Have Rootkit.Boot.Pihar.c and who knows what else?

[scb175]

This is a Toshiba Satellite L505D-S5983 with Windows 7 home premium.  The computer had been freezing a lot so I ran numerous spyware removal tools to see what the problem was.  I ran RogueKiller, AdwCleaner, Combofix, FSS, malware bytes antirootkit, and tdsskiller.  TDSSkiller found the trojan and when I had to reboot, I received this Error: F3-F100-0004.  Now I basically can not get into windows... safe mode or anything.  I have run FRST.exe and Listparts.exe from the recovery console command prompt.  I will post the results below. 

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2013 01
Ran by SYSTEM on MININT-T5OK5QJ on 25-11-2013 08:23:40
Running from F:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [193880 2010-11-19] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [LTCM Client] - C:\Program Files\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKU\Karen\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [ 2013-09-13] (Apple Inc.)
HKU\Karen\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [ 2013-09-15] (Apple Inc.)
HKU\Karen\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [ 2013-09-04] (Apple Inc.)
HKU\Karen\...\Run: [KHDsoft Update] - regsvr32.exe C:\Users\Karen\AppData\Local\KHDsoft\SWFFile.dll
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S2 EpsonScanSvc; C:\windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [167520 2011-11-01] (SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2011-11-01] (SEIKO EPSON CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
S2 gupdate1ca97bb214096eb; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-17] (Google Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

S0 26070636; C:\Windows\System32\drivers\30554891.sys [204896 2013-11-22] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372736 2009-08-13] (Realtek Semiconductor Corporation                           )
S2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Karen\AppData\Local\Temp\catchme.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\drivers\30554891.sys 0EF33C98C16F33441954048FBC07089E
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AGRSM.sys 7E10E3BB9B258AD8A9300F91214D67B9
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys 76BAB0C824E2D05B940C4DD40A9B08BF
C:\Windows\System32\DRIVERS\atikmdag.sys C97BE8350FBCB1960B22FAD2E6C2B514
C:\Windows\System32\DRIVERS\AtiPcie.sys B73C832088DD54B55E04FF6F9646AD8C
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys DB5E008B3744DD60C8498CBBF2A1CFA6
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 500A9814FD9446A8126858A5A7F7D273
C:\Windows\System32\DRIVERS\fvevol.sys 4732E596BB1C50D9F9188C5074EE7782
C:\Windows\System32\DRIVERS\FwLnk.sys 0F76E205BDC60364F08A5949082771CA
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys E4A2E810CB2607C9C159C0DFB0BD4C88
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 52FC17C8589F11747D01D3CF592673D0
C:\Windows\System32\Drivers\ksecpkg.sys 3E5474B03568CFAB834DA3C38E8C9EFA
C:\Windows\System32\DRIVERS\btblan.sys 5CFFDA921FE0C9E9EBDE3150D3C81594
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys E77DC03DD3C8E5A388BF9EED2A28F3D1
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 32FF06EC6D946EF791D98D6C838A3090
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A8F59428E9F361C7AC42A94AC1560BC9
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 66D3415C159741ADE7038A277EFFF99F
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys C5B8D47A4688DE9D335204EA757C2240
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys EF8B2AFC3C0751C5E5A59983C8893260
C:\Windows\System32\DRIVERS\Rt86win7.sys 6465166DD9B2F841DABAD16ABDADBE98
C:\Windows\System32\DRIVERS\RTL8187Se.sys 5BD298BDF62E6A8A0FC69F73A82A52BB
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 8BD10DC8809DC69A1C5A795CB10ADD76
C:\Windows\System32\drivers\tcpip.sys BBCEAEFF1FD72A026F827CBB2F4AA8AD
C:\Windows\System32\DRIVERS\tcpip.sys BBCEAEFF1FD72A026F827CBB2F4AA8AD
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\DRIVERS\tdcmdpst.sys 4084EA00D50C858D6F9038F86AE2E2D0
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tos_sps32.sys 969377943FE7284609BABBAB4E06B93C
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\System32\DRIVERS\TVALZ_O.SYS FC24015B4052600C324C43E3A79C0664
C:\Windows\System32\DRIVERS\TVALZFL.sys 866462F5AE3F375EF83EF9DCE436031C
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 8BF5D980CDCE35FB26F05047144BB57E
C:\Windows\System32\DRIVERS\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\System32\DRIVERS\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\system32\drivers\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\Drivers\usbvideo.sys B5F6A992D996282B7FAE7048E50AF83A
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 59F06B4968E58BC83DFC56CA4517960E
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 08:22 - 2013-11-25 08:22 - 00000000 ____D C:\FRST
2013-11-22 08:29 - 2013-11-22 08:29 - 00204896 _____ C:\Windows\System32\Drivers\30554891.sys
2013-11-22 08:29 - 2013-11-22 08:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-22 08:26 - 2013-11-22 07:46 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Karen\Desktop\mbar-1.07.0.1007.exe
2013-11-22 08:26 - 2013-11-22 07:46 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Karen\Desktop\tdsskiller.exe
2013-11-22 07:55 - 2013-11-22 08:23 - 00000000 ____D C:\AdwCleaner
2013-11-22 07:44 - 2013-11-22 07:44 - 00000000 ____D C:\Windows\ERUNT
2013-11-22 07:39 - 2013-11-22 07:39 - 00347304 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\MicrosoftFixit.Performance.Run.exe
2013-11-21 10:12 - 2013-11-22 08:27 - 00008606 _____ C:\Windows\WindowsUpdate.log
2013-11-21 10:08 - 2013-11-22 08:25 - 00001076 _____ C:\Windows\setupact.log
2013-11-21 10:08 - 2013-11-21 10:08 - 00000000 _____ C:\Windows\setuperr.log
2013-11-21 09:32 - 2013-11-21 09:32 - 00077692 _____ C:\Users\Karen\Documents\cc_20131121_123228.reg
2013-11-21 09:07 - 2013-11-21 09:07 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-21 09:07 - 2013-11-21 09:07 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 04:57 - 2013-11-21 04:57 - 00001968 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-11-20 09:47 - 2013-11-20 09:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-20 09:46 - 2013-11-20 09:46 - 00000000 ____D C:\b65ea6a65bddfa888a3da39b5d1682
2013-11-20 09:42 - 2013-11-20 09:42 - 00015096 _____ C:\ComboFix.txt
2013-11-20 09:17 - 2013-11-20 09:43 - 00000000 ____D C:\Qoobox
2013-11-20 09:17 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-20 09:17 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-20 09:17 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-20 09:17 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-20 09:17 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-20 09:17 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-20 09:17 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-20 09:17 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-20 09:13 - 2013-11-20 09:40 - 00000000 ____D C:\Windows\erdnt
2013-11-20 09:02 - 2013-11-20 09:03 - 05146522 ____R (Swearware) C:\Users\Karen\Downloads\ComboFix.exe
2013-11-20 09:00 - 2013-11-20 09:00 - 00000000 ____D C:\f9dc6c70fd14764abb1b
2013-11-20 08:59 - 2013-11-20 08:59 - 11125072 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\mseinstall (1).exe
2013-11-20 08:56 - 2013-11-21 09:34 - 00002243 _____ C:\Windows\epplauncher.mif
2013-11-10 14:32 - 2013-11-11 17:03 - 00000000 ____D C:\Users\Karen\AppData\Local\KHDsoft

==================== One Month Modified Files and Folders =======

2013-11-25 08:22 - 2013-11-25 08:22 - 00000000 ____D C:\FRST
2013-11-22 08:29 - 2013-11-22 08:29 - 00204896 _____ C:\Windows\System32\Drivers\30554891.sys
2013-11-22 08:29 - 2013-11-22 08:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-22 08:28 - 2013-11-21 10:12 - 00008606 _____ C:\Windows\WindowsUpdate.log
2013-11-22 08:26 - 2009-09-01 21:32 - 00730320 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-22 08:25 - 2013-11-21 10:08 - 00001076 _____ C:\Windows\setupact.log
2013-11-22 08:23 - 2013-11-22 07:55 - 00000000 ____D C:\AdwCleaner
2013-11-22 07:46 - 2013-11-22 08:26 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Karen\Desktop\mbar-1.07.0.1007.exe
2013-11-22 07:46 - 2013-11-22 08:26 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Karen\Desktop\tdsskiller.exe
2013-11-22 07:44 - 2013-11-22 07:44 - 00000000 ____D C:\Windows\ERUNT
2013-11-22 07:42 - 2009-07-13 20:34 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 07:42 - 2009-07-13 20:34 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 07:39 - 2013-11-22 07:39 - 00347304 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\MicrosoftFixit.Performance.Run.exe
2013-11-21 10:08 - 2013-11-21 10:08 - 00000000 _____ C:\Windows\setuperr.log
2013-11-21 09:55 - 2013-06-16 09:17 - 00000000 ____D C:\found.000
2013-11-21 09:34 - 2013-11-20 08:56 - 00002243 _____ C:\Windows\epplauncher.mif
2013-11-21 09:32 - 2013-11-21 09:32 - 00077692 _____ C:\Users\Karen\Documents\cc_20131121_123228.reg
2013-11-21 09:31 - 2009-09-02 13:47 - 00000000 ____D C:\Windows\Panther
2013-11-21 09:07 - 2013-11-21 09:07 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-21 09:07 - 2013-11-21 09:07 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 08:24 - 2009-09-01 21:47 - 00000000 ____D C:\Program Files\Google
2013-11-21 08:24 - 2009-09-01 21:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-21 08:24 - 2009-09-01 21:30 - 00000000 ____D C:\Program Files\TOSHIBA
2013-11-21 08:21 - 2010-12-19 10:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-11-21 08:21 - 2009-09-01 21:34 - 00000000 ____D C:\ProgramData\Toshiba
2013-11-21 08:19 - 2012-04-07 16:43 - 00000000 ____D C:\Program Files\Easy Media Player
2013-11-21 08:19 - 2010-01-10 15:18 - 00000000 ____D C:\Users\Karen\AppData\Local\Google
2013-11-21 08:19 - 2009-09-01 21:47 - 00000000 ____D C:\ProgramData\Google
2013-11-21 08:18 - 2012-09-09 10:17 - 00000000 ____D C:\Program Files\epson
2013-11-21 04:57 - 2013-11-21 04:57 - 00001968 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-11-20 09:48 - 2013-11-20 09:47 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-20 09:46 - 2013-11-20 09:46 - 00000000 ____D C:\b65ea6a65bddfa888a3da39b5d1682
2013-11-20 09:43 - 2013-11-20 09:17 - 00000000 ____D C:\Qoobox
2013-11-20 09:42 - 2013-11-20 09:42 - 00015096 _____ C:\ComboFix.txt
2013-11-20 09:42 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2013-11-20 09:40 - 2013-11-20 09:13 - 00000000 ____D C:\Windows\erdnt
2013-11-20 09:39 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2013-11-20 09:03 - 2013-11-20 09:02 - 05146522 ____R (Swearware) C:\Users\Karen\Downloads\ComboFix.exe
2013-11-20 09:00 - 2013-11-20 09:00 - 00000000 ____D C:\f9dc6c70fd14764abb1b
2013-11-20 08:59 - 2013-11-20 08:59 - 11125072 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\mseinstall (1).exe
2013-11-20 08:28 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-11-19 08:20 - 2011-11-03 14:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-11 19:21 - 2010-01-17 10:00 - 00000000 ____D C:\Users\Karen\AppData\Local\Microsoft Help
2013-11-11 17:55 - 2010-01-10 15:18 - 00000000 ____D C:\Users\Karen\AppData\Roaming\Google
2013-11-11 17:03 - 2013-11-10 14:32 - 00000000 ____D C:\Users\Karen\AppData\Local\KHDsoft
2013-11-11 16:32 - 2012-02-08 16:34 - 00000000 ____D C:\Users\Karen\AppData\Local\IsolatedStorage
2013-11-10 14:31 - 2010-01-07 13:03 - 00000000 ____D C:\Users\Karen\AppData\Local\ATI

