Jump to content

Recommended Posts

HI everyone,

 

I have a PC that I mainly use as a file and mail server. A few weeks ago I absent mindedly clicked on a Java update prompt, this was the beginning of my end :-(

 

Since then I have been finding that something on my PC is generating thousands of spam emails.  I removed Avast as this was the resident AV programme and installed MS Security Essentials, thinking that AVAST had failed me. When I discovered this I believed I dealt with it, doing an AV scan, running ADWCleaner and Hijack this, but then it came back a few days later. SO I went is search of other solutions.

 

I found COMODO and installed this, this identified and deleted several Malware problems. However the problem returned several days later. Am currently running an ESET scan but am very troubled as I have just received a snail mail from my ISP telling me I am a source if Spam and threatening me with doom, gloom and disconnection,

 

So I have been surfing the web and found this wonderful forums and have read some of the support offered and was hoping I could solicit some assistance?

 

I am happy to be patient and to only do what I am asked, and when!

 

Regards

Gareth

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

First of all, wait until the ESET scan has finished. Save the log and post it up here.

Link to post
Share on other sites

Hello Marius,

Thank you for your prompt reply. I confirm that I will follow your instructions to the letter and communicate efficiently. Since my original posting I have calmed a little and read the fixed postings. I have downloaded the Malwarebytes program and am carrying out the initial steps, however I will await your response before posting the outcome.

 

Regards

Gareth

Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Hi,

 

Nothing found but the log is posted below. Whatever it is continues to attempt to send email.

 

COuld not post pog in one message, refused stating post too long, so posting in two posts hopefully

 

 

