Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible rootkit after installing CutePDF Writer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 28th, 2014, 8:03 pm

Hello MR Forum,

I have downloaded (from the official website) and just installed CutePDF Writer on my computer. It is a PDF printer driver that I am familiar with because I already installed a few years ago on my older laptop. As I now have a new one (with Win7), I installed it on this. I had never had problems from this software before.
(Note: first I had to install Ghostscript, a post-converter necessary to run CutePDF: it's on their website, and I did the same years ago with my old laptop).
During the installation CutePDF asked me if I wanted to install Ask Toolbar for IE, then Ask Toolbar for Firefox, then Comodo Dragon: I always un-ticked all the boxes. So I don't know how, but after the installation, a window with Comodo Dragon came up (I don't even know what this program is). I closed it and then found the program listed in the installed programs in Control Panel. I uninstalled it, but then a message from Avast popped up saying that there might be a rootkit and asking me to run the boot-time scan. I did this and the scan found no viruses.
Then I run ESET Online Scanner, which found the following two threats:

C:\Users\Administrator1\AppData\Local\Temp\is-7I629.tmp\Offercast2801_ARS_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Administrator1\Desktop\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

(The second is the CutePDF installation file which I still have on my desktop)

Can you please help me removing the two threats and more importantly check whether there is really a rootkit or any other malware on my computer.

Thanks in advance.

DDS & Attach logs follow...

============================
DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239
Run by Administrator1 at 0:46:36 on 2014-08-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4008.2461 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TECO\TecoHook.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DTS Sound] "C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe" /HIDEME
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4D779444-73DC-46D2-BB79-D871AC6C29CF} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [BatteryManager] "C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe"
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-4-29 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-4-29 224896]
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-3-11 652784]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-3-11 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-8-15 20464]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2014-4-29 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2014-4-29 427360]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-4-29 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-4-29 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-4-29 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-16 50344]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2013-12-6 162824]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-12-6 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-12-6 169432]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2012-2-29 342464]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\drivers\AmUStor.sys [2012-11-10 104280]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2013-4-17 47816]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-8-15 368624]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-8-15 790000]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-12-19 118504]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\drivers\Smb_driver_Intel.sys [2013-5-3 33008]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-12-6 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2012-4-12 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2012-3-17 846208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-6-1 16720]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-12 111616]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-9-3 452088]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-10-11 27648]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-4-29 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-4-29 1255736]
.
=============== Created Last 30 ================
.
2014-08-28 22:55:18 -------- d-----w- C:\Program Files (x86)\ESET
2014-08-28 21:49:34 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2014-08-28 21:49:34 1700352 ----a-w- C:\windows\SysWow64\gdiplus.dll
2014-08-28 21:49:34 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll
2014-08-28 21:47:57 87600 ----a-w- C:\windows\System32\cpwmon64.dll
2014-08-28 21:47:56 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-08-28 21:46:11 -------- d-----w- C:\Program Files (x86)\GPLGS
2014-08-28 21:39:52 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6585AF13-5D6A-4697-B52C-47C8590A2613}\mpengine.dll
2014-08-28 21:39:13 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-08-28 21:39:12 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-28 21:39:12 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-24 13:17:44 -------- d-----w- C:\windows\System32\appmgmt
2014-08-24 12:54:29 -------- d-----w- C:\ProgramData\Oracle
2014-08-12 20:02:06 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-12 20:02:06 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-12 20:02:06 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-12 20:02:06 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-12 20:02:04 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-12 20:02:04 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-12 20:01:25 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-12 20:01:25 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-12 20:00:00 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-08-12 20:00:00 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-08-12 20:00:00 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-08-12 20:00:00 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-08-12 19:58:15 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-12 19:58:11 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-12 19:58:11 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
.
==================== Find3M ====================
.
2014-08-14 00:42:30 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-14 00:42:30 699568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-05 08:20:00 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-16 03:23:41 2048 ----a-w- C:\windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-07-16 00:24:14 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-07-16 00:24:14 92008 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-07-16 00:24:14 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-07-16 00:24:14 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-07-16 00:24:14 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-07-16 00:24:14 224896 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-07-16 00:24:14 1041168 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-07-16 00:24:13 43152 ----a-w- C:\windows\avastSS.scr
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-15 00:37:41 4198400 ---h--r- C:\PT10S.BIN
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\windows\SysWow64\authui.dll
.
============= FINISH: 0:47:06.40 ===============

Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21/04/2014 19:53:52
System Uptime: 28/08/2014 22:51:24 (2 hours ago)
.
Motherboard: TOSHIBA | | PT10S
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz | SOCKET 0 | 2400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 414.969 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP29: 05/07/2014 00:06:48 - Windows Update
RP30: 08/07/2014 22:05:16 - Windows Update
RP31: 16/07/2014 01:20:54 - Windows Update
RP32: 16/07/2014 01:23:24 - avast! antivirus system restore point
RP33: 21/07/2014 23:00:46 - Windows Update
RP34: 28/07/2014 20:59:00 - Windows Update
RP35: 05/08/2014 00:57:15 - Windows Update
RP36: 08/08/2014 22:01:37 - Windows Update
RP37: 12/08/2014 21:00:23 - Windows Update
RP38: 18/08/2014 23:44:31 - Windows Update
RP39: 24/08/2014 13:48:38 - Windows Update
RP40: 24/08/2014 13:52:57 - Windows Update
RP41: 24/08/2014 14:17:02 - Removed Java 8 Update 20 (64-bit)
RP42: 28/08/2014 22:39:17 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08) MUI
Alcor Micro USB Card Reader
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
CutePDF Writer 3.0
DTS Sound
Filzip 3.06
IDT Audio Driver
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Microsoft .NET Framework 4.5.1
Microsoft Office
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Mozilla Firefox 31.0 (x86 en-GB)
Mozilla Maintenance Service
PlayReady PC Runtime amd64
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype™ 6.18
Synaptics Pointing Device Driver
TOSHIBA Battery Manager
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Flash Cards
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA PC Health Monitor
TOSHIBA Power Saver
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA System Driver
TOSHIBA TEMPRO
.
==== Event Viewer Messages From Past Week ========
.
28/08/2014 23:29:49, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DTS APO Service service to connect.
28/08/2014 23:29:49, Error: Service Control Manager [7000] - The DTS APO Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21/04/2014 19:53:52
System Uptime: 28/08/2014 22:51:24 (2 hours ago)
.
Motherboard: TOSHIBA | | PT10S
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz | SOCKET 0 | 2400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 414.969 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP29: 05/07/2014 00:06:48 - Windows Update
RP30: 08/07/2014 22:05:16 - Windows Update
RP31: 16/07/2014 01:20:54 - Windows Update
RP32: 16/07/2014 01:23:24 - avast! antivirus system restore point
RP33: 21/07/2014 23:00:46 - Windows Update
RP34: 28/07/2014 20:59:00 - Windows Update
RP35: 05/08/2014 00:57:15 - Windows Update
RP36: 08/08/2014 22:01:37 - Windows Update
RP37: 12/08/2014 21:00:23 - Windows Update
RP38: 18/08/2014 23:44:31 - Windows Update
RP39: 24/08/2014 13:48:38 - Windows Update
RP40: 24/08/2014 13:52:57 - Windows Update
RP41: 24/08/2014 14:17:02 - Removed Java 8 Update 20 (64-bit)
RP42: 28/08/2014 22:39:17 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08) MUI
Alcor Micro USB Card Reader
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
CutePDF Writer 3.0
DTS Sound
Filzip 3.06
IDT Audio Driver
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Microsoft .NET Framework 4.5.1
Microsoft Office
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Mozilla Firefox 31.0 (x86 en-GB)
Mozilla Maintenance Service
PlayReady PC Runtime amd64
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype™ 6.18
Synaptics Pointing Device Driver
TOSHIBA Battery Manager
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Flash Cards
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA PC Health Monitor
TOSHIBA Power Saver
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA System Driver
TOSHIBA TEMPRO
.
==== Event Viewer Messages From Past Week ========
.
28/08/2014 23:29:49, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DTS APO Service service to connect.
28/08/2014 23:29:49, Error: Service Control Manager [7000] - The DTS APO Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm
Advertisement
Register to Remove

Re: Possible rootkit after installing CutePDF Writer

Unread postby pgmigg » August 29th, 2014, 10:25 am

Hello rbd,

Welcome back to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 29th, 2014, 12:51 pm

Hello pgmigg,

Thank you for your quick response.
I have read the post and now await your further instructions.

Thanks,
rbd
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby pgmigg » August 29th, 2014, 5:00 pm

Hello rbd,

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
TDSSKiller - Rootkit Removal Tool Image
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator...".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click OK if changes were made.
  7. Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    DO NOT change the default actions, other than CURE to SKIP.
  8. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  9. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  10. If no reboot is required, click on Report. A log file should appear.
  11. Please post the contents of the log file in your next reply

Step 3.
ZOEK Auto Clean
  1. First please Disable any Antivirus you have active, as shown in This topic.
    Note: Don't forget to re-enable it after the scan.
  2. Next please download zoek.exe and save it to your desktop.
  3. Close any open browsers.
  4. Right click on zoek.exe and select "Run as administrator..." to run it.
  5. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  6. Click the More Options button below the large panel and check the box:
    • Auto Clean
  7. Click on Run script button
  8. Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  9. Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of the zoek-results.log file
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 29th, 2014, 7:49 pm

Hi pgmigg,

I have created the Restore Point without issues.
I have run TDSSKiller - please see log below (I need to cut it in 2 parts, as it's too long)