Some content of TEMP:
====================
C:\Users\Karen\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

17
Restore point made on: 2013-08-19 15:13:43
Restore point made on: 2013-08-24 04:30:02
Restore point made on: 2013-09-02 02:45:38
Restore point made on: 2013-09-02 03:19:17
Restore point made on: 2013-09-24 16:25:00
Restore point made on: 2013-09-29 04:12:16
Restore point made on: 2013-10-05 05:09:07
Restore point made on: 2013-10-19 06:04:09
Restore point made on: 2013-10-19 10:52:24
Restore point made on: 2013-10-20 05:56:18
Restore point made on: 2013-10-21 16:05:10
Restore point made on: 2013-10-27 05:59:28
Restore point made on: 2013-11-02 05:31:10
Restore point made on: 2013-11-11 16:52:54
Restore point made on: 2013-11-17 06:43:46
Restore point made on: 2013-11-19 08:17:36
Restore point made on: 2013-11-19 08:20:13

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 2812.17 MB
Available physical RAM: 2359.62 MB
Total Pagefile: 2810.45 MB
Available Pagefile: 2361.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.18 MB

==================== Drives ================================

Drive c: (TI103426W0D) (Fixed) (Total:288.71 GB) (Free:238.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
Drive f: (MEMTEST86) (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 89E6579C)
Partition 00: (Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.


LastRegBack: 2012-11-09 03:16

==================== End Of Log ============================

[scb175]

Listparts Log

 

ListParts by Farbar Version: 20-10-2013
Ran by SYSTEM (administrator) on 25-11-2013 at 08:28:09
Windows 7 (X86)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 2812.17 MB
Available physical RAM: 2437.18 MB
Total Pagefile: 2810.45 MB
Available Pagefile: 2443.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.52 MB

======================= Partitions =========================

1 Drive c: (TI103426W0D) (Fixed) (Total:288.71 GB) (Free:238.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]
3 Drive e: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
4 Drive f: (MEMTEST86) (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
  Disk 1    Online         1886 MB      0 B         

Partitions of Disk 0:
===============

Disk ID: 89E6579C

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            288 GB  1501 MB
  Partition 3    Primary           8108 MB   290 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   System       NTFS   Partition   1500 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI103426W0D  NTFS   Partition    288 GB  Healthy            

======================================================================================================

Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           1886 MB      0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 89E6579C
Partition 00: (Active) - (Size=0) - (Type=00 ATTENTION ===> 0 byte partition bootkit.
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

==============================
Partitions of Disk 1:
===============
Disk ID: 6F20736B
Partition 1: (Not Active) - (Size=544 GB) - (Type=72)
Partition 2: (Not Active) - (Size=923 GB) - (Type=65)
Partition 3: (Not Active) - (Size=923 GB) - (Type=79)
Partition 4: (Not Active) - (Size=-336763289600) - (Type=0D)


****** End Of Log ******

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Fix with FRST (Recovery Environment)

 

• Open notepad (Start =>All Programs => Accessories => Notepad).
• Please copy the entire contents of the code box below.
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
  
  

  HKU\Karen\...\Run: [KHDsoft Update] - regsvr32.exe C:\Users\Karen\AppData\Local\KHDsoft\SWFFile.dllStartup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnkShortcutTarget: RCA Detective.lnk ->  (No File)S5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)C:\Users\Karen\AppData\Local\KHDsoftC:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnkCMD: bootrec /fixbootCMD: bootrec /fixmbr

  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  
  Now please enter System Recovery Options again.
   
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Try to boot into windows.

[scb175]

Thank you for your help.  I will be here all day until we have this solved.

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-11-2013 01
Ran by SYSTEM at 2013-11-25 09:34:34 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Karen\...\Run: [KHDsoft Update] - regsvr32.exe C:\Users\Karen\AppData\Local\KHDsoft\SWFFile.dll
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk ->  (No File)

S0 26070636; C:\Windows\System32\drivers\30554891.sys [204896 2013-11-22] ()
S5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

CMD: bootrec /fixboot
CMD: bootrec /fixmbr
*****************

HKU\Karen\Software\Microsoft\Windows\CurrentVersion\Run\\KHDsoft Update => Value deleted successfully.
C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk => Moved successfully.
ShortcutTarget: RCA Detective.lnk ->  (No File) not found.
26070636 => Service deleted successfully.
AppMgmt => Service deleted successfully.

=========  bootrec /fixboot =========

??T h e   v o l u m e   d o e s   n o t   c o n t a i n   a   r e c o g n i z e d   f i l e   s y s t e m .
 
 P l e a s e   m a k e   s u r e   t h a t   a l l   r e q u i r e d   f i l e   s y s t e m   d r i v e r s   a r e   l o a d e d   a n d   t h a t   t h e   v o l u m e   i s   n o t   c o r r u p t e d .
 
 
========= End of CMD: =========


=========  bootrec /fixmbr =========

??T h e   o p e r a t i o n   c o m p l e t e d   s u c c e s s f u l l y .
 
========= End of CMD: =========


==== End of Fixlog ====

[Psychotic]

are you able to boot?

[scb175]

Sorry, I missed that last step.  No, I still receive the F3-F100-0004 error

[Psychotic]

Create/USe Boot-Repair-Disc

1. DOWNLOAD BOOT-REPAIR-DISK
   Note: Select the right version depending on which windows is installed on your system.
2. Then burn it on CD or put it on USB key via Unetbootin
3. Insert the Boot-Repair-Disk and reboot the PC,
4. Choose your language,
5. Connect internet if possible
6. Click "Recommended repair"
7. When finished, you are provided a link to paste.ubuntu.com - write it down somewhere
8. Reboot the pc --> solves the majority of bootsector/GRUB/MBR problems
9. Post up the link you wrote down at step 6.
   

[scb175]

What a cool little program.  Here is the link http://paste.ubuntu.com/6474251

 

I rebooted computer and it says Multiple Active partitions. 

No bootable device --- insert boot disk and press any key

[Psychotic]

Boot into Recovery environment and start Command Prompt.

Enter the following commands, each line follwed by the enter key:

diskpartselect disk 0select partition 00inactiveexitexit

Then reboot and provide a new FRST log.

[scb175]

During the Recovery process (before you select the opperating system), I received this ----  Windows found problems with your computer's startup options.  Do you want to apply repairs and restart your computer?  Under view details, it says the following startup option will be repaired: Name: Windows Boot Manager  Identifier: {9DEA862C-5CDD-4E70-ACC1-F32B344D4795}

 

Then it says, The following startup options will be added:  Name: Windows Recovery Environment (recovered)       Path: Recovery\WindowsRE\Winre.wim     Windows Device: Partition=D: (1500 MB)

 

A copy of the current boot configuration data will be saved as C:\Boot\BCD.Backup.0001

 

Should I click repair and restart? 

[scb175]

Ok, I went ahead and just clicked repair.  Now I'm able to get to the command prompt.  However, when i type select partition 00, i get this message "The specified partition is not valid.  Please select a valid partition.  There is no partition selected.

[scb175]

Ok, I got the partition active.  Booted into windows and ran FRST.  Thanks again for the help!

 

FRST Log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2013 01
Ran by Karen (administrator) on KAREN-PC on 25-11-2013 11:38:34
Running from C:\Users\Karen\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\windows\system32\EscSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [193880 2010-11-19] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [LTCM Client] - C:\Program Files\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/start/sp.do
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Chrome:
=======


CHR Extension: (RealDownloader) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
CHR Extension: (Google Wallet) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

========================== Services (Whitelisted) =================

S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 EpsonScanSvc; C:\windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [167520 2011-11-01] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2011-11-01] (SEIKO EPSON CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
S2 gupdate1ca97bb214096eb; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-17] (Google Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372736 2009-08-13] (Realtek Semiconductor Corporation                           )
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 catchme; \??\C:\Users\Karen\AppData\Local\Temp\catchme.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 11:38 - 2013-11-25 11:39 - 00008561 _____ C:\Users\Karen\Desktop\FRST.txt
2013-11-25 11:38 - 2013-11-22 11:37 - 01091001 _____ (Farbar) C:\Users\Karen\Desktop\FRST.exe
2013-11-25 11:22 - 2013-11-25 11:22 - 00000000 ____D C:\FRST
2013-11-25 05:13 - 2013-11-25 05:13 - 00000000 ____D C:\boot-sav
2013-11-22 11:29 - 2013-11-22 11:29 - 00204896 _____ C:\Windows\system32\Drivers\30554891.sys
2013-11-22 11:29 - 2013-11-22 11:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-22 11:26 - 2013-11-22 10:46 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Karen\Desktop\mbar-1.07.0.1007.exe
2013-11-22 11:26 - 2013-11-22 10:46 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Karen\Desktop\tdsskiller.exe
2013-11-22 10:55 - 2013-11-22 11:23 - 00000000 ____D C:\AdwCleaner
2013-11-22 10:44 - 2013-11-22 10:44 - 00000000 ____D C:\Windows\ERUNT
2013-11-22 10:39 - 2013-11-22 10:39 - 00347304 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\MicrosoftFixit.Performance.Run.exe
2013-11-21 13:12 - 2013-11-22 11:28 - 00008606 _____ C:\Windows\WindowsUpdate.log
2013-11-21 13:08 - 2013-11-25 11:36 - 00001244 _____ C:\Windows\setupact.log
2013-11-21 13:08 - 2013-11-21 13:08 - 00000000 _____ C:\Windows\setuperr.log
2013-11-21 12:32 - 2013-11-21 12:32 - 00077692 _____ C:\Users\Karen\Documents\cc_20131121_123228.reg
2013-11-21 12:07 - 2013-11-21 12:07 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-21 12:07 - 2013-11-21 12:07 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 07:57 - 2013-11-21 07:57 - 00001968 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-11-20 12:47 - 2013-11-20 12:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-20 12:46 - 2013-11-20 12:46 - 00000000 ____D C:\b65ea6a65bddfa888a3da39b5d1682
2013-11-20 12:42 - 2013-11-20 12:42 - 00015096 _____ C:\ComboFix.txt
2013-11-20 12:17 - 2013-11-20 12:43 - 00000000 ____D C:\Qoobox
2013-11-20 12:17 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-20 12:17 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-20 12:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-20 12:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-20 12:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-20 12:17 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-20 12:17 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-20 12:17 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-20 12:13 - 2013-11-20 12:40 - 00000000 ____D C:\Windows\erdnt
2013-11-20 12:02 - 2013-11-20 12:03 - 05146522 ____R (Swearware) C:\Users\Karen\Downloads\ComboFix.exe
2013-11-20 12:00 - 2013-11-20 12:00 - 00000000 ____D C:\f9dc6c70fd14764abb1b
2013-11-20 11:59 - 2013-11-20 11:59 - 11125072 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\mseinstall (1).exe
2013-11-20 11:56 - 2013-11-21 12:34 - 00002243 _____ C:\Windows\epplauncher.mif
2013-11-10 17:32 - 2013-11-11 20:03 - 00000000 ____D C:\Users\Karen\AppData\Local\KHDsoft

