:02.0343 0x1094  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
09:19:02.0375 0x1094  VSS - ok
09:19:02.0390 0x1094  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time         C:\WINDOWS\system32\w32time.dll
09:19:02.0421 0x1094  w32time - ok
09:19:02.0437 0x1094  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:19:02.0437 0x1094  Wanarp - ok
09:19:02.0468 0x1094  [ 0BE8DD6C95C5BDFF9C5F3FA8095D304C, ADAC072E03ADBBBDE373A86A3AA111442D2FFC6CBD10E0B3D0A98FAF5817BEB7 ] WavxDMgr        C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
09:19:02.0468 0x1094  WavxDMgr - ok
09:19:02.0531 0x1094  [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:19:02.0562 0x1094  Wdf01000 - ok
09:19:02.0562 0x1094  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:19:02.0578 0x1094  wdmaud - ok
09:19:02.0578 0x1094  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:19:02.0593 0x1094  WebClient - ok
09:19:02.0703 0x1094  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:19:02.0703 0x1094  winmgmt - ok
09:19:02.0781 0x1094  [ BD4DACD31BD71CFCD5610BF9AD6E06E7, CC1A7BFA9F320A63D234CE0B8478E6619FDEF4CF652D21A838469455FE92C656 ] WLANKEEPER      C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
09:19:02.0796 0x1094  WLANKEEPER - ok
09:19:02.0828 0x1094  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
09:19:02.0828 0x1094  WmdmPmSN - ok
09:19:02.0890 0x1094  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
09:19:02.0921 0x1094  Wmi - ok
09:19:02.0921 0x1094  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:19:02.0921 0x1094  WmiAcpi - ok
09:19:02.0984 0x1094  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:19:02.0984 0x1094  WmiApSrv - ok
09:19:03.0078 0x1094  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
09:19:03.0125 0x1094  WMPNetworkSvc - ok
09:19:03.0171 0x1094  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:19:03.0171 0x1094  WS2IFSL - ok
09:19:03.0218 0x1094  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:19:03.0234 0x1094  wscsvc - ok
09:19:03.0234 0x1094  WSearch - ok
09:19:03.0265 0x1094  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:19:03.0265 0x1094  WSTCODEC - ok
09:19:03.0281 0x1094  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:19:03.0281 0x1094  wuauserv - ok
09:19:03.0296 0x1094  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:19:03.0312 0x1094  WudfPf - ok
09:19:03.0328 0x1094  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:19:03.0328 0x1094  WudfRd - ok
09:19:03.0343 0x1094  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
09:19:03.0343 0x1094  WudfSvc - ok
09:19:03.0390 0x1094  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:19:03.0421 0x1094  WZCSVC - ok
09:19:03.0453 0x1094  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:19:03.0453 0x1094  xmlprov - ok
09:19:03.0531 0x1094  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:19:03.0562 0x1094  YahooAUService - ok
09:19:03.0578 0x1094  ================ Scan global ===============================
09:19:03.0640 0x1094  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
09:19:03.0687 0x1094  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:19:03.0734 0x1094  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:19:03.0781 0x1094  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
09:19:03.0781 0x1094  [ Global ] - ok
09:19:03.0781 0x1094  ================ Scan MBR ==================================
09:19:03.0796 0x1094  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:19:04.0093 0x1094  \Device\Harddisk0\DR0 - ok
09:19:04.0093 0x1094  ================ Scan VBR ==================================
09:19:04.0093 0x1094  [ 09CF8354A803E5109A031AF29784FA35 ] \Device\Harddisk0\DR0\Partition1
09:19:04.0093 0x1094  \Device\Harddisk0\DR0\Partition1 - ok
09:19:04.0093 0x1094  Waiting for KSN requests completion. In queue: 37
09:19:05.0156 0x1094  AV detected via SS1: Lavasoft Ad-Aware, 6.0.5449, disabled, updated
09:19:05.0156 0x1094  FW detected via SS1: Lavasoft Ad-Aware, 6.0.5449, disabled
09:19:05.0156 0x1094  Win FW state via NFM: disabled
09:19:05.0484 0x1094  ============================================================
09:19:05.0484 0x1094  Scan finished
09:19:05.0484 0x1094  ============================================================
09:19:05.0515 0x137c  Detected object count: 0
09:19:05.0515 0x137c  Actual detected object count: 0
09:29:37.0390 0x0d84  Deinitialize success 