TDSSKiller log
00:35:47.0185 0x0ce0 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
00:36:27.0589 0x0ce0 ============================================================
00:36:27.0589 0x0ce0 Current date / time: 2014/08/30 00:36:27.0589
00:36:27.0589 0x0ce0 SystemInfo:
00:36:27.0589 0x0ce0
00:36:27.0589 0x0ce0 OS Version: 6.1.7601 ServicePack: 1.0
00:36:27.0589 0x0ce0 Product type: Workstation
00:36:27.0589 0x0ce0 ComputerName: TOSHIBA
00:36:27.0589 0x0ce0 UserName: Administrator1
00:36:27.0589 0x0ce0 Windows directory: C:\windows
00:36:27.0589 0x0ce0 System windows directory: C:\windows
00:36:27.0589 0x0ce0 Running under WOW64
00:36:27.0589 0x0ce0 Processor architecture: Intel x64
00:36:27.0589 0x0ce0 Number of processors: 4
00:36:27.0589 0x0ce0 Page size: 0x1000
00:36:27.0589 0x0ce0 Boot type: Normal boot
00:36:27.0589 0x0ce0 ============================================================
00:36:30.0444 0x0ce0 KLMD registered as C:\windows\system32\drivers\08579587.sys
00:36:30.0787 0x0ce0 System UUID: {20220E56-1BAB-C52E-3B2A-2B92F207ADDF}
00:36:31.0411 0x0ce0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:36:31.0427 0x0ce0 ============================================================
00:36:31.0427 0x0ce0 \Device\Harddisk0\DR0:
00:36:31.0427 0x0ce0 MBR partitions:
00:36:31.0427 0x0ce0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38BBF800
00:36:31.0427 0x0ce0 ============================================================
00:36:31.0458 0x0ce0 C: <-> \Device\Harddisk0\DR0\Partition1
00:36:31.0458 0x0ce0 ============================================================
00:36:31.0458 0x0ce0 Initialize success
00:36:31.0458 0x0ce0 ============================================================
00:39:17.0723 0x0a68 ============================================================
00:39:17.0723 0x0a68 Scan started
00:39:17.0723 0x0a68 Mode: Manual; SigCheck;
00:39:17.0723 0x0a68 ============================================================
00:39:17.0723 0x0a68 KSN ping started
00:39:18.0098 0x0a68 KSN ping finished: false
00:39:19.0065 0x0a68 ================ Scan system memory ========================
00:39:19.0065 0x0a68 System memory - ok
00:39:19.0065 0x0a68 ================ Scan services =============================
00:39:19.0221 0x0a68 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
00:39:19.0299 0x0a68 1394ohci - ok
00:39:19.0330 0x0a68 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
00:39:19.0346 0x0a68 ACPI - ok
00:39:19.0361 0x0a68 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
00:39:19.0392 0x0a68 AcpiPmi - ok
00:39:19.0455 0x0a68 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:39:19.0486 0x0a68 AdobeARMservice - ok
00:39:19.0564 0x0a68 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
00:39:19.0611 0x0a68 adp94xx - ok
00:39:19.0642 0x0a68 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
00:39:19.0673 0x0a68 adpahci - ok
00:39:19.0704 0x0a68 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
00:39:19.0736 0x0a68 adpu320 - ok
00:39:19.0751 0x0a68 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
00:39:19.0845 0x0a68 AeLookupSvc - ok
00:39:19.0907 0x0a68 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys
00:39:19.0985 0x0a68 AFD - ok
00:39:20.0032 0x0a68 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
00:39:20.0048 0x0a68 agp440 - ok
00:39:20.0094 0x0a68 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
00:39:20.0141 0x0a68 ALG - ok
00:39:20.0204 0x0a68 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
00:39:20.0219 0x0a68 aliide - ok
00:39:20.0266 0x0a68 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
00:39:20.0282 0x0a68 amdide - ok
00:39:20.0344 0x0a68 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
00:39:20.0375 0x0a68 AmdK8 - ok
00:39:20.0391 0x0a68 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
00:39:20.0438 0x0a68 AmdPPM - ok
00:39:20.0484 0x0a68 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
00:39:20.0516 0x0a68 amdsata - ok
00:39:20.0547 0x0a68 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
00:39:20.0578 0x0a68 amdsbs - ok
00:39:20.0578 0x0a68 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
00:39:20.0609 0x0a68 amdxata - ok
00:39:20.0687 0x0a68 [ 77695E64443CFEA745431C2A31A78A0B, 04CB2C95C4577D8FA6C89545B359A1D4191DDAEF2A3802B7E00F413A43A3789B ] AmUStor C:\windows\system32\drivers\AmUStor.SYS
00:39:20.0718 0x0a68 AmUStor - ok
00:39:20.0765 0x0a68 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
00:39:20.0859 0x0a68 AppID - ok
00:39:20.0874 0x0a68 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
00:39:20.0937 0x0a68 AppIDSvc - ok
00:39:20.0968 0x0a68 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
00:39:20.0999 0x0a68 Appinfo - ok
00:39:21.0062 0x0a68 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\windows\System32\appmgmts.dll
00:39:21.0108 0x0a68 AppMgmt - ok
00:39:21.0155 0x0a68 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys
00:39:21.0171 0x0a68 arc - ok
00:39:21.0186 0x0a68 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys
00:39:21.0218 0x0a68 arcsas - ok
00:39:21.0327 0x0a68 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:39:21.0358 0x0a68 aspnet_state - ok
00:39:21.0405 0x0a68 [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid C:\windows\system32\drivers\aswHwid.sys
00:39:21.0420 0x0a68 aswHwid - ok
00:39:21.0436 0x0a68 [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
00:39:21.0452 0x0a68 aswMonFlt - ok
00:39:21.0483 0x0a68 [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
00:39:21.0498 0x0a68 aswRdr - ok
00:39:21.0514 0x0a68 [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
00:39:21.0530 0x0a68 aswRvrt - ok
00:39:21.0592 0x0a68 [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx C:\windows\system32\drivers\aswSnx.sys
00:39:21.0623 0x0a68 aswSnx - ok
00:39:21.0701 0x0a68 [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP C:\windows\system32\drivers\aswSP.sys
00:39:21.0732 0x0a68 aswSP - ok
00:39:21.0779 0x0a68 [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm C:\windows\system32\drivers\aswStm.sys
00:39:21.0810 0x0a68 aswStm - ok
00:39:21.0873 0x0a68 [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
00:39:21.0904 0x0a68 aswVmm - ok
00:39:21.0951 0x0a68 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
00:39:22.0044 0x0a68 AsyncMac - ok
00:39:22.0091 0x0a68 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
00:39:22.0122 0x0a68 atapi - ok
00:39:22.0294 0x0a68 [ 12A145262015D6C7F08CC251A4A9713B, 30DFD601983CE8B864FC40A863A3BB83D80CF4BBAD445DE502666CFEB05BFAE6 ] athr C:\windows\system32\DRIVERS\athrx.sys
00:39:22.0544 0x0a68 athr - ok
00:39:22.0637 0x0a68 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:39:22.0887 0x0a68 AudioEndpointBuilder - ok
00:39:23.0043 0x0a68 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
00:39:23.0121 0x0a68 AudioSrv - ok
00:39:23.0277 0x0a68 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:39:23.0308 0x0a68 avast! Antivirus - ok
00:39:23.0355 0x0a68 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
00:39:23.0417 0x0a68 AxInstSV - ok
00:39:23.0495 0x0a68 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
00:39:23.0558 0x0a68 b06bdrv - ok
00:39:23.0589 0x0a68 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
00:39:23.0620 0x0a68 b57nd60a - ok
00:39:23.0667 0x0a68 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
00:39:23.0729 0x0a68 BDESVC - ok
00:39:23.0760 0x0a68 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
00:39:23.0854 0x0a68 Beep - ok
00:39:23.0948 0x0a68 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
00:39:24.0010 0x0a68 BFE - ok
00:39:24.0104 0x0a68 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
00:39:24.0260 0x0a68 BITS - ok
00:39:24.0291 0x0a68 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
00:39:24.0322 0x0a68 blbdrive - ok
00:39:24.0384 0x0a68 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
00:39:24.0416 0x0a68 bowser - ok
00:39:24.0462 0x0a68 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
00:39:24.0494 0x0a68 BrFiltLo - ok
00:39:24.0509 0x0a68 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
00:39:24.0556 0x0a68 BrFiltUp - ok
00:39:24.0587 0x0a68 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
00:39:24.0650 0x0a68 Browser - ok
00:39:24.0696 0x0a68 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
00:39:24.0759 0x0a68 Brserid - ok
00:39:24.0774 0x0a68 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
00:39:24.0821 0x0a68 BrSerWdm - ok
00:39:24.0852 0x0a68 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
00:39:24.0899 0x0a68 BrUsbMdm - ok
00:39:24.0899 0x0a68 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
00:39:24.0946 0x0a68 BrUsbSer - ok
00:39:24.0993 0x0a68 [ 982B096C5746A8A8670DE76BEBC9E398, 7D7E4F8527CB50B8FC455FCC20481A16735D40C90BF22511A2E7CD65EDF47A75 ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
00:39:25.0024 0x0a68 BtFilter - ok
00:39:25.0071 0x0a68 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
00:39:25.0102 0x0a68 BthEnum - ok
00:39:25.0133 0x0a68 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
00:39:25.0180 0x0a68 BTHMODEM - ok
00:39:25.0227 0x0a68 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
00:39:25.0289 0x0a68 BthPan - ok
00:39:25.0336 0x0a68 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
00:39:25.0430 0x0a68 BTHPORT - ok
00:39:25.0476 0x0a68 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
00:39:25.0570 0x0a68 bthserv - ok
00:39:25.0601 0x0a68 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
00:39:25.0632 0x0a68 BTHUSB - ok
00:39:25.0664 0x0a68 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
00:39:25.0726 0x0a68 cdfs - ok
00:39:25.0757 0x0a68 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
00:39:25.0788 0x0a68 cdrom - ok
00:39:25.0820 0x0a68 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
00:39:25.0913 0x0a68 CertPropSvc - ok
00:39:25.0960 0x0a68 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys
00:39:26.0007 0x0a68 circlass - ok
00:39:26.0069 0x0a68 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
00:39:26.0100 0x0a68 CLFS - ok
00:39:26.0132 0x0a68 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:39:26.0147 0x0a68 clr_optimization_v2.0.50727_32 - ok
00:39:26.0210 0x0a68 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:39:26.0241 0x0a68 clr_optimization_v2.0.50727_64 - ok
00:39:26.0319 0x0a68 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:39:26.0350 0x0a68 clr_optimization_v4.0.30319_32 - ok
00:39:26.0366 0x0a68 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:39:26.0381 0x0a68 clr_optimization_v4.0.30319_64 - ok
00:39:26.0412 0x0a68 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
00:39:26.0444 0x0a68 CmBatt - ok
00:39:26.0475 0x0a68 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
00:39:26.0506 0x0a68 cmdide - ok
00:39:26.0584 0x0a68 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
00:39:26.0631 0x0a68 CNG - ok
00:39:26.0693 0x0a68 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\drivers\compbatt.sys
00:39:26.0724 0x0a68 Compbatt - ok
00:39:26.0740 0x0a68 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
00:39:26.0787 0x0a68 CompositeBus - ok
00:39:26.0802 0x0a68 COMSysApp - ok
00:39:26.0880 0x0a68 [ D3D87AF1A9AEB5567736C6894EBF1FF8, E98BB41C3090DB76314FD7B70DBA2B31A9EB84169D9B1DC0BC17B7757CD6E6A0 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
00:39:26.0927 0x0a68 cphs - ok
00:39:26.0974 0x0a68 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
00:39:27.0005 0x0a68 crcdisk - ok
00:39:27.0052 0x0a68 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
00:39:27.0114 0x0a68 CryptSvc - ok
00:39:27.0177 0x0a68 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\windows\system32\drivers\csc.sys
00:39:27.0239 0x0a68 CSC - ok
00:39:27.0302 0x0a68 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\windows\System32\cscsvc.dll
00:39:27.0380 0x0a68 CscService - ok
00:39:27.0473 0x0a68 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
00:39:27.0536 0x0a68 DcomLaunch - ok
00:39:27.0582 0x0a68 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
00:39:27.0692 0x0a68 defragsvc - ok
00:39:27.0723 0x0a68 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
00:39:27.0801 0x0a68 DfsC - ok
00:39:27.0848 0x0a68 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
00:39:27.0910 0x0a68 Dhcp - ok
00:39:27.0972 0x0a68 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
00:39:28.0050 0x0a68 discache - ok
00:39:28.0082 0x0a68 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys
00:39:28.0097 0x0a68 Disk - ok
00:39:28.0113 0x0a68 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\windows\system32\drivers\dmvsc.sys
00:39:28.0144 0x0a68 dmvsc - ok
00:39:28.0191 0x0a68 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
00:39:28.0222 0x0a68 Dnscache - ok
00:39:28.0238 0x0a68 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
00:39:28.0300 0x0a68 dot3svc - ok
00:39:28.0331 0x0a68 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
00:39:28.0409 0x0a68 DPS - ok
00:39:28.0456 0x0a68 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
00:39:28.0487 0x0a68 drmkaud - ok
00:39:28.0565 0x0a68 [ 1FABD969ECCFFA637BFEA0FA2D83280F, 624B511908D3470E6A1C182A3945F02D6ED9801DF1A89B0056FF1387AB4EEDCE ] dts_apo_service C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
00:39:28.0596 0x0a68 dts_apo_service - ok
00:39:28.0690 0x0a68 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
00:39:28.0737 0x0a68 DXGKrnl - ok
00:39:28.0768 0x0a68 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
00:39:28.0846 0x0a68 EapHost - ok
00:39:29.0002 0x0a68 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\drivers\evbda.sys
00:39:29.0174 0x0a68 ebdrv - ok
00:39:29.0220 0x0a68 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\windows\System32\lsass.exe
00:39:29.0267 0x0a68 EFS - ok
00:39:29.0361 0x0a68 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
00:39:29.0423 0x0a68 ehRecvr - ok
00:39:29.0454 0x0a68 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
00:39:29.0486 0x0a68 ehSched - ok
00:39:29.0548 0x0a68 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys
00:39:29.0610 0x0a68 elxstor - ok
00:39:29.0610 0x0a68 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
00:39:29.0642 0x0a68 ErrDev - ok
00:39:29.0704 0x0a68 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
00:39:29.0798 0x0a68 EventSystem - ok
00:39:29.0813 0x0a68 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
00:39:29.0860 0x0a68 exfat - ok
00:39:29.0876 0x0a68 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
00:39:29.0922 0x0a68 fastfat - ok
00:39:29.0969 0x0a68 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
00:39:30.0032 0x0a68 Fax - ok
00:39:30.0047 0x0a68 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys
00:39:30.0078 0x0a68 fdc - ok
00:39:30.0110 0x0a68 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
00:39:30.0203 0x0a68 fdPHost - ok
00:39:30.0219 0x0a68 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
00:39:30.0297 0x0a68 FDResPub - ok
00:39:30.0344 0x0a68 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
00:39:30.0375 0x0a68 FileInfo - ok
00:39:30.0390 0x0a68 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
00:39:30.0437 0x0a68 Filetrace - ok
00:39:30.0453 0x0a68 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
00:39:30.0484 0x0a68 flpydisk - ok
00:39:30.0500 0x0a68 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
00:39:30.0531 0x0a68 FltMgr - ok
00:39:30.0640 0x0a68 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
00:39:30.0718 0x0a68 FontCache - ok
00:39:30.0765 0x0a68 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:39:30.0796 0x0a68 FontCache3.0.0.0 - ok
00:39:30.0827 0x0a68 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
00:39:30.0858 0x0a68 FsDepends - ok
00:39:30.0874 0x0a68 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
00:39:30.0890 0x0a68 Fs_Rec - ok
00:39:30.0921 0x0a68 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
00:39:30.0952 0x0a68 fvevol - ok
00:39:30.0983 0x0a68 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
00:39:30.0999 0x0a68 gagp30kx - ok
00:39:31.0061 0x0a68 [ FA07EC01952729DDDDC5BF4BAE06B09E, EAD6B6C4D0C2F27C91D3494DD71B549C47104733CD8C8AF77104D4F7F41C18E5 ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
00:39:31.0092 0x0a68 GFNEXSrv - ok
00:39:31.0155 0x0a68 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
00:39:31.0264 0x0a68 gpsvc - ok
00:39:31.0311 0x0a68 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
00:39:31.0342 0x0a68 hcw85cir - ok
00:39:31.0389 0x0a68 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:39:31.0451 0x0a68 HdAudAddService - ok
00:39:31.0482 0x0a68 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
00:39:31.0529 0x0a68 HDAudBus - ok
00:39:31.0560 0x0a68 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
00:39:31.0592 0x0a68 HidBatt - ok
00:39:31.0623 0x0a68 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys
00:39:31.0670 0x0a68 HidBth - ok
00:39:31.0685 0x0a68 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys
00:39:31.0732 0x0a68 HidIr - ok
00:39:31.0763 0x0a68 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
00:39:31.0857 0x0a68 hidserv - ok
00:39:31.0888 0x0a68 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
00:39:31.0904 0x0a68 HidUsb - ok
00:39:31.0950 0x0a68 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
00:39:32.0044 0x0a68 hkmsvc - ok
00:39:32.0060 0x0a68 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:39:32.0106 0x0a68 HomeGroupListener - ok
00:39:32.0153 0x0a68 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:39:32.0184 0x0a68 HomeGroupProvider - ok
00:39:32.0231 0x0a68 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
00:39:32.0262 0x0a68 HpSAMD - ok
00:39:32.0325 0x0a68 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
00:39:32.0434 0x0a68 HTTP - ok
00:39:32.0434 0x0a68 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
00:39:32.0450 0x0a68 hwpolicy - ok
00:39:32.0465 0x0a68 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
00:39:32.0481 0x0a68 i8042prt - ok
00:39:32.0512 0x0a68 [ 8E139FA049B84B395EA86B59C4C3D917, EEB8E5D5941112090A5A82549EDC41BB557BE50CF24B1859548F9B24202B6FE4 ] iaStorA C:\windows\system32\DRIVERS\iaStorA.sys
00:39:32.0543 0x0a68 iaStorA - ok
00:39:32.0574 0x0a68 [ BD2E48FA672618444930A8744978F014, 53B32742EC7821FD5F46E635C5E79F86FD21999B8894843AF5B2381DD03958C2 ] iaStorF C:\windows\system32\DRIVERS\iaStorF.sys
00:39:32.0590 0x0a68 iaStorF - ok
00:39:32.0637 0x0a68 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
00:39:32.0668 0x0a68 iaStorV - ok
00:39:32.0777 0x0a68 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:39:32.0871 0x0a68 idsvc - ok