==================== One Month Modified Files and Folders =======

2013-11-25 11:46 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-25 11:39 - 2013-11-25 11:38 - 00008561 _____ C:\Users\Karen\Desktop\FRST.txt
2013-11-25 11:37 - 2012-09-20 17:12 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd977cfe45b751.job
2013-11-25 11:36 - 2013-11-21 13:08 - 00001244 _____ C:\Windows\setupact.log
2013-11-25 11:36 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 11:22 - 2013-11-25 11:22 - 00000000 ____D C:\FRST
2013-11-25 05:13 - 2013-11-25 05:13 - 00000000 ____D C:\boot-sav
2013-11-22 11:37 - 2013-11-25 11:38 - 01091001 _____ (Farbar) C:\Users\Karen\Desktop\FRST.exe
2013-11-22 11:29 - 2013-11-22 11:29 - 00204896 _____ C:\Windows\system32\Drivers\30554891.sys
2013-11-22 11:29 - 2013-11-22 11:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-22 11:28 - 2013-11-21 13:12 - 00008606 _____ C:\Windows\WindowsUpdate.log
2013-11-22 11:26 - 2009-09-02 00:32 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 11:26 - 2009-07-13 23:53 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-22 11:23 - 2013-11-22 10:55 - 00000000 ____D C:\AdwCleaner
2013-11-22 10:46 - 2013-11-22 11:26 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Karen\Desktop\mbar-1.07.0.1007.exe
2013-11-22 10:46 - 2013-11-22 11:26 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Karen\Desktop\tdsskiller.exe
2013-11-22 10:44 - 2013-11-22 10:44 - 00000000 ____D C:\Windows\ERUNT
2013-11-22 10:42 - 2009-07-13 23:34 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 10:42 - 2009-07-13 23:34 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 10:39 - 2013-11-22 10:39 - 00347304 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\MicrosoftFixit.Performance.Run.exe
2013-11-21 13:08 - 2013-11-21 13:08 - 00000000 _____ C:\Windows\setuperr.log
2013-11-21 12:55 - 2013-06-16 12:17 - 00000000 ____D C:\found.000
2013-11-21 12:34 - 2013-11-20 11:56 - 00002243 _____ C:\Windows\epplauncher.mif
2013-11-21 12:32 - 2013-11-21 12:32 - 00077692 _____ C:\Users\Karen\Documents\cc_20131121_123228.reg
2013-11-21 12:31 - 2009-09-02 16:47 - 00000000 ____D C:\Windows\Panther
2013-11-21 12:07 - 2013-11-21 12:07 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-21 12:07 - 2013-11-21 12:07 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 12:06 - 2010-01-17 16:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-21 11:24 - 2009-09-02 00:47 - 00000000 ____D C:\Program Files\Google
2013-11-21 11:24 - 2009-09-02 00:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-21 11:24 - 2009-09-02 00:30 - 00000000 ____D C:\Program Files\TOSHIBA
2013-11-21 11:21 - 2010-12-19 13:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-11-21 11:21 - 2009-09-02 00:34 - 00000000 ____D C:\ProgramData\Toshiba
2013-11-21 11:19 - 2012-04-07 19:43 - 00000000 ____D C:\Program Files\Easy Media Player
2013-11-21 11:19 - 2010-01-10 18:18 - 00000000 ____D C:\Users\Karen\AppData\Local\Google
2013-11-21 11:19 - 2009-09-02 00:47 - 00000000 ____D C:\ProgramData\Google
2013-11-21 11:18 - 2012-09-09 13:17 - 00000000 ____D C:\Program Files\epson
2013-11-21 07:57 - 2013-11-21 07:57 - 00001968 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-11-20 12:48 - 2013-11-20 12:47 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-20 12:46 - 2013-11-20 12:46 - 00000000 ____D C:\b65ea6a65bddfa888a3da39b5d1682
2013-11-20 12:43 - 2013-11-20 12:17 - 00000000 ____D C:\Qoobox
2013-11-20 12:42 - 2013-11-20 12:42 - 00015096 _____ C:\ComboFix.txt
2013-11-20 12:42 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-20 12:40 - 2013-11-20 12:13 - 00000000 ____D C:\Windows\erdnt
2013-11-20 12:39 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2013-11-20 12:03 - 2013-11-20 12:02 - 05146522 ____R (Swearware) C:\Users\Karen\Downloads\ComboFix.exe
2013-11-20 12:00 - 2013-11-20 12:00 - 00000000 ____D C:\f9dc6c70fd14764abb1b
2013-11-20 11:59 - 2013-11-20 11:59 - 11125072 _____ (Microsoft Corporation) C:\Users\Karen\Downloads\mseinstall (1).exe
2013-11-20 11:28 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-19 11:20 - 2011-11-03 17:39 - 00000000 ____D C:\ProgramData\MFAData
2013-11-11 22:21 - 2010-01-17 13:00 - 00000000 ____D C:\Users\Karen\AppData\Local\Microsoft Help
2013-11-11 20:55 - 2010-01-10 18:18 - 00000000 ____D C:\Users\Karen\AppData\Roaming\Google
2013-11-11 20:03 - 2013-11-10 17:32 - 00000000 ____D C:\Users\Karen\AppData\Local\KHDsoft
2013-11-11 19:32 - 2012-02-08 19:34 - 00000000 ____D C:\Users\Karen\AppData\Local\IsolatedStorage
2013-11-10 17:31 - 2010-01-07 16:03 - 00000000 ____D C:\Users\Karen\AppData\Local\ATI

Some content of TEMP:
====================
C:\Users\Karen\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-11-09 06:16

==================== End Of Log ============================

[Psychotic]

I was given new information. Please run listparts from recovery environment again and attach the log to your reply, please.

[scb175]

ListParts by Farbar Version: 20-10-2013
Ran by SYSTEM (administrator) on 26-11-2013 at 08:47:41
Windows 7 (X86)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 2812.17 MB
Available physical RAM: 2429.25 MB
Total Pagefile: 2810.45 MB
Available Pagefile: 2424.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.52 MB

======================= Partitions =========================

1 Drive c: (TI103426W0D) (Fixed) (Total:288.71 GB) (Free:233.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]
3 Drive e: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
4 Drive f: (MEMTEST86) (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
  Disk 1    Online         1886 MB      0 B         

Partitions of Disk 0:
===============

Disk ID: 89E6579C

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            288 GB  1501 MB
  Partition 3    Primary           8108 MB   290 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   System       NTFS   Partition   1500 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI103426W0D  NTFS   Partition    288 GB  Healthy            

======================================================================================================

Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           1886 MB      0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 89E6579C
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

==============================
Partitions of Disk 1:
===============
Disk ID: 6F20736B
Partition 1: (Not Active) - (Size=544 GB) - (Type=72)
Partition 2: (Not Active) - (Size=923 GB) - (Type=65)
Partition 3: (Not Active) - (Size=923 GB) - (Type=79)
Partition 4: (Not Active) - (Size=-336763289600) - (Type=0D)


****** End Of Log ******

[Psychotic]

I´ll get some further advice, please stand by

[Psychotic]

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
  
• If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  

Please post the contents of that log in your next reply.

[scb175]

