complex ... help

[lptprepair]

okay briefly
this is not for faint of heart

first had problem with ads rogue stuff showng up in may
ran malware and combo fix, still problems so went to malwarebytes forum-did all that stuff- til they gave up

in meanti me last two weeks someone on a chat that has my email
their name and biz name showed up in four of my personal documents
as the Author, ( rest have my computer name of course as author) on top of computer doing more strange stuff and holding up


still have not removed all the programs malwarebytes forum said to
as think some of my missing files are in quarantine and are not bad just rogue as whatever happened moved folders programs files etc
and missing over couple hundred impt documents

then there is some program in computer local disc c from 2012 that shows up as mrtstub that is in a folder with numbers and letters and looked on search and said it was malware also

there is a app loca temp file that has bunch stuff in it

my computer shows almost all ram used yet 80 percent of my files doc recently deleted either in error or deliberately
seems like there are two computers on here running at same time, do not have games etc all that stuff

plus have a esword deleted in error before uninstalling so it is showing up in install /uninstall and will not let me delete it


there is also a google folder, two that are not suppose to be as no google will not let me delete and think the one may have bunch of my original documents in it also


would like my documents somehow retrieved
and to make sure no more junk virus, malware hacking on here

have malwarebytes ( 3 on this computer), frst, adware, spybot, FSS. and some other programs ran and quarrantined files


so anyone ready to tackle this , would appreciate it and if so would i stil need to re do all the steps of programs ran with forum malwarebytes guy?

note - i do dnot have way to restore computer nothing to save to

 

[johnb35]

If you can give me a link to your issue on the malwarebytes forum so I can look at that first, I would appreciate it. I need to know what has and hasn't been done.

 

[lptprepair]

link



https://forums.malwarebytes.org/ind...tc-and-malware-not-catching-these-in-scan-or/

this is correct link above ----

not one below smilar name apologize

https://forums.malwarebytes.org/index.php?app=core&module=search&do=search&fromMainBar=1


this is the link ( helprequested)

brace yourself- you were warned (lol)

ty


the song girls just want to have fun comes to mind
or things i would rather be doing

 

[johnb35]

Ok, I've looked through that thread at the Malwarebytes forum. I would need to see new logs which means you would have to rerun the following programs and post the logs. Please run them in the order listed.

Please delete any copy of these programs you currently have and redownload them. You won't need to do this for malwarebytes though.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

3.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

4.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

5.

Please download and run roguekiller from here.

http://www.bleepingcomputer.com/download/roguekiller/dl/121/

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.

When the program opens, it will do a prescan, when done you will need to accept the License terms. Click on the scan button, when done click on the report button and a log will pop up. You will need to copy and paste this log in your reply.


6. Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.



7.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

then post the logs from the following 7 programs.

1. TDSSkiller
2. Adwcleaner
3. Junkware removal tool
4. Malwarebytes
5. Rogue Killer
6. Combofix
7. OTL

 

[lptprepair]

thank you will attmpt to do this this evening otherwise tuesday thank you

 

[lptprepair]

hi john

apologize took so long

found bunch of files in folders in another temp file folder had over 1 gb of dupliccte folders and files removed them
plus bunch of my documents just to make space to run programs then after deleted the folders found

got as far as rogue killer as it has some registry and such ones not sure if should delete and also there is one called catch me 0 is there any way to find out whre it came from and guess should delete it rigth?

attached are logs so far///

Ok, I've looked through that thread at the Malwarebytes forum. I would need to see new logs which means you would have to rerun the following programs and post the logs. Please run them in the order listed.

Please delete any copy of these programs you currently have and redownload them. You won't need to do this for malwarebytes though.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

3.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

4.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

5.

Please download and run roguekiller from here.

http://www.bleepingcomputer.com/download/roguekiller/dl/121/

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.

When the program opens, it will do a prescan, when done you will need to accept the License terms. Click on the scan button, when done click on the report button and a log will pop up. You will need to copy and paste this log in your reply.


6. Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.



7.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

then post the logs from the following 7 programs.

1. TDSSkiller
2. Adwcleaner
3. Junkware removal tool
4. Malwarebytes
5. Rogue Killer
6. Combofix
7. OTL

 

[johnb35]

Thats only 2 out of the 7 programs. Please run the others and post the logs. Thanks.

 

[lptprepair]

got up to rogue klr on hold

[COLOR="Blue[COLOR="Blue"]"]hi john

apologize took so long

found bunch of files in folders in another temp file folder had over 1 gb of dupliccte folders and files removed them
plus bunch of my documents just to make space to run programs then after deleted the folders found

got as far as rogue killer as it has some registry and such ones not sure if should delete and also there is one called catch me 0 is there any way to find out whre it came from and guess should delete it right?

also one of my destktop folders ended up in adware cleaner folder i moved it back to desktop- somethng redirecting folders programs still

attached are logs so far///[/COLOR]

[/COLOR]

----- this was too big too attach even to put here had to slit in half other half is in next reply geez