00:39:32.0902 0x0a68 IEEtwCollectorService - ok
00:39:33.0105 0x0a68 [ 20147FEA9C201FD20ED8A364BCDFE1D5, D0F9A3974B79EC87B8DF68AC084FD82E7D940F230A7392D6EC6EE1DD802EF5E8 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
00:39:33.0339 0x0a68 igfx - ok
00:39:33.0370 0x0a68 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\drivers\iirsp.sys
00:39:33.0386 0x0a68 iirsp - ok
00:39:33.0432 0x0a68 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
00:39:33.0479 0x0a68 IKEEXT - ok
00:39:33.0542 0x0a68 [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
00:39:33.0588 0x0a68 IntcDAud - ok
00:39:33.0713 0x0a68 [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
00:39:33.0807 0x0a68 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
00:39:33.0885 0x0a68 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - warning
00:39:33.0963 0x0a68 [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
00:39:34.0041 0x0a68 Intel(R) Capability Licensing Service TCP IP Interface - ok
00:39:34.0088 0x0a68 [ EE65488B7294FBCB113EAC9FD492345C, D1D6B22CD94324387171B188D295AA716900654DA1DC9F3DC18D0CD528F2BBEA ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
00:39:34.0103 0x0a68 Intel(R) ME Service - ok
00:39:34.0134 0x0a68 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
00:39:34.0134 0x0a68 intelide - ok
00:39:34.0181 0x0a68 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
00:39:34.0228 0x0a68 intelppm - ok
00:39:34.0259 0x0a68 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
00:39:34.0353 0x0a68 IPBusEnum - ok
00:39:34.0368 0x0a68 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
00:39:34.0400 0x0a68 IpFilterDriver - ok
00:39:34.0478 0x0a68 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
00:39:34.0556 0x0a68 iphlpsvc - ok
00:39:34.0556 0x0a68 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
00:39:34.0587 0x0a68 IPMIDRV - ok
00:39:34.0602 0x0a68 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
00:39:34.0649 0x0a68 IPNAT - ok
00:39:34.0665 0x0a68 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
00:39:34.0680 0x0a68 IRENUM - ok
00:39:34.0680 0x0a68 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
00:39:34.0696 0x0a68 isapnp - ok
00:39:34.0727 0x0a68 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
00:39:34.0743 0x0a68 iScsiPrt - ok
00:39:34.0790 0x0a68 [ 626F5EAE794819A88F3A1437A6C75951, 491E9DFE7C08869585A5E56830110E245255C5DE71430051EC3948A81CF005C3 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
00:39:34.0805 0x0a68 iusb3hcs - ok
00:39:34.0836 0x0a68 [ 21A002692B2A07D225E26F70E78D0BFC, 4809D0DD5CA1E0A9C7A0D2BD2E1C7775077CB99F62ED47844EBF3C0B1E91ED45 ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
00:39:34.0868 0x0a68 iusb3hub - ok
00:39:34.0914 0x0a68 [ FBD43626F80EE4ACA8A6662EA318AFEF, 182DCFDE330399249F038D440FD73806009C809D2B61CE610194AA2131C02733 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
00:39:34.0961 0x0a68 iusb3xhc - ok
00:39:35.0008 0x0a68 [ BF5D3A2624177C413680DEF19A465AF8, B9909D3E6CB6F9971293116387865AD15CB9D47513C7FAA9C36BE4D2847A41EB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
00:39:35.0039 0x0a68 jhi_service - ok
00:39:35.0070 0x0a68 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
00:39:35.0086 0x0a68 kbdclass - ok
00:39:35.0117 0x0a68 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
00:39:35.0148 0x0a68 kbdhid - ok
00:39:35.0180 0x0a68 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\windows\system32\lsass.exe
00:39:35.0195 0x0a68 KeyIso - ok
00:39:35.0242 0x0a68 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
00:39:35.0258 0x0a68 KSecDD - ok
00:39:35.0289 0x0a68 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
00:39:35.0320 0x0a68 KSecPkg - ok
00:39:35.0367 0x0a68 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
00:39:35.0460 0x0a68 ksthunk - ok
00:39:35.0507 0x0a68 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
00:39:35.0601 0x0a68 KtmRm - ok
00:39:35.0663 0x0a68 [ A6131EE7C440992458688C7D0989C584, 94FEB4A6677262BAA590F77329141D9F539D3466D6E9473D639880AA6D5A103C ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
00:39:35.0694 0x0a68 L1C - ok
00:39:35.0757 0x0a68 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
00:39:35.0850 0x0a68 LanmanServer - ok
00:39:35.0850 0x0a68 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:39:35.0897 0x0a68 LanmanWorkstation - ok
00:39:35.0944 0x0a68 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
00:39:36.0038 0x0a68 lltdio - ok
00:39:36.0084 0x0a68 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
00:39:36.0162 0x0a68 lltdsvc - ok
00:39:36.0194 0x0a68 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
00:39:36.0240 0x0a68 lmhosts - ok
00:39:36.0334 0x0a68 [ 3EA307C51069BC72DD74A4964F2A30A9, EB8F9C936AE43B7E31CB6C46F76FB918509D529E897C0E82B865A2854458996A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:39:36.0381 0x0a68 LMS - ok
00:39:36.0412 0x0a68 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
00:39:36.0428 0x0a68 LSI_FC - ok
00:39:36.0443 0x0a68 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
00:39:36.0459 0x0a68 LSI_SAS - ok
00:39:36.0474 0x0a68 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
00:39:36.0490 0x0a68 LSI_SAS2 - ok
00:39:36.0506 0x0a68 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
00:39:36.0521 0x0a68 LSI_SCSI - ok
00:39:36.0537 0x0a68 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
00:39:36.0568 0x0a68 luafv - ok
00:39:36.0615 0x0a68 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
00:39:36.0662 0x0a68 Mcx2Svc - ok
00:39:36.0693 0x0a68 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys
00:39:36.0724 0x0a68 megasas - ok
00:39:36.0755 0x0a68 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
00:39:36.0786 0x0a68 MegaSR - ok
00:39:36.0833 0x0a68 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
00:39:36.0849 0x0a68 MEIx64 - ok
00:39:36.0880 0x0a68 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
00:39:36.0958 0x0a68 MMCSS - ok
00:39:36.0974 0x0a68 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
00:39:37.0036 0x0a68 Modem - ok
00:39:37.0052 0x0a68 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
00:39:37.0083 0x0a68 monitor - ok
00:39:37.0114 0x0a68 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
00:39:37.0130 0x0a68 mouclass - ok
00:39:37.0161 0x0a68 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
00:39:37.0192 0x0a68 mouhid - ok
00:39:37.0208 0x0a68 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
00:39:37.0239 0x0a68 mountmgr - ok
00:39:37.0317 0x0a68 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:39:37.0348 0x0a68 MozillaMaintenance - ok
00:39:37.0395 0x0a68 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
00:39:37.0410 0x0a68 mpio - ok
00:39:37.0442 0x0a68 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
00:39:37.0488 0x0a68 mpsdrv - ok
00:39:37.0566 0x0a68 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
00:39:37.0691 0x0a68 MpsSvc - ok
00:39:37.0738 0x0a68 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
00:39:37.0754 0x0a68 MRxDAV - ok
00:39:37.0800 0x0a68 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
00:39:37.0847 0x0a68 mrxsmb - ok
00:39:37.0878 0x0a68 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
00:39:37.0941 0x0a68 mrxsmb10 - ok
00:39:37.0956 0x0a68 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
00:39:37.0988 0x0a68 mrxsmb20 - ok
00:39:38.0034 0x0a68 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
00:39:38.0066 0x0a68 msahci - ok
00:39:38.0112 0x0a68 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
00:39:38.0144 0x0a68 msdsm - ok
00:39:38.0159 0x0a68 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
00:39:38.0206 0x0a68 MSDTC - ok
00:39:38.0222 0x0a68 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
00:39:38.0300 0x0a68 Msfs - ok
00:39:38.0315 0x0a68 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
00:39:38.0378 0x0a68 mshidkmdf - ok
00:39:38.0393 0x0a68 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
00:39:38.0424 0x0a68 msisadrv - ok
00:39:38.0471 0x0a68 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
00:39:38.0549 0x0a68 MSiSCSI - ok
00:39:38.0549 0x0a68 msiserver - ok
00:39:38.0580 0x0a68 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
00:39:38.0643 0x0a68 MSKSSRV - ok
00:39:38.0658 0x0a68 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
00:39:38.0690 0x0a68 MSPCLOCK - ok
00:39:38.0705 0x0a68 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
00:39:38.0752 0x0a68 MSPQM - ok
00:39:38.0783 0x0a68 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
00:39:38.0814 0x0a68 MsRPC - ok
00:39:38.0830 0x0a68 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
00:39:38.0846 0x0a68 mssmbios - ok
00:39:38.0861 0x0a68 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
00:39:38.0939 0x0a68 MSTEE - ok
00:39:38.0939 0x0a68 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
00:39:38.0955 0x0a68 MTConfig - ok
00:39:38.0955 0x0a68 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
00:39:38.0970 0x0a68 Mup - ok
00:39:39.0017 0x0a68 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
00:39:39.0064 0x0a68 napagent - ok
00:39:39.0111 0x0a68 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
00:39:39.0142 0x0a68 NativeWifiP - ok
00:39:39.0204 0x0a68 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
00:39:39.0267 0x0a68 NDIS - ok
00:39:39.0282 0x0a68 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
00:39:39.0329 0x0a68 NdisCap - ok
00:39:39.0360 0x0a68 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
00:39:39.0423 0x0a68 NdisTapi - ok
00:39:39.0438 0x0a68 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
00:39:39.0485 0x0a68 Ndisuio - ok
00:39:39.0501 0x0a68 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
00:39:39.0563 0x0a68 NdisWan - ok
00:39:39.0579 0x0a68 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
00:39:39.0610 0x0a68 NDProxy - ok
00:39:39.0626 0x0a68 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
00:39:39.0672 0x0a68 NetBIOS - ok
00:39:39.0719 0x0a68 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
00:39:39.0766 0x0a68 NetBT - ok
00:39:39.0782 0x0a68 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\windows\system32\lsass.exe
00:39:39.0797 0x0a68 Netlogon - ok
00:39:39.0875 0x0a68 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
00:39:39.0953 0x0a68 Netman - ok
00:39:40.0000 0x0a68 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:39:40.0031 0x0a68 NetMsmqActivator - ok
00:39:40.0047 0x0a68 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:39:40.0062 0x0a68 NetPipeActivator - ok
00:39:40.0094 0x0a68 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
00:39:40.0172 0x0a68 netprofm - ok
00:39:40.0172 0x0a68 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:39:40.0187 0x0a68 NetTcpActivator - ok
00:39:40.0203 0x0a68 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:39:40.0218 0x0a68 NetTcpPortSharing - ok
00:39:40.0265 0x0a68 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
00:39:40.0296 0x0a68 nfrd960 - ok
00:39:40.0343 0x0a68 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
00:39:40.0406 0x0a68 NlaSvc - ok
00:39:40.0406 0x0a68 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
00:39:40.0468 0x0a68 Npfs - ok
00:39:40.0484 0x0a68 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
00:39:40.0562 0x0a68 nsi - ok
00:39:40.0593 0x0a68 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
00:39:40.0640 0x0a68 nsiproxy - ok
00:39:40.0764 0x0a68 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
00:39:40.0858 0x0a68 Ntfs - ok
00:39:40.0889 0x0a68 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
00:39:40.0967 0x0a68 Null - ok
00:39:40.0983 0x0a68 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
00:39:41.0014 0x0a68 nvraid - ok
00:39:41.0014 0x0a68 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
00:39:41.0045 0x0a68 nvstor - ok
00:39:41.0061 0x0a68 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
00:39:41.0092 0x0a68 nv_agp - ok
00:39:41.0092 0x0a68 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
00:39:41.0108 0x0a68 ohci1394 - ok
00:39:41.0154 0x0a68 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
00:39:41.0217 0x0a68 p2pimsvc - ok
00:39:41.0248 0x0a68 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
00:39:41.0295 0x0a68 p2psvc - ok
00:39:41.0326 0x0a68 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\drivers\parport.sys
00:39:41.0357 0x0a68 Parport - ok
00:39:41.0357 0x0a68 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
00:39:41.0388 0x0a68 partmgr - ok
00:39:41.0420 0x0a68 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
00:39:41.0466 0x0a68 PcaSvc - ok
00:39:41.0466 0x0a68 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
00:39:41.0498 0x0a68 pci - ok
00:39:41.0513 0x0a68 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
00:39:41.0529 0x0a68 pciide - ok
00:39:41.0576 0x0a68 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
00:39:41.0591 0x0a68 pcmcia - ok
00:39:41.0607 0x0a68 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
00:39:41.0622 0x0a68 pcw - ok
00:39:41.0654 0x0a68 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
00:39:41.0732 0x0a68 PEAUTH - ok
00:39:41.0825 0x0a68 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
00:39:41.0919 0x0a68 PeerDistSvc - ok
00:39:41.0997 0x0a68 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
00:39:42.0059 0x0a68 PerfHost - ok
00:39:42.0168 0x0a68 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
00:39:42.0293 0x0a68 pla - ok
00:39:42.0356 0x0a68 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
00:39:42.0418 0x0a68 PlugPlay - ok
00:39:42.0434 0x0a68 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
00:39:42.0465 0x0a68 PNRPAutoReg - ok
00:39:42.0480 0x0a68 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
00:39:42.0527 0x0a68 PNRPsvc - ok
00:39:42.0590 0x0a68 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
00:39:42.0683 0x0a68 PolicyAgent - ok
00:39:42.0699 0x0a68 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\windows\system32\umpo.dll
00:39:42.0746 0x0a68 Power - ok
00:39:42.0792 0x0a68 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
00:39:42.0870 0x0a68 PptpMiniport - ok
00:39:42.0886 0x0a68 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys
00:39:42.0917 0x0a68 Processor - ok
00:39:42.0948 0x0a68 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
00:39:42.0995 0x0a68 ProfSvc - ok
00:39:43.0026 0x0a68 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
00:39:43.0058 0x0a68 ProtectedStorage - ok
00:39:43.0089 0x0a68 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
00:39:43.0167 0x0a68 Psched - ok
00:39:43.0276 0x0a68 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\drivers\ql2300.sys
00:39:43.0354 0x0a68 ql2300 - ok
00:39:43.0370 0x0a68 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys
00:39:43.0370 0x0a68 ql40xx - ok
00:39:43.0416 0x0a68 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
00:39:43.0479 0x0a68 QWAVE - ok
00:39:43.0479 0x0a68 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
00:39:43.0526 0x0a68 QWAVEdrv - ok
00:39:43.0526 0x0a68 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
00:39:43.0588 0x0a68 RasAcd - ok
00:39:43.0635 0x0a68 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
00:39:43.0697 0x0a68 RasAgileVpn - ok
00:39:43.0744 0x0a68 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
00:39:43.0822 0x0a68 RasAuto - ok
00:39:43.0853 0x0a68 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
00:39:43.0900 0x0a68 Rasl2tp - ok
00:39:43.0962 0x0a68 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
00:39:44.0056 0x0a68 RasMan - ok
00:39:44.0087 0x0a68 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
00:39:44.0134 0x0a68 RasPppoe - ok
00:39:44.0134 0x0a68 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
00:39:44.0165 0x0a68 RasSstp - ok
00:39:44.0181 0x0a68 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
00:39:44.0212 0x0a68 rdbss - ok
00:39:44.0243 0x0a68 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
00:39:44.0274 0x0a68 rdpbus - ok
00:39:44.0290 0x0a68 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
00:39:44.0352 0x0a68 RDPCDD - ok
00:39:44.0352 0x0a68 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\windows\system32\drivers\rdpdr.sys
00:39:44.0368 0x0a68 RDPDR - ok
00:39:44.0384 0x0a68 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
00:39:44.0430 0x0a68 RDPENCDD - ok
00:39:44.0430 0x0a68 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
00:39:44.0462 0x0a68 RDPREFMP - ok
00:39:44.0477 0x0a68 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
00:39:44.0493 0x0a68 RDPWD - ok
00:39:44.0524 0x0a68 [ A115F49BEA840A5F049BC6310F35F776, 3A4D681959A493ECC24C4B0925F5F4FD336F93C317198C210907E466D3F704CA ] rdyboost C:\windows\system32\drivers\rdyboost.sys
00:39:44.0540 0x0a68 rdyboost - ok
00:39:44.0571 0x0a68 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
00:39:44.0618 0x0a68 RemoteAccess - ok
00:39:44.0649 0x0a68 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
00:39:44.0696 0x0a68 RemoteRegistry - ok
00:39:44.0742 0x0a68 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
00:39:44.0774 0x0a68 RFCOMM - ok
00:39:44.0805 0x0a68 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
00:39:44.0836 0x0a68 RpcEptMapper - ok
00:39:44.0867 0x0a68 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
00:39:44.0914 0x0a68 RpcLocator - ok
00:39:44.0961 0x0a68 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
00:39:45.0023 0x0a68 RpcSs - ok
00:39:45.0054 0x0a68 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
00:39:45.0132 0x0a68 rspndr - ok
00:39:45.0164 0x0a68 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\windows\system32\drivers\vms3cap.sys
00:39:45.0195 0x0a68 s3cap - ok
00:39:45.0226 0x0a68 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\windows\system32\lsass.exe
00:39:45.0242 0x0a68 SamSs - ok
00:39:45.0273 0x0a68 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
00:39:45.0288 0x0a68 sbp2port - ok
00:39:45.0335 0x0a68 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
00:39:45.0429 0x0a68 SCardSvr - ok
00:39:45.0460 0x0a68 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
00:39:45.0491 0x0a68 scfilter - ok
00:39:45.0538 0x0a68 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
00:39:45.0616 0x0a68 Schedule - ok
00:39:45.0647 0x0a68 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
00:39:45.0678 0x0a68 SCPolicySvc - ok
00:39:45.0694 0x0a68 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
00:39:45.0725 0x0a68 SDRSVC - ok
00:39:45.0756 0x0a68 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