12:05:50.0538 0x0f60  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
12:05:59.0695 0x0f60  ============================================================
12:05:59.0695 0x0f60  Current date / time: 2013/11/26 12:05:59.0695
12:05:59.0695 0x0f60  SystemInfo:
12:05:59.0695 0x0f60  
12:05:59.0695 0x0f60  OS Version: 6.1.7600 ServicePack: 0.0
12:05:59.0695 0x0f60  Product type: Workstation
12:05:59.0695 0x0f60  ComputerName: KAREN-PC
12:05:59.0695 0x0f60  UserName: Karen
12:05:59.0695 0x0f60  Windows directory: C:\Windows
12:05:59.0695 0x0f60  System windows directory: C:\Windows
12:05:59.0695 0x0f60  Processor architecture: Intel x86
12:05:59.0695 0x0f60  Number of processors: 2
12:05:59.0695 0x0f60  Page size: 0x1000
12:05:59.0695 0x0f60  Boot type: Normal boot
12:05:59.0695 0x0f60  ============================================================
12:06:03.0533 0x0f60  KLMD registered as C:\Windows\system32\drivers\37419298.sys
12:06:03.0626 0x0f60  System UUID: {D89E336B-257E-786D-FC78-25E893FCB38D}
12:06:04.0188 0x0f60  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:06:04.0188 0x0f60  ============================================================
12:06:04.0188 0x0f60  \Device\Harddisk0\DR0:
12:06:04.0188 0x0f60  MBR partitions:
12:06:04.0188 0x0f60  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2416A000
12:06:04.0188 0x0f60  ============================================================
12:06:04.0219 0x0f60  C: <-> \Device\Harddisk0\DR0\Partition1
12:06:04.0219 0x0f60  ============================================================
12:06:04.0219 0x0f60  Initialize success
12:06:04.0219 0x0f60  ============================================================
12:06:08.0166 0x05a0  ============================================================
12:06:08.0166 0x05a0  Scan started
12:06:08.0166 0x05a0  Mode: Manual;
12:06:08.0166 0x05a0  ============================================================
12:06:08.0166 0x05a0  KSN ping started
12:06:08.0275 0x05a0  KSN ping finished: false
12:06:09.0118 0x05a0  ================ Scan system memory ========================
12:06:09.0118 0x05a0  System memory - ok
12:06:09.0118 0x05a0  ================ Scan services =============================
12:06:09.0398 0x05a0  [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:06:09.0398 0x05a0  1394ohci - ok
12:06:09.0445 0x05a0  [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
12:06:09.0445 0x05a0  ACPI - ok
12:06:09.0476 0x05a0  [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
12:06:09.0476 0x05a0  AcpiPmi - ok
12:06:09.0539 0x05a0  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:06:09.0554 0x05a0  adp94xx - ok
12:06:09.0570 0x05a0  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:06:09.0586 0x05a0  adpahci - ok
12:06:09.0632 0x05a0  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:06:09.0664 0x05a0  adpu320 - ok
12:06:09.0710 0x05a0  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:06:09.0710 0x05a0  AeLookupSvc - ok
12:06:09.0757 0x05a0  [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD             C:\Windows\system32\drivers\afd.sys
12:06:09.0804 0x05a0  AFD - ok
12:06:09.0929 0x05a0  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
12:06:09.0976 0x05a0  AgereSoftModem - ok
12:06:10.0054 0x05a0  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
12:06:10.0054 0x05a0  agp440 - ok
12:06:10.0163 0x05a0  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:06:10.0178 0x05a0  aic78xx - ok
12:06:10.0272 0x05a0  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:06:10.0272 0x05a0  ALG - ok
12:06:10.0319 0x05a0  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
12:06:10.0334 0x05a0  aliide - ok
12:06:10.0475 0x05a0  [ 0BC6704F6FB4C63CDCB85401E8263A1B, C9297943E6FA49EC78EB77BF98593F2EACB5E3F5DF57A34D2E60EF8BF3D10FF4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:06:10.0475 0x05a0  AMD External Events Utility - ok
12:06:10.0506 0x05a0  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
12:06:10.0506 0x05a0  amdagp - ok
12:06:10.0522 0x05a0  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
12:06:10.0522 0x05a0  amdide - ok
12:06:10.0537 0x05a0  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:06:10.0537 0x05a0  AmdK8 - ok
12:06:10.0568 0x05a0  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:06:10.0568 0x05a0  AmdPPM - ok
12:06:10.0662 0x05a0  [ 19CE906B4CDC11FC4FEF5745F33A63B6, 27BF91DB1FDC81CFCF0E0DCFD3C4AD51FCFB778D36F1E83105C2AFCF6851A4DF ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:06:10.0678 0x05a0  amdsata - ok
12:06:10.0740 0x05a0  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:06:10.0771 0x05a0  amdsbs - ok
12:06:10.0802 0x05a0  [ 869E67D66BE326A5A9159FBA8746FA70, 8F493A340F19FB39B5BD24EF8603812BECE7770544AB91817FF67236448569CB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:06:10.0802 0x05a0  amdxata - ok
12:06:10.0818 0x05a0  [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID           C:\Windows\system32\drivers\appid.sys
12:06:10.0834 0x05a0  AppID - ok
12:06:10.0912 0x05a0  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:06:10.0912 0x05a0  AppIDSvc - ok
12:06:10.0927 0x05a0  [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo         C:\Windows\System32\appinfo.dll
12:06:10.0927 0x05a0  Appinfo - ok
12:06:11.0520 0x05a0  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:06:11.0582 0x05a0  Apple Mobile Device - ok
12:06:11.0645 0x05a0  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:06:11.0660 0x05a0  arc - ok
12:06:11.0707 0x05a0  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:06:11.0707 0x05a0  arcsas - ok
12:06:11.0738 0x05a0  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:06:11.0738 0x05a0  AsyncMac - ok
12:06:11.0754 0x05a0  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
12:06:11.0754 0x05a0  atapi - ok
12:06:11.0879 0x05a0  [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr            C:\Windows\system32\DRIVERS\athr.sys
12:06:11.0941 0x05a0  athr - ok
12:06:12.0425 0x05a0  [ C97BE8350FBCB1960B22FAD2E6C2B514, A4565029BE99F94A6D076A6FB894ED18F4B7325C3FCB81BD502A78FCFE9B6A57 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:06:12.0643 0x05a0  atikmdag - ok
12:06:12.0737 0x05a0  [ B73C832088DD54B55E04FF6F9646AD8C, 52A9F9240FAFB2F50E48579F02221CC0D6872F834104F91EF63ADC6AA82A2CD0 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
12:06:12.0737 0x05a0  AtiPcie - ok
12:06:12.0877 0x05a0  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:06:12.0924 0x05a0  AudioEndpointBuilder - ok
12:06:13.0033 0x05a0  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:06:13.0049 0x05a0  Audiosrv - ok
12:06:13.0142 0x05a0  [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:06:13.0142 0x05a0  AxInstSV - ok
12:06:13.0220 0x05a0  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:06:13.0252 0x05a0  b06bdrv - ok
12:06:13.0314 0x05a0  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:06:13.0314 0x05a0  b57nd60x - ok
12:06:13.0548 0x05a0  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:06:13.0548 0x05a0  BDESVC - ok
12:06:13.0610 0x05a0  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:06:13.0610 0x05a0  Beep - ok
12:06:13.0735 0x05a0  [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE             C:\Windows\System32\bfe.dll
12:06:13.0782 0x05a0  BFE - ok
12:06:13.0985 0x05a0  [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS            C:\Windows\system32\qmgr.dll
12:06:14.0047 0x05a0  BITS - ok
12:06:14.0110 0x05a0  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:06:14.0110 0x05a0  blbdrive - ok
12:06:14.0983 0x05a0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:06:15.0014 0x05a0  Bonjour Service - ok
12:06:15.0155 0x05a0  [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:06:15.0155 0x05a0  bowser - ok
12:06:15.0217 0x05a0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:06:15.0217 0x05a0  BrFiltLo - ok
12:06:15.0217 0x05a0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:06:15.0217 0x05a0  BrFiltUp - ok
12:06:15.0295 0x05a0  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:06:15.0311 0x05a0  BridgeMP - ok
12:06:15.0420 0x05a0  [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser         C:\Windows\System32\browser.dll
12:06:15.0420 0x05a0  Browser - ok
12:06:15.0467 0x05a0  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:06:15.0498 0x05a0  Brserid - ok
12:06:15.0514 0x05a0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:06:15.0514 0x05a0  BrSerWdm - ok
12:06:15.0529 0x05a0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:06:15.0529 0x05a0  BrUsbMdm - ok
12:06:15.0529 0x05a0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:06:15.0545 0x05a0  BrUsbSer - ok
12:06:15.0545 0x05a0  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:06:15.0545 0x05a0  BTHMODEM - ok
12:06:15.0716 0x05a0  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
12:06:15.0716 0x05a0  bthserv - ok
12:06:15.0919 0x05a0  catchme - ok
12:06:16.0028 0x05a0  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:06:16.0044 0x05a0  cdfs - ok
12:06:16.0075 0x05a0  [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:06:16.0075 0x05a0  cdrom - ok
12:06:16.0138 0x05a0  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:06:16.0138 0x05a0  CertPropSvc - ok
12:06:16.0418 0x05a0  [ 1F8A319D29394F9CE1B7AE020DF2EBBF, 624D2A19751D50566C4D3292CA627ADE78C2BE5807B37A0C370EF7FE4FE62048 ] cfWiMAXService  C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
12:06:16.0465 0x05a0  cfWiMAXService - ok
12:06:16.0496 0x05a0  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:06:16.0496 0x05a0  circlass - ok
12:06:16.0543 0x05a0  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
12:06:16.0559 0x05a0  CLFS - ok
12:06:16.0762 0x05a0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:06:16.0777 0x05a0  clr_optimization_v2.0.50727_32 - ok
12:06:16.0886 0x05a0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:06:16.0996 0x05a0  clr_optimization_v4.0.30319_32 - ok
12:06:17.0027 0x05a0  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:06:17.0027 0x05a0  CmBatt - ok
12:06:17.0027 0x05a0  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
12:06:17.0042 0x05a0  cmdide - ok
12:06:17.0120 0x05a0  [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:06:17.0152 0x05a0  CNG - ok
12:06:17.0198 0x05a0  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:06:17.0198 0x05a0  Compbatt - ok
12:06:17.0230 0x05a0  [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:06:17.0245 0x05a0  CompositeBus - ok
12:06:17.0276 0x05a0  COMSysApp - ok
12:06:17.0323 0x05a0  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
12:06:17.0323 0x05a0  ConfigFree Service - ok
12:06:17.0339 0x05a0  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:06:17.0339 0x05a0  crcdisk - ok
12:06:17.0417 0x05a0  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:06:17.0432 0x05a0  CryptSvc - ok
12:06:17.0510 0x05a0  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:06:17.0526 0x05a0  DcomLaunch - ok
12:06:17.0620 0x05a0  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
12:06:17.0666 0x05a0  defragsvc - ok
12:06:17.0807 0x05a0  [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:06:17.0807 0x05a0  DfsC - ok
12:06:17.0900 0x05a0  [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:06:17.0947 0x05a0  Dhcp - ok
12:06:17.0978 0x05a0  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
12:06:17.0978 0x05a0  discache - ok
12:06:18.0025 0x05a0  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:06:18.0025 0x05a0  Disk - ok
12:06:18.0072 0x05a0  [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:06:18.0088 0x05a0  Dnscache - ok
12:06:18.0150 0x05a0  [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc         C:\Windows\System32\dot3svc.dll
12:06:18.0150 0x05a0  dot3svc - ok
12:06:18.0244 0x05a0  [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS             C:\Windows\system32\dps.dll
12:06:18.0259 0x05a0  DPS - ok
12:06:18.0322 0x05a0  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:06:18.0322 0x05a0  drmkaud - ok
12:06:18.0446 0x05a0  [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:06:18.0462 0x05a0  DXGKrnl - ok
12:06:18.0509 0x05a0  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
12:06:18.0509 0x05a0  EapHost - ok
12:06:18.0727 0x05a0  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:06:18.0914 0x05a0  ebdrv - ok
12:06:18.0961 0x05a0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS             C:\Windows\System32\lsass.exe
12:06:18.0977 0x05a0  EFS - ok
12:06:19.0055 0x05a0  [ 1697C39978CD69F6FBC15302EDCECE1F, E496FAE102EE33EBD35AC745E8647976DB9F91EF78E54EB962FF2D04D45B561A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:06:19.0086 0x05a0  ehRecvr - ok
12:06:19.0180 0x05a0  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
12:06:19.0195 0x05a0  ehSched - ok
12:06:19.0320 0x05a0  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:06:19.0336 0x05a0  elxstor - ok
12:06:19.0445 0x05a0  [ E9EFCB47B90FD5498695BB7FEFD36CAE, 453B956C99C4D3626B0B0BDB449E9F0283D01AD50C331E298D219B4710BD6870 ] EpsonScanSvc    C:\windows\system32\EscSvc.exe
12:06:19.0445 0x05a0  EpsonScanSvc - ok
12:06:19.0507 0x05a0  [ 58767FD54AC279DE041AB6DECC48E658, 110A243D8E6B89DED3EA13A24136319B95A96BCEBFF177D6A07A90C51533B745 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
12:06:19.0523 0x05a0  EPSON_EB_RPCV4_04 - ok
12:06:19.0601 0x05a0  [ 1ABB5EBC14418646EA1AD866864145F0, D5F5A9BE4D70F27DA85BFE70C8AACE14C91FDBD71438C21BEB95D7EAFE45D924 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
12:06:19.0601 0x05a0  EPSON_PM_RPCV4_04 - ok
12:06:19.0632 0x05a0  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
12:06:19.0632 0x05a0  ErrDev - ok
12:06:19.0710 0x05a0  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
12:06:19.0741 0x05a0  EventSystem - ok
12:06:19.0757 0x05a0  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:06:19.0772 0x05a0  exfat - ok
12:06:19.0788 0x05a0  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:06:19.0804 0x05a0  fastfat - ok
12:06:19.0897 0x05a0  [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax             C:\Windows\system32\fxssvc.exe
12:06:19.0944 0x05a0  Fax - ok
12:06:19.0991 0x05a0  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:06:19.0991 0x05a0  fdc - ok
12:06:20.0116 0x05a0  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
12:06:20.0116 0x05a0  fdPHost - ok
12:06:20.0162 0x05a0  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:06:20.0162 0x05a0  FDResPub - ok
12:06:20.0256 0x05a0  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:06:20.0256 0x05a0  FileInfo - ok
12:06:20.0272 0x05a0  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:06:20.0272 0x05a0  Filetrace - ok
12:06:20.0287 0x05a0  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:06:20.0287 0x05a0  flpydisk - ok
12:06:20.0365 0x05a0  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:06:20.0365 0x05a0  FltMgr - ok
12:06:20.0428 0x05a0  [ 151258FC2EC8C48BDF8A53350AE0A676, 21F808E29E06AF03E1E55498C7975830157021BE9648117B27F4D21BBD07E9DB ] FontCache       C:\Windows\system32\FntCache.dll
12:06:20.0490 0x05a0  FontCache - ok
12:06:20.0568 0x05a0  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:06:20.0568 0x05a0  FontCache3.0.0.0 - ok
12:06:20.0615 0x05a0  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:06:20.0615 0x05a0  FsDepends - ok
12:06:20.0662 0x05a0  [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:06:20.0662 0x05a0  Fs_Rec - ok
12:06:20.0833 0x05a0  [ 4732E596BB1C50D9F9188C5074EE7782, 465E47C6AFA53B7CAFED5C61A5D832E7B3A1A33F82E1F11A472B84CD24D2ED55 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:06:20.0833 0x05a0  fvevol - ok