tdss

16:42:57.0646 0x06e8 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
16:43:13.0673 0x06e8 ============================================================
16:43:13.0673 0x06e8 Current date / time: 2014/08/03 16:43:13.0673
16:43:13.0673 0x06e8 SystemInfo:
16:43:13.0673 0x06e8
16:43:13.0673 0x06e8 OS Version: 6.0.6002 ServicePack: 2.0
16:43:13.0673 0x06e8 Product type: Workstation
16:43:13.0674 0x06e8 ComputerName: SYDY-PC
16:43:13.0674 0x06e8 UserName: sydney
16:43:13.0674 0x06e8 Windows directory: C:\Windows
16:43:13.0674 0x06e8 System windows directory: C:\Windows
16:43:13.0674 0x06e8 Processor architecture: Intel x86
16:43:13.0674 0x06e8 Number of processors: 1
16:43:13.0674 0x06e8 Page size: 0x1000
16:43:13.0674 0x06e8 Boot type: Normal boot
16:43:13.0674 0x06e8 ============================================================
16:43:14.0350 0x06e8 KLMD registered as C:\Windows\system32\drivers\78193901.sys
16:43:14.0576 0x06e8 System UUID: {F64B0A33-4552-EDC4-9A4A-1C1124FEE369}
16:43:15.0528 0x06e8 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 ( 55.89 Gb ), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:43:15.0533 0x06e8 ============================================================
16:43:15.0533 0x06e8 \Device\Harddisk0\DR0:
16:43:15.0533 0x06e8 MBR partitions:
16:43:15.0533 0x06e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
16:43:15.0533 0x06e8 ============================================================
16:43:15.0554 0x06e8 C: <-> \Device\Harddisk0\DR0\Partition1
16:43:15.0554 0x06e8 ============================================================
16:43:15.0555 0x06e8 Initialize success
16:43:15.0555 0x06e8 ============================================================
16:43:28.0864 0x07b0 ============================================================
16:43:28.0864 0x07b0 Scan started
16:43:28.0864 0x07b0 Mode: Manual;
16:43:28.0864 0x07b0 ============================================================
16:43:28.0864 0x07b0 KSN ping started
16:43:31.0496 0x07b0 KSN ping finished: true
16:43:33.0950 0x07b0 ================ Scan system memory ========================
16:43:33.0950 0x07b0 System memory - ok
16:43:33.0953 0x07b0 ================ Scan services =============================
16:43:34.0218 0x07b0 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:43:34.0234 0x07b0 ACPI - ok
16:43:34.0341 0x07b0 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:43:34.0362 0x07b0 adp94xx - ok
16:43:34.0429 0x07b0 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:43:34.0446 0x07b0 adpahci - ok
16:43:34.0509 0x07b0 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:43:34.0516 0x07b0 adpu160m - ok
16:43:34.0573 0x07b0 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:43:34.0584 0x07b0 adpu320 - ok
16:43:34.0666 0x07b0 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:43:34.0669 0x07b0 AeLookupSvc - ok
16:43:34.0757 0x07b0 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
16:43:34.0771 0x07b0 AFD - ok
16:43:34.0817 0x07b0 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:43:34.0821 0x07b0 agp440 - ok
16:43:34.0879 0x07b0 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:43:34.0887 0x07b0 aic78xx - ok
16:43:34.0948 0x07b0 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
16:43:34.0952 0x07b0 ALG - ok
16:43:35.0000 0x07b0 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
16:43:35.0003 0x07b0 aliide - ok
16:43:35.0049 0x07b0 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:43:35.0057 0x07b0 amdagp - ok
16:43:35.0111 0x07b0 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
16:43:35.0114 0x07b0 amdide - ok
16:43:35.0179 0x07b0 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:43:35.0192 0x07b0 AmdK7 - ok
16:43:35.0244 0x07b0 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:43:35.0248 0x07b0 AmdK8 - ok
16:43:35.0321 0x07b0 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
16:43:35.0324 0x07b0 Appinfo - ok
16:43:35.0396 0x07b0 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
16:43:35.0402 0x07b0 arc - ok
16:43:35.0473 0x07b0 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:43:35.0480 0x07b0 arcsas - ok
16:43:35.0676 0x07b0 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:43:35.0680 0x07b0 aspnet_state - ok
16:43:35.0723 0x07b0 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:35.0725 0x07b0 AsyncMac - ok
16:43:35.0793 0x07b0 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
16:43:35.0795 0x07b0 atapi - ok
16:43:35.0870 0x07b0 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:43:35.0887 0x07b0 AudioEndpointBuilder - ok
16:43:35.0920 0x07b0 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:43:35.0936 0x07b0 Audiosrv - ok
16:43:36.0034 0x07b0 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
16:43:36.0036 0x07b0 Beep - ok
16:43:36.0119 0x07b0 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
16:43:36.0136 0x07b0 BFE - ok
16:43:36.0300 0x07b0 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
16:43:36.0356 0x07b0 BITS - ok
16:43:36.0471 0x07b0 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:43:36.0475 0x07b0 blbdrive - ok
16:43:36.0602 0x07b0 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:43:36.0607 0x07b0 bowser - ok
16:43:36.0680 0x07b0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:43:36.0684 0x07b0 BrFiltLo - ok
16:43:36.0737 0x07b0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:43:36.0740 0x07b0 BrFiltUp - ok
16:43:36.0859 0x07b0 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
16:43:36.0864 0x07b0 Browser - ok
16:43:36.0900 0x07b0 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:43:36.0906 0x07b0 Brserid - ok
16:43:36.0968 0x07b0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:43:36.0973 0x07b0 BrSerWdm - ok
16:43:37.0041 0x07b0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:43:37.0044 0x07b0 BrUsbMdm - ok
16:43:37.0086 0x07b0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:43:37.0089 0x07b0 BrUsbSer - ok
16:43:37.0153 0x07b0 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:43:37.0157 0x07b0 BTHMODEM - ok
16:43:37.0820 0x07b0 catchme - ok
16:43:37.0870 0x07b0 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:43:37.0876 0x07b0 cdfs - ok
16:43:37.0936 0x07b0 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:43:37.0944 0x07b0 cdrom - ok
16:43:38.0007 0x07b0 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
16:43:38.0011 0x07b0 CertPropSvc - ok
16:43:38.0119 0x07b0 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
16:43:38.0123 0x07b0 circlass - ok
16:43:38.0204 0x07b0 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
16:43:38.0217 0x07b0 CLFS - ok
16:43:38.0372 0x07b0 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:38.0381 0x07b0 clr_optimization_v2.0.50727_32 - ok
16:43:38.0489 0x07b0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:38.0494 0x07b0 clr_optimization_v4.0.30319_32 - ok
16:43:38.0561 0x07b0 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:38.0563 0x07b0 CmBatt - ok
16:43:38.0618 0x07b0 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:43:38.0621 0x07b0 cmdide - ok
16:43:38.0713 0x07b0 [ A4D44AB8423791DB757B38150EC599A4, 4329972FE60F9AE944D50DB703FB968D97E9F5EC6F93BF990C499964C92DC34B ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
16:43:38.0723 0x07b0 CnxtHdAudService - ok
16:43:38.0845 0x07b0 [ D8774ACE03B46C9B01A49818055F9AD4, 4179F85B31B164F1E14965A6008E9C53047B8743CD6E0EBF00FBCB3EBD0E7E4E ] Com4Qlb C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
16:43:38.0852 0x07b0 Com4Qlb - ok
16:43:38.0909 0x07b0 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:43:38.0913 0x07b0 Compbatt - ok
16:43:38.0960 0x07b0 COMSysApp - ok
16:43:38.0986 0x07b0 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:43:38.0989 0x07b0 crcdisk - ok
16:43:39.0075 0x07b0 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:43:39.0083 0x07b0 Crusoe - ok
16:43:39.0310 0x07b0 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:43:39.0318 0x07b0 CryptSvc - ok
16:43:39.0403 0x07b0 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:43:39.0433 0x07b0 DcomLaunch - ok
16:43:39.0619 0x07b0 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:43:39.0624 0x07b0 DfsC - ok
16:43:39.0814 0x07b0 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
16:43:39.0966 0x07b0 DFSR - ok
16:43:40.0077 0x07b0 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:43:40.0089 0x07b0 Dhcp - ok
16:43:40.0168 0x07b0 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
16:43:40.0172 0x07b0 disk - ok
16:43:40.0220 0x07b0 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:43:40.0227 0x07b0 Dnscache - ok
16:43:40.0307 0x07b0 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
16:43:40.0317 0x07b0 dot3svc - ok
16:43:40.0375 0x07b0 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
16:43:40.0383 0x07b0 DPS - ok
16:43:40.0431 0x07b0 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:43:40.0433 0x07b0 drmkaud - ok
16:43:40.0560 0x07b0 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:43:40.0660 0x07b0 DXGKrnl - ok
16:43:40.0753 0x07b0 [ AC9CF17EE2AE003C98EB4F5336C38058, 40618641B6B2DD71A8C284EB25AF81CA219A82AE7AA91C4BB2B4A3D44A2B3BBF ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
16:43:40.0762 0x07b0 E100B - ok
16:43:40.0814 0x07b0 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:43:40.0822 0x07b0 E1G60 - ok
16:43:40.0877 0x07b0 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
16:43:40.0882 0x07b0 EapHost - ok
16:43:40.0943 0x07b0 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
16:43:40.0970 0x07b0 Ecache - ok
16:43:41.0047 0x07b0 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:43:41.0062 0x07b0 ehRecvr - ok
16:43:41.0136 0x07b0 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
16:43:41.0144 0x07b0 ehSched - ok
16:43:41.0206 0x07b0 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
16:43:41.0209 0x07b0 ehstart - ok
16:43:41.0358 0x07b0 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:43:41.0376 0x07b0 elxstor - ok
16:43:41.0480 0x07b0 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:43:41.0511 0x07b0 EMDMgmt - ok
16:43:41.0569 0x07b0 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:43:41.0572 0x07b0 ErrDev - ok
16:43:41.0786 0x07b0 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
16:43:41.0800 0x07b0 EventSystem - ok
16:43:41.0889 0x07b0 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
16:43:41.0898 0x07b0 exfat - ok
16:43:41.0949 0x07b0 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:43:41.0958 0x07b0 fastfat - ok
16:43:42.0004 0x07b0 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:43:42.0007 0x07b0 fdc - ok
16:43:42.0062 0x07b0 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
16:43:42.0065 0x07b0 fdPHost - ok
16:43:42.0108 0x07b0 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
16:43:42.0115 0x07b0 FDResPub - ok
16:43:42.0256 0x07b0 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:43:42.0261 0x07b0 FileInfo - ok
16:43:42.0316 0x07b0 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:43:42.0320 0x07b0 Filetrace - ok
16:43:42.0390 0x07b0 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:42.0393 0x07b0 flpydisk - ok
16:43:42.0444 0x07b0 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:43:42.0455 0x07b0 FltMgr - ok
16:43:42.0588 0x07b0 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
16:43:42.0643 0x07b0 FontCache - ok
16:43:42.0759 0x07b0 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:42.0763 0x07b0 FontCache3.0.0.0 - ok
16:43:42.0840 0x07b0 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:43:42.0842 0x07b0 Fs_Rec - ok
16:43:42.0929 0x07b0 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:43:42.0934 0x07b0 gagp30kx - ok
16:43:43.0040 0x07b0 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
16:43:43.0069 0x07b0 gpsvc - ok
16:43:43.0139 0x07b0 [ DE15777902A5D9121857D155873A1D1B, 98D6E8204B9A773C8B11D6011ADC77676B0F94F6236CC764D3234FFD43AC86EB ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
16:43:43.0142 0x07b0 HBtnKey - ok
16:43:43.0221 0x07b0 [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:43:43.0234 0x07b0 HdAudAddService - ok
16:43:43.0351 0x07b0 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:43:43.0385 0x07b0 HDAudBus - ok
16:43:43.0474 0x07b0 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:43:43.0485 0x07b0 HidBth - ok
16:43:43.0577 0x07b0 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
16:43:43.0580 0x07b0 HidIr - ok
16:43:43.0669 0x07b0 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
16:43:43.0673 0x07b0 hidserv - ok
16:43:43.0734 0x07b0 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:43:43.0737 0x07b0 HidUsb - ok
16:43:43.0820 0x07b0 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
16:43:43.0826 0x07b0 hkmsvc - ok
16:43:43.0887 0x07b0 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:43:43.0891 0x07b0 HpCISSs - ok
16:43:43.0947 0x07b0 [ 35956140E686D53BF676CF0C778880FC, AFFE1CC956E75AF1DE87F19A58CB03C861907C48DCA03F7454EF7762DEB46F2D ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:43:43.0950 0x07b0 HpqKbFiltr - ok
16:43:44.0011 0x07b0 [ 04C1DCBB226C6AE647B794833CE3CEB6, 7C89908766962169FA877D1A78C3628EDBAE2B25A3BBEE6DBB1D19C272A428D0 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:43:44.0018 0x07b0 hpqwmiex - ok
16:43:44.0090 0x07b0 [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:43:44.0101 0x07b0 HSFHWAZL - ok
16:43:44.0231 0x07b0 [ 0D7A055A840C3099C37D576573A42CD5, 25DECDDB218AC5ABFFB46BB9CA87881888705A38AD0E788E4033CCC5546B028C ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:43:44.0332 0x07b0 HSF_DPV - ok
16:43:44.0456 0x07b0 [ BCC074692882C056B0E1AC97F3331A02, E5EE380ABCF4307F08C2FF2DD7C87796D6590D91FEC2C844DDDB0C4F9CD71C5D ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:43:44.0498 0x07b0 HSXHWAZL - ok
16:43:44.0696 0x07b0 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:43:44.0762 0x07b0 HTTP - ok
16:43:44.0821 0x07b0 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:43:44.0825 0x07b0 i2omp - ok
16:43:44.0895 0x07b0 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:43:44.0903 0x07b0 i8042prt - ok
16:43:45.0131 0x07b0 [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
16:43:45.0333 0x07b0 ialm - ok
16:43:45.0387 0x07b0 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:43:45.0400 0x07b0 iaStorV - ok
16:43:45.0546 0x07b0 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:45.0665 0x07b0 idsvc - ok
16:43:45.0892 0x07b0 [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:43:46.0030 0x07b0 igfx - ok
16:43:46.0154 0x07b0 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:43:46.0158 0x07b0 iirsp - ok
16:43:46.0260 0x07b0 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
16:43:46.0283 0x07b0 IKEEXT - ok
16:43:46.0362 0x07b0 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
16:43:46.0365 0x07b0 intelide - ok
16:43:46.0422 0x07b0 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:43:46.0428 0x07b0 intelppm - ok
16:43:46.0496 0x07b0 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:43:46.0502 0x07b0 IPBusEnum - ok
16:43:46.0538 0x07b0 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:46.0542 0x07b0 IpFilterDriver - ok
16:43:46.0616 0x07b0 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:43:46.0642 0x07b0 iphlpsvc - ok
16:43:46.0663 0x07b0 IpInIp - ok
16:43:46.0711 0x07b0 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:43:46.0715 0x07b0 IPMIDRV - ok
16:43:46.0758 0x07b0 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:43:46.0765 0x07b0 IPNAT - ok
16:43:46.0812 0x07b0 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:43:46.0818 0x07b0 IRENUM - ok
16:43:46.0872 0x07b0 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:43:46.0877 0x07b0 isapnp - ok
16:43:46.0967 0x07b0 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:43:46.0976 0x07b0 iScsiPrt - ok
16:43:47.0029 0x07b0 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:43:47.0035 0x07b0 iteatapi - ok
16:43:47.0084 0x07b0 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:43:47.0088 0x07b0 iteraid - ok
16:43:47.0142 0x07b0 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:47.0146 0x07b0 kbdclass - ok
16:43:47.0220 0x07b0 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:43:47.0223 0x07b0 kbdhid - ok
16:43:47.0317 0x07b0 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
16:43:47.0320 0x07b0 KeyIso - ok
16:43:47.0756 0x07b0 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:43:47.0778 0x07b0 KSecDD - ok
16:43:47.0891 0x07b0 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:43:47.0910 0x07b0 KtmRm - ok
16:43:47.0955 0x07b0 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
16:43:47.0964 0x07b0 LanmanServer - ok
16:43:48.0105 0x07b0 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:43:48.0117 0x07b0 LanmanWorkstation - ok
16:43:48.0221 0x07b0 [ 53710476495886D9961BE46983A6A33F, D02E96B18241581191D17F21D926D1D5B60DA20EF79D6823C008469423759F57 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:43:48.0227 0x07b0 LightScribeService - ok
16:43:48.0287 0x07b0 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:43:48.0291 0x07b0 lltdio - ok
16:43:48.0381 0x07b0 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:43:48.0392 0x07b0 lltdsvc - ok
16:43:48.0437 0x07b0 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:43:48.0461 0x07b0 lmhosts - ok
16:43:48.0498 0x07b0 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:43:48.0505 0x07b0 LSI_FC - ok
16:43:48.0557 0x07b0 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:43:48.0565 0x07b0 LSI_SAS - ok
16:43:48.0632 0x07b0 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:43:48.0638 0x07b0 LSI_SCSI - ok