18:52:00.0886 0x155c  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
18:52:06.0144 0x155c  ============================================================
18:52:06.0144 0x155c  Current date / time: 2014/03/30 18:52:06.0144
18:52:06.0144 0x155c  SystemInfo:
18:52:06.0144 0x155c  
18:52:06.0145 0x155c  OS Version: 6.1.7601 ServicePack: 1.0
18:52:06.0145 0x155c  Product type: Workstation
18:52:06.0145 0x155c  ComputerName: VOICE
18:52:06.0145 0x155c  UserName: Gareth
18:52:06.0145 0x155c  Windows directory: C:\Windows
18:52:06.0145 0x155c  System windows directory: C:\Windows
18:52:06.0145 0x155c  Processor architecture: Intel x86
18:52:06.0145 0x155c  Number of processors: 2
18:52:06.0145 0x155c  Page size: 0x1000
18:52:06.0145 0x155c  Boot type: Normal boot
18:52:06.0145 0x155c  ============================================================
18:52:22.0052 0x155c  KLMD registered as C:\Windows\system32\drivers\38208381.sys
18:52:23.0176 0x155c  System UUID: {3E06375A-A2B3-6BF1-A12A-94A18E88C6CA}
18:52:24.0512 0x155c  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:52:24.0515 0x155c  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:52:24.0529 0x155c  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:52:33.0583 0x155c  Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:52:42.0836 0x155c  ============================================================
18:52:42.0836 0x155c  \Device\Harddisk0\DR0:
18:52:42.0859 0x155c  MBR partitions:
18:52:42.0859 0x155c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:52:42.0859 0x155c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
18:52:42.0859 0x155c  \Device\Harddisk1\DR1:
18:52:42.0859 0x155c  MBR partitions:
18:52:42.0859 0x155c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E08871
18:52:42.0859 0x155c  \Device\Harddisk2\DR2:
18:52:42.0859 0x155c  MBR partitions:
18:52:42.0859 0x155c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E08871
18:52:42.0859 0x155c  ============================================================
18:52:42.0879 0x155c  C: <-> \Device\Harddisk0\DR0\Partition2
18:52:43.0319 0x155c  D: <-> \Device\Harddisk1\DR1\Partition1
18:52:43.0780 0x155c  E: <-> \Device\Harddisk2\DR2\Partition1
18:52:43.0825 0x155c  ============================================================
18:52:43.0826 0x155c  Initialize success
18:52:43.0826 0x155c  ============================================================
18:52:53.0781 0x0c3c  ============================================================
18:52:53.0781 0x0c3c  Scan started
18:52:53.0781 0x0c3c  Mode: Manual; 
18:52:53.0781 0x0c3c  ============================================================
18:52:53.0781 0x0c3c  KSN ping started
18:53:07.0479 0x0c3c  KSN ping finished: true
18:53:09.0945 0x0c3c  ================ Scan system memory ========================
18:53:09.0945 0x0c3c  System memory - ok
18:53:09.0946 0x0c3c  ================ Scan services =============================
18:53:12.0582 0x0c3c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:53:12.0586 0x0c3c  1394ohci - ok
18:53:12.0765 0x0c3c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:53:12.0791 0x0c3c  ACPI - ok
18:53:13.0291 0x0c3c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:53:13.0291 0x0c3c  AcpiPmi - ok
18:53:14.0174 0x0c3c  [ 744ED7AABA941C0E3B7668F5CA4E345F, AF42712484AA9879ACF9C14FFE36EB17C019A174B272605EDCECB053E4AE8816 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:53:14.0188 0x0c3c  AcrSch2Svc - ok
18:53:14.0498 0x0c3c  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:53:14.0500 0x0c3c  AdobeARMservice - ok
18:53:14.0899 0x0c3c  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:53:14.0905 0x0c3c  AdobeFlashPlayerUpdateSvc - ok
18:53:14.0950 0x0c3c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:53:14.0958 0x0c3c  adp94xx - ok
18:53:14.0977 0x0c3c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:53:14.0983 0x0c3c  adpahci - ok
18:53:15.0000 0x0c3c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:53:15.0002 0x0c3c  adpu320 - ok
18:53:15.0036 0x0c3c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:53:15.0037 0x0c3c  AeLookupSvc - ok
18:53:15.0124 0x0c3c  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
18:53:15.0131 0x0c3c  AFD - ok
18:53:15.0150 0x0c3c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
18:53:15.0152 0x0c3c  agp440 - ok
18:53:15.0167 0x0c3c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
18:53:15.0168 0x0c3c  aic78xx - ok
18:53:15.0187 0x0c3c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
18:53:15.0189 0x0c3c  ALG - ok
18:53:15.0219 0x0c3c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:53:15.0219 0x0c3c  aliide - ok
18:53:15.0256 0x0c3c  [ F970EA885AEFEB1B9EB97CA7F1EB226D, 19E3B7F62A474BA9CC3824500445F9F525A2D43A597660658B05977DC198679A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:53:15.0259 0x0c3c  AMD External Events Utility - ok
18:53:15.0301 0x0c3c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:53:15.0302 0x0c3c  amdagp - ok
18:53:15.0312 0x0c3c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:53:15.0312 0x0c3c  amdide - ok
18:53:15.0333 0x0c3c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:53:15.0333 0x0c3c  AmdK8 - ok
18:53:15.0598 0x0c3c  [ AB70F110143892EB41AA46500AA5CF00, D6A9C4231713EE4029ED301129B1AEB14E47228603F8BB2B40FAE245B6F2AE36 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:53:15.0745 0x0c3c  amdkmdag - ok
18:53:15.0810 0x0c3c  [ 32D68D05B871EED5572D0C2C764EA4EC, 45695582E3C84E3D684EA8A01492A6A0201D737545D0BBCEFCBE93DB790628EB ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:53:15.0817 0x0c3c  amdkmdap - ok
18:53:15.0836 0x0c3c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:53:15.0837 0x0c3c  AmdPPM - ok
18:53:15.0857 0x0c3c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:53:15.0859 0x0c3c  amdsata - ok
18:53:15.0877 0x0c3c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:53:15.0880 0x0c3c  amdsbs - ok
18:53:15.0917 0x0c3c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:53:15.0918 0x0c3c  amdxata - ok
18:53:15.0989 0x0c3c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
18:53:15.0990 0x0c3c  AppID - ok
18:53:16.0015 0x0c3c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:53:16.0016 0x0c3c  AppIDSvc - ok
18:53:16.0038 0x0c3c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
18:53:16.0039 0x0c3c  Appinfo - ok
18:53:16.0134 0x0c3c  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:53:16.0137 0x0c3c  AppMgmt - ok
18:53:16.0166 0x0c3c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:53:16.0168 0x0c3c  arc - ok
18:53:16.0262 0x0c3c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:53:16.0264 0x0c3c  arcsas - ok
18:53:16.0751 0x0c3c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:53:16.0752 0x0c3c  aspnet_state - ok
18:53:17.0185 0x0c3c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:53:17.0185 0x0c3c  AsyncMac - ok
18:53:17.0242 0x0c3c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:53:17.0243 0x0c3c  atapi - ok
18:53:17.0522 0x0c3c  [ AB70F110143892EB41AA46500AA5CF00, D6A9C4231713EE4029ED301129B1AEB14E47228603F8BB2B40FAE245B6F2AE36 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:53:17.0671 0x0c3c  atikmdag - ok
18:53:17.0753 0x0c3c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:53:17.0762 0x0c3c  AudioEndpointBuilder - ok
18:53:17.0790 0x0c3c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:53:17.0797 0x0c3c  Audiosrv - ok
18:53:17.0848 0x0c3c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:53:17.0850 0x0c3c  AxInstSV - ok
18:53:17.0875 0x0c3c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
18:53:17.0882 0x0c3c  b06bdrv - ok
18:53:17.0920 0x0c3c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:53:17.0924 0x0c3c  b57nd60x - ok
18:53:17.0999 0x0c3c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
18:53:18.0000 0x0c3c  BDESVC - ok
18:53:18.0021 0x0c3c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:53:18.0022 0x0c3c  Beep - ok
18:53:18.0077 0x0c3c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
18:53:18.0085 0x0c3c  BFE - ok
18:53:18.0126 0x0c3c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
18:53:18.0138 0x0c3c  BITS - ok
18:53:18.0166 0x0c3c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:53:18.0166 0x0c3c  blbdrive - ok
18:53:18.0185 0x0c3c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:53:18.0186 0x0c3c  bowser - ok
18:53:18.0203 0x0c3c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:53:18.0204 0x0c3c  BrFiltLo - ok
18:53:18.0212 0x0c3c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:53:18.0212 0x0c3c  BrFiltUp - ok
18:53:18.0243 0x0c3c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
18:53:18.0245 0x0c3c  Browser - ok
18:53:18.0269 0x0c3c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:53:18.0274 0x0c3c  Brserid - ok
18:53:18.0296 0x0c3c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:53:18.0298 0x0c3c  BrSerWdm - ok
18:53:18.0315 0x0c3c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:53:18.0316 0x0c3c  BrUsbMdm - ok
18:53:18.0434 0x0c3c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:53:18.0435 0x0c3c  BrUsbSer - ok
18:53:18.0451 0x0c3c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:53:18.0453 0x0c3c  BTHMODEM - ok
18:53:18.0500 0x0c3c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
18:53:18.0502 0x0c3c  bthserv - ok
18:53:18.0508 0x0c3c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:53:18.0510 0x0c3c  cdfs - ok
18:53:18.0548 0x0c3c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:53:18.0551 0x0c3c  cdrom - ok
18:53:19.0049 0x0c3c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:53:19.0087 0x0c3c  CertPropSvc - ok
18:53:19.0108 0x0c3c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:53:19.0110 0x0c3c  circlass - ok
18:53:19.0198 0x0c3c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
18:53:19.0235 0x0c3c  CLFS - ok
18:53:19.0406 0x0c3c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:53:19.0408 0x0c3c  clr_optimization_v2.0.50727_32 - ok
18:53:19.0476 0x0c3c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:53:19.0479 0x0c3c  clr_optimization_v4.0.30319_32 - ok
18:53:19.0497 0x0c3c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:53:19.0497 0x0c3c  CmBatt - ok
18:53:19.0534 0x0c3c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:53:19.0535 0x0c3c  cmdide - ok
18:53:19.0608 0x0c3c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
18:53:19.0614 0x0c3c  CNG - ok
18:53:19.0619 0x0c3c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:53:19.0620 0x0c3c  Compbatt - ok
18:53:19.0675 0x0c3c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:53:19.0676 0x0c3c  CompositeBus - ok
18:53:19.0680 0x0c3c  COMSysApp - ok
18:53:19.0708 0x0c3c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:53:19.0708 0x0c3c  crcdisk - ok
18:53:19.0795 0x0c3c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:53:19.0798 0x0c3c  CryptSvc - ok
18:53:19.0836 0x0c3c  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
18:53:19.0843 0x0c3c  CSC - ok
18:53:19.0894 0x0c3c  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
18:53:19.0904 0x0c3c  CscService - ok
18:53:19.0929 0x0c3c  [ 54FD9AFF52E3959E2B15EBD86644650D, 97E2633A45FD9B8C0EA3DA82EF5A88B0CE4082A98D910A586ED8AA2D81CB9551 ] CSRBC           C:\Windows\system32\Drivers\csrbcx86.sys
18:53:19.0930 0x0c3c  CSRBC - ok
18:53:19.0971 0x0c3c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:53:19.0980 0x0c3c  DcomLaunch - ok
18:53:20.0012 0x0c3c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
18:53:20.0018 0x0c3c  defragsvc - ok
18:53:20.0055 0x0c3c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:53:20.0057 0x0c3c  DfsC - ok
18:53:20.0087 0x0c3c  [ F9F31A9F2A8C0DD0CEB6E380BF0985D4, 1881BD4662A81B727C1000CC73331BA28B221598155BC417F8101C455DE70DEB ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:53:20.0089 0x0c3c  dg_ssudbus - ok
18:53:20.0316 0x0c3c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:53:20.0321 0x0c3c  Dhcp - ok
18:53:20.0351 0x0c3c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
18:53:20.0387 0x0c3c  discache - ok
18:53:20.0412 0x0c3c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:53:20.0414 0x0c3c  Disk - ok
18:53:20.0868 0x0c3c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:53:20.0871 0x0c3c  Dnscache - ok
18:53:20.0959 0x0c3c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:53:20.0983 0x0c3c  dot3svc - ok
18:53:21.0096 0x0c3c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
18:53:21.0099 0x0c3c  DPS - ok
18:53:21.0218 0x0c3c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:53:21.0219 0x0c3c  drmkaud - ok
18:53:21.0404 0x0c3c  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:53:21.0416 0x0c3c  DXGKrnl - ok
18:53:21.0498 0x0c3c  [ CF0A6015F437161698C5B2A0A12CF052, C23A777CF5D34C96B16A4A6197DA3F14CC2F8C56421E422BBD46617C941DBBCE ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
18:53:21.0502 0x0c3c  e1express - ok
18:53:21.0557 0x0c3c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
18:53:21.0560 0x0c3c  EapHost - ok
18:53:21.0662 0x0c3c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
18:53:21.0719 0x0c3c  ebdrv - ok
18:53:21.0762 0x0c3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\Windows\System32\lsass.exe
18:53:21.0763 0x0c3c  EFS - ok
18:53:21.0804 0x0c3c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:53:21.0814 0x0c3c  ehRecvr - ok
18:53:21.0868 0x0c3c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
18:53:21.0870 0x0c3c  ehSched - ok
18:53:21.0901 0x0c3c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:53:21.0909 0x0c3c  elxstor - ok
18:53:21.0944 0x0c3c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:53:21.0945 0x0c3c  ErrDev - ok
18:53:21.0975 0x0c3c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
18:53:21.0981 0x0c3c  EventSystem - ok
18:53:22.0000 0x0c3c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:53:22.0004 0x0c3c  exfat - ok
18:53:22.0020 0x0c3c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:53:22.0024 0x0c3c  fastfat - ok
18:53:22.0072 0x0c3c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
18:53:22.0081 0x0c3c  Fax - ok
18:53:22.0101 0x0c3c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:53:22.0102 0x0c3c  fdc - ok
18:53:22.0116 0x0c3c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
18:53:22.0117 0x0c3c  fdPHost - ok
18:53:22.0134 0x0c3c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:53:22.0135 0x0c3c  FDResPub - ok
18:53:22.0145 0x0c3c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:53:22.0146 0x0c3c  FileInfo - ok
18:53:22.0186 0x0c3c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:53:22.0188 0x0c3c  Filetrace - ok
18:53:22.0205 0x0c3c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:53:22.0206 0x0c3c  flpydisk - ok
18:53:22.0222 0x0c3c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:53:22.0226 0x0c3c  FltMgr - ok
18:53:22.0285 0x0c3c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
18:53:22.0301 0x0c3c  FontCache - ok
18:53:22.0360 0x0c3c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:53:22.0361 0x0c3c  FontCache3.0.0.0 - ok
18:53:22.0388 0x0c3c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:53:22.0389 0x0c3c  FsDepends - ok
18:53:22.0400 0x0c3c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:53:22.0401 0x0c3c  Fs_Rec - ok
18:53:22.0429 0x0c3c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:53:22.0433 0x0c3c  fvevol - ok
18:53:22.0452 0x0c3c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:53:22.0454 0x0c3c  gagp30kx - ok
18:53:22.0495 0x0c3c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:53:22.0506 0x0c3c  gpsvc - ok
18:53:22.0573 0x0c3c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:53:22.0577 0x0c3c  gupdate - ok
18:53:22.0584 0x0c3c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:53:22.0587 0x0c3c  gupdatem - ok
18:53:22.0592 0x0c3c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:53:22.0593 0x0c3c  hcw85cir - ok
18:53:22.0656 0x0c3c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:53:22.0661 0x0c3c  HdAudAddService - ok
18:53:22.0695 0x0c3c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:53:22.0697 0x0c3c  HDAudBus - ok
18:53:22.0713 0x0c3c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:53:22.0714 0x0c3c  HidBatt - ok
18:53:22.0730 0x0c3c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:53:22.0732 0x0c3c  HidBth - ok
18:53:22.0747 0x0c3c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:53:22.0748 0x0c3c  HidIr - ok
18:53:22.0752 0x0c3c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
18:53:22.0754 0x0c3c  hidserv - ok
18:53:22.0780 0x0c3c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:53:22.0780 0x0c3c  HidUsb - ok
18:53:22.0841 0x0c3c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:53:22.0844 0x0c3c  hkmsvc - ok
18:53:22.0883 0x0c3c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:53:22.0889 0x0c3c  HomeGroupListener - ok
18:53:22.0915 0x0c3c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:53:22.0919 0x0c3c  HomeGroupProvider - ok
18:53:22.0950 0x0c3c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:53:22.0952 0x0c3c  HpSAMD - ok
18:53:23.0095 0x0c3c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:53:23.0117 0x0c3c  HTTP - ok
18:53:23.0460 0x0c3c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:53:23.0462 0x0c3c  hwpolicy - ok
18:53:23.0716 0x0c3c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:53:23.0719 0x0c3c  i8042prt - ok
18:53:23.0922 0x0c3c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:53:23.0930 0x0c3c  iaStorV - ok
18:53:24.0052 0x0c3c  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:53:24.0081 0x0c3c  idsvc - ok
18:53:24.0140 0x0c3c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:53:24.0141 0x0c3c  iirsp - ok
18:53:24.0343 0x0c3c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:53:24.0357 0x0c3c  IKEEXT - ok
18:53:24.0444 0x0c3c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:53:24.0444 0x0c3c  intelide - ok
18:53:24.0541 0x0c3c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:53:24.0587 0x0c3c  intelppm - ok
18:53:24.0642 0x0c3c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:53:24.0644 0x0c3c  IPBusEnum - ok
18:53:24.0688 0x0c3c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:24.0689 0x0c3c  IpFilterDriver - ok
18:53:24.0721 0x0c3c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:53:24.0730 0x0c3c  iphlpsvc - ok
18:53:24.0740 0x0c3c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:53:24.0742 0x0c3c  IPMIDRV - ok
18:53:24.0760 0x0c3c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:53:24.0762 0x0c3c  IPNAT - ok
18:53:24.0778 0x0c3c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:53:24.0779 0x0c3c  IRENUM - ok
18:53:24.0784 0x0c3c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:53:24.0785 0x0c3c  isapnp - ok
18:53:24.0802 0x0c3c  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:53:24.0808 0x0c3c  iScsiPrt - ok
18:53:24.0826 0x0c3c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:24.0827 0x0c3c  kbdclass - ok
18:53:24.0856 0x0c3c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:24.0857 0x0c3c  kbdhid - ok
18:53:24.0862 0x0c3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\Windows\system32\lsass.exe
18:53:24.0863 0x0c3c  KeyIso - ok
18:53:24.0888 0x0c3c  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:53:24.0890 0x0c3c  KSecDD - ok
18:53:24.0904 0x0c3c  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:53:24.0906 0x0c3c  KSecPkg - ok
18:53:24.0931 0x0c3c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:53:24.0938 0x0c3c  KtmRm - ok
18:53:24.0979 0x0c3c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:53:24.0984 0x0c3c  LanmanServer - ok
18:53:24.0998 0x0c3c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:53:25.0002 0x0c3c  LanmanWorkstation - ok
18:53:25.0021 0x0c3c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:53:25.0022 0x0c3c  lltdio - ok
18:53:25.0055 0x0c3c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:53:25.0060 0x0c3c  lltdsvc - ok
18:53:25.0080 0x0c3c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:53:25.0082 0x0c3c  lmhosts - ok
18:53:25.0199 0x0c3c  [ DD08D34C632065F0020A71D0F598F657, 251EFECB9769D0F26B124735B57F6E465F2ECF1431B831C4FD8D36E78DDB65A1 ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:53:25.0208 0x0c3c  LMIGuardianSvc - ok
18:53:25.0230 0x0c3c  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
18:53:25.0231 0x0c3c  LMIInfo - ok
18:53:25.0257 0x0c3c  [ 21EA89518E56E269DCC50A31CD4F4EB7, 67A5114022BB25AEEBE6D2BD43126109DBAF5D2FDFC8F77FFE182AA9976DA3F5 ] LMIMaint        C:\Program 
Link to post
Share on other sites