12:06:20.0942 0x05a0  [ 0F76E205BDC60364F08A5949082771CA, 13990BAE670BB37A683135FBEA4E93DFAC413099493F495E22BDDB81AD73D899 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
12:06:20.0942 0x05a0  FwLnk - ok
12:06:21.0083 0x05a0  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:06:21.0083 0x05a0  gagp30kx - ok
12:06:21.0223 0x05a0  [ C44D560E441F091EA3B72F778EC60DE2, 1F90BA0E98C436B98BF6B0BC93146B52C081DF374424E2DCA270316D508A59B2 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
12:06:21.0239 0x05a0  GameConsoleService - ok
12:06:21.0348 0x05a0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:06:21.0348 0x05a0  GEARAspiWDM - ok
12:06:21.0410 0x05a0  [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:06:21.0442 0x05a0  gpsvc - ok
12:06:21.0707 0x05a0  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate1ca97bb214096eb C:\Program Files\Google\Update\GoogleUpdate.exe
12:06:21.0707 0x05a0  gupdate1ca97bb214096eb - ok
12:06:21.0785 0x05a0  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:06:21.0800 0x05a0  gupdatem - ok
12:06:21.0847 0x05a0  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:06:21.0847 0x05a0  hcw85cir - ok
12:06:21.0910 0x05a0  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:06:21.0925 0x05a0  HdAudAddService - ok
12:06:21.0941 0x05a0  [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:06:21.0941 0x05a0  HDAudBus - ok
12:06:21.0956 0x05a0  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:06:21.0956 0x05a0  HidBatt - ok
12:06:21.0972 0x05a0  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:06:21.0972 0x05a0  HidBth - ok
12:06:21.0988 0x05a0  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:06:21.0988 0x05a0  HidIr - ok
12:06:22.0050 0x05a0  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
12:06:22.0050 0x05a0  hidserv - ok
12:06:22.0112 0x05a0  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:06:22.0112 0x05a0  HidUsb - ok
12:06:22.0159 0x05a0  [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:06:22.0159 0x05a0  hkmsvc - ok
12:06:22.0237 0x05a0  [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:06:22.0284 0x05a0  HomeGroupListener - ok
12:06:22.0315 0x05a0  [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:06:22.0315 0x05a0  HomeGroupProvider - ok
12:06:22.0346 0x05a0  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
12:06:22.0346 0x05a0  HpSAMD - ok
12:06:22.0378 0x05a0  [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:06:22.0409 0x05a0  HTTP - ok
12:06:22.0409 0x05a0  [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:06:22.0409 0x05a0  hwpolicy - ok
12:06:22.0440 0x05a0  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:06:22.0440 0x05a0  i8042prt - ok
12:06:22.0471 0x05a0  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9, 3AF6B8220E5081C79951979FE59E980C0309C826E201AE286D3B42CD2BA8145F ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:06:22.0502 0x05a0  iaStorV - ok
12:06:22.0596 0x05a0  [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:06:22.0658 0x05a0  idsvc - ok
12:06:22.0721 0x05a0  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:06:22.0721 0x05a0  iirsp - ok
12:06:22.0783 0x05a0  [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:06:22.0799 0x05a0  IKEEXT - ok
12:06:22.0986 0x05a0  [ E4A2E810CB2607C9C159C0DFB0BD4C88, 9F84636D1096BD5EFEDC295D289241CCF3BE77C643C83F3C0F105791042D6A08 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:06:23.0048 0x05a0  IntcAzAudAddService - ok
12:06:23.0126 0x05a0  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
12:06:23.0126 0x05a0  intelide - ok
12:06:23.0158 0x05a0  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:06:23.0158 0x05a0  intelppm - ok
12:06:23.0376 0x05a0  [ 1663A135865F0BA6E853353E98E67F2A, 700D383F964EBF38D9B66A6C7966700F0DBE7C7AF77AAE2F67AF703E36C8116B ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:06:23.0392 0x05a0  IntuitUpdateServiceV4 - ok
12:06:23.0470 0x05a0  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:06:23.0470 0x05a0  IPBusEnum - ok
12:06:23.0516 0x05a0  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:06:23.0516 0x05a0  IpFilterDriver - ok
12:06:23.0610 0x05a0  [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:06:23.0657 0x05a0  iphlpsvc - ok
12:06:23.0704 0x05a0  [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:06:23.0704 0x05a0  IPMIDRV - ok
12:06:23.0719 0x05a0  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:06:23.0735 0x05a0  IPNAT - ok
12:06:23.0844 0x05a0  [ EF1C51222117B37AFBFF8F4642EA8C62, 7AC322295B33E9BF1548AB42773421609E11332E7E9B42EE58908EF6A298A8F3 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:06:23.0875 0x05a0  iPod Service - ok
12:06:23.0891 0x05a0  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:06:23.0891 0x05a0  IRENUM - ok
12:06:23.0906 0x05a0  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
12:06:23.0906 0x05a0  isapnp - ok
12:06:23.0938 0x05a0  [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:06:23.0938 0x05a0  iScsiPrt - ok
12:06:23.0969 0x05a0  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:06:23.0969 0x05a0  kbdclass - ok
12:06:23.0984 0x05a0  [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:06:23.0984 0x05a0  kbdhid - ok
12:06:24.0000 0x05a0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso          C:\Windows\system32\lsass.exe
12:06:24.0000 0x05a0  KeyIso - ok
12:06:24.0031 0x05a0  [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:06:24.0031 0x05a0  KSecDD - ok
12:06:24.0062 0x05a0  [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:06:24.0062 0x05a0  KSecPkg - ok
12:06:24.0109 0x05a0  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:06:24.0140 0x05a0  KtmRm - ok
12:06:24.0218 0x05a0  [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:06:24.0265 0x05a0  LanmanServer - ok
12:06:24.0312 0x05a0  [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:06:24.0328 0x05a0  LanmanWorkstation - ok
12:06:24.0608 0x05a0  [ 24A7D535BD9E58E5BC1AC52EF7E2EC8E, C9C79BCA1371A98E469CAE3842703247A2D85F0933B85151CB7AB4623AF0C2B0 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
12:06:24.0733 0x05a0  LeapFrog Connect Device Service - ok
12:06:24.0796 0x05a0  [ 5CFFDA921FE0C9E9EBDE3150D3C81594, 89A557FDBDDB2A039A5A7747F38B58799F552056E7BC0E2FBD044B1A4CE955B1 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
12:06:24.0796 0x05a0  Leapfrog-USBLAN - ok
12:06:24.0874 0x05a0  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:06:24.0874 0x05a0  lltdio - ok
12:06:24.0920 0x05a0  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:06:24.0936 0x05a0  lltdsvc - ok
12:06:24.0936 0x05a0  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:06:24.0952 0x05a0  lmhosts - ok
12:06:24.0967 0x05a0  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:06:24.0967 0x05a0  LSI_FC - ok
12:06:24.0983 0x05a0  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:06:24.0983 0x05a0  LSI_SAS - ok
12:06:24.0998 0x05a0  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:06:24.0998 0x05a0  LSI_SAS2 - ok
12:06:25.0061 0x05a0  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:06:25.0061 0x05a0  LSI_SCSI - ok
12:06:25.0092 0x05a0  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:06:25.0092 0x05a0  luafv - ok
12:06:25.0154 0x05a0  [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:06:25.0170 0x05a0  Mcx2Svc - ok
12:06:25.0201 0x05a0  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:06:25.0201 0x05a0  megasas - ok
12:06:25.0357 0x05a0  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:06:25.0373 0x05a0  MegaSR - ok
12:06:25.0404 0x05a0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
12:06:25.0404 0x05a0  MMCSS - ok
12:06:25.0420 0x05a0  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
12:06:25.0420 0x05a0  Modem - ok
12:06:25.0466 0x05a0  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:06:25.0466 0x05a0  monitor - ok
12:06:25.0498 0x05a0  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:06:25.0498 0x05a0  mouclass - ok
12:06:25.0498 0x05a0  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:06:25.0498 0x05a0  mouhid - ok
12:06:25.0513 0x05a0  [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:06:25.0513 0x05a0  mountmgr - ok
12:06:25.0529 0x05a0  [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
12:06:25.0529 0x05a0  mpio - ok
12:06:25.0560 0x05a0  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:06:25.0560 0x05a0  mpsdrv - ok
12:06:25.0622 0x05a0  [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:06:25.0654 0x05a0  MpsSvc - ok
12:06:25.0685 0x05a0  [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:06:25.0685 0x05a0  MRxDAV - ok
12:06:25.0732 0x05a0  [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:06:25.0747 0x05a0  mrxsmb - ok
12:06:25.0794 0x05a0  [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:06:25.0794 0x05a0  mrxsmb10 - ok
12:06:25.0872 0x05a0  [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:06:25.0888 0x05a0  mrxsmb20 - ok
12:06:25.0950 0x05a0  [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
12:06:25.0950 0x05a0  msahci - ok
12:06:25.0966 0x05a0  [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
12:06:25.0981 0x05a0  msdsm - ok
12:06:26.0012 0x05a0  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
12:06:26.0012 0x05a0  MSDTC - ok
12:06:26.0028 0x05a0  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:06:26.0028 0x05a0  Msfs - ok
12:06:26.0044 0x05a0  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:06:26.0044 0x05a0  mshidkmdf - ok
12:06:26.0044 0x05a0  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
12:06:26.0044 0x05a0  msisadrv - ok
12:06:26.0106 0x05a0  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:06:26.0122 0x05a0  MSiSCSI - ok
12:06:26.0137 0x05a0  msiserver - ok
12:06:26.0231 0x05a0  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:06:26.0231 0x05a0  MSKSSRV - ok
12:06:26.0324 0x05a0  MsMpSvc - ok
12:06:26.0340 0x05a0  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:06:26.0340 0x05a0  MSPCLOCK - ok
12:06:26.0434 0x05a0  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:06:26.0434 0x05a0  MSPQM - ok
12:06:26.0449 0x05a0  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:06:26.0465 0x05a0  MsRPC - ok
12:06:26.0465 0x05a0  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:06:26.0480 0x05a0  mssmbios - ok
12:06:26.0496 0x05a0  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:06:26.0496 0x05a0  MSTEE - ok
12:06:26.0496 0x05a0  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:06:26.0512 0x05a0  MTConfig - ok
12:06:26.0512 0x05a0  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:06:26.0512 0x05a0  Mup - ok
12:06:26.0621 0x05a0  [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent        C:\Windows\system32\qagentRT.dll
12:06:26.0652 0x05a0  napagent - ok
12:06:26.0746 0x05a0  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:06:26.0761 0x05a0  NativeWifiP - ok
12:06:26.0886 0x05a0  [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:06:26.0917 0x05a0  NDIS - ok
12:06:26.0995 0x05a0  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:06:26.0995 0x05a0  NdisCap - ok
12:06:27.0026 0x05a0  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:06:27.0026 0x05a0  NdisTapi - ok
12:06:27.0073 0x05a0  [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:06:27.0073 0x05a0  Ndisuio - ok
12:06:27.0089 0x05a0  [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:06:27.0089 0x05a0  NdisWan - ok
12:06:27.0104 0x05a0  [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:06:27.0104 0x05a0  NDProxy - ok
12:06:27.0136 0x05a0  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:06:27.0136 0x05a0  NetBIOS - ok
12:06:27.0198 0x05a0  [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:06:27.0276 0x05a0  NetBT - ok
12:06:27.0370 0x05a0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon        C:\Windows\system32\lsass.exe
12:06:27.0385 0x05a0  Netlogon - ok
12:06:27.0526 0x05a0  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
12:06:27.0557 0x05a0  Netman - ok
12:06:27.0650 0x05a0  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
12:06:27.0682 0x05a0  netprofm - ok
12:06:27.0713 0x05a0  [ FE2AA5A684B0DD9B1FAE57B7817C198B, 59137B15AD038C31BEB909EC11019E08C072DD7EE611B9618B7523880453BD4F ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:06:27.0713 0x05a0  NetTcpPortSharing - ok
12:06:27.0869 0x05a0  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:06:27.0869 0x05a0  nfrd960 - ok
12:06:27.0884 0x05a0  NisSrv - ok
12:06:28.0056 0x05a0  [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:06:28.0103 0x05a0  NlaSvc - ok
12:06:28.0181 0x05a0  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:06:28.0181 0x05a0  Npfs - ok
12:06:28.0243 0x05a0  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
12:06:28.0274 0x05a0  nsi - ok
12:06:28.0321 0x05a0  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:06:28.0321 0x05a0  nsiproxy - ok
12:06:28.0462 0x05a0  [ A8F59428E9F361C7AC42A94AC1560BC9, 5B056375C8D21E7AE9E2EAC2EF62F5A2D6D0DBB52DD2FC34F9CC35F55C6766A6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:06:28.0540 0x05a0  Ntfs - ok
12:06:28.0571 0x05a0  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
12:06:28.0571 0x05a0  Null - ok
12:06:28.0633 0x05a0  [ F1B0BED906F97E16F6D0C3629D2F21C6, 563DE1AF0BE884264FD0D17AAA92EA32A2EACDF1E6C56D038773919D731E110C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:06:28.0633 0x05a0  nvraid - ok
12:06:28.0680 0x05a0  [ 4520B63899E867F354EE012D34E11536, BDFF1033609834F44B0EDBE8B360FD7977D027034C469862385736AEFE8832B7 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:06:28.0696 0x05a0  nvstor - ok
12:06:28.0711 0x05a0  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
12:06:28.0711 0x05a0  nv_agp - ok
12:06:28.0945 0x05a0  [ 1F0E05DFF4F5A833168E49BE1256F002, A858267572033C185293B0FD15B2BFDA679D0771A14C0ADF24461B529DBAD8DF ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:06:28.0976 0x05a0  odserv - ok
12:06:29.0023 0x05a0  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:06:29.0023 0x05a0  ohci1394 - ok
12:06:29.0117 0x05a0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:06:29.0117 0x05a0  ose - ok
12:06:29.0179 0x05a0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:06:29.0210 0x05a0  p2pimsvc - ok
12:06:29.0273 0x05a0  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:06:29.0320 0x05a0  p2psvc - ok
12:06:29.0351 0x05a0  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:06:29.0366 0x05a0  Parport - ok
12:06:29.0382 0x05a0  [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:06:29.0382 0x05a0  partmgr - ok
12:06:29.0398 0x05a0  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:06:29.0398 0x05a0  Parvdm - ok
12:06:29.0398 0x05a0  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:06:29.0429 0x05a0  PcaSvc - ok
12:06:29.0444 0x05a0  [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci             C:\Windows\system32\DRIVERS\pci.sys
12:06:29.0444 0x05a0  pci - ok
12:06:29.0444 0x05a0  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
12:06:29.0444 0x05a0  pciide - ok
12:06:29.0491 0x05a0  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:06:29.0491 0x05a0  pcmcia - ok
12:06:29.0507 0x05a0  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:06:29.0507 0x05a0  pcw - ok
12:06:29.0522 0x05a0  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:06:29.0554 0x05a0  PEAUTH - ok
12:06:29.0694 0x05a0  [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla             C:\Windows\system32\pla.dll
12:06:29.0772 0x05a0  pla - ok
12:06:29.0866 0x05a0  [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:06:29.0881 0x05a0  PlugPlay - ok
12:06:29.0897 0x05a0  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:06:29.0897 0x05a0  PNRPAutoReg - ok