Link to post
Share on other sites

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKU\Administrator\...\Run: [BrowserSafeguard] - C:\Program Files\Browsersafeguard\Browsersafeguard.exeHKU\Administrator\...\Run: [SearchProtect] - C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exeHKU\Administrator\...\Run: [ConduitFloatingPlugin_eibleipkbineaadpnemmalkahodjhdbd] - "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3314312\plugins\TBVerifier.dll",RunConduitFloatingPlugin eibleipkbineaadpnemmalkahodjhdbdURLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)SearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {E5F5D888-2587-E012-A817-7038F5690F26} URL = http://bing.zugo.com...g=2-114-0-1UPWKFF SelectedSearchEngine: SecureSearchFF NetworkProxy: "http", "127.0.0.1"FF NetworkProxy: "http_port", 1072CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, IncCHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crxCHR HKLM\...\Chrome\Extension: [miijoamjkkkkmnjhklgiiohpeeckdofp] - C:\Documents and Settings\Kazuyo\Local Settings\Application Data\CRE\miijoamjkkkkmnjhklgiiohpeeckdofp.crxC:\Documents and Settings\All Users\Application Data\adawaretbC:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dllC:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dllC:\Program Files\Yahoo!C:\Program Files\BrowsersafeguardC:\Documents and Settings\Administrator\Application Data\SearchProtectC:\Program Files\ConduitC:\Documents and Settings\Kazuyo\Local Settings\Application Data\CRE\miijoamjkkkkmnjhklgiiohpeeckdofp.crxC:\Documents and Settings\Kazuyo\gotomypc_540.exeC:\Documents and Settings\sshiigi\gotomypc_540.exe
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

When you say save fixlist.txt "to the same direction as FRST,"  - I believe you want me to run the saved script fixlist.txt in FRST.  How is that done?  FRST is saved on my desktop.  Do I double click FRST and insert the fixlist.txt script somewhere and then press Fix?  I'm not clear on what's meant by same direction. 

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by sshiigi at 2013-11-22 02:20:13 Run:1
Running from C:\Documents and Settings\sshiigi\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Administrator\...\Run: [browserSafeguard] - C:\Program Files\Browsersafeguard\Browsersafeguard.exe
HKU\Administrator\...\Run: [searchProtect] - C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe
HKU\Administrator\...\Run: [ConduitFloatingPlugin_eibleipkbineaadpnemmalkahodjhdbd] - "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3314312\plugins\TBVerifier.dll",RunConduitFloatingPlugin eibleipkbineaadpnemmalkahodjhdbd
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {E5F5D888-2587-E012-A817-7038F5690F26} URL = http://bing.zugo.com...g=2-114-0-1UPWK
FF SelectedSearchEngine: SecureSearch
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 1072
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx
CHR HKLM\...\Chrome\Extension: [miijoamjkkkkmnjhklgiiohpeeckdofp] - C:\Documents and Settings\Kazuyo\Local Settings\Application Data\CRE\miijoamjkkkkmnjhklgiiohpeeckdofp.crx

C:\Documents and Settings\All Users\Application Data\adawaretb
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
C:\Program Files\Yahoo!
C:\Program Files\Browsersafeguard
C:\Documents and Settings\Administrator\Application Data\SearchProtect
C:\Program Files\Conduit
C:\Documents and Settings\Kazuyo\Local Settings\Application Data\CRE\miijoamjkkkkmnjhklgiiohpeeckdofp.crx
C:\Documents and Settings\Kazuyo\gotomypc_540.exe
C:\Documents and Settings\sshiigi\gotomypc_540.exe
*****************