Files\LogMeIn\x86\RaMaint.exe

18:53:25.0261 0x0c3c  LMIMaint - ok

18:53:25.0291 0x0c3c  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys

18:53:25.0291 0x0c3c  lmimirr - ok

18:53:25.0302 0x0c3c  LMIRfsClientNP - ok

18:53:25.0335 0x0c3c  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys

18:53:25.0337 0x0c3c  LMIRfsDriver - ok

18:53:25.0357 0x0c3c  [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe

18:53:25.0363 0x0c3c  LogMeIn - ok

18:53:25.0382 0x0c3c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

18:53:25.0384 0x0c3c  LSI_FC - ok

18:53:25.0401 0x0c3c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

18:53:25.0403 0x0c3c  LSI_SAS - ok

18:53:25.0408 0x0c3c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:53:25.0410 0x0c3c  LSI_SAS2 - ok

18:53:25.0427 0x0c3c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:53:25.0429 0x0c3c  LSI_SCSI - ok

18:53:25.0443 0x0c3c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys

18:53:25.0446 0x0c3c  luafv - ok

18:53:25.0465 0x0c3c  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

18:53:25.0466 0x0c3c  MBAMProtector - ok

18:53:25.0528 0x0c3c  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

18:53:25.0537 0x0c3c  MBAMScheduler - ok

18:53:25.0563 0x0c3c  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

18:53:25.0750 0x0c3c  MBAMService - ok

18:53:25.0826 0x0c3c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

18:53:25.0830 0x0c3c  Mcx2Svc - ok

18:53:25.0852 0x0c3c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

18:53:25.0853 0x0c3c  megasas - ok

18:53:25.0951 0x0c3c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

18:53:25.0955 0x0c3c  MegaSR - ok

18:53:25.0989 0x0c3c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll

18:53:25.0992 0x0c3c  MMCSS - ok

18:53:26.0111 0x0c3c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys

18:53:26.0112 0x0c3c  Modem - ok

18:53:26.0248 0x0c3c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

18:53:26.0249 0x0c3c  monitor - ok

18:53:26.0466 0x0c3c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

18:53:26.0467 0x0c3c  mouclass - ok

18:53:26.0493 0x0c3c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

18:53:26.0494 0x0c3c  mouhid - ok

18:53:26.0708 0x0c3c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

18:53:26.0711 0x0c3c  mountmgr - ok

18:53:27.0100 0x0c3c  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys

18:53:27.0106 0x0c3c  MpFilter - ok

18:53:27.0133 0x0c3c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys

18:53:27.0136 0x0c3c  mpio - ok

18:53:27.0395 0x0c3c  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl462228e1   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AAF56EA-4796-449C-9613-E965829DCF04}\MpKsl462228e1.sys

18:53:27.0397 0x0c3c  MpKsl462228e1 - ok

18:53:27.0428 0x0c3c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

18:53:27.0430 0x0c3c  mpsdrv - ok

18:53:27.0984 0x0c3c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll

18:53:27.0997 0x0c3c  MpsSvc - ok

18:53:28.0052 0x0c3c  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

18:53:28.0055 0x0c3c  MRxDAV - ok

18:53:28.0104 0x0c3c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

18:53:28.0106 0x0c3c  mrxsmb - ok

18:53:28.0177 0x0c3c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:53:28.0181 0x0c3c  mrxsmb10 - ok

18:53:28.0228 0x0c3c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:53:28.0230 0x0c3c  mrxsmb20 - ok

18:53:28.0401 0x0c3c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys

18:53:28.0402 0x0c3c  msahci - ok

18:53:28.0481 0x0c3c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

18:53:28.0483 0x0c3c  msdsm - ok

18:53:28.0558 0x0c3c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe

18:53:28.0562 0x0c3c  MSDTC - ok

18:53:28.0582 0x0c3c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys

18:53:28.0583 0x0c3c  Msfs - ok

18:53:28.0625 0x0c3c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

18:53:28.0625 0x0c3c  mshidkmdf - ok

18:53:28.0666 0x0c3c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

18:53:28.0666 0x0c3c  msisadrv - ok

18:53:28.0708 0x0c3c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

18:53:28.0712 0x0c3c  MSiSCSI - ok

18:53:28.0716 0x0c3c  msiserver - ok

18:53:28.0729 0x0c3c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

18:53:28.0729 0x0c3c  MSKSSRV - ok

18:53:28.0780 0x0c3c  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe

18:53:28.0780 0x0c3c  MsMpSvc - ok

18:53:28.0809 0x0c3c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

18:53:28.0810 0x0c3c  MSPCLOCK - ok

18:53:28.0840 0x0c3c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

18:53:28.0841 0x0c3c  MSPQM - ok

18:53:28.0866 0x0c3c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

18:53:28.0870 0x0c3c  MsRPC - ok

18:53:28.0898 0x0c3c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

18:53:29.0000 0x0c3c  mssmbios - ok

18:53:29.0055 0x0c3c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

18:53:29.0055 0x0c3c  MSTEE - ok

18:53:29.0140 0x0c3c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

18:53:29.0141 0x0c3c  MTConfig - ok

18:53:29.0157 0x0c3c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys

18:53:29.0158 0x0c3c  Mup - ok

18:53:29.0329 0x0c3c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll

18:53:29.0335 0x0c3c  napagent - ok

18:53:29.0386 0x0c3c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

18:53:29.0392 0x0c3c  NativeWifiP - ok

18:53:29.0500 0x0c3c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys

18:53:29.0512 0x0c3c  NDIS - ok

18:53:29.0557 0x0c3c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

18:53:29.0558 0x0c3c  NdisCap - ok

18:53:29.0722 0x0c3c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

18:53:29.0722 0x0c3c  NdisTapi - ok

18:53:29.0816 0x0c3c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

18:53:29.0817 0x0c3c  Ndisuio - ok

18:53:29.0864 0x0c3c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

18:53:29.0867 0x0c3c  NdisWan - ok

18:53:29.0965 0x0c3c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

18:53:30.0017 0x0c3c  NDProxy - ok

18:53:30.0040 0x0c3c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

18:53:30.0041 0x0c3c  NetBIOS - ok

18:53:30.0096 0x0c3c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

18:53:30.0102 0x0c3c  NetBT - ok

18:53:30.0161 0x0c3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\Windows\system32\lsass.exe

18:53:30.0163 0x0c3c  Netlogon - ok

18:53:30.0319 0x0c3c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll

18:53:30.0328 0x0c3c  Netman - ok

18:53:30.0504 0x0c3c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

18:53:30.0508 0x0c3c  NetMsmqActivator - ok

18:53:30.0515 0x0c3c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

18:53:30.0518 0x0c3c  NetPipeActivator - ok

18:53:30.0563 0x0c3c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll

18:53:30.0571 0x0c3c  netprofm - ok

18:53:31.0124 0x0c3c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

18:53:31.0126 0x0c3c  NetTcpActivator - ok

18:53:31.0181 0x0c3c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

18:53:31.0183 0x0c3c  NetTcpPortSharing - ok

18:53:31.0205 0x0c3c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

18:53:31.0206 0x0c3c  nfrd960 - ok

18:53:31.0340 0x0c3c  [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys

18:53:31.0343 0x0c3c  NisDrv - ok

18:53:31.0448 0x0c3c  [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe

18:53:31.0454 0x0c3c  NisSrv - ok

18:53:31.0510 0x0c3c  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll

18:53:31.0515 0x0c3c  NlaSvc - ok

18:53:31.0546 0x0c3c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

18:53:31.0548 0x0c3c  Npfs - ok

18:53:31.0554 0x0c3c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll

18:53:31.0556 0x0c3c  nsi - ok

18:53:31.0567 0x0c3c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

18:53:31.0568 0x0c3c  nsiproxy - ok

18:53:31.0668 0x0c3c  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

18:53:31.0729 0x0c3c  Ntfs - ok

18:53:31.0751 0x0c3c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys

18:53:31.0752 0x0c3c  Null - ok

18:53:31.0772 0x0c3c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys

18:53:31.0774 0x0c3c  nvraid - ok

18:53:31.0842 0x0c3c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

18:53:31.0845 0x0c3c  nvstor - ok

18:53:31.0858 0x0c3c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

18:53:31.0860 0x0c3c  nv_agp - ok

18:53:31.0886 0x0c3c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

18:53:31.0888 0x0c3c  ohci1394 - ok

18:53:31.0936 0x0c3c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:53:31.0939 0x0c3c  ose - ok

18:53:32.0090 0x0c3c  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:53:32.0224 0x0c3c  osppsvc - ok

18:53:32.0246 0x0c3c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

18:53:32.0254 0x0c3c  p2pimsvc - ok

18:53:32.0298 0x0c3c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll

18:53:32.0307 0x0c3c  p2psvc - ok

18:53:32.0400 0x0c3c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys

18:53:32.0402 0x0c3c  Parport - ok

18:53:32.0564 0x0c3c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

18:53:32.0565 0x0c3c  partmgr - ok

18:53:32.0614 0x0c3c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

18:53:32.0614 0x0c3c  Parvdm - ok

18:53:33.0292 0x0c3c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll

18:53:33.0296 0x0c3c  PcaSvc - ok

18:53:33.0345 0x0c3c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys

18:53:33.0348 0x0c3c  pci - ok

18:53:33.0391 0x0c3c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys

18:53:33.0392 0x0c3c  pciide - ok

18:53:33.0430 0x0c3c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

18:53:33.0433 0x0c3c  pcmcia - ok

18:53:33.0457 0x0c3c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys

18:53:33.0458 0x0c3c  pcw - ok

18:53:33.0520 0x0c3c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

18:53:33.0531 0x0c3c  PEAUTH - ok

18:53:33.0602 0x0c3c  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

18:53:33.0675 0x0c3c  PeerDistSvc - ok

18:53:33.0760 0x0c3c  [ 48B06ECA2C2F036EB3912D816EE5941B, F6977992512D73E3CBD75D7C6C0E8F26A82D58E83B117E9F9C129B410B149E20 ] PinnacleRoyalTS C:\Windows\system32\DRIVERS\RoyalTS.sys