 

[scb175]

12:06:29.0912 0x05a0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:06:29.0912 0x05a0  PNRPsvc - ok
12:06:30.0022 0x05a0  [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:06:30.0053 0x05a0  PolicyAgent - ok
12:06:30.0100 0x05a0  [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power           C:\Windows\system32\umpo.dll
12:06:30.0100 0x05a0  Power - ok
12:06:30.0146 0x05a0  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:06:30.0162 0x05a0  PptpMiniport - ok
12:06:30.0193 0x05a0  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:06:30.0209 0x05a0  Processor - ok
12:06:30.0256 0x05a0  [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:06:30.0271 0x05a0  ProfSvc - ok
12:06:30.0302 0x05a0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
12:06:30.0302 0x05a0  ProtectedStorage - ok
12:06:30.0334 0x05a0  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:06:30.0334 0x05a0  Psched - ok
12:06:30.0412 0x05a0  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:06:30.0474 0x05a0  ql2300 - ok
12:06:30.0490 0x05a0  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:06:30.0490 0x05a0  ql40xx - ok
12:06:30.0536 0x05a0  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
12:06:30.0552 0x05a0  QWAVE - ok
12:06:30.0568 0x05a0  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:06:30.0568 0x05a0  QWAVEdrv - ok
12:06:30.0568 0x05a0  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:06:30.0568 0x05a0  RasAcd - ok
12:06:30.0614 0x05a0  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:06:30.0614 0x05a0  RasAgileVpn - ok
12:06:30.0630 0x05a0  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:06:30.0630 0x05a0  RasAuto - ok
12:06:30.0646 0x05a0  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:06:30.0646 0x05a0  Rasl2tp - ok
12:06:30.0677 0x05a0  [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan          C:\Windows\System32\rasmans.dll
12:06:30.0692 0x05a0  RasMan - ok
12:06:30.0708 0x05a0  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:06:30.0708 0x05a0  RasPppoe - ok
12:06:30.0739 0x05a0  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:06:30.0739 0x05a0  RasSstp - ok
12:06:30.0755 0x05a0  [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:06:30.0755 0x05a0  rdbss - ok
12:06:30.0770 0x05a0  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:06:30.0770 0x05a0  rdpbus - ok
12:06:30.0786 0x05a0  [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:06:30.0786 0x05a0  RDPCDD - ok
12:06:30.0802 0x05a0  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:06:30.0817 0x05a0  RDPENCDD - ok
12:06:30.0817 0x05a0  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:06:30.0817 0x05a0  RDPREFMP - ok
12:06:30.0864 0x05a0  [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:06:30.0880 0x05a0  RDPWD - ok
12:06:30.0880 0x05a0  [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:06:30.0895 0x05a0  rdyboost - ok
12:06:31.0051 0x05a0  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
12:06:31.0051 0x05a0  RealNetworks Downloader Resolver Service - ok
12:06:31.0098 0x05a0  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:06:31.0098 0x05a0  RemoteAccess - ok
12:06:31.0160 0x05a0  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:06:31.0160 0x05a0  RemoteRegistry - ok
12:06:31.0192 0x05a0  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:06:31.0192 0x05a0  RpcEptMapper - ok
12:06:31.0223 0x05a0  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
12:06:31.0223 0x05a0  RpcLocator - ok
12:06:31.0254 0x05a0  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs           C:\Windows\system32\rpcss.dll
12:06:31.0270 0x05a0  RpcSs - ok
12:06:31.0316 0x05a0  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:06:31.0316 0x05a0  rspndr - ok
12:06:31.0363 0x05a0  [ EF8B2AFC3C0751C5E5A59983C8893260, F612ACAD35F6ECC6596003D052B240B7688016FD5D82978727DD408DF36104F3 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:06:31.0363 0x05a0  RSUSBSTOR - ok
12:06:31.0410 0x05a0  [ 6465166DD9B2F841DABAD16ABDADBE98, C5E93E9739A14375A8242D11F3661A2D069DC0F88DD13C869F525E19808A362E ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
12:06:31.0410 0x05a0  RTL8167 - ok
12:06:31.0457 0x05a0  [ 5BD298BDF62E6A8A0FC69F73A82A52BB, 03B83BA124CBDBD42143DAE468D36F371F684243ACA4A05F7D661EB274A224AD ] RTL8187Se       C:\Windows\system32\DRIVERS\RTL8187Se.sys
12:06:31.0472 0x05a0  RTL8187Se - ok
12:06:31.0488 0x05a0  RtsUIR - ok
12:06:31.0504 0x05a0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs           C:\Windows\system32\lsass.exe
12:06:31.0504 0x05a0  SamSs - ok
12:06:31.0566 0x05a0  [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
12:06:31.0582 0x05a0  sbp2port - ok
12:06:31.0613 0x05a0  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:06:31.0628 0x05a0  SCardSvr - ok
12:06:31.0628 0x05a0  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:06:31.0628 0x05a0  scfilter - ok
12:06:31.0722 0x05a0  [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule        C:\Windows\system32\schedsvc.dll
12:06:31.0769 0x05a0  Schedule - ok
12:06:31.0800 0x05a0  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:06:31.0800 0x05a0  SCPolicySvc - ok
12:06:31.0847 0x05a0  [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:06:31.0862 0x05a0  SDRSVC - ok
12:06:32.0018 0x05a0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:06:32.0081 0x05a0  secdrv - ok
12:06:32.0112 0x05a0  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
12:06:32.0128 0x05a0  seclogon - ok
12:06:32.0143 0x05a0  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
12:06:32.0143 0x05a0  SENS - ok
12:06:32.0190 0x05a0  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:06:32.0190 0x05a0  SensrSvc - ok
12:06:32.0190 0x05a0  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:06:32.0190 0x05a0  Serenum - ok
12:06:32.0206 0x05a0  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:06:32.0206 0x05a0  Serial - ok
12:06:32.0221 0x05a0  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:06:32.0221 0x05a0  sermouse - ok
12:06:32.0252 0x05a0  [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv      C:\Windows\system32\sessenv.dll
12:06:32.0252 0x05a0  SessionEnv - ok
12:06:32.0268 0x05a0  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
12:06:32.0268 0x05a0  sffdisk - ok
12:06:32.0268 0x05a0  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:06:32.0268 0x05a0  sffp_mmc - ok
12:06:32.0284 0x05a0  [ 4F1E5B0FE7C8050668DBFADE8999AEFB, E36DAACC3D11F004808A3F44C471BBFDC2F33411D9F5C18B55B0DB2A6DA6E74C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
12:06:32.0284 0x05a0  sffp_sd - ok
12:06:32.0284 0x05a0  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:06:32.0299 0x05a0  sfloppy - ok
12:06:32.0330 0x05a0  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:06:32.0377 0x05a0  SharedAccess - ok
12:06:32.0424 0x05a0  [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:06:32.0455 0x05a0  ShellHWDetection - ok
12:06:32.0455 0x05a0  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
12:06:32.0455 0x05a0  sisagp - ok
12:06:32.0486 0x05a0  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:06:32.0486 0x05a0  SiSRaid2 - ok
12:06:32.0486 0x05a0  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:06:32.0502 0x05a0  SiSRaid4 - ok
12:06:32.0518 0x05a0  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:06:32.0518 0x05a0  Smb - ok
12:06:32.0549 0x05a0  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:06:32.0549 0x05a0  SNMPTRAP - ok
12:06:32.0564 0x05a0  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:06:32.0564 0x05a0  spldr - ok
12:06:32.0596 0x05a0  [ E17323B0AA9FB3FF9945731D736EDA2F, 65837FC6329A4B2B042B0CDB04F139CA14C2BD1EE0CDB2C7705431E9D97D0597 ] Spooler         C:\Windows\System32\spoolsv.exe
12:06:32.0611 0x05a0  Spooler - ok
12:06:32.0798 0x05a0  [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:06:32.0939 0x05a0  sppsvc - ok
12:06:33.0001 0x05a0  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:06:33.0017 0x05a0  sppuinotify - ok
12:06:33.0064 0x05a0  [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:06:33.0095 0x05a0  srv - ok
12:06:33.0142 0x05a0  [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:06:33.0188 0x05a0  srv2 - ok
12:06:33.0220 0x05a0  [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:06:33.0220 0x05a0  srvnet - ok
12:06:33.0266 0x05a0  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:06:33.0266 0x05a0  SSDPSRV - ok
12:06:33.0313 0x05a0  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:06:33.0313 0x05a0  SstpSvc - ok
12:06:33.0344 0x05a0  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:06:33.0344 0x05a0  stexstor - ok
12:06:33.0438 0x05a0  [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:06:33.0454 0x05a0  StiSvc - ok
12:06:33.0469 0x05a0  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:06:33.0469 0x05a0  swenum - ok
12:06:33.0500 0x05a0  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
12:06:33.0516 0x05a0  swprv - ok
12:06:33.0594 0x05a0  [ 8BD10DC8809DC69A1C5A795CB10ADD76, 92ED1BC580DC2BE539296D69775368C974FBB0145A5114BA250261E49E073960 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:06:33.0594 0x05a0  SynTP - ok
12:06:33.0672 0x05a0  [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain         C:\Windows\system32\sysmain.dll
12:06:33.0750 0x05a0  SysMain - ok
12:06:33.0781 0x05a0  [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:06:33.0781 0x05a0  TabletInputService - ok
12:06:33.0812 0x05a0  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:06:33.0812 0x05a0  TapiSrv - ok
12:06:33.0859 0x05a0  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
12:06:33.0859 0x05a0  TBS - ok
12:06:34.0000 0x05a0  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:06:34.0078 0x05a0  Tcpip - ok
12:06:34.0156 0x05a0  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:06:34.0187 0x05a0  TCPIP6 - ok
12:06:34.0218 0x05a0  [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:06:34.0218 0x05a0  tcpipreg - ok
12:06:34.0265 0x05a0  [ 4084EA00D50C858D6F9038F86AE2E2D0, FD7C34311B7F700C7C93B9A8A59D507C53ADF874651C6979979EDF5E21C32FD5 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
12:06:34.0265 0x05a0  tdcmdpst - ok
12:06:34.0265 0x05a0  [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:06:34.0265 0x05a0  TDPIPE - ok
12:06:34.0296 0x05a0  [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:06:34.0296 0x05a0  TDTCP - ok
12:06:34.0312 0x05a0  [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:06:34.0312 0x05a0  tdx - ok
12:06:34.0327 0x05a0  [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:06:34.0327 0x05a0  TermDD - ok
12:06:34.0374 0x05a0  [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService     C:\Windows\System32\termsrv.dll
12:06:34.0405 0x05a0  TermService - ok
12:06:34.0421 0x05a0  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
12:06:34.0468 0x05a0  Themes - ok
12:06:34.0514 0x05a0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:06:34.0530 0x05a0  THREADORDER - ok
12:06:34.0624 0x05a0  [ 32577B987AE5401038451BB392CB8D89, 62431F26853C9C5BAAF041F8DD5378B52DC114DE4E5A0FF014D106BDE6538EB7 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:06:34.0624 0x05a0  TMachInfo - ok
12:06:34.0795 0x05a0  [ FE65D33B7D4FF07DD1D29526A48DF810, E595370FD907734BC24263661C58F9AF7BDAEAE3BABED65A6C0EF837E17A7F68 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
12:06:34.0811 0x05a0  TODDSrv - ok
12:06:34.0889 0x05a0  [ 0B5FA26E0C8A8E07A6DF3DF4E5711DA8, C7B3A66FE451933F56DB397F08161CA54F47DC7FDB8A4F4E2C573BC97FF775F0 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
12:06:34.0904 0x05a0  TOSHIBA eco Utility Service - ok