43:48.0746 0x07b0 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
16:43:48.0752 0x07b0 luafv - ok
16:43:48.0799 0x07b0 [ 1AA835E8A0B8EDF3D676B4ED4BF5EF07, 2D3A92A9B0F800D291B5E84D90C151E52D0BD6A8516E3252441A78226795D53B ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
16:43:48.0804 0x07b0 mbamchameleon - ok
16:43:48.0864 0x07b0 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:43:48.0869 0x07b0 Mcx2Svc - ok
16:43:48.0957 0x07b0 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:43:48.0960 0x07b0 mdmxsdk - ok
16:43:49.0011 0x07b0 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
16:43:49.0014 0x07b0 megasas - ok
16:43:49.0131 0x07b0 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:43:49.0151 0x07b0 MegaSR - ok
16:43:49.0269 0x07b0 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:43:49.0274 0x07b0 Microsoft Office Groove Audit Service - ok
16:43:49.0374 0x07b0 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
16:43:49.0379 0x07b0 MMCSS - ok
16:43:49.0433 0x07b0 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
16:43:49.0437 0x07b0 Modem - ok
16:43:49.0535 0x07b0 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:43:49.0538 0x07b0 monitor - ok
16:43:49.0587 0x07b0 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:43:49.0596 0x07b0 mouclass - ok
16:43:49.0642 0x07b0 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\drivers\mouhid.sys
16:43:49.0646 0x07b0 mouhid - ok
16:43:49.0712 0x07b0 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:43:49.0716 0x07b0 MountMgr - ok
16:43:49.0784 0x07b0 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:43:49.0791 0x07b0 mpio - ok
16:43:49.0845 0x07b0 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:43:49.0850 0x07b0 mpsdrv - ok
16:43:49.0928 0x07b0 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:43:49.0953 0x07b0 MpsSvc - ok
16:43:49.0988 0x07b0 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:43:49.0992 0x07b0 Mraid35x - ok
16:43:50.0072 0x07b0 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:43:50.0143 0x07b0 MRxDAV - ok
16:43:50.0225 0x07b0 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:50.0232 0x07b0 mrxsmb - ok
16:43:50.0306 0x07b0 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:50.0321 0x07b0 mrxsmb10 - ok
16:43:50.0400 0x07b0 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:50.0406 0x07b0 mrxsmb20 - ok
16:43:50.0576 0x07b0 [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
16:43:50.0581 0x07b0 msahci - ok
16:43:50.0657 0x07b0 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:43:50.0664 0x07b0 msdsm - ok
16:43:50.0714 0x07b0 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
16:43:50.0721 0x07b0 MSDTC - ok
16:43:50.0773 0x07b0 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:43:50.0777 0x07b0 Msfs - ok
16:43:50.0830 0x07b0 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:43:50.0833 0x07b0 msisadrv - ok
16:43:50.0915 0x07b0 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:43:50.0923 0x07b0 MSiSCSI - ok
16:43:50.0955 0x07b0 msiserver - ok
16:43:50.0981 0x07b0 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:43:50.0983 0x07b0 MSKSSRV - ok
16:43:51.0038 0x07b0 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:51.0041 0x07b0 MSPCLOCK - ok
16:43:51.0079 0x07b0 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:43:51.0082 0x07b0 MSPQM - ok
16:43:51.0188 0x07b0 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:43:51.0198 0x07b0 MsRPC - ok
16:43:51.0250 0x07b0 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:43:51.0257 0x07b0 mssmbios - ok
16:43:51.0319 0x07b0 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:43:51.0322 0x07b0 MSTEE - ok
16:43:51.0443 0x07b0 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
16:43:51.0447 0x07b0 Mup - ok
16:43:51.0581 0x07b0 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
16:43:51.0600 0x07b0 napagent - ok
16:43:51.0717 0x07b0 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:43:51.0726 0x07b0 NativeWifiP - ok
16:43:51.0833 0x07b0 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:43:51.0859 0x07b0 NDIS - ok
16:43:51.0933 0x07b0 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:51.0937 0x07b0 NdisTapi - ok
16:43:51.0973 0x07b0 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:51.0976 0x07b0 Ndisuio - ok
16:43:52.0063 0x07b0 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:52.0070 0x07b0 NdisWan - ok
16:43:52.0106 0x07b0 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:43:52.0110 0x07b0 NDProxy - ok
16:43:52.0162 0x07b0 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:43:52.0212 0x07b0 NetBIOS - ok
16:43:52.0313 0x07b0 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:43:52.0324 0x07b0 netbt - ok
16:43:52.0446 0x07b0 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
16:43:52.0449 0x07b0 Netlogon - ok
16:43:52.0521 0x07b0 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
16:43:52.0537 0x07b0 Netman - ok
16:43:52.0618 0x07b0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:43:52.0628 0x07b0 NetMsmqActivator - ok
16:43:52.0659 0x07b0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:43:52.0666 0x07b0 NetPipeActivator - ok
16:43:52.0740 0x07b0 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
16:43:52.0762 0x07b0 netprofm - ok
16:43:52.0804 0x07b0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:43:52.0809 0x07b0 NetTcpActivator - ok
16:43:52.0851 0x07b0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:43:52.0898 0x07b0 NetTcpPortSharing - ok
16:43:53.0075 0x07b0 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
16:43:53.0241 0x07b0 NETw3v32 - ok
16:43:53.0591 0x07b0 [ 8DE67BD902095A13329FD82C85A1FA09, 7F0B058D0C306A845F7BF14B24B0BDBCE6F152A054331072549F46284E75A367 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
16:43:53.0852 0x07b0 NETw5v32 - ok
16:43:53.0917 0x07b0 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:43:53.0921 0x07b0 nfrd960 - ok
16:43:53.0989 0x07b0 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
16:43:53.0999 0x07b0 NlaSvc - ok
16:43:54.0043 0x07b0 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:43:54.0047 0x07b0 Npfs - ok
16:43:54.0139 0x07b0 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
16:43:54.0143 0x07b0 nsi - ok
16:43:54.0196 0x07b0 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:43:54.0199 0x07b0 nsiproxy - ok
16:43:54.0363 0x07b0 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:43:54.0432 0x07b0 Ntfs - ok
16:43:54.0561 0x07b0 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:43:54.0564 0x07b0 ntrigdigi - ok
16:43:54.0615 0x07b0 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
16:43:54.0617 0x07b0 Null - ok
16:43:54.0676 0x07b0 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:43:54.0686 0x07b0 nvraid - ok
16:43:54.0721 0x07b0 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:43:54.0725 0x07b0 nvstor - ok
16:43:54.0828 0x07b0 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:43:54.0835 0x07b0 nv_agp - ok
16:43:54.0862 0x07b0 NwlnkFlt - ok
16:43:54.0877 0x07b0 NwlnkFwd - ok
16:43:54.0975 0x07b0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:43:54.0997 0x07b0 odserv - ok
16:43:55.0048 0x07b0 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:43:55.0051 0x07b0 ohci1394 - ok
16:43:55.0117 0x07b0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:55.0130 0x07b0 ose - ok
16:43:55.0206 0x07b0 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:43:55.0239 0x07b0 p2pimsvc - ok
16:43:55.0293 0x07b0 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
16:43:55.0352 0x07b0 p2psvc - ok
16:43:55.0393 0x07b0 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
16:43:55.0398 0x07b0 Parport - ok
16:43:55.0492 0x07b0 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:43:55.0496 0x07b0 partmgr - ok
16:43:55.0578 0x07b0 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:43:55.0581 0x07b0 Parvdm - ok
16:43:55.0679 0x07b0 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
16:43:55.0686 0x07b0 PcaSvc - ok
16:43:55.0746 0x07b0 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
16:43:55.0755 0x07b0 pci - ok
16:43:55.0802 0x07b0 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
16:43:55.0808 0x07b0 pciide - ok
16:43:55.0886 0x07b0 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:43:55.0899 0x07b0 pcmcia - ok
16:43:55.0996 0x07b0 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:43:56.0069 0x07b0 PEAUTH - ok
16:43:56.0237 0x07b0 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
16:43:56.0416 0x07b0 pla - ok
16:43:56.0486 0x07b0 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:43:56.0589 0x07b0 PlugPlay - ok
16:43:56.0681 0x07b0 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:43:56.0705 0x07b0 PNRPAutoReg - ok
16:43:56.0814 0x07b0 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:43:56.0839 0x07b0 PNRPsvc - ok
16:43:56.0980 0x07b0 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:43:56.0999 0x07b0 PolicyAgent - ok
16:43:57.0111 0x07b0 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:43:57.0115 0x07b0 PptpMiniport - ok
16:43:57.0174 0x07b0 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
16:43:57.0178 0x07b0 Processor - ok
16:43:57.0241 0x07b0 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
16:43:57.0252 0x07b0 ProfSvc - ok
16:43:57.0292 0x07b0 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
16:43:57.0294 0x07b0 ProtectedStorage - ok
16:43:57.0373 0x07b0 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:43:57.0379 0x07b0 PSched - ok
16:43:57.0537 0x07b0 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:43:57.0693 0x07b0 ql2300 - ok
16:43:57.0783 0x07b0 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:43:57.0789 0x07b0 ql40xx - ok
16:43:57.0848 0x07b0 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
16:43:57.0863 0x07b0 QWAVE - ok
16:43:57.0914 0x07b0 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:43:57.0917 0x07b0 QWAVEdrv - ok
16:43:57.0961 0x07b0 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:43:57.0964 0x07b0 RasAcd - ok
16:43:58.0066 0x07b0 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
16:43:58.0074 0x07b0 RasAuto - ok
16:43:58.0111 0x07b0 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:58.0120 0x07b0 Rasl2tp - ok
16:43:58.0198 0x07b0 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
16:43:58.0213 0x07b0 RasMan - ok
see next reply for remainder and addware cleaner txt
---- ----- ------------------------------