00:39:45.0850 0x0a68 secdrv - ok
00:39:45.0881 0x0a68 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
00:39:45.0959 0x0a68 seclogon - ok
00:39:45.0975 0x0a68 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
00:39:46.0037 0x0a68 SENS - ok
00:39:46.0053 0x0a68 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
00:39:46.0068 0x0a68 SensrSvc - ok
00:39:46.0084 0x0a68 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\drivers\serenum.sys
00:39:46.0115 0x0a68 Serenum - ok
00:39:46.0131 0x0a68 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\drivers\serial.sys
00:39:46.0178 0x0a68 Serial - ok
00:39:46.0178 0x0a68 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\drivers\sermouse.sys
00:39:46.0209 0x0a68 sermouse - ok
00:39:46.0256 0x0a68 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
00:39:46.0318 0x0a68 SessionEnv - ok
00:39:46.0349 0x0a68 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
00:39:46.0396 0x0a68 sffdisk - ok
00:39:46.0412 0x0a68 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
00:39:46.0458 0x0a68 sffp_mmc - ok
00:39:46.0458 0x0a68 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
00:39:46.0505 0x0a68 sffp_sd - ok
00:39:46.0521 0x0a68 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
00:39:46.0552 0x0a68 sfloppy - ok
00:39:46.0599 0x0a68 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
00:39:46.0724 0x0a68 SharedAccess - ok
00:39:46.0770 0x0a68 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:39:46.0833 0x0a68 ShellHWDetection - ok
00:39:46.0864 0x0a68 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
00:39:46.0880 0x0a68 SiSRaid2 - ok
00:39:46.0895 0x0a68 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
00:39:46.0911 0x0a68 SiSRaid4 - ok
00:39:46.0942 0x0a68 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:39:46.0958 0x0a68 SkypeUpdate - ok
00:39:46.0973 0x0a68 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
00:39:47.0020 0x0a68 Smb - ok
00:39:47.0067 0x0a68 [ 07165344E45AC9E93A999F74908F8AF6, C0667DBC90E43D528BCAF9C9577B0A4516D5071880C82635FBADDBA829FBD42B ] SmbDrvI C:\windows\system32\DRIVERS\Smb_driver_Intel.sys
00:39:47.0098 0x0a68 SmbDrvI - ok
00:39:47.0160 0x0a68 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
00:39:47.0192 0x0a68 SNMPTRAP - ok
00:39:47.0223 0x0a68 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
00:39:47.0254 0x0a68 spldr - ok
00:39:47.0301 0x0a68 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
00:39:47.0348 0x0a68 Spooler - ok
00:39:47.0504 0x0a68 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
00:39:47.0722 0x0a68 sppsvc - ok
00:39:47.0738 0x0a68 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
00:39:47.0800 0x0a68 sppuinotify - ok
00:39:47.0862 0x0a68 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
00:39:47.0925 0x0a68 srv - ok
00:39:47.0940 0x0a68 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
00:39:47.0972 0x0a68 srv2 - ok
00:39:47.0972 0x0a68 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
00:39:47.0987 0x0a68 srvnet - ok
00:39:48.0050 0x0a68 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
00:39:48.0143 0x0a68 SSDPSRV - ok
00:39:48.0159 0x0a68 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
00:39:48.0221 0x0a68 SstpSvc - ok
00:39:48.0299 0x0a68 [ 02A660D3AF9056EB49674323253B1F6B, 5EF09BEB685FBFE31CBA3EF3C8F01FBC237D2EE01D2C552BD9D5B0258A0C5589 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
00:39:48.0346 0x0a68 STacSV - detected UnsignedFile.Multi.Generic ( 1 )
00:39:48.0346 0x0a68 STacSV ( UnsignedFile.Multi.Generic ) - warning
00:39:48.0393 0x0a68 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\drivers\stexstor.sys
00:39:48.0408 0x0a68 stexstor - ok
00:39:48.0502 0x0a68 [ 6841C97882D372C4ACEA62D419ECCCA1, 85690DD262FFCD733B7E442C1DCF84702AE6029A9F5CA1FCA82A6BE7FF4C5FDE ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
00:39:48.0580 0x0a68 STHDA - ok
00:39:48.0658 0x0a68 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
00:39:48.0752 0x0a68 stisvc - ok
00:39:48.0767 0x0a68 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\windows\system32\drivers\vmstorfl.sys
00:39:48.0783 0x0a68 storflt - ok
00:39:48.0814 0x0a68 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\windows\system32\storsvc.dll
00:39:48.0845 0x0a68 StorSvc - ok
00:39:48.0892 0x0a68 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\windows\system32\drivers\storvsc.sys
00:39:48.0908 0x0a68 storvsc - ok
00:39:48.0908 0x0a68 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys
00:39:48.0923 0x0a68 swenum - ok
00:39:48.0954 0x0a68 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
00:39:49.0048 0x0a68 swprv - ok
00:39:49.0142 0x0a68 [ E31797EEC50DDB5C5500EDFA4BC6A960, B1E2390FE45B655CC7B30BF0DDEB80E2FF44EDD6A6374E65491B9D32E4C9B5EF ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
00:39:49.0173 0x0a68 SynTP - ok
00:39:49.0298 0x0a68 [ 7BE4CDEA6BC7832BFE3112A350D8B9EA, B51BD5A02D20C1CD8F7B4326114C2FA57ABD8D75133D6CE906CB65E97AAB7F70 ] SysMain C:\windows\system32\sysmain.dll
00:39:49.0391 0x0a68 SysMain - ok
00:39:49.0407 0x0a68 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
00:39:49.0438 0x0a68 TabletInputService - ok
00:39:49.0500 0x0a68 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
00:39:49.0578 0x0a68 TapiSrv - ok
00:39:49.0594 0x0a68 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
00:39:49.0625 0x0a68 TBS - ok
00:39:49.0750 0x0a68 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys
00:39:49.0844 0x0a68 Tcpip - ok
00:39:49.0906 0x0a68 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
00:39:49.0953 0x0a68 TCPIP6 - ok
00:39:50.0000 0x0a68 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
00:39:50.0031 0x0a68 tcpipreg - ok
00:39:50.0093 0x0a68 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
00:39:50.0109 0x0a68 tdcmdpst - ok
00:39:50.0171 0x0a68 TDEIO - ok
00:39:50.0187 0x0a68 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
00:39:50.0218 0x0a68 TDPIPE - ok
00:39:50.0249 0x0a68 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
00:39:50.0280 0x0a68 TDTCP - ok
00:39:50.0327 0x0a68 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
00:39:50.0405 0x0a68 tdx - ok
00:39:50.0452 0x0a68 [ 1B709733A04DCC41A63F9CD1F76A4EBE, 3973F7BA3CC5395040F68B60950A836D729B487BF7F732D31915064F7DA4C838 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
00:39:50.0468 0x0a68 TemproMonitoringService - ok
00:39:50.0514 0x0a68 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys
00:39:50.0546 0x0a68 TermDD - ok
00:39:50.0608 0x0a68 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
00:39:50.0733 0x0a68 TermService - ok
00:39:50.0733 0x0a68 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
00:39:50.0764 0x0a68 Themes - ok
00:39:50.0780 0x0a68 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
00:39:50.0826 0x0a68 THREADORDER - ok
00:39:50.0936 0x0a68 [ 71C321649B28638EE80A2EEB164C1DC8, D75D296B506DCC38A4DED82C71141388AEB60B065785DCC5BC2F4B3B77ACEDC7 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
00:39:50.0967 0x0a68 TMachInfo - ok
00:39:51.0014 0x0a68 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19, CFE8A69E3F2A42C3BA2B38EC9233076D0AD32C441500E6407219F2E866905D9B ] TODDSrv C:\windows\system32\TODDSrv.exe
00:39:51.0045 0x0a68 TODDSrv - ok
00:39:51.0170 0x0a68 [ 1B83F89E5CDA0ABFBE3F8CBDCC4112C4, A5B6216BAC471A4B9E005E7659055AA29372328E464486656A446A28EFC6CD0E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:39:51.0216 0x0a68 TosCoSrv - ok
00:39:51.0372 0x0a68 [ D51FD157E5EF578FDD09ED804FF3EBC7, 4CC0998700D45B608232F3AF7A2558760A46CD73887E52F31E986A96E3B656C3 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
00:39:51.0404 0x0a68 TOSHIBA Bluetooth Service - ok
00:39:51.0482 0x0a68 [ 18CC3B3DB8840C6776A69E758A2B8A77, B90A6858ECE8EB9E7AE07B0DF00565315EA1022C47602D083B47940B89D45F3E ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
00:39:51.0513 0x0a68 TOSHIBA eco Utility Service - ok
00:39:51.0606 0x0a68 [ 7C33EF3DD1A861010AE0E614A06439D1, 72785C545A773D69E22AAE20A08F156FE8435E01086FB621D3DD5B755325AA67 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
00:39:51.0638 0x0a68 TOSHIBA HDD SSD Alert Service - ok
00:39:51.0684 0x0a68 [ C265336B0047F855B5475AA30B3EF064, F34CD7DC60CA3A84F6056FD9EB46F61018140AC00DCE9583F82A8D5DD166BBB7 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
00:39:51.0700 0x0a68 tosporte - ok
00:39:51.0762 0x0a68 [ 88BE9E5C78E65D910344C05C82CD74F3, 5335167FB0EDF48486257D1CA65DE13ACDE3D691312F5FFFB8B509170623A214 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
00:39:51.0794 0x0a68 tosrfbd - ok
00:39:51.0856 0x0a68 [ 7F357421E695F36B1A35FBBB6AD38B43, 2CF9C5AE2210BA879C67786EBA7F6BF44F8C37F91285AA160BFFD1EA97200F61 ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
00:39:51.0872 0x0a68 Tosrfcom - ok
00:39:51.0918 0x0a68 [ F5E3AC4CBCD154EE80849B21887FD0B0, 7D68AF88F1B01BCA6456FBAEB91580419A49A77D31EFC0BA6A1C50301899BA03 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
00:39:51.0934 0x0a68 tosrfec - ok
00:39:51.0950 0x0a68 [ 3D0D685F520CE2ED0B4D15AFE38362F8, AE133CEAF1477832551DB4520C9D39A188A7B387F5955D6CBB674C77288F1A91 ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
00:39:51.0981 0x0a68 Tosrfhid - ok
00:39:52.0012 0x0a68 [ E4E965487C48D4B3D0ABC3E577D74D9A, 6B95E3B56FA054C6FF4CDFDE9CF435CBB9274D721051ADCE78140FD5978027DC ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
00:39:52.0028 0x0a68 Tosrfusb - ok
00:39:52.0137 0x0a68 [ ED53F965168AFB40DB9068092349AD64, D31D3E4ED9A5E56A1BCDBFA7CFBC1C9621557C3EA821B84A99039A611C93943E ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
00:39:52.0184 0x0a68 TPCHSrv - ok
00:39:52.0246 0x0a68 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
00:39:52.0324 0x0a68 TrkWks - ok
00:39:52.0371 0x0a68 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:39:52.0449 0x0a68 TrustedInstaller - ok
00:39:52.0464 0x0a68 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
00:39:52.0480 0x0a68 tssecsrv - ok
00:39:52.0511 0x0a68 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
00:39:52.0558 0x0a68 TsUsbFlt - ok
00:39:52.0574 0x0a68 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
00:39:52.0605 0x0a68 TsUsbGD - ok
00:39:52.0636 0x0a68 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
00:39:52.0714 0x0a68 tunnel - ok
00:39:52.0745 0x0a68 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:39:52.0776 0x0a68 TVALZ - ok
00:39:52.0808 0x0a68 [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
00:39:52.0823 0x0a68 TVALZFL - ok
00:39:52.0870 0x0a68 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys
00:39:52.0886 0x0a68 uagp35 - ok
00:39:52.0932 0x0a68 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
00:39:53.0010 0x0a68 udfs - ok
00:39:53.0057 0x0a68 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
00:39:53.0073 0x0a68 UI0Detect - ok
00:39:53.0135 0x0a68 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
00:39:53.0166 0x0a68 uliagpkx - ok
00:39:53.0182 0x0a68 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
00:39:53.0213 0x0a68 umbus - ok
00:39:53.0229 0x0a68 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys
00:39:53.0260 0x0a68 UmPass - ok
00:39:53.0291 0x0a68 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\windows\System32\umrdp.dll
00:39:53.0354 0x0a68 UmRdpService - ok
00:39:53.0369 0x0a68 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
00:39:53.0447 0x0a68 upnphost - ok
00:39:53.0478 0x0a68 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
00:39:53.0510 0x0a68 usbccgp - ok
00:39:53.0541 0x0a68 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
00:39:53.0556 0x0a68 usbcir - ok
00:39:53.0572 0x0a68 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
00:39:53.0603 0x0a68 usbehci - ok
00:39:53.0634 0x0a68 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
00:39:53.0666 0x0a68 usbhub - ok
00:39:53.0697 0x0a68 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
00:39:53.0728 0x0a68 usbohci - ok
00:39:53.0759 0x0a68 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\drivers\usbprint.sys
00:39:53.0806 0x0a68 usbprint - ok
00:39:53.0822 0x0a68 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
00:39:53.0853 0x0a68 USBSTOR - ok
00:39:53.0900 0x0a68 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
00:39:53.0915 0x0a68 usbuhci - ok
00:39:53.0978 0x0a68 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
00:39:54.0040 0x0a68 usbvideo - ok
00:39:54.0087 0x0a68 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
00:39:54.0180 0x0a68 UxSms - ok
00:39:54.0212 0x0a68 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\windows\system32\lsass.exe
00:39:54.0243 0x0a68 VaultSvc - ok
00:39:54.0290 0x0a68 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
00:39:54.0305 0x0a68 vdrvroot - ok
00:39:54.0383 0x0a68 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
00:39:54.0508 0x0a68 vds - ok
00:39:54.0555 0x0a68 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
00:39:54.0586 0x0a68 vga - ok
00:39:54.0602 0x0a68 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
00:39:54.0664 0x0a68 VgaSave - ok
00:39:54.0680 0x0a68 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
00:39:54.0695 0x0a68 vhdmp - ok
00:39:54.0742 0x0a68 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
00:39:54.0742 0x0a68 viaide - ok
00:39:54.0773 0x0a68 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\windows\system32\drivers\vmbus.sys
00:39:54.0820 0x0a68 vmbus - ok
00:39:54.0820 0x0a68 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
00:39:54.0851 0x0a68 VMBusHID - ok
00:39:54.0867 0x0a68 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
00:39:54.0882 0x0a68 volmgr - ok
00:39:54.0914 0x0a68 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
00:39:54.0929 0x0a68 volmgrx - ok
00:39:54.0992 0x0a68 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\windows\system32\drivers\volsnap.sys
00:39:55.0007 0x0a68 volsnap - ok
00:39:55.0007 0x0a68 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys
00:39:55.0023 0x0a68 vsmraid - ok
00:39:55.0148 0x0a68 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
00:39:55.0257 0x0a68 VSS - ok
00:39:55.0288 0x0a68 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
00:39:55.0335 0x0a68 vwifibus - ok
00:39:55.0350 0x0a68 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
00:39:55.0413 0x0a68 vwififlt - ok
00:39:55.0444 0x0a68 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
00:39:55.0506 0x0a68 W32Time - ok
00:39:55.0538 0x0a68 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys
00:39:55.0584 0x0a68 WacomPen - ok
00:39:55.0600 0x0a68 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
00:39:55.0678 0x0a68 WANARP - ok
00:39:55.0694 0x0a68 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
00:39:55.0740 0x0a68 Wanarpv6 - ok
00:39:55.0865 0x0a68 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
00:39:55.0974 0x0a68 WatAdminSvc - ok
00:39:56.0084 0x0a68 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
00:39:56.0177 0x0a68 wbengine - ok
00:39:56.0193 0x0a68 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
00:39:56.0224 0x0a68 WbioSrvc - ok
00:39:56.0224 0x0a68 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
00:39:56.0255 0x0a68 wcncsvc - ok
00:39:56.0286 0x0a68 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:39:56.0302 0x0a68 WcsPlugInService - ok
00:39:56.0333 0x0a68 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys
00:39:56.0349 0x0a68 Wd - ok
00:39:56.0427 0x0a68 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
00:39:56.0489 0x0a68 Wdf01000 - ok
00:39:56.0520 0x0a68 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
00:39:56.0567 0x0a68 WdiServiceHost - ok
00:39:56.0583 0x0a68 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
00:39:56.0614 0x0a68 WdiSystemHost - ok
00:39:56.0661 0x0a68 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
00:39:56.0708 0x0a68 WebClient - ok
00:39:56.0754 0x0a68 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
00:39:56.0848 0x0a68 Wecsvc - ok
00:39:56.0848 0x0a68 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
00:39:56.0895 0x0a68 wercplsupport - ok
00:39:56.0910 0x0a68 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
00:39:56.0942 0x0a68 WerSvc - ok
00:39:56.0988 0x0a68 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
00:39:57.0020 0x0a68 WfpLwf - ok
00:39:57.0020 0x0a68 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
00:39:57.0035 0x0a68 WIMMount - ok
00:39:57.0066 0x0a68 WinDefend - ok
00:39:57.0098 0x0a68 WinHttpAutoProxySvc - ok
00:39:57.0176 0x0a68 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
00:39:57.0269 0x0a68 Winmgmt - ok
00:39:57.0410 0x0a68 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
00:39:57.0534 0x0a68 WinRM - ok
00:39:57.0628 0x0a68 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
00:39:57.0690 0x0a68 Wlansvc - ok
00:39:57.0722 0x0a68 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
00:39:57.0737 0x0a68 WmiAcpi - ok
00:39:57.0768 0x0a68 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
00:39:57.0784 0x0a68 wmiApSrv - ok
00:39:57.0815 0x0a68 WMPNetworkSvc - ok
00:39:57.0862 0x0a68 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
00:39:57.0909 0x0a68 WPCSvc - ok
00:39:57.0909 0x0a68 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
00:39:57.0956 0x0a68 WPDBusEnum - ok
00:39:57.0987 0x0a68 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
00:39:58.0049 0x0a68 ws2ifsl - ok
00:39:58.0065 0x0a68 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
00:39:58.0096 0x0a68 wscsvc - ok
00:39:58.0096 0x0a68 WSearch - ok
00:39:58.0236 0x0a68 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\windows\system32\wuaueng.dll
00:39:58.0361 0x0a68 wuauserv - ok
00:39:58.0392 0x0a68 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
00:39:58.0439 0x0a68 WudfPf - ok
00:39:58.0455 0x0a68 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
00:39:58.0470 0x0a68 WUDFRd - ok
00:39:58.0486 0x0a68 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
00:39:58.0517 0x0a68 wudfsvc - ok
00:39:58.0548 0x0a68 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
00:39:58.0595 0x0a68 WwanSvc - ok
00:39:58.0642 0x0a68 ================ Scan global ===============================
00:39:58.0673 0x0a68 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
00:39:58.0720 0x0a68 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
00:39:58.0751 0x0a68 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
00:39:58.0798 0x0a68 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
00:39:58.0860 0x0a68 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
00:39:58.0876 0x0a68 [ Global ] - ok
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 29th, 2014, 7:52 pm