18:53:33.0763 0x0c3c  PinnacleRoyalTS - ok

18:53:33.0908 0x0c3c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll

18:53:33.0942 0x0c3c  pla - ok

18:53:34.0007 0x0c3c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

18:53:34.0015 0x0c3c  PlugPlay - ok

18:53:34.0048 0x0c3c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

18:53:34.0051 0x0c3c  PNRPAutoReg - ok

18:53:34.0070 0x0c3c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

18:53:34.0077 0x0c3c  PNRPsvc - ok

18:53:34.0133 0x0c3c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

18:53:34.0139 0x0c3c  PolicyAgent - ok

18:53:34.0184 0x0c3c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll

18:53:34.0189 0x0c3c  Power - ok

18:53:34.0203 0x0c3c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

18:53:34.0205 0x0c3c  PptpMiniport - ok

18:53:34.0221 0x0c3c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

18:53:34.0223 0x0c3c  Processor - ok

18:53:34.0261 0x0c3c  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll

18:53:34.0266 0x0c3c  ProfSvc - ok

18:53:34.0277 0x0c3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:53:34.0280 0x0c3c  ProtectedStorage - ok

18:53:34.0313 0x0c3c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

18:53:34.0315 0x0c3c  Psched - ok

18:53:34.0525 0x0c3c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

18:53:34.0552 0x0c3c  ql2300 - ok

18:53:34.0571 0x0c3c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

18:53:34.0573 0x0c3c  ql40xx - ok

18:53:34.0596 0x0c3c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll

18:53:34.0603 0x0c3c  QWAVE - ok

18:53:34.0610 0x0c3c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

18:53:34.0611 0x0c3c  QWAVEdrv - ok

18:53:34.0654 0x0c3c  [ B953369C5EF43615F1BFA9CEA69FC9AA, 3094E50FBBEF7582F67E1E0BF255F29774A9C9D4E1986718F103AE5344B1031E ] radpms          C:\Windows\system32\DRIVERS\radpms.sys

18:53:34.0654 0x0c3c  radpms - ok

18:53:34.0659 0x0c3c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

18:53:34.0660 0x0c3c  RasAcd - ok

18:53:34.0693 0x0c3c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

18:53:34.0694 0x0c3c  RasAgileVpn - ok

18:53:34.0703 0x0c3c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll

18:53:34.0707 0x0c3c  RasAuto - ok

18:53:34.0718 0x0c3c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

18:53:34.0720 0x0c3c  Rasl2tp - ok

18:53:34.0762 0x0c3c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll

18:53:34.0770 0x0c3c  RasMan - ok

18:53:34.0789 0x0c3c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

18:53:34.0791 0x0c3c  RasPppoe - ok

18:53:34.0805 0x0c3c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

18:53:34.0806 0x0c3c  RasSstp - ok

18:53:34.0821 0x0c3c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

18:53:34.0825 0x0c3c  rdbss - ok

18:53:34.0833 0x0c3c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

18:53:34.0834 0x0c3c  rdpbus - ok

18:53:34.0857 0x0c3c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

18:53:34.0858 0x0c3c  RDPCDD - ok

18:53:34.0916 0x0c3c  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

18:53:34.0919 0x0c3c  RDPDR - ok

18:53:34.0936 0x0c3c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

18:53:34.0937 0x0c3c  RDPENCDD - ok

18:53:34.0949 0x0c3c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

18:53:34.0950 0x0c3c  RDPREFMP - ok

18:53:34.0995 0x0c3c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

18:53:34.0996 0x0c3c  RdpVideoMiniport - ok

18:53:35.0033 0x0c3c  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

18:53:35.0038 0x0c3c  RDPWD - ok

18:53:35.0083 0x0c3c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

18:53:35.0087 0x0c3c  rdyboost - ok

18:53:35.0125 0x0c3c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll

18:53:35.0127 0x0c3c  RemoteAccess - ok

18:53:35.0141 0x0c3c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll

18:53:35.0146 0x0c3c  RemoteRegistry - ok

18:53:35.0154 0x0c3c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

18:53:35.0157 0x0c3c  RpcEptMapper - ok

18:53:35.0170 0x0c3c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe

18:53:35.0171 0x0c3c  RpcLocator - ok

18:53:35.0199 0x0c3c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll

18:53:35.0207 0x0c3c  RpcSs - ok

18:53:35.0212 0x0c3c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

18:53:35.0214 0x0c3c  rspndr - ok

18:53:35.0248 0x0c3c  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys

18:53:35.0249 0x0c3c  s3cap - ok

18:53:35.0253 0x0c3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs           C:\Windows\system32\lsass.exe

18:53:35.0255 0x0c3c  SamSs - ok

18:53:35.0286 0x0c3c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

18:53:35.0288 0x0c3c  sbp2port - ok

18:53:35.0314 0x0c3c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

18:53:35.0319 0x0c3c  SCardSvr - ok

18:53:35.0326 0x0c3c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

18:53:35.0327 0x0c3c  scfilter - ok

18:53:35.0378 0x0c3c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll

18:53:35.0393 0x0c3c  Schedule - ok

18:53:35.0401 0x0c3c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll

18:53:35.0403 0x0c3c  SCPolicySvc - ok

18:53:35.0424 0x0c3c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

18:53:35.0429 0x0c3c  SDRSVC - ok

18:53:35.0434 0x0c3c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

18:53:35.0435 0x0c3c  secdrv - ok

18:53:35.0447 0x0c3c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll

18:53:35.0450 0x0c3c  seclogon - ok

18:53:35.0457 0x0c3c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll

18:53:35.0459 0x0c3c  SENS - ok

18:53:35.0469 0x0c3c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

18:53:35.0474 0x0c3c  SensrSvc - ok

18:53:35.0501 0x0c3c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

18:53:35.0502 0x0c3c  Serenum - ok

18:53:35.0512 0x0c3c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys

18:53:35.0514 0x0c3c  Serial - ok

18:53:35.0521 0x0c3c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

18:53:35.0522 0x0c3c  sermouse - ok

18:53:35.0588 0x0c3c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll

18:53:35.0592 0x0c3c  SessionEnv - ok

18:53:35.0623 0x0c3c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

18:53:35.0623 0x0c3c  sffdisk - ok

18:53:35.0636 0x0c3c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

18:53:35.0636 0x0c3c  sffp_mmc - ok

18:53:35.0654 0x0c3c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

18:53:35.0655 0x0c3c  sffp_sd - ok

18:53:35.0661 0x0c3c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

18:53:35.0661 0x0c3c  sfloppy - ok

18:53:35.0718 0x0c3c  [ 5922E59C97A799A349936A1EB09F9ACB, C9F471B15C677EF8FD222058E021D683935DB00594B7991DA66E6B426DF7FBDC ] SgtSch2Svc      C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

18:53:35.0733 0x0c3c  SgtSch2Svc - ok

18:53:35.0788 0x0c3c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll

18:53:35.0794 0x0c3c  SharedAccess - ok

18:53:35.0824 0x0c3c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:53:35.0832 0x0c3c  ShellHWDetection - ok

18:53:35.0846 0x0c3c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys

18:53:35.0848 0x0c3c  sisagp - ok

18:53:35.0865 0x0c3c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:53:35.0866 0x0c3c  SiSRaid2 - ok

18:53:35.0876 0x0c3c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

18:53:35.0878 0x0c3c  SiSRaid4 - ok

18:53:35.0909 0x0c3c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

18:53:35.0911 0x0c3c  Smb - ok

18:53:35.0948 0x0c3c  [ 98B44C15B4EED76AA8DCCB64A4CA11AF, 5E42725C849FD0BBA6BAFD008F7DB9093505C5EF7584BBBD6240B3777FEC4D93 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys

18:53:35.0951 0x0c3c  snapman - ok

18:53:36.0023 0x0c3c  [ 5CE1CF27620B144E212D407CDB14D339, 2F537E149682868D236E81DD695896682FD28EEA1E19BF94953E5BC533F1E9C7 ] snapman380      C:\Windows\system32\DRIVERS\snman380.sys

18:53:36.0027 0x0c3c  snapman380 - ok

18:53:36.0047 0x0c3c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

18:53:36.0049 0x0c3c  SNMPTRAP - ok

18:53:36.0065 0x0c3c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys

18:53:36.0066 0x0c3c  spldr - ok

18:53:36.0101 0x0c3c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe

18:53:36.0108 0x0c3c  Spooler - ok

18:53:36.0226 0x0c3c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe

18:53:36.0330 0x0c3c  sppsvc - ok

18:53:36.0437 0x0c3c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll

18:53:36.0441 0x0c3c  sppuinotify - ok

18:53:36.0465 0x0c3c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys

18:53:36.0473 0x0c3c  srv - ok

18:53:36.0503 0x0c3c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

18:53:36.0509 0x0c3c  srv2 - ok

18:53:36.0520 0x0c3c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

18:53:36.0523 0x0c3c  srvnet - ok

18:53:36.0554 0x0c3c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

18:53:36.0558 0x0c3c  SSDPSRV - ok

18:53:36.0572 0x0c3c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

18:53:36.0576 0x0c3c  SstpSvc - ok

18:53:36.0623 0x0c3c  [ 07318149E102FD9197AB444C27774372, C09FA8FBEFC8647251CEB3B9D509380D020BDC4594087978309D832877A64FAC ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys

18:53:36.0625 0x0c3c  ssudmdm - ok

18:53:36.0641 0x0c3c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

18:53:36.0642 0x0c3c  stexstor - ok

18:53:36.0665 0x0c3c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll

18:53:36.0674 0x0c3c  StiSvc - ok

18:53:36.0691 0x0c3c  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys

18:53:36.0692 0x0c3c  storflt - ok

18:53:36.0697 0x0c3c  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll

18:53:36.0700 0x0c3c  StorSvc - ok

18:53:36.0724 0x0c3c  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys

18:53:36.0725 0x0c3c  storvsc - ok

18:53:36.0732 0x0c3c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys

18:53:36.0733 0x0c3c  swenum - ok

18:53:36.0750 0x0c3c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll

18:53:36.0759 0x0c3c  swprv - ok

18:53:36.0788 0x0c3c  Synth3dVsc - ok

18:53:36.0883 0x0c3c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll

18:53:36.0927 0x0c3c  SysMain - ok

18:53:36.0956 0x0c3c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll

18:53:36.0959 0x0c3c  TabletInputService - ok

18:53:36.0973 0x0c3c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll

18:53:36.0981 0x0c3c  TapiSrv - ok

18:53:36.0996 0x0c3c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll

18:53:37.0000 0x0c3c  TBS - ok

18:53:37.0091 0x0c3c  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

18:53:37.0116 0x0c3c  Tcpip - ok

18:53:37.0201 0x0c3c  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

18:53:37.0223 0x0c3c  TCPIP6 - ok

18:53:37.0270 0x0c3c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

18:53:37.0271 0x0c3c  tcpipreg - ok

18:53:37.0301 0x0c3c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

18:53:37.0302 0x0c3c  TDPIPE - ok

18:53:37.0356 0x0c3c  [ 9855C40DE1DE32AAA4E290A361CDA0F3, 1455D30AB894C804E6B1E6BC167CD69F2856BD4F3F42C1F939F8C8EF1473CCBE ] tdrpman140      C:\Windows\system32\DRIVERS\tdrpm140.sys

18:53:37.0373 0x0c3c  tdrpman140 - ok

18:53:37.0409 0x0c3c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

18:53:37.0410 0x0c3c  TDTCP - ok

18:53:37.0419 0x0c3c  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

18:53:37.0421 0x0c3c  tdx - ok

18:53:37.0447 0x0c3c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys

18:53:37.0449 0x0c3c  TermDD - ok

18:53:37.0519 0x0c3c  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll

18:53:37.0540 0x0c3c  TermService - ok

18:53:37.0545 0x0c3c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll

18:53:37.0548 0x0c3c  Themes - ok

18:53:37.0569 0x0c3c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll

18:53:37.0571 0x0c3c  THREADORDER - ok

18:53:37.0576 0x0c3c  [ 6DCB8DDB481CD3C40FA68593723B4D89, EE7D05C688C9FFBC1281E7152B5FC0AFC2CD21F778C6733E0F47024BF73E4A4D ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys

18:53:37.0577 0x0c3c  tifsfilter - ok

18:53:37.0611 0x0c3c  [ 394FC70B88B7958FA85798BBC76D140A, D8FCF01893B51FF8198A0CF2230226DBD9F66D928DA0856650D936A495EF432D ] timounter       C:\Windows\system32\DRIVERS\timntr.sys

18:53:37.0621 0x0c3c  timounter - ok

18:53:37.0643 0x0c3c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll

18:53:37.0647 0x0c3c  TrkWks - ok

18:53:37.0686 0x0c3c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:53:37.0690 0x0c3c  TrustedInstaller - ok

18:53:37.0715 0x0c3c  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

18:53:37.0716 0x0c3c  tssecsrv - ok

18:53:37.0738 0x0c3c  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

18:53:37.0739 0x0c3c  TsUsbFlt - ok

18:53:37.0743 0x0c3c  tsusbhub - ok

18:53:37.0772 0x0c3c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

18:53:37.0775 0x0c3c  tunnel - ok

18:53:37.0804 0x0c3c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

18:53:37.0806 0x0c3c  uagp35 - ok

18:53:37.0826 0x0c3c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

18:53:37.0831 0x0c3c  udfs - ok

18:53:37.0839 0x0c3c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe

18:53:37.0842 0x0c3c  UI0Detect - ok

18:53:37.0875 0x0c3c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

18:53:37.0876 0x0c3c  uliagpkx - ok

18:53:37.0891 0x0c3c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

18:53:37.0892 0x0c3c  umbus - ok

18:53:37.0932 0x0c3c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

18:53:37.0933 0x0c3c  UmPass - ok

18:53:37.0962 0x0c3c  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll

18:53:37.0968 0x0c3c  UmRdpService - ok

18:53:37.0982 0x0c3c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll

18:53:37.0989 0x0c3c  upnphost - ok

18:53:38.0013 0x0c3c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

18:53:38.0015 0x0c3c  usbccgp - ok

18:53:38.0039 0x0c3c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys

18:53:38.0040 0x0c3c  usbcir - ok

18:53:38.0058 0x0c3c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

18:53:38.0059 0x0c3c  usbehci - ok

18:53:38.0070 0x0c3c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

18:53:38.0076 0x0c3c  usbhub - ok

18:53:38.0093 0x0c3c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

18:53:38.0094 0x0c3c  usbohci - ok

18:53:38.0130 0x0c3c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

18:53:38.0131 0x0c3c  usbprint - ok

18:53:38.0166 0x0c3c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:53:38.0167 0x0c3c  USBSTOR - ok

18:53:38.0208 0x0c3c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

18:53:38.0209 0x0c3c  usbuhci - ok

18:53:38.0214 0x0c3c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll

18:53:38.0217 0x0c3c  UxSms - ok

18:53:38.0222 0x0c3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc        C:\Windows\system32\lsass.exe

18:53:38.0224 0x0c3c  VaultSvc - ok

18:53:38.0266 0x0c3c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

18:53:38.0267 0x0c3c  vdrvroot - ok

18:53:38.0311 0x0c3c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe

18:53:38.0323 0x0c3c  vds - ok

18:53:38.0333 0x0c3c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

18:53:38.0333 0x0c3c  vga - ok

18:53:38.0362 0x0c3c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys

18:53:38.0363 0x0c3c  VgaSave - ok

18:53:38.0372 0x0c3c  VGPU - ok

18:53:38.0412 0x0c3c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

18:53:38.0416 0x0c3c  vhdmp - ok

18:53:38.0420 0x0c3c  vhjrap - ok

18:53:38.0431 0x0c3c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

18:53:38.0432 0x0c3c  viaagp - ok

18:53:38.0445 0x0c3c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys

18:53:38.0447 0x0c3c  ViaC7 - ok

18:53:38.0466 0x0c3c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys

18:53:38.0467 0x0c3c  viaide - ok

18:53:38.0491 0x0c3c  [ 149EC3E217F9D11E9CA6C54CE3D70C73, FB90E3EE501FB7EFFC8ABE3D7D6C1936C7B82D44C3229ED83B671863F82E205E ] vididr          C:\Windows\system32\DRIVERS\vididr.sys

18:53:38.0494 0x0c3c  vididr - ok

18:53:38.0513 0x0c3c  [ E31E9CD40677B84B3ADAA7A0D80DC439, 6EF83C15A3FE1EF4B84D7D92393E44FC0B20C30DFF0D9E8293CE9554373C36BC ] vidsflt53       C:\Windows\system32\DRIVERS\vsflt53.sys

18:53:38.0515 0x0c3c  vidsflt53 - ok

18:53:38.0534 0x0c3c  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys

18:53:38.0539 0x0c3c  vmbus - ok

18:53:38.0543 0x0c3c  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys

18:53:38.0544 0x0c3c  VMBusHID - ok

18:53:38.0578 0x0c3c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

18:53:38.0580 0x0c3c  volmgr - ok

18:53:38.0600 0x0c3c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

18:53:38.0608 0x0c3c  volmgrx - ok

18:53:38.0628 0x0c3c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

18:53:38.0634 0x0c3c  volsnap - ok

18:53:38.0677 0x0c3c  [ 39DDBDCD18BD31B1E6080F8E88DEF7E1, 80730951F5E986BE50145B8FF40DEE41B2FA60ECD63AF5168AFF0B9260BC2AC0 ] VPOP3           C:\PROGRA~1\vpop3\vpop3svc.exe

18:53:38.0679 0x0c3c  VPOP3 - ok

18:53:38.0692 0x0c3c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

18:53:38.0695 0x0c3c  vsmraid - ok

18:53:38.0779 0x0c3c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe

18:53:38.0851 0x0c3c  VSS - ok

18:53:38.0883 0x0c3c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys

18:53:38.0884 0x0c3c  vwifibus - ok

18:53:38.0936 0x0c3c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll

18:53:38.0943 0x0c3c  W32Time - ok

18:53:38.0950 0x0c3c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

18:53:38.0951 0x0c3c  WacomPen - ok

18:53:38.0994 0x0c3c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

18:53:38.0995 0x0c3c  WANARP - ok

18:53:39.0000 0x0c3c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

18:53:39.0001 0x0c3c  Wanarpv6 - ok

18:53:39.0056 0x0c3c  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

18:53:39.0080 0x0c3c  WatAdminSvc - ok

18:53:39.0129 0x0c3c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe

18:53:39.0152 0x0c3c  wbengine - ok

18:53:39.0186 0x0c3c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

18:53:39.0192 0x0c3c  WbioSrvc - ok

18:53:39.0233 0x0c3c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll

18:53:39.0240 0x0c3c  wcncsvc - ok

18:53:39.0250 0x0c3c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:53:39.0254 0x0c3c  WcsPlugInService - ok