12:06:34.0951 0x05a0  [ 94ECABE1BA3559214FE6C3CE6C9677EB, A192E7059297FA18E0FF5B3249D5C367365998ABCFFFEF84B7FE6EDF28AC6103 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:06:34.0967 0x05a0  TOSHIBA HDD SSD Alert Service - ok
12:06:35.0045 0x05a0  [ 969377943FE7284609BABBAB4E06B93C, 401ABFF0F2157730F8188E1C02C947EB62E9E0BE87DF260C4BCE74F5E8C08A46 ] tos_sps32       C:\Windows\system32\DRIVERS\tos_sps32.sys
12:06:35.0060 0x05a0  tos_sps32 - ok
12:06:35.0138 0x05a0  [ 31D2881B0647F2B09B118B9B50C02888, 7F174ADE54E5866DDCFE4C896D047EE3D4AE140A33A0184F3F57E44172F2EC87 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
12:06:35.0185 0x05a0  TPCHSrv - ok
12:06:35.0388 0x05a0  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
12:06:35.0388 0x05a0  TrkWks - ok
12:06:35.0482 0x05a0  [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:06:35.0497 0x05a0  TrustedInstaller - ok
12:06:35.0544 0x05a0  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:06:35.0544 0x05a0  tssecsrv - ok
12:06:35.0622 0x05a0  [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:06:35.0622 0x05a0  tunnel - ok
12:06:35.0684 0x05a0  [ FC24015B4052600C324C43E3A79C0664, 908DFC8490079FB3178DEF9D3A712F22E4E39D65092401D1003925FCF65EE4DB ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:06:35.0684 0x05a0  TVALZ - ok
12:06:35.0872 0x05a0  [ 866462F5AE3F375EF83EF9DCE436031C, 5433B3F3FC66C0E17ADBD98F97FD6189927B81C462859C67A22CE16E66DEB6D8 ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
12:06:35.0872 0x05a0  TVALZFL - ok
12:06:35.0887 0x05a0  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:06:35.0887 0x05a0  uagp35 - ok
12:06:35.0950 0x05a0  [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:06:35.0950 0x05a0  udfs - ok
12:06:36.0152 0x05a0  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:06:36.0168 0x05a0  UI0Detect - ok
12:06:36.0215 0x05a0  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
12:06:36.0230 0x05a0  uliagpkx - ok
12:06:36.0246 0x05a0  [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:06:36.0246 0x05a0  umbus - ok
12:06:36.0262 0x05a0  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:06:36.0262 0x05a0  UmPass - ok
12:06:36.0293 0x05a0  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
12:06:36.0324 0x05a0  upnphost - ok
12:06:36.0433 0x05a0  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
12:06:36.0433 0x05a0  USBAAPL - ok
12:06:36.0464 0x05a0  [ C31AE588E403042632DC796CF09E30B0, 3EA64F9637D6F0AFC9DA70775AC6598828CB289BC1F7B028B3CC22878A443F30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:06:36.0480 0x05a0  usbccgp - ok
12:06:36.0480 0x05a0  USBCCID - ok
12:06:36.0527 0x05a0  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
12:06:36.0527 0x05a0  usbcir - ok
12:06:36.0558 0x05a0  [ E4C436D914768CE965D5E659BA7EEBD8, 4FE0B360D2FE4C8B1D3FA5BD9A0E24CA6C186CD99B72EA58F6B669FABB0B1269 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:06:36.0558 0x05a0  usbehci - ok
12:06:36.0636 0x05a0  [ BDCD7156EC37448F08633FD899823620, 557A6E8B1CD43213FCCB247DEC9EEBC12F263DA13CFF72DEE724E830F7F22C33 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:06:36.0667 0x05a0  usbhub - ok
12:06:36.0714 0x05a0  [ EB2D819A639015253C871CDA09D91D58, E65757F3D162F26012BF9E16ECA0688BBCAE633AFFD1CE07083A3306376A4E82 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:06:36.0714 0x05a0  usbohci - ok
12:06:36.0776 0x05a0  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:06:36.0792 0x05a0  usbprint - ok
12:06:36.0854 0x05a0  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:06:36.0870 0x05a0  usbscan - ok
12:06:36.0886 0x05a0  [ 1C4287739A93594E57E2A9E6A3ED7353, FCA7D01D7A699B2C3514FD30D534C9ABA975D4AC2543546D94BEB224834BCA54 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:06:36.0886 0x05a0  USBSTOR - ok
12:06:36.0917 0x05a0  [ 22480BF4E5A09192E5E30BA4DDE79FA4, E5CB29CD419009AC0F641E50E8B0E0B7FF6AD68ADB48A959FFD07A37FCF7B9BE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:06:36.0917 0x05a0  usbuhci - ok
12:06:36.0995 0x05a0  [ B5F6A992D996282B7FAE7048E50AF83A, CE8A3096DB78BD7E660A7B544AD3EE25AE747B3A63359D55B480B7FF1B6BEE8B ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:06:36.0995 0x05a0  usbvideo - ok
12:06:37.0026 0x05a0  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
12:06:37.0026 0x05a0  UxSms - ok
12:06:37.0042 0x05a0  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc        C:\Windows\system32\lsass.exe
12:06:37.0042 0x05a0  VaultSvc - ok
12:06:37.0120 0x05a0  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
12:06:37.0120 0x05a0  vdrvroot - ok
12:06:37.0182 0x05a0  [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds             C:\Windows\System32\vds.exe
12:06:37.0213 0x05a0  vds - ok
12:06:37.0229 0x05a0  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:06:37.0229 0x05a0  vga - ok
12:06:37.0229 0x05a0  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:06:37.0229 0x05a0  VgaSave - ok
12:06:37.0244 0x05a0  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
12:06:37.0244 0x05a0  vhdmp - ok
12:06:37.0291 0x05a0  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
12:06:37.0291 0x05a0  viaagp - ok
12:06:37.0307 0x05a0  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:06:37.0307 0x05a0  ViaC7 - ok
12:06:37.0307 0x05a0  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
12:06:37.0307 0x05a0  viaide - ok
12:06:37.0322 0x05a0  [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
12:06:37.0338 0x05a0  volmgr - ok
12:06:37.0385 0x05a0  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:06:37.0400 0x05a0  volmgrx - ok
12:06:37.0478 0x05a0  [ 59F06B4968E58BC83DFC56CA4517960E, F0ACE8D5F30B8C81E4FDE0CEBDBA71A212A3198ED09D92B2B40C48FBB243D3F5 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:06:37.0478 0x05a0  volsnap - ok
12:06:37.0525 0x05a0  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:06:37.0541 0x05a0  vsmraid - ok
12:06:37.0634 0x05a0  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS             C:\Windows\system32\vssvc.exe
12:06:37.0697 0x05a0  VSS - ok
12:06:37.0697 0x05a0  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:06:37.0712 0x05a0  vwifibus - ok
12:06:37.0728 0x05a0  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:06:37.0728 0x05a0  vwififlt - ok
12:06:37.0744 0x05a0  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:06:37.0744 0x05a0  vwifimp - ok
12:06:37.0759 0x05a0  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
12:06:37.0775 0x05a0  W32Time - ok
12:06:37.0790 0x05a0  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:06:37.0790 0x05a0  WacomPen - ok
12:06:37.0837 0x05a0  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:06:37.0837 0x05a0  WANARP - ok
12:06:37.0853 0x05a0  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:06:37.0853 0x05a0  Wanarpv6 - ok
12:06:37.0946 0x05a0  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:06:38.0009 0x05a0  WatAdminSvc - ok
12:06:38.0071 0x05a0  [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine        C:\Windows\system32\wbengine.exe
12:06:38.0134 0x05a0  wbengine - ok
12:06:38.0149 0x05a0  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:06:38.0165 0x05a0  WbioSrvc - ok
12:06:38.0196 0x05a0  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:06:38.0212 0x05a0  wcncsvc - ok
12:06:38.0227 0x05a0  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:06:38.0243 0x05a0  WcsPlugInService - ok
12:06:38.0274 0x05a0  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:06:38.0274 0x05a0  Wd - ok
12:06:38.0352 0x05a0  [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:06:38.0368 0x05a0  Wdf01000 - ok
12:06:38.0430 0x05a0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:06:38.0430 0x05a0  WdiServiceHost - ok
12:06:38.0446 0x05a0  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:06:38.0446 0x05a0  WdiSystemHost - ok
12:06:38.0477 0x05a0  [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient       C:\Windows\System32\webclnt.dll
12:06:38.0492 0x05a0  WebClient - ok
12:06:38.0524 0x05a0  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:06:38.0524 0x05a0  Wecsvc - ok
12:06:38.0555 0x05a0  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:06:38.0555 0x05a0  wercplsupport - ok
12:06:38.0586 0x05a0  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
12:06:38.0586 0x05a0  WerSvc - ok
12:06:38.0648 0x05a0  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:06:38.0648 0x05a0  WfpLwf - ok
12:06:38.0680 0x05a0  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:06:38.0680 0x05a0  WIMMount - ok
12:06:38.0758 0x05a0  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:06:38.0804 0x05a0  WinDefend - ok
12:06:38.0820 0x05a0  WinHttpAutoProxySvc - ok
12:06:38.0945 0x05a0  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:06:38.0945 0x05a0  Winmgmt - ok
12:06:39.0038 0x05a0  [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM           C:\Windows\system32\WsmSvc.dll
12:06:39.0132 0x05a0  WinRM - ok
12:06:39.0179 0x05a0  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:06:39.0179 0x05a0  WinUsb - ok
12:06:39.0272 0x05a0  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:06:39.0319 0x05a0  Wlansvc - ok
12:06:39.0335 0x05a0  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:06:39.0350 0x05a0  WmiAcpi - ok
12:06:39.0382 0x05a0  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:06:39.0397 0x05a0  wmiApSrv - ok
12:06:39.0491 0x05a0  [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:06:39.0553 0x05a0  WMPNetworkSvc - ok
12:06:39.0616 0x05a0  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:06:39.0616 0x05a0  WPCSvc - ok
12:06:39.0631 0x05a0  [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:06:39.0631 0x05a0  WPDBusEnum - ok
12:06:39.0662 0x05a0  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:06:39.0662 0x05a0  ws2ifsl - ok
12:06:39.0694 0x05a0  [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc          C:\Windows\system32\wscsvc.dll
12:06:39.0709 0x05a0  wscsvc - ok
12:06:39.0709 0x05a0  WSearch - ok
12:06:39.0850 0x05a0  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:06:39.0928 0x05a0  wuauserv - ok
12:06:40.0037 0x05a0  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:06:40.0052 0x05a0  WudfPf - ok
12:06:40.0130 0x05a0  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:06:40.0130 0x05a0  WUDFRd - ok
12:06:40.0177 0x05a0  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:06:40.0177 0x05a0  wudfsvc - ok
12:06:40.0208 0x05a0  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:06:40.0224 0x05a0  WwanSvc - ok
12:06:40.0286 0x05a0  ================ Scan global ===============================
12:06:40.0318 0x05a0  [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
12:06:40.0364 0x05a0  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
12:06:40.0396 0x05a0  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
12:06:40.0427 0x05a0  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:06:40.0474 0x05a0  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:06:40.0505 0x05a0  [ Global ] - ok
12:06:40.0505 0x05a0  ================ Scan MBR ==================================
12:06:40.0520 0x05a0  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk0\DR0
12:06:41.0020 0x05a0  \Device\Harddisk0\DR0 - ok
12:06:41.0020 0x05a0  ================ Scan VBR ==================================
12:06:41.0051 0x05a0  [ 5D23C7FB3AE2F4E4543DCF7C11664442 ] \Device\Harddisk0\DR0\Partition1
12:06:41.0051 0x05a0  \Device\Harddisk0\DR0\Partition1 - ok
12:10:36.0096 0x05a0  Win FW state via NFP2: enabled
12:10:36.0112 0x05a0  ============================================================
12:10:36.0112 0x05a0  Scan finished
12:10:36.0112 0x05a0  ============================================================
12:10:36.0128 0x05b8  Detected object count: 0
12:10:36.0128 0x05b8  Actual detected object count: 0
12:11:27.0873 0x0f64  Deinitialize success