 

[lptprepair]

remainder of tdss k log on 8 3 and adaware log

16:43:58.0306 0x07b0 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:58.0310 0x07b0 RasPppoe - ok
16:43:58.0350 0x07b0 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:43:58.0357 0x07b0 RasSstp - ok
16:43:58.0503 0x07b0 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:43:58.0515 0x07b0 rdbss - ok
16:43:58.0598 0x07b0 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:58.0602 0x07b0 RDPCDD - ok
16:43:58.0710 0x07b0 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:43:58.0724 0x07b0 rdpdr - ok
16:43:58.0743 0x07b0 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:43:58.0749 0x07b0 RDPENCDD - ok
16:43:58.0850 0x07b0 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:43:58.0860 0x07b0 RDPWD - ok
16:43:58.0994 0x07b0 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
16:43:59.0001 0x07b0 RemoteAccess - ok
16:43:59.0083 0x07b0 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:43:59.0092 0x07b0 RemoteRegistry - ok
16:43:59.0141 0x07b0 [ DF672613FBBCD58C38BB0BC2694BCFB0, 9B574773C7E796B7E30481F7A22D996078D5D3D295270B5BA5931A2D2F03EB4B ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:43:59.0145 0x07b0 rimmptsk - ok
16:43:59.0199 0x07b0 [ 9BFB54D3559F2FF7301271D29D383564, DA7F9D7432D2DD4B8FCEEB5D995E4E0A2BF6226C3A244BE4EE6BF08EF29C8687 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:43:59.0203 0x07b0 rimsptsk - ok
16:43:59.0255 0x07b0 [ DCB87DA83CC1010CBC9FC4DC9E395BBC, 2123B7CAD746141C69F7DFCB4C351905C32E5B433F806EDA50074B088DC886DC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:43:59.0259 0x07b0 rismxdp - ok
16:43:59.0321 0x07b0 [ EEC7EE5675294B03E88AA868540007C1, 4FA2DFD007ED0B6276D80D7948E5A676620BB120BAF2BDB22D2D1E6ABA08F1B4 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
16:43:59.0328 0x07b0 RMCAST - ok
16:43:59.0377 0x07b0 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
16:43:59.0381 0x07b0 RpcLocator - ok
16:43:59.0449 0x07b0 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
16:43:59.0521 0x07b0 RpcSs - ok
16:43:59.0572 0x07b0 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:43:59.0577 0x07b0 rspndr - ok
16:43:59.0670 0x07b0 RTL8192su - ok
16:43:59.0691 0x07b0 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
16:43:59.0745 0x07b0 SamSs - ok
16:43:59.0825 0x07b0 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:43:59.0831 0x07b0 sbp2port - ok
16:43:59.0890 0x07b0 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:43:59.0897 0x07b0 SCardSvr - ok
16:43:59.0983 0x07b0 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
16:44:00.0015 0x07b0 Schedule - ok
16:44:00.0084 0x07b0 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
16:44:00.0087 0x07b0 SCPolicySvc - ok
16:44:00.0154 0x07b0 [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:44:00.0160 0x07b0 sdbus - ok
16:44:00.0222 0x07b0 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:44:00.0231 0x07b0 SDRSVC - ok
16:44:00.0643 0x07b0 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
16:44:00.0748 0x07b0 SDScannerService - ok
16:44:01.0010 0x07b0 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:44:01.0081 0x07b0 SDUpdateService - ok
16:44:01.0270 0x07b0 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:44:01.0281 0x07b0 SDWSCService - ok
16:44:01.0343 0x07b0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:44:01.0346 0x07b0 secdrv - ok
16:44:01.0392 0x07b0 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
16:44:01.0396 0x07b0 seclogon - ok
16:44:01.0474 0x07b0 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
16:44:01.0485 0x07b0 SENS - ok
16:44:01.0580 0x07b0 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:44:01.0583 0x07b0 Serenum - ok
16:44:01.0643 0x07b0 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
16:44:01.0649 0x07b0 Serial - ok
16:44:01.0690 0x07b0 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:44:01.0694 0x07b0 sermouse - ok
16:44:01.0908 0x07b0 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
16:44:01.0963 0x07b0 SessionEnv - ok
16:44:02.0013 0x07b0 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:44:02.0016 0x07b0 sffdisk - ok
16:44:02.0072 0x07b0 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:44:02.0076 0x07b0 sffp_mmc - ok
16:44:02.0126 0x07b0 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:44:02.0129 0x07b0 sffp_sd - ok
16:44:02.0190 0x07b0 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:44:02.0193 0x07b0 sfloppy - ok
16:44:02.0309 0x07b0 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:44:02.0325 0x07b0 SharedAccess - ok
16:44:02.0425 0x07b0 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:44:02.0443 0x07b0 ShellHWDetection - ok
16:44:02.0486 0x07b0 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:44:02.0514 0x07b0 sisagp - ok
16:44:02.0617 0x07b0 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:44:02.0621 0x07b0 SiSRaid2 - ok
16:44:02.0721 0x07b0 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:44:02.0727 0x07b0 SiSRaid4 - ok
16:44:03.0016 0x07b0 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
16:44:03.0250 0x07b0 slsvc - ok
16:44:03.0383 0x07b0 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:44:03.0389 0x07b0 SLUINotify - ok
16:44:03.0438 0x07b0 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:44:03.0444 0x07b0 Smb - ok
16:44:03.0633 0x07b0 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:44:03.0637 0x07b0 SNMPTRAP - ok
16:44:03.0684 0x07b0 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
16:44:03.0690 0x07b0 spldr - ok
16:44:03.0798 0x07b0 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
16:44:03.0807 0x07b0 Spooler - ok
16:44:03.0948 0x07b0 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
16:44:03.0964 0x07b0 srv - ok
16:44:04.0028 0x07b0 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:44:04.0038 0x07b0 srv2 - ok
16:44:04.0087 0x07b0 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:44:04.0094 0x07b0 srvnet - ok
16:44:04.0214 0x07b0 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:44:04.0225 0x07b0 SSDPSRV - ok
16:44:04.0329 0x07b0 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:44:04.0338 0x07b0 SstpSvc - ok
16:44:04.0492 0x07b0 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
16:44:04.0517 0x07b0 stisvc - ok
16:44:04.0614 0x07b0 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:44:04.0617 0x07b0 swenum - ok
16:44:04.0731 0x07b0 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
16:44:04.0750 0x07b0 swprv - ok
16:44:04.0805 0x07b0 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:44:04.0809 0x07b0 Symc8xx - ok
16:44:04.0916 0x07b0 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:44:04.0919 0x07b0 Sym_hi - ok
16:44:04.0979 0x07b0 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:44:04.0982 0x07b0 Sym_u3 - ok
16:44:05.0112 0x07b0 [ F5D926807BD9BC0AF68F9376144DE425, 2ADB35BB7ACA6FA5EA543890419F7D2036D27BAB9454E2295B3958DDDE46782D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:44:05.0124 0x07b0 SynTP - ok
16:44:05.0254 0x07b0 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
16:44:05.0299 0x07b0 SysMain - ok
16:44:05.0368 0x07b0 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:44:05.0375 0x07b0 TabletInputService - ok
16:44:05.0462 0x07b0 [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
16:44:05.0467 0x07b0 tap0901 - ok
16:44:05.0611 0x07b0 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:44:05.0627 0x07b0 TapiSrv - ok
16:44:05.0776 0x07b0 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
16:44:05.0782 0x07b0 TBS - ok
16:44:05.0914 0x07b0 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:44:06.0003 0x07b0 Tcpip - ok
16:44:06.0191 0x07b0 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:44:06.0226 0x07b0 Tcpip6 - ok
16:44:06.0346 0x07b0 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:44:06.0349 0x07b0 tcpipreg - ok
16:44:06.0424 0x07b0 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:44:06.0427 0x07b0 TDPIPE - ok
16:44:06.0492 0x07b0 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:44:06.0502 0x07b0 TDTCP - ok
16:44:06.0619 0x07b0 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:44:06.0625 0x07b0 tdx - ok
16:44:06.0690 0x07b0 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:44:06.0695 0x07b0 TermDD - ok
16:44:06.0812 0x07b0 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
16:44:06.0836 0x07b0 TermService - ok
16:44:06.0916 0x07b0 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
16:44:06.0927 0x07b0 Themes - ok
16:44:06.0993 0x07b0 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
16:44:06.0997 0x07b0 THREADORDER - ok
16:44:07.0048 0x07b0 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
16:44:07.0055 0x07b0 TrkWks - ok
16:44:07.0166 0x07b0 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:44:07.0169 0x07b0 TrustedInstaller - ok
16:44:07.0260 0x07b0 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:07.0264 0x07b0 tssecsrv - ok
16:44:07.0329 0x07b0 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:44:07.0332 0x07b0 tunmp - ok
16:44:07.0377 0x07b0 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:44:07.0380 0x07b0 tunnel - ok
16:44:07.0442 0x07b0 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:44:07.0448 0x07b0 uagp35 - ok
16:44:07.0593 0x07b0 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:44:07.0606 0x07b0 udfs - ok
16:44:07.0705 0x07b0 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:44:07.0711 0x07b0 UI0Detect - ok
16:44:07.0738 0x07b0 UIUSys - ok
16:44:07.0765 0x07b0 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:44:07.0770 0x07b0 uliagpkx - ok
16:44:07.0832 0x07b0 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:44:07.0845 0x07b0 uliahci - ok
16:44:07.0901 0x07b0 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:44:07.0908 0x07b0 UlSata - ok
16:44:07.0976 0x07b0 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:44:07.0988 0x07b0 ulsata2 - ok
16:44:08.0047 0x07b0 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:44:08.0051 0x07b0 umbus - ok
16:44:08.0114 0x07b0 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