18:53:39.0262 0x0c3c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys

18:53:39.0265 0x0c3c  Wd - ok

18:53:39.0302 0x0c3c  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys

18:53:39.0302 0x0c3c  WDC_SAM - ok

18:53:39.0335 0x0c3c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

18:53:39.0345 0x0c3c  Wdf01000 - ok

18:53:39.0351 0x0c3c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll

18:53:39.0355 0x0c3c  WdiServiceHost - ok

18:53:39.0359 0x0c3c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll

18:53:39.0363 0x0c3c  WdiSystemHost - ok

18:53:39.0423 0x0c3c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll

18:53:39.0432 0x0c3c  WebClient - ok

18:53:39.0450 0x0c3c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll

18:53:39.0456 0x0c3c  Wecsvc - ok

18:53:39.0462 0x0c3c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

18:53:39.0465 0x0c3c  wercplsupport - ok

18:53:39.0646 0x0c3c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll

18:53:39.0651 0x0c3c  WerSvc - ok

18:53:39.0697 0x0c3c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

18:53:39.0698 0x0c3c  WfpLwf - ok

18:53:39.0746 0x0c3c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

18:53:39.0747 0x0c3c  WIMMount - ok

18:53:39.0905 0x0c3c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

18:53:39.0916 0x0c3c  WinDefend - ok

18:53:39.0928 0x0c3c  WinHttpAutoProxySvc - ok

18:53:39.0964 0x0c3c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

18:53:39.0967 0x0c3c  Winmgmt - ok

18:53:40.0024 0x0c3c  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll

18:53:40.0072 0x0c3c  WinRM - ok

18:53:40.0120 0x0c3c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

18:53:40.0121 0x0c3c  WinUsb - ok

18:53:40.0170 0x0c3c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll

18:53:40.0196 0x0c3c  Wlansvc - ok

18:53:40.0233 0x0c3c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

18:53:40.0234 0x0c3c  WmiAcpi - ok

18:53:40.0249 0x0c3c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

18:53:40.0252 0x0c3c  wmiApSrv - ok

18:53:40.0302 0x0c3c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

18:53:40.0321 0x0c3c  WMPNetworkSvc - ok

18:53:40.0352 0x0c3c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

18:53:40.0355 0x0c3c  WPCSvc - ok

18:53:40.0396 0x0c3c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

18:53:40.0400 0x0c3c  WPDBusEnum - ok

18:53:40.0412 0x0c3c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

18:53:40.0412 0x0c3c  ws2ifsl - ok

18:53:40.0423 0x0c3c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll

18:53:40.0427 0x0c3c  wscsvc - ok

18:53:40.0432 0x0c3c  WSearch - ok

18:53:40.0514 0x0c3c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll

18:53:40.0582 0x0c3c  wuauserv - ok

18:53:40.0646 0x0c3c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

18:53:40.0648 0x0c3c  WudfPf - ok

18:53:40.0665 0x0c3c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

18:53:40.0667 0x0c3c  WUDFRd - ok

18:53:40.0701 0x0c3c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

18:53:40.0705 0x0c3c  wudfsvc - ok

18:53:40.0724 0x0c3c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll

18:53:40.0730 0x0c3c  WwanSvc - ok

18:53:40.0734 0x0c3c  ================ Scan global ===============================

18:53:40.0811 0x0c3c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll

18:53:40.0846 0x0c3c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll

18:53:40.0862 0x0c3c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll

18:53:40.0921 0x0c3c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll

18:53:40.0939 0x0c3c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe

18:53:40.0946 0x0c3c  [ Global ] - ok

18:53:40.0946 0x0c3c  ================ Scan MBR ==================================

18:53:40.0971 0x0c3c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

18:53:41.0204 0x0c3c  \Device\Harddisk0\DR0 - ok

18:53:41.0208 0x0c3c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

18:53:41.0212 0x0c3c  \Device\Harddisk1\DR1 - ok

18:53:41.0215 0x0c3c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2

18:53:41.0220 0x0c3c  \Device\Harddisk2\DR2 - ok

18:53:41.0220 0x0c3c  ================ Scan VBR ==================================

18:53:41.0223 0x0c3c  [ 6ECF0B3925784A214ED6978E276224AB ] \Device\Harddisk0\DR0\Partition1

18:53:41.0341 0x0c3c  \Device\Harddisk0\DR0\Partition1 - ok

18:53:41.0345 0x0c3c  [ 0C8180EB95EB515F4F7FCB0F845A000D ] \Device\Harddisk0\DR0\Partition2

18:53:41.0411 0x0c3c  \Device\Harddisk0\DR0\Partition2 - ok

18:53:41.0413 0x0c3c  [ 539E942322898A0FEE833C6EB9A5E740 ] \Device\Harddisk1\DR1\Partition1

18:53:41.0884 0x0c3c  \Device\Harddisk1\DR1\Partition1 - ok

18:53:41.0888 0x0c3c  [ CF6859BBEA98DF4A6F1700C4585D8B5D ] \Device\Harddisk2\DR2\Partition1

18:53:41.0946 0x0c3c  \Device\Harddisk2\DR2\Partition1 - ok

18:53:41.0946 0x0c3c  Waiting for KSN requests completion. In queue: 58

18:53:42.0946 0x0c3c  Waiting for KSN requests completion. In queue: 58

18:53:43.0950 0x0c3c  Waiting for KSN requests completion. In queue: 58

18:53:45.0035 0x0c3c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )

18:53:45.0038 0x0c3c  Win FW state via NFP2: enabled

18:53:47.0720 0x0c3c  ============================================================

18:53:47.0720 0x0c3c  Scan finished

18:53:47.0720 0x0c3c  ============================================================

18:53:47.0730 0x0dac  Detected object count: 0

18:53:47.0730 0x0dac  Actual detected object count: 0
Link to post
Share on other sites

Hi, here is the FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Gareth (administrator) on VOICE on 31-03-2014 10:21:13
Running from C:\Users\Gareth\Downloads
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Paul Smith Computer Services) C:\Program Files\vpop3\vpop3status.exe
(Paul Smith Computer Services) C:\Program Files\vpop3\vpop3.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Apple Inc.) C:\Program Files\Safari\Safari.exe
(Apple Inc.) C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Users\Gareth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\µTorrent.lnk
ShortcutTarget: µTorrent.lnk -> C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEDEA9ECCF606CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://127.0.0.1:5108/admin/mappings.html?start=0&count=50&sortorder=A&sortfield=address
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-13]
CHR Extension: (YouTube) - C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-13]
CHR Extension: (Google Search) - C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-13]
CHR Extension: (Google Wallet) - C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-13]
 
========================== Services (Whitelisted) =================
 
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [554264 2008-10-03] (Acronis)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-04-29] (Seagate)
S2 VPOP3; C:\Program Files\vpop3\vpop3svc.exe [45056 2007-03-28] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx86.sys [27136 2012-04-09] (CSR/PLT)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 PinnacleRoyalTS; C:\Windows\System32\DRIVERS\RoyalTS.sys [123520 2006-09-14] (Pinnacle Systems GmbH)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2011-09-16] (LogMeIn, Inc.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2012-08-08] (Acronis)
R0 tdrpman140; C:\Windows\System32\DRIVERS\tdrpm140.sys [971168 2012-08-08] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2012-08-08] (Acronis)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2012-05-01] (Acronis)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-05-01] (Acronis)
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 vhjrap; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-31 10:21 - 2014-03-31 10:21 - 00007386 _____ () C:\Users\Gareth\Downloads\FRST.txt
2014-03-31 10:20 - 2014-03-31 10:21 - 00000000 ____D () C:\FRST
2014-03-31 10:19 - 2014-03-31 10:19 - 01145856 _____ (Farbar) C:\Users\Gareth\Downloads\FRST.exe
2014-03-30 23:41 - 2014-03-30 23:41 - 00000000 ____D () C:\Program Files\ESET
2014-03-30 19:26 - 2014-03-30 19:26 - 00004417 _____ () C:\hijackthis.log
2014-03-30 18:51 - 2014-03-30 18:51 - 00000000 ____D () C:\Users\Gareth\Documents\tdsskiller
2014-03-28 21:27 - 2014-03-28 21:27 - 00054016 _____ () C:\Windows\system32\Drivers\uungqkvg.sys
2014-03-26 22:55 - 2014-03-26 23:08 - 00000000 ____D () C:\Program Files\BitComet
2014-03-26 22:53 - 2014-03-26 22:54 - 03089906 _____ () C:\Users\Gareth\Downloads\BitComet_Setup_030606.zip
2014-03-25 18:57 - 2014-03-25 18:57 - 00054016 _____ () C:\Windows\system32\Drivers\pyef.sys
2014-03-25 18:30 - 2014-03-25 18:30 - 00000446 _____ () C:\Users\Gareth\Downloads\Malwarebytes-1.Anti-Malware.Pro.v1.75.0.1300.Keygen.Only-BRD.torrent
2014-03-25 18:28 - 2014-03-25 18:28 - 00000446 _____ () C:\Users\Gareth\Downloads\Malwarebytes.Anti-Malware.Pro.v1.75.0.1300.Keygen.Only-BRD.torrent
2014-03-25 18:17 - 2014-03-25 18:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-23 19:31 - 2014-03-28 21:34 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\uTorrent
2014-03-23 19:25 - 2014-03-23 19:25 - 00054016 _____ () C:\Windows\system32\Drivers\tgrw.sys
2014-03-23 19:23 - 2014-03-23 19:23 - 00688992 ____R (Swearware) C:\Users\Gareth\Downloads\dds.com
2014-03-23 19:23 - 2014-03-23 19:23 - 00688992 _____ (Swearware) C:\Users\Gareth\Downloads\dds.scr
2014-03-23 18:49 - 2014-03-23 18:49 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\Malwarebytes
2014-03-23 18:44 - 2014-03-23 18:44 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 18:43 - 2014-03-23 18:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-23 18:43 - 2014-03-23 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 18:43 - 2013-04-04 15:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-21 22:52 - 2014-03-21 23:12 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\Comodo
2014-03-18 19:26 - 2014-03-18 19:44 - 00000000 ____D () C:\Users\Gareth\Downloads\BRAZZERS.Update.Mar.08-17.2014.720p.Mp4.Web-DL.XXX-FiLELiST
2014-03-18 17:48 - 2014-03-18 19:50 - 00000000 ____D () C:\Users\Gareth\Downloads\X-Angels.2013-2014.1080p.WMV.XXX-TD
2014-03-16 12:35 - 2014-03-16 12:35 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-03-16 12:35 - 2014-03-16 12:35 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-03-16 12:32 - 2014-03-23 20:11 - 00000000 ____D () C:\ProgramData\COMODO
2014-03-16 12:32 - 2014-03-16 12:32 - 00000000 ____D () C:\Users\Gareth\AppData\Local\Comodo
2014-03-16 12:32 - 2014-03-16 12:32 - 00000000 ____D () C:\first_launch
2014-03-16 12:31 - 2014-03-23 20:13 - 00000000 ____D () C:\Program Files\Comodo
2014-03-16 02:16 - 2014-03-16 02:25 - 00000000 ____D () C:\Users\Gareth\Desktop\backups
2014-03-16 01:49 - 2014-03-16 01:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gareth\Desktop\HijackThis.exe
2014-03-16 01:48 - 2014-03-16 01:48 - 00002969 _____ () C:\Users\Gareth\Desktop\HiJackThis.lnk
2014-03-16 01:48 - 2014-03-16 01:48 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-16 01:48 - 2014-03-16 01:48 - 00000000 ____D () C:\Program Files\Trend Micro
2014-03-16 01:46 - 2014-03-16 01:46 - 01402880 _____ () C:\Users\Gareth\Downloads\HijackThis.msi
2014-03-16 00:48 - 2014-03-16 12:18 - 00001948 _____ () C:\Users\Gareth\Desktop\Sync Folder.lnk
2014-03-16 00:38 - 2014-03-25 18:18 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-13 04:50 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 04:50 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 04:50 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 04:50 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 04:49 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 23:09 - 2014-03-13 00:22 - 00000000 ____D () C:\Users\Gareth\Downloads\RealityKings.February.1080p.Mp4.Web-DL.XXX-FiLELiST
2014-03-12 22:25 - 2014-03-16 12:24 - 00000000 ____D () C:\AdwCleaner
2014-03-01 09:59 - 2014-03-01 09:59 - 00000000 ____D () C:\Users\Gareth\Downloads\War 3
2014-03-01 09:15 - 2014-03-01 09:26 - 00000000 ____D () C:\Users\Gareth\Downloads\X-Art.SiteRip.February.2014.1080p.WEB-DL.AAC.AVC-TayTO
 