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_eibleipkbineaadpnemmalkahodjhdbd => Value deleted successfully.
C:\Program Files\Yahoo! => Moved successfully.
"C:\Program Files\Browsersafeguard" => File/Directory not found.
"C:\Documents and Settings\Administrator\Application Data\SearchProtect" => File/Directory not found.
"C:\Program Files\Conduit" => File/Directory not found.
"C:\Documents and Settings\Kazuyo\Local Settings\Application Data\CRE\miijoamjkkkkmnjhklgiiohpeeckdofp.crx" => File/Directory not found.
C:\Documents and Settings\Kazuyo\gotomypc_540.exe => Moved successfully.
C:\Documents and Settings\sshiigi\gotomypc_540.exe => Moved successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.22.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
sshiigi :: DFB69GJ1 [administrator]

Protection: Enabled

11/22/2013 2:32:27 AM
mbam-log-2013-11-22 (02-32-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 537583
Time elapsed: 3 hour(s), 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Marius:  The system32 folder still opens at startup after running Fix with FRST and MBAM full scan per above. 

 

One comment, the time zone difference between Germany and Hawaii is 11 hours. Since my daytime is your night time, there is very little overlap of on-line time that we share.  This obviously limits continuity and productivity - it is not an efficient process.  Given the situation, can you possibly refer my case to another expert in the USA, closer to my time zone?  If not, we will continue to move forward especially if you feel this can be resolved soon. 

 

With all respect, it is not a reflection of your technical abilities. 

 

Thank you,

moonshadow

Link to post
Share on other sites

I´ll try to get someone else for you.

Your problem is not malware related, let´s try something:

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKCU\...\Run: [ISUSPM] -  -scheduler
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

Reboot and tell me if the folder is opened again

Link to post
Share on other sites

Marius:  The system32 folder DOES NOT open up anymore at startup.  Looks OK.

 

********************************

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-11-2013
Ran by sshiigi at 2013-11-24 10:36:59 Run:2
Running from C:\Documents and Settings\sshiigi\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [iSUSPM] -  -scheduler
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM => Value deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Documents and Settings\sshiigi\Application Data\adawaretb\adawaretb.dll.vir a variant of Win32/Toolbar.Visicom.A application
C:\AdwCleaner\Quarantine\C\Documents and Settings\sshiigi\Application Data\adawaretb\dtUser.exe.vir a variant of Win32/Toolbar.Visicom.C application
C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\adawareDx.dll.vir a variant of Win32/Toolbar.Visicom.B application
C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\adawaretb.dll.vir a variant of Win32/Toolbar.Visicom.A application
C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\dtUser.exe.vir a variant of Win32/Toolbar.Visicom.C application
C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\Documents and Settings\administrator.CBCI\Application Data\Mozilla\Firefox\Profiles\c4kbf8cm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C application
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\e68jkvzq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\adawaretb.dll a variant of Win32/Toolbar.Visicom.A application
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\e68jkvzq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C application
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C application
C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\adawaretb.dll a variant of Win32/Toolbar.Visicom.A application
C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C application
C:\Program Files\Ad-Aware Antivirus\AdAwareSafeBrowsing.exe multiple threats
 

Link to post
Share on other sites

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    C:\Documents and Settings\administrator.CBCI\Application Data\Mozilla\Firefox\Profiles\c4kbf8cm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\e68jkvzq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-11-2013
Ran by sshiigi at 2013-11-25 02:39:46 Run:3
Running from C:\Documents and Settings\sshiigi\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Documents and Settings\administrator.CBCI\Application Data\Mozilla\Firefox\Profiles\c4kbf8cm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\e68jkvzq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
*****************

C:\Documents and Settings\administrator.CBCI\Application Data\Mozilla\Firefox\Profiles\c4kbf8cm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} => Moved successfully.
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\e68jkvzq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} => Moved successfully.