[Psychotic]

Full System Scan with Malwarebytes Antimalware

• 
  If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.
  

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[scb175]

Bumping this to say Sorry as I have been away for the Holiday

[scb175]

I ran Malwarebytes and it found one virus and removed it.  However, the program then froze and I was unable to get any kind of log file. 

[scb175]

Ok, ran malwarebytes again and finally got a log.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.27.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Karen :: KAREN-PC [administrator]

Protection: Enabled

12/3/2013 10:04:27 AM
mbam-log-2013-12-03 (10-04-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419843
Time elapsed: 1 hour(s), 15 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[scb175]

I also ran the ESET online scanner and it found zero threats.  It appears this computer is clean of a virus.  The one thing I have noticed is that windows firewall can not be accessed to be turned on or off.  I'm thinking one of the earlier viruses has disabled it?  Is there a program for you to check important windows processes? 

[Psychotic]

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
    
    
    

  
  [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.
  

[scb175]

Farbar Service Scanner Version: 23-11-2013
Ran by Karen (administrator) on 05-12-2013 at 08:16:14
Running from "C:\Users\Karen\Desktop"
Microsoft Windows 7 Home Premium   (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-03-09 16:25] - [2013-01-03 23:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-02-10 19:21] - [2010-12-21 00:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-04-26 14:26] - [2012-06-01 23:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****