==================== One Month Modified Files and Folders =======
 
2014-03-31 10:21 - 2014-03-31 10:21 - 00007386 _____ () C:\Users\Gareth\Downloads\FRST.txt
2014-03-31 10:21 - 2014-03-31 10:20 - 00000000 ____D () C:\FRST
2014-03-31 10:19 - 2014-03-31 10:19 - 01145856 _____ (Farbar) C:\Users\Gareth\Downloads\FRST.exe
2014-03-31 10:19 - 2012-08-18 17:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-31 09:51 - 2012-11-13 00:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 09:50 - 2012-03-21 00:40 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-31 09:25 - 2012-03-20 22:36 - 01120354 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 00:51 - 2012-11-13 00:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 23:41 - 2014-03-30 23:41 - 00000000 ____D () C:\Program Files\ESET
2014-03-30 23:12 - 2009-07-14 05:34 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 23:12 - 2009-07-14 05:34 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 19:26 - 2014-03-30 19:26 - 00004417 _____ () C:\hijackthis.log
2014-03-30 18:53 - 2012-03-20 23:43 - 00000000 ____D () C:\Program Files\vpop3
2014-03-30 18:51 - 2014-03-30 18:51 - 00000000 ____D () C:\Users\Gareth\Documents\tdsskiller
2014-03-30 18:20 - 2009-07-14 03:04 - 00000501 _____ () C:\Windows\win.ini
2014-03-28 21:44 - 2012-05-04 00:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-28 21:34 - 2014-03-23 19:31 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\uTorrent
2014-03-28 21:30 - 2012-03-21 00:49 - 00257436 _____ () C:\Windows\PFRO.log
2014-03-28 21:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 21:30 - 2009-07-14 05:39 - 00055296 _____ () C:\Windows\setupact.log
2014-03-28 21:27 - 2014-03-28 21:27 - 00054016 _____ () C:\Windows\system32\Drivers\uungqkvg.sys
2014-03-26 23:08 - 2014-03-26 22:55 - 00000000 ____D () C:\Program Files\BitComet
2014-03-26 22:54 - 2014-03-26 22:53 - 03089906 _____ () C:\Users\Gareth\Downloads\BitComet_Setup_030606.zip
2014-03-25 18:57 - 2014-03-25 18:57 - 00054016 _____ () C:\Windows\system32\Drivers\pyef.sys
2014-03-25 18:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
2014-03-25 18:30 - 2014-03-25 18:30 - 00000446 _____ () C:\Users\Gareth\Downloads\Malwarebytes-1.Anti-Malware.Pro.v1.75.0.1300.Keygen.Only-BRD.torrent
2014-03-25 18:28 - 2014-03-25 18:28 - 00000446 _____ () C:\Users\Gareth\Downloads\Malwarebytes.Anti-Malware.Pro.v1.75.0.1300.Keygen.Only-BRD.torrent
2014-03-25 18:18 - 2014-03-16 00:38 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-25 18:17 - 2014-03-25 18:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-23 20:13 - 2014-03-16 12:31 - 00000000 ____D () C:\Program Files\Comodo
2014-03-23 20:11 - 2014-03-16 12:32 - 00000000 ____D () C:\ProgramData\COMODO
2014-03-23 19:25 - 2014-03-23 19:25 - 00054016 _____ () C:\Windows\system32\Drivers\tgrw.sys
2014-03-23 19:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Vss
2014-03-23 19:23 - 2014-03-23 19:23 - 00688992 ____R (Swearware) C:\Users\Gareth\Downloads\dds.com
2014-03-23 19:23 - 2014-03-23 19:23 - 00688992 _____ (Swearware) C:\Users\Gareth\Downloads\dds.scr
2014-03-23 18:49 - 2014-03-23 18:49 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\Malwarebytes
2014-03-23 18:46 - 2014-03-23 18:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-23 18:44 - 2014-03-23 18:44 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 18:43 - 2014-03-23 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 23:12 - 2014-03-21 22:52 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\Comodo
2014-03-19 04:03 - 2013-07-22 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 04:01 - 2012-03-21 15:26 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 19:50 - 2014-03-18 17:48 - 00000000 ____D () C:\Users\Gareth\Downloads\X-Angels.2013-2014.1080p.WMV.XXX-TD
2014-03-18 19:44 - 2014-03-18 19:26 - 00000000 ____D () C:\Users\Gareth\Downloads\BRAZZERS.Update.Mar.08-17.2014.720p.Mp4.Web-DL.XXX-FiLELiST
2014-03-17 17:43 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-16 12:35 - 2014-03-16 12:35 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-03-16 12:35 - 2014-03-16 12:35 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-03-16 12:32 - 2014-03-16 12:32 - 00000000 ____D () C:\Users\Gareth\AppData\Local\Comodo
2014-03-16 12:32 - 2014-03-16 12:32 - 00000000 ____D () C:\first_launch
2014-03-16 12:24 - 2014-03-12 22:25 - 00000000 ____D () C:\AdwCleaner
2014-03-16 12:18 - 2014-03-16 00:48 - 00001948 _____ () C:\Users\Gareth\Desktop\Sync Folder.lnk
2014-03-16 02:25 - 2014-03-16 02:16 - 00000000 ____D () C:\Users\Gareth\Desktop\backups
2014-03-16 01:49 - 2014-03-16 01:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gareth\Desktop\HijackThis.exe
2014-03-16 01:48 - 2014-03-16 01:48 - 00002969 _____ () C:\Users\Gareth\Desktop\HiJackThis.lnk
2014-03-16 01:48 - 2014-03-16 01:48 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-16 01:48 - 2014-03-16 01:48 - 00000000 ____D () C:\Program Files\Trend Micro
2014-03-16 01:46 - 2014-03-16 01:46 - 01402880 _____ () C:\Users\Gareth\Downloads\HijackThis.msi
2014-03-16 01:20 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2014-03-16 01:19 - 2013-12-01 18:57 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\AVAST Software
2014-03-16 01:19 - 2012-03-21 14:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-16 01:19 - 2012-03-21 14:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 04:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-14 04:10 - 2009-07-14 05:33 - 00409096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 04:09 - 2013-06-03 09:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 04:03 - 2012-03-20 23:17 - 00766336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 00:22 - 2014-03-12 23:09 - 00000000 ____D () C:\Users\Gareth\Downloads\RealityKings.February.1080p.Mp4.Web-DL.XXX-FiLELiST
2014-03-12 23:23 - 2012-04-13 15:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 23:23 - 2012-04-13 15:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 22:22 - 2012-03-20 23:14 - 00000000 ____D () C:\Users\Gareth
2014-03-12 22:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-12 22:13 - 2014-02-23 16:15 - 00000000 ____D () C:\Users\Gareth\Downloads\Digimon.Fusion.S01E05.Thanks.for.the.Digicards.HDTV.XviD-AFG
2014-03-12 22:13 - 2013-07-16 21:21 - 00000000 ____D () C:\Users\Gareth\AppData\Roaming\TeraCopy
2014-03-12 22:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-12 22:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-03-12 22:11 - 2013-05-20 18:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-12 22:11 - 2012-09-01 22:08 - 00000000 ____D () C:\Program Files\Java
2014-03-11 23:23 - 2014-01-22 19:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-01 09:59 - 2014-03-01 09:59 - 00000000 ____D () C:\Users\Gareth\Downloads\War 3
2014-03-01 09:26 - 2014-03-01 09:15 - 00000000 ____D () C:\Users\Gareth\Downloads\X-Art.SiteRip.February.2014.1080p.WEB-DL.AAC.AVC-TayTO
 
Some content of TEMP:
====================
C:\Users\Gareth\AppData\Local\Temp\-4zxv2tb.dll
C:\Users\Gareth\AppData\Local\Temp\AuConv.dll
C:\Users\Gareth\AppData\Local\Temp\AuConvEx.dll
C:\Users\Gareth\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gareth\AppData\Local\Temp\bcdedit.exe
C:\Users\Gareth\AppData\Local\Temp\Boot.dll
C:\Users\Gareth\AppData\Local\Temp\BootDriver.dll
C:\Users\Gareth\AppData\Local\Temp\bootsect.exe
C:\Users\Gareth\AppData\Local\Temp\Burn.dll
C:\Users\Gareth\AppData\Local\Temp\DataMana.dll
C:\Users\Gareth\AppData\Local\Temp\DevCtrl.dll
C:\Users\Gareth\AppData\Local\Temp\esg54gcs.dll
C:\Users\Gareth\AppData\Local\Temp\FatLib.dll
C:\Users\Gareth\AppData\Local\Temp\GetDriverInfo.dll
C:\Users\Gareth\AppData\Local\Temp\grubinst.exe
C:\Users\Gareth\AppData\Local\Temp\ISOExportHome.exe
C:\Users\Gareth\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Gareth\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Gareth\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Gareth\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gareth\AppData\Local\Temp\lwt_p2b9.dll
C:\Users\Gareth\AppData\Local\Temp\MSVCP60.DLL
C:\Users\Gareth\AppData\Local\Temp\Quarantine.exe
C:\Users\Gareth\AppData\Local\Temp\RecLib.dll
C:\Users\Gareth\AppData\Local\Temp\syslinux.exe
C:\Users\Gareth\AppData\Local\Temp\tbsbrzfq.dll
C:\Users\Gareth\AppData\Local\Temp\tbuTor.dll
C:\Users\Gareth\AppData\Local\Temp\temp.exe
C:\Users\Gareth\AppData\Local\Temp\ukrku7gv.dll
C:\Users\Gareth\AppData\Local\Temp\UserRes.dll
C:\Users\Gareth\AppData\Local\Temp\UserResEx.dll
C:\Users\Gareth\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Gareth\AppData\Local\Temp\zbpkuxd3.dll
C:\Users\Gareth\AppData\Local\Temp\_hwx1y6r.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-30 01:13
 