16:44:08.0157 0x07b0 upnphost - ok
16:44:08.0242 0x07b0 [ 8BD3AE150D97BA4E633C6C5C51B41AE1, 6B529901B0311197CB67B9D9A2DED7D79B820F66E75BEF0FA912EFE50F941217 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:44:08.0248 0x07b0 usbccgp - ok
16:44:08.0301 0x07b0 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:44:08.0308 0x07b0 usbcir - ok
16:44:08.0364 0x07b0 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:44:08.0369 0x07b0 usbehci - ok
16:44:08.0452 0x07b0 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:44:08.0463 0x07b0 usbhub - ok
16:44:08.0563 0x07b0 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:44:08.0566 0x07b0 usbohci - ok
16:44:08.0636 0x07b0 [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:44:08.0639 0x07b0 usbprint - ok
16:44:08.0721 0x07b0 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:44:08.0726 0x07b0 USBSTOR - ok
16:44:08.0803 0x07b0 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:44:08.0806 0x07b0 usbuhci - ok
16:44:08.0856 0x07b0 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
16:44:08.0861 0x07b0 UxSms - ok
16:44:08.0992 0x07b0 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
16:44:09.0013 0x07b0 vds - ok
16:44:09.0089 0x07b0 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:44:09.0136 0x07b0 vga - ok
16:44:09.0200 0x07b0 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:44:09.0204 0x07b0 VgaSave - ok
16:44:09.0280 0x07b0 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:44:09.0285 0x07b0 viaagp - ok
16:44:09.0335 0x07b0 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:44:09.0340 0x07b0 ViaC7 - ok
16:44:09.0408 0x07b0 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
16:44:09.0411 0x07b0 viaide - ok
16:44:09.0463 0x07b0 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:44:09.0488 0x07b0 volmgr - ok
16:44:09.0598 0x07b0 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:44:09.0614 0x07b0 volmgrx - ok
16:44:09.0730 0x07b0 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:44:09.0742 0x07b0 volsnap - ok
16:44:09.0800 0x07b0 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:44:09.0809 0x07b0 vsmraid - ok
16:44:09.0934 0x07b0 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
16:44:10.0002 0x07b0 VSS - ok
16:44:10.0112 0x07b0 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
16:44:10.0135 0x07b0 W32Time - ok
16:44:10.0203 0x07b0 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:44:10.0206 0x07b0 WacomPen - ok
16:44:10.0263 0x07b0 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:44:10.0268 0x07b0 Wanarp - ok
16:44:10.0341 0x07b0 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:44:10.0345 0x07b0 Wanarpv6 - ok
16:44:10.0399 0x07b0 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:44:10.0423 0x07b0 wcncsvc - ok
16:44:10.0583 0x07b0 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:44:10.0588 0x07b0 WcsPlugInService - ok
16:44:10.0629 0x07b0 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
16:44:10.0633 0x07b0 Wd - ok
16:44:10.0778 0x07b0 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:44:10.0812 0x07b0 Wdf01000 - ok
16:44:10.0879 0x07b0 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:44:10.0887 0x07b0 WdiServiceHost - ok
16:44:10.0928 0x07b0 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:44:10.0935 0x07b0 WdiSystemHost - ok
16:44:11.0068 0x07b0 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
16:44:11.0109 0x07b0 WebClient - ok
16:44:11.0238 0x07b0 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:44:11.0249 0x07b0 Wecsvc - ok
16:44:11.0310 0x07b0 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:44:11.0317 0x07b0 wercplsupport - ok
16:44:11.0402 0x07b0 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
16:44:11.0411 0x07b0 WerSvc - ok
16:44:11.0533 0x07b0 [ 3B4522D0E750BAC8FE7AE61622A57014, 86ED0596AE97B140CC661B772032B3BE71E8C1F692E0FD3D23C8E2DA9470373C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:44:11.0644 0x07b0 winachsf - ok
16:44:11.0752 0x07b0 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:44:11.0770 0x07b0 WinDefend - ok
16:44:11.0858 0x07b0 WinHttpAutoProxySvc - ok
16:44:11.0981 0x07b0 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:44:11.0991 0x07b0 Winmgmt - ok
16:44:12.0116 0x07b0 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
16:44:12.0246 0x07b0 WinRM - ok
16:44:12.0378 0x07b0 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:44:12.0405 0x07b0 Wlansvc - ok
16:44:12.0626 0x07b0 [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:44:12.0683 0x07b0 wlidsvc - ok
16:44:12.0846 0x07b0 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:44:12.0848 0x07b0 WmiAcpi - ok
16:44:12.0945 0x07b0 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:44:12.0954 0x07b0 wmiApSrv - ok
16:44:13.0090 0x07b0 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:44:13.0157 0x07b0 WMPNetworkSvc - ok
16:44:13.0262 0x07b0 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:44:13.0272 0x07b0 WPCSvc - ok
16:44:13.0363 0x07b0 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:44:13.0371 0x07b0 WPDBusEnum - ok
16:44:13.0543 0x07b0 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:44:13.0600 0x07b0 WPFFontCache_v0400 - ok
16:44:13.0664 0x07b0 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:44:13.0690 0x07b0 ws2ifsl - ok
16:44:13.0766 0x07b0 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll
16:44:13.0773 0x07b0 wscsvc - ok
16:44:13.0798 0x07b0 WSearch - ok
16:44:14.0045 0x07b0 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
16:44:14.0187 0x07b0 wuauserv - ok
16:44:14.0259 0x07b0 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:44:14.0265 0x07b0 WudfPf - ok
16:44:14.0334 0x07b0 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:14.0361 0x07b0 WUDFRd - ok
16:44:14.0442 0x07b0 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:44:14.0450 0x07b0 wudfsvc - ok
16:44:14.0546 0x07b0 [ 88AF537264F2B818DA15479CEEAF5D7C, E0F95D6448FFB77351BB63ED444238F891B16748FD09F8BCCA23BEC4E341A96B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:44:14.0553 0x07b0 XAudio - ok
16:44:14.0603 0x07b0 [ 15A317674A08DF26BE65164D959E9203, 6EEE0D1711F37936D157651E265A65137BCBFBDA17F066C844BAA0D53558F86A ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:44:14.0622 0x07b0 XAudioService - ok
16:44:14.0676 0x07b0 ================ Scan global ===============================
16:44:14.0823 0x07b0 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
16:44:14.0919 0x07b0 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
16:44:14.0998 0x07b0 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
16:44:15.0077 0x07b0 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
16:44:15.0091 0x07b0 [ Global ] - ok
16:44:15.0111 0x07b0 ================ Scan MBR ==================================
16:44:15.0127 0x07b0 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:44:15.0988 0x07b0 \Device\Harddisk0\DR0 - ok
16:44:15.0992 0x07b0 ================ Scan VBR ==================================
16:44:16.0092 0x07b0 [ 98996995CF431F1773F528FCFC501F44 ] \Device\Harddisk0\DR0\Partition1
16:44:16.0110 0x07b0 \Device\Harddisk0\DR0\Partition1 - ok
16:44:16.0116 0x07b0 ================ Scan generic autorun ======================
16:44:16.0231 0x07b0 [ 62B3C9786081ECAAB272A118408D2817, 316DA6482EC049DA22D9644A8B8DF3E57A7A84B8DE0A8C15AC3FC406D01606F8 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
16:44:16.0264 0x07b0 SynTPEnh - ok
16:44:16.0387 0x07b0 [ 7F7B42B1BA42242116F5B277A063FE2E, BFB7657EE55F97B0ADB16AD8FB8545910301C63832801927B4955148744E6556 ] C:\Windows\system32\igfxtray.exe
16:44:16.0393 0x07b0 IgfxTray - ok
16:44:16.0481 0x07b0 [ 5F529FBB095CBC9F14BB1E97A7A6B547, A69BD52B70AB2564417C9A5C78472EDF457EDBDF5B8BEC3367B765A482C65EC0 ] C:\Windows\system32\hkcmd.exe
16:44:16.0505 0x07b0 HotKeysCmds - ok
16:44:16.0654 0x07b0 [ D8A33AF26E4143F7A892009890BB6F64, 4570A1B45A264D141DC919C94E5D8DD0D0D224D418ADE23385BFD787F095BEBF ] C:\Windows\system32\igfxpers.exe
16:44:16.0660 0x07b0 Persistence - ok
16:44:17.0062 0x07b0 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
16:44:17.0229 0x07b0 SDTray - ok
16:44:17.0469 0x07b0 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
16:44:17.0564 0x07b0 Sidebar - ok
16:44:17.0691 0x07b0 [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
16:44:17.0697 0x07b0 ehTray.exe - ok
16:44:18.0170 0x07b0 [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
16:44:18.0408 0x07b0 Spybot-S&D Cleaning - ok
16:44:18.0507 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:19.0507 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:20.0507 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:21.0521 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:22.0521 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:23.0521 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:24.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:25.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:26.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:27.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:28.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:29.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:30.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:31.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:32.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:33.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:34.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:35.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:36.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:37.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:38.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:39.0542 0x07b0 Waiting for KSN requests completion. In queue: 38
16:44:40.0861 0x07b0 Win FW state via NFP2: enabled
16:44:44.0421 0x07b0 ============================================================
16:44:44.0421 0x07b0 Scan finished
16:44:44.0421 0x07b0 ============================================================
16:44:44.0437 0x091c Detected object count: 0
16:44:44.0437 0x091c Actual detected object count: 0
16:46:40.0431 0x0eb4 Deinitialize success

 

[lptprepair]

hi john,
not sure if you saw these last two for tdss and adware here...
also as mentioned still have rogue klr opened ran it and there are some antitoolroot and registry ones that are showing up , couple say atapi disc and noticed when did search that if remove them sometimes system will not start up after
and sometimes they can be trojans disguised as i do not have start up disc for this nor do i have anything to transfer all info to do not want to risk losing all of it
so still have the program open after running, have not shut off computer
and on the registry ones it shows suspicous path HKEY local machine - in system control services as - catch me and some PUM ones

so do you agree about not having it delete the atapi disc ones for now and just the other ones?

http://file.net/process/atapi.sys.html

 

[lptprepair]

me again
put ntkrnlpa in search bar and it showed a program applicationor whatever so right clicked and it shows properties- details NT kernel & System application versio 6.0.6002.18881 Microsoft WIndows Operaing System 3.43 MB 7/8/2013 so all the items showing up in anitrootkit as objects IRP and filter
system root, system \32 drivers\ mountmgr.sys all have ntkrnlpa.exe excpt for ones that have atapi on them as drivers and filter and one tht is filter for atapi and ecache.sys

think i already posted report but just in case here it is
the catch me ones in registry for suspisous path HKEy local machine system \ control services ones - are ones that concern me ( not that i would know lol)
RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : sydy [Admin rights]
Mode : Scan -- Date : 08/03/2014 21:03:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-2303616615-3576378249-3580161408-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-2303616615-3576378249-3580161408-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST96812AS ATA Device +++++
--- User ---
[MBR] 8e6abae0e79171558dc1a66e4a11faf2
[BSP] 1ed89c18eca200750f06f8fe3d636858 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 57223 MB
User = LL1 ... OK
User = LL2 ... OK

 

[johnb35]

Rogue killer only found registry entries and no files or rootkits. Just click on the delete button to delete those. Continue on with the scanning.

 

[lptprepair]

Rogue killer only found registry entries and no files or rootkits. Just click on the delete button to delete those. Continue on with the scanning.

ok will do now thank you will post

 

[lptprepair]

combofix and otl

okay john, fianlly.. took lil while as firewall did not want to let me close it and then ie hung up again and and ... they are attached - well they are here as they were too large to attach thank you

also when ran combo fix at end it gave message that runtime term.. unusual something....


ComboFix 14-08-02.02 - sydey 08/06/2014 13:45:20.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.913 [GMT -4:00]
Running from: c:\users\sydey\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-07-06 to 2014-08-06 )))))))))))))))))))))))))))))))
.
.
2014-08-06 18:02 . 2014-08-06 18:11 -------- d-----w- c:\users\sydey\AppData\Local\temp
2014-08-06 18:02 . 2014-08-06 18:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-06 18:02 . 2014-08-06 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-04 00:38 . 2014-08-04 00:38 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-04 00:38 . 2014-08-04 00:38 -------- d-----w- c:\programdata\RogueKiller
2014-08-04 00:28 . 2014-08-04 00:28 52440 ----a-w- c:\windows\system32\drivers\yquni.sys
2014-08-03 21:11 . 2014-08-03 21:33 -------- d-----w- C:\AdwCleaner
2014-08-03 20:59 . 2014-08-03 20:59 -------- d-----w- c:\users\sydey\AppData\Local\ElevatedDiagnostics
2014-07-24 22:30 . 2014-07-24 22:30 532480 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2014-07-20 20:41 . 2013-09-20 14:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-07-20 20:40 . 2014-07-20 20:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-07-16 02:24 . 2014-07-16 02:24 -------- d-----r- c:\users\Public\Recorded TV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-03 22:35 . 2014-05-12 22:36 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-06-14 22:57 . 2014-06-14 22:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-14 22:57 . 2014-06-14 22:57 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-28 16:39 . 2014-06-10 21:06 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-05-28 16:32 . 2014-06-10 21:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-05-28 16:32 . 2014-06-10 21:06 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-28 16:30 . 2014-06-10 21:06 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-05-28 16:30 . 2014-06-10 21:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-28 16:29 . 2014-06-10 21:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-28 16:29 . 2014-06-10 21:06 11776 ----a-w- c:\windows\system32\mshta.exe
2014-05-12 11:35 . 2014-05-12 22:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 11:35 . 2014-05-12 22:37 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:35 . 2013-05-22 15:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-27 296096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-05-12 54072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 23:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 20:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-27 17:15 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = https://duckduckgo.com/
mStart Page = hxxp://www.google.com
Trusted Zone: duckduckgo.com
Trusted Zone: duckduckgo.com\www
Trusted Zone: gmx.com\www
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\login
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mbamchameleon
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-06 14:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-08-06 14:16:57
ComboFix-quarantined-files.txt 2014-08-06 18:16
.
Pre-Run: 8,491,220,992 bytes free
Post-Run: 9,376,006,144 bytes free
.
- - End Of File - - CFB73DE0014D8F018B002DB0F3410FDF
5C616939100B85E558DA92B899A0FC36






OTL Extras logfile created on: 8/6/2014 2:35:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sydny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.70% Memory free
4.41 Gb Paging File | 2.79 Gb Available in Paging File | 63.31% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 8.79 Gb Free Space | 15.73% Space Free | Partition Type: NTFS

Computer Name: SYDEY-PC | User Name: sydey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060B2ED2-B90B-4CE8-B3D4-907199B0D4E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{15331939-ACB8-4444-B12A-38CDD8F554DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{19B7B702-04AC-45F2-980F-9E553BBC7B41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2F852115-75F2-415F-A4B6-899149DD0842}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3AB9D349-06AE-425B-B60B-EF3CBCA8751E}" = lport=137 | protocol=17 | dir=in | app=system |
"{3E0D6759-D88D-4E38-9901-15F81E0EDCC7}" = rport=137 | protocol=17 | dir=out | app=system |
"{424EC0F4-9EFA-4FB0-BAC7-8B3665ED5FCA}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4357BFBD-2F8C-4CB2-87D7-172AF374A5E2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{8019C1CD-D3B6-4753-8BCE-D516AE540EB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{8EBA51AF-6FC7-44F3-BD06-1662C9F53172}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8ECE5BBC-B35E-40DC-A242-FB532CA2AE74}" = rport=445 | protocol=6 | dir=out | app=system |
"{AEAE3BE7-3983-491D-93D1-2520363C2F7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B335B268-ED2B-46C8-9CF1-46EE6B3DBC1F}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4950E1C-52CD-41F0-8B43-3FAFCA7E07DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{D074E04E-B3DF-4EFA-9855-12FFE178F4D5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{D53F07B5-10EC-47F8-BFE8-65C2AAA8CF70}" = rport=138 | protocol=17 | dir=out | app=system |
"{EEFE7E1F-CE38-48EA-A1D5-25CAEEEDE0A7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{F4E2A681-A1A1-430E-8BE8-8002244C86B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{F53D1C35-10B5-442B-A949-CACBF3D0FD47}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{FA2C4C95-B3A2-4C83-AB9D-DBC1E1DB5FEE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FA736A15-5722-4871-9A8E-FDD96739D585}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E0BE24-1407-4C1A-B1F8-3F85256FE7B7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0EEADF0C-88A1-486E-B851-12A801A179EB}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{135CA7E6-D082-4DCA-B385-5ABA27B774C7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{17457A72-4962-4C42-ACB6-96B17BD1D4D7}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{30CCB5E0-5E62-4F06-AA0E-3417F0A32188}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{32F0CE2C-B208-4207-8A32-674D9C27F741}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{35375CCE-2712-43F0-A042-00D3CFBF9DD5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7D5A7A23-C24A-4FA3-92F9-0A311E3CF7CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{84609DFD-DD6C-4C20-8787-3D76229D91B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A5B26E00-5181-4567-BD2A-9716397DFFD7}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{B52D0AB3-C623-45D5-A908-0D551E519E53}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{D7D1848F-45F4-4419-87B0-1B525AC1BDB7}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{DFF0DF77-71F5-4013-AAB7-B62F5E221359}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EE01FE28-D251-4201-8A87-BCC3AD2A198A}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{294B365B-32EF-49EE-99B3-A00558DC76E5}" = e-Sword
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2014 3:35:42 PM | Computer Name = sydey-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2a28 Start Time: 01cfafffd34a5788 Termination Time: 2198

Error - 8/4/2014 3:41:49 PM | Computer Name = sydey-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1ae0 Start Time: 01cfafa1baa5d648 Termination Time: 2221

Error - 8/6/2014 1:59:28 AM | Computer Name = sydey-PC | Source = Application Hang | ID = 1002
Description = The program vsta.exe version 8.0.50727.146 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 4ad0 Start Time: 01cfb13b4c401a50 Termination Time: 135

Error - 8/6/2014 4:00:07 AM | Computer Name = sydey-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 8214 Start Time: 01cfb14c0c073700 Termination Time: 0

Error - 8/6/2014 11:34:05 AM | Computer Name = sydey-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/6/2014 11:34:06 AM | Computer Name = sydey-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/6/2014 11:45:57 AM | Computer Name = sydey-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6695.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7090 Start Time: 01cfb188ad12e900 Termination Time: 0

Error - 8/6/2014 12:01:41 PM | Computer Name = sydey-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7e24 Start Time: 01cfb18f616a0ef0 Termination Time: 0

Error - 8/6/2014 12:10:12 PM | Computer Name = sydey-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16555 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 52cc Start Time: 01cfb190b7dcbed0 Termination Time: 0

Error - 8/6/2014 2:30:13 PM | Computer Name = sydey-PC | Source = LoadPerf | ID = 3001
Description =

[ OSession Events ]
Error - 9/23/2012 12:19:25 AM | Computer Name = sydey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3201
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 7/13/2013 7:08:38 PM | Computer Name = sydey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16491
seconds with 2760 seconds of active time. This session ended with a crash.

Error - 1/13/2014 12:18:13 PM | Computer Name = sydey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5132
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 3/21/2014 11:12:48 PM | Computer Name = sydey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5603
seconds with 600 seconds of active time. This session ended with a crash.

Error - 7/15/2014 10:56:33 AM | Computer Name = sydey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3665
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 7/16/2014 3:09:14 AM | Computer Name = sydey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 58343
seconds with 14340 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/6/2014 6:39:13 AM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/6/2014 7:57:11 AM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/6/2014 1:18:52 PM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/6/2014 1:19:04 PM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/6/2014 1:20:24 PM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/6/2014 1:20:24 PM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2014 1:40:58 PM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/6/2014 1:44:16 PM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/6/2014 1:55:00 PM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/6/2014 2:10:59 PM | Computer Name = sydey-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >








OTL logfile created on: 8/6/2014 2:35:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sydey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.70% Memory free
4.41 Gb Paging File | 2.79 Gb Available in Paging File | 63.31% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 8.79 Gb Free Space | 15.73% Space Free | Partition Type: NTFS

Computer Name: SYDEY-PC | User Name: sydey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\sydey\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (RTL8192su) -- system32\DRIVERS\RTL8192su.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\sydey\AppData\Local\Temp\catchme.sys File not found
DRV - (nuigxsid) -- C:\Windows\System32\drivers\yquni.sys (Malwarebytes Corporation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\sydey\Music
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {2EAAE2AF-0521-41D3-BC5A-3F68F9F1D918}
IE - HKCU\..\SearchScopes\{2EAAE2AF-0521-41D3-BC5A-3F68F9F1D918}: "URL" = https://duckduckgo.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{4A412C13-1F2C-42C8-9131-BF2326B38696}: "URL" = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=english
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2014/07/20 18:08:05 | 000,449,906 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: duckduckgo.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: duckduckgo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmx.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hotmail.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0ECE469-56D7-4327-A5F3-90353F883ED4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sydey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/06 14:30:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sydey\Desktop\OTL.exe
[2014/08/06 14:17:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/08/06 14:14:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/06 14:02:30 | 000,000,000 | ---D | C] -- C:\Users\sydey\AppData\Local\temp
[2014/08/06 13:35:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/08/06 13:35:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/08/06 13:35:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/08/06 13:34:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/08/06 12:31:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/06 12:26:54 | 000,000,000 | ---D | C] -- C:\Users\sydey\Documents\Documents\ProcAlyzer Dumps
[2014/08/06 01:57:28 | 000,000,000 | ---D | C] -- C:\Users\sydey\Documents\Documents\Visual Studio 2005
[2014/08/03 20:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/08/03 20:28:56 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\yquni.sys
[2014/08/03 18:44:27 | 005,566,616 | R--- | C] (Swearware) -- C:\Users\sydey\Desktop\ComboFix.exe
[2014/08/03 18:21:13 | 017,292,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sydey\Desktop\mbam-setup.exe
[2014/08/03 17:11:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/03 16:59:12 | 000,000,000 | ---D | C] -- C:\Users\sydey\AppData\Local\ElevatedDiagnostics
[2014/08/03 16:49:31 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\sydey\Desktop\JRT.exe
[2014/08/03 16:41:58 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\sydey\Desktop\tdsskiller.exe
[2014/08/03 01:39:00 | 000,000,000 | ---D | C] -- C:\Users\sydey\Desktop\New Folder
[2014/07/23 04:04:41 | 002,564,880 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\sydey\Documents\Documents\SandboxieInstall DDD.exe
[2014/07/20 16:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/07/20 16:41:12 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2014/07/20 16:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/07/20 16:35:42 | 046,525,608 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\sydey\Desktop\spybot-2.4.exe
[2014/07/20 16:03:43 | 000,000,000 | ---D | C] -- C:\Users\sydey\Desktop\LocaleMetaData
[2014/07/17 21:45:45 | 000,000,000 | ---D | C] -- C:\Users\sydey\Desktop\person name
[2014/07/17 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\sydey\Desktop\a l l
[2014/07/16 02:53:26 | 000,000,000 | ---D | C] -- C:\Users\sydey\Desktop\The Name
[2 C:\Users\sydey\Desktop\*.tmp files -> C:\Users\sydey\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/06 14:30:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sydey\Desktop\OTL.exe
[2014/08/06 13:06:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/08/06 13:06:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/08/06 13:02:58 | 000,007,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/06 13:02:58 | 000,007,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/06 11:47:51 | 002,627,974 | ---- | M] () -- C:\Users\sydey\Desktop\Surnames & Sirenames - The origin.pdf
[2014/08/06 11:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/04 16:17:09 | 004,105,794 | ---- | M] () -- C:\Users\sydey\Desktop\new 8 4 14 E2nd-Ed.pdf
[2014/08/03 20:38:22 | 000,029,160 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/08/03 20:28:56 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\yquni.sys
[2014/08/03 18:44:37 | 005,566,616 | R--- | M] (Swearware) -- C:\Users\sydey\Desktop\ComboFix.exe
[2014/08/03 18:37:55 | 004,806,744 | ---- | M] () -- C:\Users\sydney\Desktop\RogueKiller.exe
[2014/08/03 18:35:02 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/08/03 18:22:13 | 017,292,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\sydey\Desktop\mbam-setup.exe
[2014/08/03 16:49:31 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\sydey\Desktop\JRT.exe
[2014/08/03 16:49:03 | 001,361,309 | ---- | M] () -- C:\Users\sydey\Desktop\AdwCleaner.exe
[2014/08/03 16:42:01 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\sydey\Desktop\tdsskiller.exe
[2014/08/01 21:59:09 | 000,000,204 | ---- | M] () -- C:\Users\sydey\Desktop\I AM BOOK SERIES - ACTIVITY OF TEACHINGS.url
[2014/07/30 12:26:14 | 000,000,680 | ---- | M] () -- C:\Users\sydey\AppData\Local\d3d9caps.dat
[2014/07/24 18:30:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/24 15:13:57 | 005,543,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/24 12:15:17 | 000,399,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/20 18:08:05 | 000,449,906 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/07/20 16:37:16 | 046,525,608 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\sydey\Desktop\spybot-2.4.exe
[2014/07/20 16:03:35 | 004,263,936 | ---- | M] () -- C:\Users\sydey\Desktop\security log event special logon 6 7 14.evtx
[2014/07/19 22:52:27 | 000,074,274 | ---- | M] () -- C:\Users\sydey\Desktop\reg fee exempt lo to redo.pdf
[2014/07/19 22:50:22 | 000,164,853 | ---- | M] () -- C:\Users\sydey\Desktop\MV Regis FORM REDO.pdf
[2014/07/08 14:45:44 | 000,090,617 | ---- | M] () -- C:\Users\sydey\Desktop\read now PowerOfAttorney-(06~030) james letr.pdf
[2 C:\Users\sydey\Desktop\*.tmp files -> C:\Users\sydey\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/06 13:35:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/08/06 13:35:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/08/06 13:35:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/08/06 13:35:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/08/06 13:35:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/08/06 13:06:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/08/06 13:06:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/08/06 11:47:50 | 002,627,974 | ---- | C] () -- C:\Users\sydey\Desktop\Surnames & Sirenames - The origin.pdf
[2014/08/04 16:17:09 | 004,105,794 | ---- | C] () -- C:\Users\sydey\Desktop\new 8 4 14 -eBook-2nd-Ed.pdf
[2014/08/03 20:38:22 | 000,029,160 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/08/03 18:37:22 | 004,806,744 | ---- | C] () -- C:\Users\sydey\Desktop\RogueKiller.exe
[2014/08/03 16:49:03 | 001,361,309 | ---- | C] () -- C:\Users\sydey\Desktop\AdwCleaner.exe
[2014/08/01 21:59:09 | 000,000,204 | ---- | C] () -- C:\Users\sydey\Desktop\I AM BOOK SERIES - ACTIVITY TEACHINGS.url
[2014/07/22 21:12:01 | 000,000,680 | ---- | C] () -- C:\Users\sydey\AppData\Local\d3d9caps.dat
[2014/07/20 16:41:36 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/07/20 16:03:33 | 004,263,936 | ---- | C] () -- C:\Users\sydey\Desktop\security log event special logon 6 7 14.evtx
[2014/07/19 22:52:26 | 000,074,274 | ---- | C] () -- C:\Users\sydey\Desktop\reg fee flo to redo.pdf
[2014/07/19 22:50:21 | 000,164,853 | ---- | C] () -- C:\Users\sydey\Desktop\MV Regis FORM REDO.pdf
[2014/07/08 14:45:44 | 000,090,617 | ---- | C] () -- C:\Users\sydey\Desktop\read now PowerOfAttorney james letr.pdf
[2013/05/16 00:02:55 | 000,004,096 | -H-- | C] () -- C:\Users\sydey\AppData\Local\keyfile3.drm
[2012/12/03 06:04:00 | 000,000,582 | ---- | C] () -- C:\Windows\System32\tx19_ic.ini
[2012/09/24 23:57:24 | 000,024,206 | ---- | C] () -- C:\Users\sydey\AppData\Roaming\UserTile.png
[2012/09/19 22:55:34 | 000,005,632 | ---- | C] () -- C:\Users\sydey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/14 22:03:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/09/14 22:03:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/08/23 16:49:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/04/30 01:00:35 | 000,000,000 | ---D | M] -- C:\Users\sydey\AppData\Roaming\Audacity
[2012/09/18 19:23:25 | 000,000,000 | ---D | M] -- C:\Users\sydey\AppData\Roaming\Downloaded Installations
[2012/09/24 23:57:24 | 000,000,000 | ---D | M] -- C:\Users\sydey\AppData\Roaming\PeerNetworking
[2013/11/13 12:58:02 | 000,000,000 | ---D | M] -- C:\Users\sydey\AppData\Roaming\SanDisk SecureAccess
[2012/09/24 21:42:00 | 000,000,000 | ---D | M] -- C:\Users\sydey\AppData\Roaming\SumatraPDF
[2012/12/06 23:53:03 | 000,000,000 | ---D | M] -- C:\Users\sydey\AppData\Roaming\UltraMixer
[2012/09/25 00:03:32 | 000,000,000 | ---D | M] -- C:\Users\sydey\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

 

[lptprepair]

hi john

just went to programs to see if esword still there- yes so tried to uninstall once again and yeah ... it uninstalled

also seems like lots of those extra folders are mostly gone

thing is that one folder that had all those duplicate files in it has taken up so much space ' deleted' that it is hard to recover my old files as the space is used up by about 5 GB of those - so working on removing them so maybe.. will get old files that are lost


also C program files - google - desktop- install google -39 f...... - .... folder i s still there although when get to the 39F... number letter part now it says location no longer available- (before it would say that and then go a folder that just had"..." in it and showed in properties lots of files in it ( that is where thought they might be before) now shows none

then in computer c program files common files program data- there is a folder called install mate still it has a folder wiht { 61B5D513-044A-402C-A2C7-4X68BA56F7ES} with some .ddd application ext and dat files and text document and setup icon in the text docu that is quite lengthy it has the name of a document i attempted to download and that is same time had beginning of lots of problems on here- if you like will send over the text doc as think it will shed some light
there is also a folder called33B42CB3 in same one that is empty

then there is a folder called Its My App before it had more in it now it has a setup folder nothing in it and a SW-Booster folder with a folder that has 702149676 nothing in it now and a configuration setting with same number that has this in it NP6yu5+tnZZH0OQIKE1/gD3hJMqT/]
NP6yu5+ozhuPTUMOQI0FO9X3+gmIi+iqR=NP6yu5+tmFJglUMOQItbBfiKp+s2fW99MXdxfIgeav
NP6yu5+rjIX2dDWYSUqlmSa3JPir=NP6yu5+nWUogkwysur1U both this itsmy app and and install mate had more stuff in them before and are on same date as when had big problems

other than those looks like all the other junk and such is gone- yeah
thank you much you did it!!!!![/B]

now have to figure out if can retreive my lost
docs


the local -temporary apps roaming file folders seem to be gone now
it also had lots of my docs in them

 

[lptprepair]

sooo i was in error about the local apps data roaming thing and there ae apparantly two internet explorer folders programs whatever one is orig computer name and the other is default both are in app data roaming guess you know that

plus there is one when do search called apps and has some old stuff in it

isthe Public folder with music docs video apps all that required not sure how it showed up recently?

it is kinda sluggish when trying to open anything slow to respond , has a attitude

 

[johnb35]

Windows puts files in random locations, really nothing to worry about. However, it may help to run a temp file cleaner program to clean up your temp files which may be causing your system to run slow.

So run the following.

http://www.bleepingcomputer.com/download/tfc/dl/92/


Download TFC from the download link above and save the file on your desktop.
Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
Double-click on the TFC icon.
When the program starts, click on the Start button. TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
When done, press OK to reboot your computer and finish the cleanup.

Another concern I have is that you don't have an active virus program installed. Any reason for that? I would download and install Avast free. I do notice that you only have 2gb of memory installed and you are running Vista. On some machines vista runs very poorly on only 2gb of ram even on a fresh install. Would suggest upgrading to 4gb.

 

[lptprepair]

ok ran it about 700mb in internet temp files
well do not like avg norton mcafee that i know, not sure if tried avast
they always seem to bring more issues thus far
speaking of....

just noticed above runpost about hosts
,906 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com



what are these- i do not go to sex sites and do n ot know what all that stuff s

i deleted the tdss jrt combofix qtl as would like to recover my lost files
need space on hard drive- ( that is what came with this when got it the 2 not 4)

will have to wait- funds ....

so is there anyway to get rid of that google install file or does it matter?
thank you much

 

[lptprepair]

SOS- john
another issue i copied some of files two days ago to the dvd rw and they where there i ejected dvd put back in the documents werer there
now need to get to them today and put dvd rw in in C omputer it showed 1/2 full used
opened and it only showed message to drag docs files images .... did not see any of the doc so i dragged a pdf doc to it to see if cd see other ones , nope
so then i did right click open and explore it gave me the same formatting message gave me when first opened disc live or master i had chose live so i chose live again and it started to format i x'd out and now it only shows that pdf just draggeed but disc still shows 1/2 disc used full

and last night similar thing happened with USB scan disc that have bunch files on

this did not happen before
do you know why are they hidden what can i do to get them thank you this is important or would forget it

 

[johnb35]

First of all, all those entries under hosts means you are running a custom hosts file that will make it harder for you to visit bad websites and get infected.

As far as the burning issue goes, you are probably not using the correct one. There are 2 ways to burn.

1. burn and finalize cd/dvd which means all data will be seen in other devices.
2. burn and not finalize cd/dvd which means data won't be seen in other devices until its finalized.

Check your burning options and see which one you chose.

Also, what google install file are you talking about? Its been awful hard reading your posts and actually understanding what you have been trying to say.