"C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}" directory move:

C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\toolbar\de.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\toolbar\en.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\toolbar\es.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\toolbar\fr.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\toolbar\it.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\lib\de.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\lib\en.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\lib\es.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\lib\fr.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\lib\it.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\data\search\engines.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\data\search\search.xsl => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\custom.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\preferences.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\toolbar.htm => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\toolbar.xul => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.ToolbarCleaner\tb_icon.png => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.ToolbarCleaner\widget.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.ToolbarCleaner\widget.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\ClearBrowserDataDialog.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\tb_icon.png => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\widget.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\widget.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\com.mystart.BrowserHistoryCleaner\tb_icon.png => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\com.mystart.BrowserHistoryCleaner\widget.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\com.mystart.BrowserHistoryCleaner\widget.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\newtab\newtab.html => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\newtab\images\bullet.gif => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\newtab\images\field_bg.gif => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\newtab\images\powered_by_yahoo.gif => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\newtab\images\top_image.png => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\modules\datastore.jsm => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\modules\nsDragAndDrop.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\about.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\dtxpanel.xul => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\dtxpaneltransparent.xul => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\dtxpanelwin.xul => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\dtxprefwin.xul => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\dtxtransparentwin.xul => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\dtxwin.xul => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\emailnotifierproviders.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\external.js => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\neterror.xhtml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\rsspreview.html => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\rsswin.xml => Moved successfully.
C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib\rsswin.xsl => Moved successfully.
"C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}" => Directory moved successfully.

C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} => Moved successfully.

==== End of Fixlog ====

 

 

# AdwCleaner v3.013 - Report created 25/11/2013 at 02:58:49
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : sshiigi - DFB69GJ1
# Running from : C:\Documents and Settings\sshiigi\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\adawaretb

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\prefs.js ]

[ File : C:\Documents and Settings\administrator.CBCI\Application Data\Mozilla\Firefox\Profiles\c4kbf8cm.default\prefs.js ]

[ File : C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\prefs.js ]

[ File : C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\e68jkvzq.default\prefs.js ]

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\sshiigi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [12449 octets] - [16/10/2013 10:46:59]
AdwCleaner[R1].txt - [2657 octets] - [25/11/2013 02:51:43]
AdwCleaner[s0].txt - [12719 octets] - [16/10/2013 10:53:44]
AdwCleaner[s1].txt - [2604 octets] - [25/11/2013 02:58:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2664 octets] ##########

 

 

 Results of screen317's Security Check version 0.99.77 
 Windows XP Service Pack 3 x86  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Lavasoft Ad-Aware  
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 SUPERAntiSpyware Free Edition  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 7 Update 45 
 Adobe Flash Player  11.6.602.180 
 Adobe Reader 9 
 Adobe Reader XI 
 Mozilla Firefox 20.0.1 Firefox out of Date! 
 Google Chrome 31.0.1650.48 
 Google Chrome 31.0.1650.57 
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Ad-Aware Antivirus AdAwareService.exe  
 Ad-Aware Antivirus SBAMSvc.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your system is clean now! :)

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

Marius:  Thank you so much, looks clean!  The only issue I had was that by using the provided link for aps, the Information Bar kept preventing the automatic download of files & software.  Even after clicking the option to download, nothing happens.  This is new.  I've worked around it by searchng and going to the site directly to download.  Otherwise, the machine runs well.

 

moonshadow  

Link to post
Share on other sites

Yes, IE normally blocks automatic downloads of files & software which you may opt to download thru the Information Bar.  That's a great feature.  However, I'm saying I can no longer download after opting to do so.  The linked sites (e.g. TDSSKiller, ESET, AdwCleaner, SecurityCheck etc) are simply blank after opting to download.  This is something new.  To work around it, I've had to search and go directly to each website to download the aps. 

 

If this is unrelated to the current issue, I'm OK with closing this thread.  The specific problem of the system32 folder opening up at startup has been resolved, thanks to you.  I guess there were Win32 toolbar related problems in the various browsers.      

Link to post
Share on other sites

Still not able to download from the linked web sites. 

 

The Microsoft Community instuctions included Method 2 where:

  • Step 1 suggested searching for %temp% and deleting all files and folders in this folder.  The search did not find this folder. 
  • Step 2 said to go to c:\Windows and delete all contents from the "Prefetch" and "Temp" folders.  I did so and now my machine is acting strange and very sluggish.  The contents of Prefetch are in the Recycle Bin and I don't know where the Temp contents went.  Should I return the contents of Prefetch back to its folder? 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.