==================== End Of Log ============================
Link to post
Share on other sites

and the Additions log

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Gareth at 2014-03-31 10:21:55
Running from C:\Users\Gareth\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9608 - Acronis)
Active@ KillDisk (HKLM\...\{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}) (Version: 6.0.0 - LSoft Technologies Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Calisto DFU Driver (x86) (HKLM\...\{A595CC0D-F39E-4A66-B057-B0DBE9BAD757}) (Version: 2.4.49092.0 - Plantronics, Inc.)
Classic Shell (HKLM\...\{6C445ECD-A55A-43CA-9311-A738D2B7E23D}) (Version: 3.6.1 - IvoSoft)
Data Recover-Center 2.0 (HKCU\...\Data Recover-Center) (Version: 2.0 - Recover-Center.com)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ExtractNow (HKLM\...\ExtractNow_is1) (Version:  - Nathan Moinvaziri)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HandBrake 0.9.6 (HKLM\...\HandBrake) (Version: 0.9.6 - )
Hard Disk Low Level Format Tool 4.25 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
LogMeIn (HKLM\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
QNAP Finder (HKLM\...\QNAP_FINDER) (Version: 1.1.0.06280 - QNAP Systems, Inc.)
QNAP QGet (HKLM\...\QGet) (Version: 2.1.1.1410 - QNAP Systems, Inc.)
R-Studio 5.4 (HKLM\...\R-Studio 5.4NSIS) (Version: 5.4.134580 - R-Tools Technology Inc.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SaveSense (remove only) (HKLM\...\SaveSense) (Version: 5.3.0.7 - SaveSense) <==== ATTENTION
Seagate DiscWizard (HKLM\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14382 - Seagate)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
ViceVersa Pro 2.5 (Build 2504) (HKLM\...\ViceVersa Pro Installation_is1) (Version: 2 - TGRMN Software)
VPOP3 Mail Server (HKLM\...\VPOP3 Mail Server) (Version:  - )
Windows Driver Package - Plantronics, Inc. (usbser.nt) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
 
==================== Restore Points  =========================
 
21-03-2014 03:16:39 Microsoft Antimalware Checkpoint
22-03-2014 08:08:00 Microsoft Antimalware Checkpoint
23-03-2014 02:01:19 Windows Update
26-03-2014 18:22:39 Windows Update
29-03-2014 20:42:20 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1009A69C-606D-49FB-B16F-A2266A8EC452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-13] (Google Inc.)
Task: {33B13F23-EBF8-44A6-B072-64A0CFD39669} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AF7E8FFD-AA38-4DAA-9350-FA0A032DE261} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FE6334AE-9F69-436F-9E7C-22D16AE2E514} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-13] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-07-16 21:21 - 2011-10-26 17:41 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2012-03-20 23:43 - 2004-09-22 14:28 - 00214016 _____ () C:\Program Files\vpop3\vpop3db.dll
2012-03-20 23:43 - 2006-12-14 15:32 - 00178743 _____ () C:\Program Files\vpop3\LIBPQ.dll
2012-03-20 23:43 - 2006-12-14 15:32 - 00051016 _____ () C:\Program Files\vpop3\libintl-2.dll
2012-03-20 23:43 - 2006-12-14 15:32 - 00916849 _____ () C:\Program Files\vpop3\libiconv-2.dll
2012-04-24 20:18 - 2012-04-24 20:18 - 00087912 _____ () C:\Program Files\Safari\Apple Application Support\zlib1.dll
2012-04-24 20:18 - 2012-04-24 20:18 - 01242472 _____ () C:\Program Files\Safari\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Gareth\.DS_Store:AFP_AfpInfo
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QNAP QGet.lnk => C:\Windows\pss\QNAP QGet.lnk.CommonStartup
MSCONFIG\startupreg: QGet => "C:\Program Files\QNAP\QGet\QGet.exe" /min
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/31/2014 10:21:42 AM) (Source: RasClient) (User: )
Description: CoId={29EB4158-3196-457C-9B63-9239A986E7A2}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:20:42 AM) (Source: RasClient) (User: )
Description: CoId={FA439F2A-1877-4069-9853-8DB7C252AA99}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:19:42 AM) (Source: RasClient) (User: )
Description: CoId={21707332-89E5-418D-AF09-4A8F5E3DFF1B}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:18:42 AM) (Source: RasClient) (User: )
Description: CoId={7A0CE5FD-2669-48A6-BAB1-3B5F58BF44D6}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:17:42 AM) (Source: RasClient) (User: )
Description: CoId={8172A802-141C-48C5-AF65-348AB0D45F7B}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:16:42 AM) (Source: RasClient) (User: )
Description: CoId={185096FE-EA46-43D1-9067-CA27974D4CDF}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:15:42 AM) (Source: RasClient) (User: )
Description: CoId={BC2AC85D-6A2A-4D4C-9620-5B35A0EFA62B}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:14:42 AM) (Source: RasClient) (User: )
Description: CoId={0C14DE55-93D1-412A-84CA-E6CFA574787F}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:13:42 AM) (Source: RasClient) (User: )
Description: CoId={47DFA668-C447-401C-9165-2FB784667974}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
Error: (03/31/2014 10:12:42 AM) (Source: RasClient) (User: )
Description: CoId={164B1890-1326-4806-AA5B-2CB2D456B9A6}: The user Voice\Gareth dialed a connection named Strong VPN which has failed. The error code returned on failure is 806.
 
 
System errors:
=============
Error: (03/28/2014 09:35:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service hung on starting.
 
Error: (03/28/2014 09:31:02 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vhjrap
 
Error: (03/25/2014 07:13:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vhjrap
 
Error: (03/23/2014 08:09:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vhjrap
 
Error: (03/23/2014 08:06:07 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error: 
%%1069
 
Error: (03/23/2014 08:06:07 PM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%1352
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/23/2014 08:06:08 PM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (03/23/2014 07:29:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vhjrap
 
Error: (03/22/2014 11:33:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vhjrap
 
Error: (03/19/2014 09:58:50 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014847
 
 
Microsoft Office Sessions:
=========================
Error: (03/31/2014 10:21:42 AM) (Source: RasClient)(User: )
Description: {29EB4158-3196-457C-9B63-9239A986E7A2}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:20:42 AM) (Source: RasClient)(User: )
Description: {FA439F2A-1877-4069-9853-8DB7C252AA99}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:19:42 AM) (Source: RasClient)(User: )
Description: {21707332-89E5-418D-AF09-4A8F5E3DFF1B}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:18:42 AM) (Source: RasClient)(User: )
Description: {7A0CE5FD-2669-48A6-BAB1-3B5F58BF44D6}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:17:42 AM) (Source: RasClient)(User: )
Description: {8172A802-141C-48C5-AF65-348AB0D45F7B}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:16:42 AM) (Source: RasClient)(User: )
Description: {185096FE-EA46-43D1-9067-CA27974D4CDF}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:15:42 AM) (Source: RasClient)(User: )
Description: {BC2AC85D-6A2A-4D4C-9620-5B35A0EFA62B}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:14:42 AM) (Source: RasClient)(User: )
Description: {0C14DE55-93D1-412A-84CA-E6CFA574787F}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:13:42 AM) (Source: RasClient)(User: )
Description: {47DFA668-C447-401C-9165-2FB784667974}Voice\GarethStrong VPN806
 
Error: (03/31/2014 10:12:42 AM) (Source: RasClient)(User: )
Description: {164B1890-1326-4806-AA5B-2CB2D456B9A6}Voice\GarethStrong VPN806
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 2029.55 MB
Available physical RAM: 1051.09 MB
Total Pagefile: 4059.09 MB
Available Pagefile: 2766.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1236.57 GB) NTFS
Drive d: (Recovery 1) (Fixed) (Total:1863.02 GB) (Free:175.1 GB) NTFS
Drive e: (Media done) (Fixed) (Total:1863.02 GB) (Free:1464.33 GB) NTFS
Drive h: (DVDSP) (CDROM) (Total:3.75 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FC433D6B)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 69BE63DF)
Partition 1: (Not Active) - (Size=-198624353792) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: DB296064)
 
Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.
 
==================== End Of Log ============================
Link to post
Share on other sites

Going over your logs I noticed that you have BitComet and uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitComet and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
 
 
 
Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 
SaveSense

Close the window.
 
 
 
 
Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.


If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

fixlist.txt

Link to post
Share on other sites

Hi

Both of these programmes were uninstalled as soon as I got infected using Control Panel. I have just checked again and they are not listed in Control panel/programs. I have now deleted the relevant folders in Program files directory.

 

 

Savesense removed

 

After downloading the fix file, I ran the app and the log file is below:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Gareth at 2014-03-31 13:03:28 Run:1
Running from C:\Users\Gareth\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
 
S0 vhjrap; No ImagePath
 
C:\PROGRA~1\SearchProtect
C:\Windows\system32\Drivers\uungqkvg.sys
C:\Windows\system32\Drivers\pyef.sys
C:\Windows\system32\Drivers\tgrw.sys
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
"C:\\PROGRA~1\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
vhjrap => Service deleted successfully.
"C:\PROGRA~1\SearchProtect" => File/Directory not found.
C:\Windows\system32\Drivers\uungqkvg.sys => Moved successfully.
C:\Windows\system32\Drivers\pyef.sys => Moved successfully.
C:\Windows\system32\Drivers\tgrw.sys => Moved successfully.
 
==== End of Fixlog ====
 
Have now started a full scan with an already installed and registered version.
 
Once completed I will post outcome and the log file
Link to post
Share on other sites

Hi,

 

Registered version of what is outdated?

 

Below is the log file from the Malwarebytes although no infections were found whatever it is was generating spurious email whilst the scan was running?

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.31.04
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Gareth :: VOICE [administrator]
 
Protection: Disabled
 
31/03/2014 13:12:54
mbam-log-2014-03-31 (13-12-54).txt
 
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 946458
Time elapsed: 3 hour(s), 53 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Run V2 but still nothing found, log below

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31/03/2014
Scan Time: 17:29:02
Logfile: 
Administrator: Yes
 
Version: 2.00.0.1000
Malware Database: v2014.03.31.08
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Gareth
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259849
Time Elapsed: 12 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hi

I did not have IE installed only Safari and Chrome. With both of these ESET wanted to install an executable, should I run it like this?

 

I then installed IE11. It will allow the scanner to be executed from the web browser, but after clicking start it appears to hang?

 

Thanks

Gareth

Link to post
Share on other sites

Ran it in Safari but it came up with nothing, so went back to IE and switched off some if the automatic Active X constraints, tried IE again and it is working using the web based version. About 50% of the way through and 15 infected files found. We (you) might be getting somewhere now:-)

 

Will post log when completed, thanks :-)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.