TDSSKiller log - 2nd part
00:39:58.0876 0x0a68 ================ Scan MBR ==================================
00:39:58.0892 0x0a68 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
00:39:59.0110 0x0a68 \Device\Harddisk0\DR0 - ok
00:39:59.0110 0x0a68 ================ Scan VBR ==================================
00:39:59.0110 0x0a68 [ 41F1581A94AA579BA63496F79D0C9B2D ] \Device\Harddisk0\DR0\Partition1
00:39:59.0110 0x0a68 \Device\Harddisk0\DR0\Partition1 - ok
00:39:59.0110 0x0a68 ================ Scan generic autorun ======================
00:39:59.0204 0x0a68 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
00:39:59.0235 0x0a68 Adobe ARM - ok
00:39:59.0360 0x0a68 [ A20239BCFC4182B271334731A7ACC35A, BDD4C4AA73191231CEFC8ED4E33E2F72CD397343A8522AE6924661E4FC396756 ] C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe
00:39:59.0422 0x0a68 DTS Sound - ok
00:39:59.0531 0x0a68 [ D38E57E6FF593B43D7BE013348A32CE6, ECD3BDD602B3B67106483EF8E438EA94C98FA9E0044137054DDCE10E96E72648 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
00:39:59.0562 0x0a68 USB3MON - ok
00:39:59.0594 0x0a68 [ C8AEBDDAAD605E68DBCCD41CD58FC841, 97243EB73BD358D23E74AEEA8998A45B2DF23637282E892D39FDA0EFCB2EFB69 ] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
00:39:59.0609 0x0a68 ITSecMng - ok
00:39:59.0656 0x0a68 [ AF9F2BC07A5818B6E15D3AA12BB7F611, FAD5C03793535AB1677F4373129843027C3DEEC010DC3898EAE34206EDC4C908 ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
00:39:59.0687 0x0a68 AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 )
00:39:59.0687 0x0a68 AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - warning
00:39:59.0843 0x0a68 [ 1705B6E6E1D883965F32C7D3B8E78CE6, 8C7208DB10158087FD6CFA3AB439AE4C403BE3FF7689CAB79C4ED5C7A44A65C2 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
00:39:59.0874 0x0a68 ToshibaServiceStation - ok
00:40:00.0140 0x0a68 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
00:40:00.0264 0x0a68 AvastUI.exe - ok
00:40:00.0374 0x0a68 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:40:00.0483 0x0a68 Sidebar - ok
00:40:00.0514 0x0a68 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:40:00.0576 0x0a68 mctadmin - ok
00:40:00.0639 0x0a68 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:40:00.0686 0x0a68 Sidebar - ok
00:40:00.0701 0x0a68 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:40:00.0717 0x0a68 mctadmin - ok
00:40:00.0732 0x0a68 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
00:40:00.0764 0x0a68 Win FW state via NFP2: enabled
00:40:00.0764 0x0a68 ============================================================
00:40:00.0764 0x0a68 Scan finished
00:40:00.0764 0x0a68 ============================================================
00:40:00.0779 0x0eb4 Detected object count: 3
00:40:00.0779 0x0eb4 Actual detected object count: 3
00:41:00.0621 0x0eb4 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user
00:41:00.0621 0x0eb4 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:41:00.0621 0x0eb4 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
00:41:00.0621 0x0eb4 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:41:00.0637 0x0eb4 AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - skipped by user
00:41:00.0637 0x0eb4 AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:43:14.0461 0x0ef0 Deinitialize success

------
Basically TDSSKiller found 3 threats, all 3 as unsigned files. There was no reboot.
I will now carry on with your other instructions and post the results.
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 29th, 2014, 8:30 pm

Hi pgmigg

I have disabled avast, downloaded Zoek.exe and run the scan. Log below.
IMPORTANT NOTE: Before running the scan, I disconnected the Internet cable from the laptop (I normally do this when I do the scans, unless it is obvious that the connection needs to be on). Indeed the log says no internet access detected. Can you please confirm what I've done is ok, or do you need me to re-run the scan with the connection ON?
Please let me know before I proceed with the next instruction (the OTL scan). Thanks.

Zoek.exe log
Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Administrator1 on 30/08/2014 at 1:00:17.54.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Administrator1\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

30/08/2014 01:01:16 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Users\Administrator1\Searches deleted
C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\extensions\staged deleted
C:\Users\Public\Desktop\eBay.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [16/07/2014 01:24]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

ProfilePath: C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\v533ogag.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

ProfilePath: C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles\h2zyf9wn.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default
9EE20E6E2E3F94714D44F739B9A228F4 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[16/07/2014 01:24]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://toshiba13.msn.com/?pc=TEJB"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0FC051B4-7230-424D-9772-F28C35C71760}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://toshiba13.msn.com/?pc=TEJB"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0FC051B4-7230-424D-9772-F28C35C71760} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0FC051B4-7230-424D-9772-F28C35C71760} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Daria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pietro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pietro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Daria\AppData\Local\Mozilla\Firefox\Profiles\v533ogag.default\Cache emptied successfully
C:\Users\Pietro\AppData\Local\Mozilla\Firefox\Profiles\h2zyf9wn.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=17 14608388 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator1\AppData\Local\Temp will be emptied at reboot
C:\Users\Daria\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pietro\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\ADMINI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/08/2014 at 1:15:02.09 ======================
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby pgmigg » August 30th, 2014, 1:40 am

Hello rbd,

Basically TDSSKiller found 3 threats, all 3 as unsigned files. There was no reboot.
Actually, anything detected as UnsignedFile.Multi.Generic should be unchecked/ignored.

IMPORTANT NOTE: Before running the scan, I disconnected the Internet cable from the laptop (I normally do this when I do the scans, unless it is obvious that the connection needs to be on). Indeed the log says no internet access detected. Can you please confirm what I've done is ok, or do you need me to re-run the scan with the connection ON?
The situation that you have created is not normal. Typically, a computer connected to the Internet constantly and many of our instruments required it to download their updates, for example. When do I need to turn off the Internet, I ask you to do it. In this case, my instructions do not contain requirements to turn off the Internet and now the analysis has become more difficult. Please refrain in the future from improvisations and follow my instructions step by step, exactly as they are written.

If you have any doubts it is best to do nothing and ask first.

Right now please proceed with requested OTL scan and post the logs in your next replay.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 30th, 2014, 4:24 pm

Hi pgmigg,

Sorry for the issue about the connection to the internet. I have always done this all the other times, thinking it was the right thing.

I have run the OTL scan, logs copied below.

OTL log
OTL logfile created on: 30/08/2014 21:02:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.85% Memory free
7.83 Gb Paging File | 6.33 Gb Available in Paging File | 80.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.87 Gb Total Space | 415.79 Gb Free Space | 91.61% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Administrator1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/30 20:58:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator1\Desktop\OTL.exe
PRC - [2014/07/30 21:42:56 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/16 01:24:10 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/15 23:35:26 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/05/10 21:07:22 | 002,812,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2013/03/12 22:20:08 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/03/12 22:19:38 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/03/12 22:19:38 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/09/28 23:19:54 | 000,746,936 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2012/09/28 23:06:42 | 000,632,760 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2012/09/28 04:33:42 | 000,227,272 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
PRC - [2012/05/23 02:04:40 | 000,231,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
PRC - [2012/05/07 20:55:26 | 000,251,808 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
PRC - [2011/08/08 22:36:00 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========

MOD - [2014/07/16 01:24:11 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/16 01:24:11 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2012/05/07 20:55:10 | 000,178,104 | ---- | M] () -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/07/25 14:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/16 01:24:10 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/25 12:58:46 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/02/13 21:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/02/13 21:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/09/24 17:04:04 | 000,589,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/04/12 02:05:44 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2012/03/17 00:54:58 | 000,846,208 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/02/29 04:00:32 | 000,342,464 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/10/20 23:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/10 17:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/30 00:16:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/07 00:44:20 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/06/01 00:56:18 | 000,016,720 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe -- (dts_apo_service)
SRV - [2013/03/12 22:20:08 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/12 22:19:38 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/03/12 22:19:38 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/27 05:45:08 | 000,179,168 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/07/12 02:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/16 01:24:30 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/16 01:24:14 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/16 01:24:14 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/16 01:24:14 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/16 01:24:14 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/16 01:24:14 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/16 01:24:14 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/16 01:24:14 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/03 19:55:34 | 000,452,088 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/09/03 19:52:06 | 004,445,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/15 23:34:44 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/08/15 23:34:38 | 000,790,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/08/15 23:34:36 | 000,368,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/07/09 19:21:54 | 000,094,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2013/06/25 07:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2013/05/03 01:25:16 | 000,474,864 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/03 01:25:14 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/04/25 12:58:46 | 000,546,304 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/04/17 07:12:44 | 000,047,816 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/03/12 22:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/03/11 20:22:20 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/03/11 20:22:20 | 000,028,656 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/03/07 02:44:50 | 000,306,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012/12/19 15:40:58 | 000,118,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/11/10 01:59:22 | 000,104,280 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2012/08/01 21:03:38 | 000,095,088 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2012/07/28 01:54:40 | 000,055,288 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2012/06/13 06:22:48 | 000,083,032 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/19 01:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/31 05:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 23:31:00 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 04:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0FC051B4-7230-424D-9772-F28C35C71760}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0FC051B4-7230-424D-9772-F28C35C71760}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TEJB
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/symbaloo_b [binary data]
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/symbaloo_b [binary data]
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TEJB
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\..\SearchScopes,DefaultScope = {012E1000-F331-11DB-8314-0800200C9A66}
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.36
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/16 01:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/05/02 00:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator1\AppData\Roaming\Mozilla\Extensions
[2014/08/30 01:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\extensions
[2014/07/30 00:15:08 | 000,538,675 | ---- | M] () (No name found) -- C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/07/30 00:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 00:16:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/16 01:24:15 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe ()
O4 - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DTS Sound] C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe (DTS, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D779444-73DC-46D2-BB79-D871AC6C29CF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/30 20:58:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator1\Desktop\OTL.exe
[2014/08/30 01:15:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/30 01:13:33 | 000,000,000 | ---D | C] -- C:\windows\Temp
[2014/08/30 01:13:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\AppData\Local\Temp
[2014/08/30 01:00:15 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/08/30 00:32:20 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator1\Desktop\tdsskiller.exe
[2014/08/29 00:45:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Administrator1\Desktop\dds.scr
[2014/08/28 22:49:34 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
[2014/08/28 22:49:34 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71.dll
[2014/08/28 22:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2014/08/28 22:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2014/08/28 22:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2014/08/28 22:39:12 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/08/28 22:37:29 | 002,003,352 | ---- | C] (Acro Software Inc. ) -- C:\Users\Administrator1\Desktop\CuteWriter.exe
[2014/08/24 14:17:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2014/08/24 14:16:12 | 033,733,032 | ---- | C] (Oracle Corporation) -- C:\Users\Administrator1\Desktop\jre-8u20-windows-i586.exe
[2014/08/24 13:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/08/24 13:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/24 13:49:45 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2014/08/24 13:49:45 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2014/08/24 13:49:45 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2014/08/24 13:49:29 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2014/08/24 13:49:29 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2014/08/24 13:49:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2014/08/24 13:49:29 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2014/08/24 13:49:29 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2014/08/24 13:49:29 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2014/08/24 13:49:11 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2014/08/24 13:49:11 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2014/08/24 13:49:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2014/08/24 13:49:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2014/08/12 21:02:06 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/12 21:02:06 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/12 21:02:06 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/12 21:02:06 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/12 21:02:04 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/12 21:02:04 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/12 21:01:25 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/12 21:01:25 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDYAK.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDYAK.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDTAT.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDTAT.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU1.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDBASH.DLL
[2014/08/12 21:00:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU1.DLL
[2014/08/12 21:00:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU.DLL
[2014/08/12 21:00:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU.DLL
[2014/08/12 21:00:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDBASH.DLL
[2014/08/12 20:59:57 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/12 20:59:56 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/12 20:59:55 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/12 20:59:55 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/12 20:59:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/12 20:59:55 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/12 20:59:40 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/08/12 20:59:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/08/12 20:59:40 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/12 20:59:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/08/12 20:59:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/08/12 20:59:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/08/12 20:59:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/12 20:59:37 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/08/12 20:59:37 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/08/12 20:59:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/08/12 20:59:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/08/12 20:59:36 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/08/12 20:59:36 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/08/12 20:59:36 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/08/12 20:59:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/08/12 20:59:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/08/12 20:59:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/08/12 20:59:34 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/08/12 20:59:34 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/08/12 20:59:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/08/12 20:59:33 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/08/12 20:59:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/08/12 20:59:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/08/12 20:59:32 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/08/12 20:59:32 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/08/12 20:59:32 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/08/12 20:59:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/08/12 20:59:31 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/08/12 20:59:31 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/08/12 20:59:31 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/08/12 20:59:31 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/08/12 20:59:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/08/12 20:59:30 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/12 20:59:30 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/08/12 20:59:30 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/08/12 20:58:11 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/08 15:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2014/08/30 20:58:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator1\Desktop\OTL.exe
[2014/08/30 20:28:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/30 17:11:33 | 000,027,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/30 17:11:33 | 000,027,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/30 17:03:50 | 3152,056,320 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/30 01:00:14 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe
[2014/08/30 00:58:42 | 001,288,704 | ---- | M] () -- C:\Users\Administrator1\Desktop\zoek.exe
[2014/08/30 00:32:21 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator1\Desktop\tdsskiller.exe
[2014/08/29 00:46:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Administrator1\Desktop\dds.scr
[2014/08/28 22:49:53 | 000,000,041 | ---- | M] () -- C:\windows\SysWow64\Filzip.ini
[2014/08/28 22:49:35 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71.dll
[2014/08/28 22:49:34 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
[2014/08/28 22:41:36 | 000,268,392 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/28 22:37:29 | 002,003,352 | ---- | M] (Acro Software Inc. ) -- C:\Users\Administrator1\Desktop\CuteWriter.exe
[2014/08/28 22:37:06 | 005,254,656 | ---- | M] () -- C:\Users\Administrator1\Desktop\converter.exe
[2014/08/24 14:16:37 | 033,733,032 | ---- | M] (Oracle Corporation) -- C:\Users\Administrator1\Desktop\jre-8u20-windows-i586.exe
[2014/08/23 03:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/08/14 01:42:30 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/08/14 01:42:30 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2014/08/30 01:13:34 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe
[2014/08/30 00:56:57 | 001,288,704 | ---- | C] () -- C:\Users\Administrator1\Desktop\zoek.exe
[2014/08/28 22:49:52 | 000,000,041 | ---- | C] () -- C:\windows\SysWow64\Filzip.ini
[2014/08/28 22:47:57 | 000,087,600 | ---- | C] () -- C:\windows\SysNative\cpwmon64.dll
[2014/08/28 22:36:59 | 005,254,656 | ---- | C] () -- C:\Users\Administrator1\Desktop\converter.exe
[2013/12/06 13:28:52 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2013/10/11 22:55:53 | 003,242,710 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/03 19:51:00 | 000,241,152 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/09/03 19:50:58 | 000,109,056 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll
[2013/09/03 19:44:44 | 019,587,072 | ---- | C] () -- C:\windows\SysWow64\igdfcl32.dll
[2013/02/13 21:27:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/29 00:38:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator1\AppData\Roaming\AVAST Software
[2014/06/15 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator1\AppData\Roaming\toshiba
[2014/04/21 19:58:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator1\AppData\Roaming\WinBatch
[2014/05/03 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Daria\AppData\Roaming\AVAST Software
[2014/05/03 16:50:05 | 000,000,000 | ---D | M] -- C:\Users\Pietro\AppData\Roaming\AVAST Software

========== Purity Check ==========



< End of report >
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 30th, 2014, 4:29 pm

Extras log copied below.

With regard to your question as to whether I notice any changes in behaviour: I can't see any changes. The computer ran smoothly before, as it appears to do now.
Maybe I stopped and asked for help early enough...

Extras log
OTL Extras logfile created on: 30/08/2014 21:02:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.85% Memory free
7.83 Gb Paging File | 6.33 Gb Available in Paging File | 80.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.87 Gb Total Space | 415.79 Gb Free Space | 91.61% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Administrator1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000274B4-542F-4EA1-9357-FB5A96C4E8C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1534CB1B-1F98-4B9B-A58B-37A51F87D163}" = rport=139 | protocol=6 | dir=out | app=system |
"{254DE0F7-5C2B-4447-997C-3AF604E1FACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{261E8F59-1240-49D7-A215-F9BF5D09CB80}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E061D3D-B526-47C8-A2F9-5542F77F0375}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F47CA92-1E0D-4B48-AC5B-A8883D1F0ABA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6584BF5B-2AAC-47B2-A6E8-AE946D6D5694}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1981B68-FCBD-4598-9846-450B3D125419}" = lport=139 | protocol=6 | dir=in | app=system |
"{AAD10CE7-A381-485A-B14F-7021D57A57BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AB70BDC7-900D-4F3B-90CE-884ECEB31DFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8F9E28D-E3E1-4A60-9B00-5ED0AF0AF66D}" = lport=138 | protocol=17 | dir=in | app=system |
"{F08F9E4B-0638-4AF1-9922-0E35B38DEC7B}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E5C6C3-DDED-4D6F-B1FF-421C74004C14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4296F291-213E-44FC-B291-445309D770B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4783C85C-3675-49B2-B302-7D9EF81D142C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F6082B4-708C-496E-855C-8F10F8DA623D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{63AB7385-D8BB-41CB-B12D-7BC62B83A533}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F95B287-ADF0-46F2-88BA-A8D78FF60055}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA687301-BABE-4C7D-B01C-7828ACCBFC54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CEFB5ABD-1B63-4276-9C75-3B61219A185C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E45A9E50-1524-4FDE-BAEE-5CEB8D5D14EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3294F67-D1FE-47A8-BEA3-CAB864B67A18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F63CFBF2-0A1A-4D6A-8697-5B42E19CB363}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11424B27-C16B-4505-9667-82A10AD1B1DC}" = IDT Audio Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF33396-F041-49F5-BA3D-39425529CE9C}" = Intel(R) Rapid Storage Technology
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}" = TOSHIBA Power Saver
"{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}" = TOSHIBA System Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D7C7641F-0C96-4635-BFE1-29EBB3B05CC8}" = TOSHIBA Battery Manager
"{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}" = TOSHIBA eco Utility
"{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}" = TOSHIBA Flash Cards
"CutePDF Writer Installation" = CutePDF Writer 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{791692AD-63B2-4A87-A097-4E8DD3CE4BC9}" = DTS Sound
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = TOSHIBA Manuals
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) MUI
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{F0794FA5-1809-4FC3-AA4E-48061281B5A2}" = TOSHIBA PC Diagnostic Tool
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F08E6C0F-EF66-4E9B-B220-747F99FE0C15}" = Alcor Micro USB Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Avast" = avast! Free Antivirus
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Mozilla Firefox 31.0 (x86 en-GB)" = Mozilla Firefox 31.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2014 02:29:35 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 04/08/2014 08:57:03 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 04/08/2014 13:06:05 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 04/08/2014 18:26:23 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 05/08/2014 16:14:29 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2014 13:32:48 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2014 16:47:56 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 07/08/2014 16:50:15 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 08/08/2014 10:43:20 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 08/08/2014 15:46:08 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 13/06/2014 07:16:20 | Computer Name = TOSHIBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:46:52 on ?12/?06/?2014 was unexpected.

Error - 20/06/2014 16:27:09 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 26/06/2014 18:31:46 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 28/06/2014 09:31:33 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Notebook
Performance Tuning Service (TEMPRO) service to connect.

Error - 01/07/2014 14:21:06 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 01/07/2014 18:28:03 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the DTS
APO Service service to connect.

Error - 01/07/2014 18:28:03 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7000
Description = The DTS APO Service service failed to start due to the following error:
%%1053

Error - 14/07/2014 17:09:29 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 12/08/2014 16:21:47 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 14/08/2014 19:54:53 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =


< End of report >
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby pgmigg » August 31st, 2014, 10:38 am

Hello rbd,

Good job! :D Let continue...

Then I run ESET Online Scanner, which found the following two threats:

C:\Users\Administrator1\AppData\Local\Temp\is-7I629.tmp\Offercast2801_ARS_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Administrator1\Desktop\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
At the beginning of this thread you mentioned about two potentially unsafe applications found by ESET scan.

I would like to check them in case you can find such files. Please do the following:

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value in blue, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Then please try to find both questionable files:

C:\Users\Administrator1\AppData\Local\Temp\is-7I629.tmp\Offercast2801_ARS_.exe
C:\Users\Administrator1\Desktop\CuteWriter.exe


If you can find at least one of them, please run the Step 2. If not - skip it and proceed to Step 3.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Users\Administrator1\AppData\Local\Temp\is-7I629.tmp\Offercast2801_ARS_.exe
C:\Users\Administrator1\Desktop\CuteWriter.exe


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Step 3.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 4.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total or Jotti.
  3. Contents of the AdwCleaner[Sn].txt log file
  4. Contents of the JRT.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 31st, 2014, 5:01 pm

Hi pgmigg

I followed your latest instructions.

I didn't delete the two files in question, a I thought you guys would want to check them. However I wasn't able to find the first one of the list: maybe because it got deleted when one of your previous tools cleaned the temporary files.But the second file (the CutePDF installer) is still on my desktop and I uploaded it on Virus Total. 3 AVs found something bad about it, one of which was ESET. Link below:

https://www.virustotal.com/en-gb/file/c ... 409516542/

Please also find below the log from AdwCleaner

I will now download and run JRT.

AdwCleaner log
# AdwCleaner v3.308 - Report created 31/08/2014 at 21:28:51
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Administrator1 - TOSHIBA
# Running from : C:\Users\Administrator1\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-GB)

[ File : C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\prefs.js ]


[ File : C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\v533ogag.default\prefs.js ]


[ File : C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles\h2zyf9wn.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1161 octets] - [31/08/2014 21:27:13]
AdwCleaner[S0].txt - [1084 octets] - [31/08/2014 21:28:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1144 octets] ##########
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 31st, 2014, 5:29 pm

Hi pgmigg

I have run the scan with JRT. Log pasted below
The computer shows no worsening, it apeears to be still running ok as normal.

JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Administrator1 on 31/08/2014 at 22:09:40.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Administrator1\AppData\Roaming\mozilla\firefox\profiles\afvj626a.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/08/2014 at 22:15:29.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby pgmigg » August 31st, 2014, 7:57 pm

Hello rbd,

Very good results! :D But we are not finished yet...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0FC051B4-7230-424D-9772-F28C35C71760}
    IE - HKLM\..\SearchScopes,DefaultScope = {0FC051B4-7230-424D-9772-F28C35C71760}
    IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    
    :Files
    C:\Users\Administrator1\Desktop\CuteWriter.exe
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of a OTL.txt log file after OTL fresh scan
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » August 31st, 2014, 9:25 pm

Hello pgmigg

Very good results! :D

Does it mean the 3 AVs that reported an issue with the file were wrong, or at least it was a false positive?

I executed your instructions without any problems.

Please find below the log after running the fixes with OTL, followed by the OTL log after the new scan. An Extras log was created too, but I haven't copied it as you only wanted the OTL log.

No apparent change in behavior in the computer, as far as I can see.


Log after fixes

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Users\Administrator1\Desktop\CuteWriter.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator1\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator1\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator1
->Flash cache emptied: 291 bytes

User: All Users

User: Daria
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Pietro
->Flash cache emptied: 2285 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator1
->Java cache emptied: 0 bytes

User: All Users

User: Daria

User: Default

User: Default User

User: Pietro

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator1
->Temp folder emptied: 4017861 bytes
->Temporary Internet Files folder emptied: 4505378 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10460960 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Daria
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 8821487 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pietro
->Temp folder emptied: 1829396 bytes
->Temporary Internet Files folder emptied: 292227 bytes
->FireFox cache emptied: 93628903 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 118.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09012014_015700

Files\Folders moved on Reboot...
C:\Users\Administrator1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator1\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

===============================

OTL Log after scan

OTL logfile created on: 01/09/2014 02:06:05 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 67.72% Memory free
7.83 Gb Paging File | 6.37 Gb Available in Paging File | 81.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.87 Gb Total Space | 416.26 Gb Free Space | 91.71% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Administrator1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/30 20:58:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator1\Desktop\OTL.exe
PRC - [2014/07/30 21:42:56 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/16 01:24:10 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/15 23:35:26 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/05/10 21:07:22 | 002,812,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2013/03/12 22:20:08 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/03/12 22:19:38 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/03/12 22:19:38 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/09/28 23:19:54 | 000,746,936 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2012/09/28 23:06:42 | 000,632,760 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2012/09/28 04:33:42 | 000,227,272 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
PRC - [2012/05/23 02:04:40 | 000,231,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
PRC - [2012/05/07 20:55:26 | 000,251,808 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
PRC - [2011/08/08 22:36:00 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========

MOD - [2014/07/16 01:24:11 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/16 01:24:11 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2012/05/07 20:55:10 | 000,178,104 | ---- | M] () -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/07/25 14:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/16 01:24:10 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/25 12:58:46 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/02/13 21:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/02/13 21:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/09/24 17:04:04 | 000,589,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/04/12 02:05:44 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2012/03/17 00:54:58 | 000,846,208 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/02/29 04:00:32 | 000,342,464 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/10/20 23:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/10 17:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/30 00:16:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/07 00:44:20 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/06/01 00:56:18 | 000,016,720 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe -- (dts_apo_service)
SRV - [2013/03/12 22:20:08 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/12 22:19:38 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/03/12 22:19:38 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/27 05:45:08 | 000,179,168 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/07/12 02:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/16 01:24:30 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/16 01:24:14 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/16 01:24:14 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/16 01:24:14 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/16 01:24:14 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/16 01:24:14 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/16 01:24:14 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/16 01:24:14 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/03 19:55:34 | 000,452,088 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/09/03 19:52:06 | 004,445,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/15 23:34:44 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/08/15 23:34:38 | 000,790,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/08/15 23:34:36 | 000,368,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/07/09 19:21:54 | 000,094,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2013/06/25 07:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2013/05/03 01:25:16 | 000,474,864 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/03 01:25:14 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/04/25 12:58:46 | 000,546,304 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/04/17 07:12:44 | 000,047,816 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/03/12 22:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/03/11 20:22:20 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/03/11 20:22:20 | 000,028,656 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/03/07 02:44:50 | 000,306,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012/12/19 15:40:58 | 000,118,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/11/10 01:59:22 | 000,104,280 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2012/08/01 21:03:38 | 000,095,088 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2012/07/28 01:54:40 | 000,055,288 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2012/06/13 06:22:48 | 000,083,032 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/19 01:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/31 05:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 23:31:00 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 04:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TEJB
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/symbaloo_b [binary data]
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/symbaloo_b [binary data]
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TEJB
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/16 01:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/05/02 00:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator1\AppData\Roaming\Mozilla\Extensions
[2014/08/31 21:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\extensions
[2014/08/31 21:32:59 | 000,539,819 | ---- | M] () (No name found) -- C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/07/30 00:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 00:16:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/16 01:24:15 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe ()
O4 - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DTS Sound] C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe (DTS, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D779444-73DC-46D2-BB79-D871AC6C29CF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/01 01:57:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/31 22:09:37 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/08/31 22:04:31 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Administrator1\Desktop\JRT.exe
[2014/08/31 21:27:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/31 21:15:32 | 000,000,000 | R--D | C] -- C:\Users\Administrator1\Searches
[2014/08/30 20:58:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator1\Desktop\OTL.exe
[2014/08/30 01:15:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/30 01:13:33 | 000,000,000 | ---D | C] -- C:\windows\Temp
[2014/08/30 01:13:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator1\AppData\Local\Temp
[2014/08/30 01:00:15 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/08/30 00:32:20 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator1\Desktop\tdsskiller.exe
[2014/08/29 00:45:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Administrator1\Desktop\dds.scr
[2014/08/28 22:49:34 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
[2014/08/28 22:49:34 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71.dll
[2014/08/28 22:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2014/08/28 22:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2014/08/28 22:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2014/08/28 22:39:12 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/08/24 14:17:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2014/08/24 14:16:12 | 033,733,032 | ---- | C] (Oracle Corporation) -- C:\Users\Administrator1\Desktop\jre-8u20-windows-i586.exe
[2014/08/24 13:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/08/24 13:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/24 13:49:45 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2014/08/24 13:49:45 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2014/08/24 13:49:45 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2014/08/24 13:49:29 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2014/08/24 13:49:29 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2014/08/24 13:49:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2014/08/24 13:49:29 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2014/08/24 13:49:29 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2014/08/24 13:49:29 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2014/08/24 13:49:11 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2014/08/24 13:49:11 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2014/08/24 13:49:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2014/08/24 13:49:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2014/08/12 21:02:06 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/12 21:02:06 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/12 21:02:06 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/12 21:02:06 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/12 21:02:04 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/12 21:02:04 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/12 21:01:25 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/12 21:01:25 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDYAK.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDYAK.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDTAT.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDTAT.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU1.DLL
[2014/08/12 21:00:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDBASH.DLL
[2014/08/12 21:00:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU1.DLL
[2014/08/12 21:00:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU.DLL
[2014/08/12 21:00:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU.DLL
[2014/08/12 21:00:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDBASH.DLL
[2014/08/12 20:59:57 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/12 20:59:56 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/12 20:59:55 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/12 20:59:55 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/12 20:59:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/12 20:59:55 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/12 20:59:40 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/08/12 20:59:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/08/12 20:59:40 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/12 20:59:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/08/12 20:59:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/08/12 20:59:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/08/12 20:59:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/12 20:59:37 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/08/12 20:59:37 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/08/12 20:59:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/08/12 20:59:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/08/12 20:59:36 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/08/12 20:59:36 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/08/12 20:59:36 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/08/12 20:59:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/08/12 20:59:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/08/12 20:59:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/08/12 20:59:34 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/08/12 20:59:34 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/08/12 20:59:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/08/12 20:59:33 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/08/12 20:59:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/08/12 20:59:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/08/12 20:59:32 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/08/12 20:59:32 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/08/12 20:59:32 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/08/12 20:59:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/08/12 20:59:31 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/08/12 20:59:31 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/08/12 20:59:31 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/08/12 20:59:31 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/08/12 20:59:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/08/12 20:59:30 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/12 20:59:30 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/08/12 20:59:30 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/08/12 20:58:11 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/08 15:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2014/09/01 02:06:15 | 000,027,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/01 02:06:15 | 000,027,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/01 01:58:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/09/01 01:58:42 | 3152,056,320 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/31 22:04:32 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Administrator1\Desktop\JRT.exe
[2014/08/31 21:26:24 | 001,364,531 | ---- | M] () -- C:\Users\Administrator1\Desktop\adwcleaner_3.308.exe
[2014/08/30 20:58:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator1\Desktop\OTL.exe
[2014/08/30 01:00:14 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe
[2014/08/30 00:58:42 | 001,288,704 | ---- | M] () -- C:\Users\Administrator1\Desktop\zoek.exe
[2014/08/30 00:32:21 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator1\Desktop\tdsskiller.exe
[2014/08/29 00:46:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Administrator1\Desktop\dds.scr
[2014/08/28 22:49:53 | 000,000,041 | ---- | M] () -- C:\windows\SysWow64\Filzip.ini
[2014/08/28 22:49:35 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71.dll
[2014/08/28 22:49:34 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
[2014/08/28 22:41:36 | 000,268,392 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/28 22:37:06 | 005,254,656 | ---- | M] () -- C:\Users\Administrator1\Desktop\converter.exe
[2014/08/24 14:16:37 | 033,733,032 | ---- | M] (Oracle Corporation) -- C:\Users\Administrator1\Desktop\jre-8u20-windows-i586.exe
[2014/08/23 03:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/08/14 01:42:30 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/08/14 01:42:30 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2014/08/31 21:26:23 | 001,364,531 | ---- | C] () -- C:\Users\Administrator1\Desktop\adwcleaner_3.308.exe
[2014/08/30 01:13:34 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe
[2014/08/30 00:56:57 | 001,288,704 | ---- | C] () -- C:\Users\Administrator1\Desktop\zoek.exe
[2014/08/28 22:49:52 | 000,000,041 | ---- | C] () -- C:\windows\SysWow64\Filzip.ini
[2014/08/28 22:47:57 | 000,087,600 | ---- | C] () -- C:\windows\SysNative\cpwmon64.dll
[2014/08/28 22:36:59 | 005,254,656 | ---- | C] () -- C:\Users\Administrator1\Desktop\converter.exe
[2013/12/06 13:28:52 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2013/10/11 22:55:53 | 003,242,710 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/03 19:51:00 | 000,241,152 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/09/03 19:50:58 | 000,109,056 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll
[2013/09/03 19:44:44 | 019,587,072 | ---- | C] () -- C:\windows\SysWow64\igdfcl32.dll
[2013/02/13 21:27:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
rbd
Regular Member
 
Posts: 51
Joined: November 3rd, 2011, 10:05 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware