Many dllhost.exe *32 running resulting in high CPU Usage

[barlee]

12:38:40.0013 0x0ea0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:38:40.0028 0x0ea0 Rasl2tp - ok
12:38:40.0075 0x0ea0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:38:40.0091 0x0ea0 RasMan - ok
12:38:40.0122 0x0ea0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:38:40.0122 0x0ea0 RasPppoe - ok
12:38:40.0153 0x0ea0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:38:40.0153 0x0ea0 RasSstp - ok
12:38:40.0200 0x0ea0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:38:40.0215 0x0ea0 rdbss - ok
12:38:40.0231 0x0ea0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:38:40.0231 0x0ea0 rdpbus - ok
12:38:40.0262 0x0ea0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:38:40.0262 0x0ea0 RDPCDD - ok
12:38:40.0278 0x0ea0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:38:40.0278 0x0ea0 RDPENCDD - ok
12:38:40.0293 0x0ea0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:38:40.0293 0x0ea0 RDPREFMP - ok
12:38:40.0356 0x0ea0 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:38:40.0371 0x0ea0 RDPWD - ok
12:38:40.0418 0x0ea0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:38:40.0418 0x0ea0 rdyboost - ok
12:38:40.0465 0x0ea0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:38:40.0465 0x0ea0 RemoteAccess - ok
12:38:40.0512 0x0ea0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:38:40.0512 0x0ea0 RemoteRegistry - ok
12:38:40.0543 0x0ea0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:38:40.0559 0x0ea0 RpcEptMapper - ok
12:38:40.0574 0x0ea0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:38:40.0574 0x0ea0 RpcLocator - ok
12:38:40.0621 0x0ea0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:38:40.0652 0x0ea0 RpcSs - ok
12:38:40.0699 0x0ea0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:38:40.0699 0x0ea0 rspndr - ok
12:38:40.0746 0x0ea0 [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:38:40.0761 0x0ea0 RSUSBSTOR - ok
12:38:40.0808 0x0ea0 [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:38:40.0808 0x0ea0 RTHDMIAzAudService - ok
12:38:40.0839 0x0ea0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
12:38:40.0839 0x0ea0 SamSs - ok
12:38:40.0871 0x0ea0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:38:40.0886 0x0ea0 sbp2port - ok
12:38:40.0933 0x0ea0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:38:40.0949 0x0ea0 SCardSvr - ok
12:38:40.0980 0x0ea0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:38:40.0995 0x0ea0 scfilter - ok
12:38:41.0073 0x0ea0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:38:41.0105 0x0ea0 Schedule - ok
12:38:41.0136 0x0ea0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:38:41.0151 0x0ea0 SCPolicySvc - ok
12:38:41.0198 0x0ea0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:38:41.0214 0x0ea0 SDRSVC - ok
12:38:41.0229 0x0ea0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:38:41.0229 0x0ea0 secdrv - ok
12:38:41.0261 0x0ea0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:38:41.0276 0x0ea0 seclogon - ok
12:38:41.0307 0x0ea0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
12:38:41.0307 0x0ea0 SENS - ok
12:38:41.0323 0x0ea0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:38:41.0339 0x0ea0 SensrSvc - ok
12:38:41.0354 0x0ea0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:38:41.0354 0x0ea0 Serenum - ok
12:38:41.0370 0x0ea0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:38:41.0370 0x0ea0 Serial - ok
12:38:41.0417 0x0ea0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:38:41.0432 0x0ea0 sermouse - ok
12:38:41.0479 0x0ea0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:38:41.0495 0x0ea0 SessionEnv - ok
12:38:41.0510 0x0ea0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:38:41.0510 0x0ea0 sffdisk - ok
12:38:41.0526 0x0ea0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:38:41.0526 0x0ea0 sffp_mmc - ok
12:38:41.0557 0x0ea0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:38:41.0557 0x0ea0 sffp_sd - ok
12:38:41.0588 0x0ea0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:38:41.0588 0x0ea0 sfloppy - ok
12:38:41.0651 0x0ea0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:38:41.0682 0x0ea0 SharedAccess - ok
12:38:41.0744 0x0ea0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:38:41.0760 0x0ea0 ShellHWDetection - ok
12:38:41.0775 0x0ea0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:38:41.0775 0x0ea0 SiSRaid2 - ok
12:38:41.0791 0x0ea0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:38:41.0807 0x0ea0 SiSRaid4 - ok
12:38:41.0853 0x0ea0 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:38:41.0869 0x0ea0 SkypeUpdate - ok
12:38:41.0916 0x0ea0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:38:41.0931 0x0ea0 Smb - ok
12:38:41.0963 0x0ea0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:38:41.0963 0x0ea0 SNMPTRAP - ok
12:38:41.0978 0x0ea0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:38:41.0994 0x0ea0 spldr - ok
12:38:42.0056 0x0ea0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:38:42.0072 0x0ea0 Spooler - ok
12:38:42.0243 0x0ea0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:38:42.0353 0x0ea0 sppsvc - ok
12:38:42.0415 0x0ea0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:38:42.0431 0x0ea0 sppuinotify - ok
12:38:42.0493 0x0ea0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:38:42.0509 0x0ea0 srv - ok
12:38:42.0540 0x0ea0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:38:42.0555 0x0ea0 srv2 - ok
12:38:42.0587 0x0ea0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:38:42.0587 0x0ea0 srvnet - ok
12:38:42.0618 0x0ea0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:38:42.0633 0x0ea0 SSDPSRV - ok
12:38:42.0649 0x0ea0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:38:42.0649 0x0ea0 SstpSvc - ok
12:38:42.0696 0x0ea0 [ C3D855CC0A8E5E373FDFCF4F743C5C9D, 8DFDD2470DCCC63FCF1621B6B3A996285C75EE330BE8AC905B2176E5DE52C150 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:38:42.0711 0x0ea0 Steam Client Service - ok
12:38:42.0743 0x0ea0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:38:42.0743 0x0ea0 stexstor - ok
12:38:42.0805 0x0ea0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:38:42.0821 0x0ea0 stisvc - ok
12:38:42.0852 0x0ea0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:38:42.0867 0x0ea0 swenum - ok
12:38:42.0930 0x0ea0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:38:42.0961 0x0ea0 swprv - ok
12:38:43.0008 0x0ea0 [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:38:43.0039 0x0ea0 SynTP - ok
12:38:43.0117 0x0ea0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:38:43.0164 0x0ea0 SysMain - ok
12:38:43.0211 0x0ea0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:38:43.0211 0x0ea0 TabletInputService - ok
12:38:43.0257 0x0ea0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:38:43.0257 0x0ea0 TapiSrv - ok
12:38:43.0304 0x0ea0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:38:43.0304 0x0ea0 TBS - ok
12:38:43.0460 0x0ea0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:38:43.0523 0x0ea0 Tcpip - ok
12:38:43.0601 0x0ea0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:38:43.0647 0x0ea0 TCPIP6 - ok
12:38:43.0710 0x0ea0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:38:43.0710 0x0ea0 tcpipreg - ok
12:38:43.0741 0x0ea0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:38:43.0741 0x0ea0 TDPIPE - ok
12:38:43.0772 0x0ea0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:38:43.0772 0x0ea0 TDTCP - ok
12:38:43.0803 0x0ea0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:38:43.0819 0x0ea0 tdx - ok
12:38:43.0850 0x0ea0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:38:43.0850 0x0ea0 TermDD - ok
12:38:43.0928 0x0ea0 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
12:38:43.0959 0x0ea0 TermService - ok
12:38:44.0006 0x0ea0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
12:38:44.0022 0x0ea0 Themes - ok
12:38:44.0037 0x0ea0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:38:44.0053 0x0ea0 THREADORDER - ok
12:38:44.0069 0x0ea0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:38:44.0084 0x0ea0 TrkWks - ok
12:38:44.0147 0x0ea0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:38:44.0162 0x0ea0 TrustedInstaller - ok
12:38:44.0209 0x0ea0 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:38:44.0209 0x0ea0 tssecsrv - ok
12:38:44.0256 0x0ea0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:38:44.0256 0x0ea0 TsUsbFlt - ok
12:38:44.0303 0x0ea0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:38:44.0318 0x0ea0 tunnel - ok
12:38:44.0349 0x0ea0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:38:44.0349 0x0ea0 uagp35 - ok
12:38:44.0365 0x0ea0 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
12:38:44.0381 0x0ea0 UBHelper - ok
12:38:44.0443 0x0ea0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:38:44.0443 0x0ea0 udfs - ok
12:38:44.0490 0x0ea0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:38:44.0490 0x0ea0 UI0Detect - ok
12:38:44.0521 0x0ea0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:38:44.0537 0x0ea0 uliagpkx - ok
12:38:44.0583 0x0ea0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
12:38:44.0583 0x0ea0 umbus - ok
12:38:44.0615 0x0ea0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:38:44.0615 0x0ea0 UmPass - ok
12:38:44.0677 0x0ea0 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:38:44.0693 0x0ea0 Updater Service - ok
12:38:44.0755 0x0ea0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:38:44.0771 0x0ea0 upnphost - ok
12:38:44.0817 0x0ea0 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:38:44.0817 0x0ea0 usbaudio - ok
12:38:44.0864 0x0ea0 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:38:44.0880 0x0ea0 usbccgp - ok
12:38:44.0911 0x0ea0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:38:44.0911 0x0ea0 usbcir - ok
12:38:44.0958 0x0ea0 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:38:44.0958 0x0ea0 usbehci - ok
12:38:45.0020 0x0ea0 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:38:45.0036 0x0ea0 usbhub - ok
12:38:45.0067 0x0ea0 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:38:45.0067 0x0ea0 usbohci - ok
12:38:45.0114 0x0ea0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:38:45.0114 0x0ea0 usbprint - ok
12:38:45.0161 0x0ea0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:38:45.0161 0x0ea0 USBSTOR - ok
12:38:45.0192 0x0ea0 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:38:45.0192 0x0ea0 usbuhci - ok
12:38:45.0239 0x0ea0 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:38:45.0254 0x0ea0 usbvideo - ok
12:38:45.0270 0x0ea0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:38:45.0285 0x0ea0 UxSms - ok
12:38:45.0301 0x0ea0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
12:38:45.0301 0x0ea0 VaultSvc - ok
12:38:45.0348 0x0ea0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:38:45.0348 0x0ea0 vdrvroot - ok
12:38:45.0457 0x0ea0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:38:45.0473 0x0ea0 vds - ok
12:38:45.0519 0x0ea0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:38:45.0519 0x0ea0 vga - ok
12:38:45.0551 0x0ea0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:38:45.0551 0x0ea0 VgaSave - ok
12:38:45.0597 0x0ea0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:38:45.0613 0x0ea0 vhdmp - ok
12:38:45.0660 0x0ea0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:38:45.0660 0x0ea0 viaide - ok
12:38:45.0675 0x0ea0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:38:45.0691 0x0ea0 volmgr - ok
12:38:45.0753 0x0ea0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:38:45.0769 0x0ea0 volmgrx - ok
12:38:45.0800 0x0ea0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:38:45.0800 0x0ea0 volsnap - ok
12:38:45.0831 0x0ea0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:38:45.0847 0x0ea0 vsmraid - ok
12:38:45.0956 0x0ea0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:38:45.0987 0x0ea0 VSS - ok
12:38:46.0019 0x0ea0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:38:46.0019 0x0ea0 vwifibus - ok
12:38:46.0034 0x0ea0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:38:46.0034 0x0ea0 vwififlt - ok
12:38:46.0097 0x0ea0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:38:46.0128 0x0ea0 W32Time - ok
12:38:46.0159 0x0ea0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:38:46.0159 0x0ea0 WacomPen - ok
12:38:46.0190 0x0ea0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:38:46.0190 0x0ea0 WANARP - ok
12:38:46.0190 0x0ea0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:38:46.0206 0x0ea0 Wanarpv6 - ok
12:38:46.0331 0x0ea0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:38:46.0393 0x0ea0 WatAdminSvc - ok
12:38:46.0580 0x0ea0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:38:46.0611 0x0ea0 wbengine - ok
12:38:46.0658 0x0ea0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:38:46.0674 0x0ea0 WbioSrvc - ok
12:38:46.0721 0x0ea0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:38:46.0736 0x0ea0 wcncsvc - ok
12:38:46.0752 0x0ea0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:38:46.0752 0x0ea0 WcsPlugInService - ok
12:38:46.0783 0x0ea0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:38:46.0783 0x0ea0 Wd - ok
12:38:46.0845 0x0ea0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:38:46.0861 0x0ea0 Wdf01000 - ok
12:38:46.0908 0x0ea0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:38:46.0923 0x0ea0 WdiServiceHost - ok
12:38:46.0939 0x0ea0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:38:46.0939 0x0ea0 WdiSystemHost - ok
12:38:46.0986 0x0ea0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
12:38:47.0001 0x0ea0 WebClient - ok
12:38:47.0033 0x0ea0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:38:47.0033 0x0ea0 Wecsvc - ok
12:38:47.0079 0x0ea0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:38:47.0079 0x0ea0 wercplsupport - ok
12:38:47.0095 0x0ea0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:38:47.0095 0x0ea0 WerSvc - ok
12:38:47.0126 0x0ea0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:38:47.0126 0x0ea0 WfpLwf - ok
12:38:47.0157 0x0ea0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:38:47.0157 0x0ea0 WIMMount - ok
12:38:47.0173 0x0ea0 WinDefend - ok
12:38:47.0189 0x0ea0 WinHttpAutoProxySvc - ok
12:38:47.0267 0x0ea0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:38:47.0282 0x0ea0 Winmgmt - ok
12:38:47.0407 0x0ea0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
12:38:47.0485 0x0ea0 WinRM - ok
12:38:47.0579 0x0ea0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:38:47.0579 0x0ea0 WinUsb - ok
12:38:47.0688 0x0ea0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:38:47.0703 0x0ea0 Wlansvc - ok
12:38:47.0875 0x0ea0 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:38:47.0937 0x0ea0 wlidsvc - ok
12:38:47.0984 0x0ea0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:38:47.0984 0x0ea0 WmiAcpi - ok
12:38:48.0031 0x0ea0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:38:48.0047 0x0ea0 wmiApSrv - ok
12:38:48.0078 0x0ea0 WMPNetworkSvc - ok
12:38:48.0109 0x0ea0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:38:48.0125 0x0ea0 WPCSvc - ok
12:38:48.0156 0x0ea0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:38:48.0171 0x0ea0 WPDBusEnum - ok
12:38:48.0203 0x0ea0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:38:48.0203 0x0ea0 ws2ifsl - ok
12:38:48.0234 0x0ea0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
12:38:48.0234 0x0ea0 wscsvc - ok
12:38:48.0234 0x0ea0 WSearch - ok
12:38:48.0405 0x0ea0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
12:38:48.0515 0x0ea0 wuauserv - ok
12:38:48.0577 0x0ea0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:38:48.0593 0x0ea0 WudfPf - ok
12:38:48.0624 0x0ea0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:38:48.0639 0x0ea0 WUDFRd - ok
12:38:48.0671 0x0ea0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:38:48.0671 0x0ea0 wudfsvc - ok
12:38:48.0733 0x0ea0 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:38:48.0749 0x0ea0 WwanSvc - ok
12:38:48.0764 0x0ea0 ================ Scan global ===============================
12:38:48.0811 0x0ea0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:38:48.0858 0x0ea0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:38:48.0889 0x0ea0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:38:48.0920 0x0ea0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:38:48.0967 0x0ea0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:38:48.0983 0x0ea0 [ Global ] - ok
12:38:48.0983 0x0ea0 ================ Scan MBR ==================================
12:38:48.0998 0x0ea0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:38:49.0497 0x0ea0 \Device\Harddisk0\DR0 - ok
12:38:49.0497 0x0ea0 ================ Scan VBR ==================================
12:38:49.0513 0x0ea0 [ E37277CA43758313B81E90E86B850A72 ] \Device\Harddisk0\DR0\Partition1
12:38:49.0591 0x0ea0 \Device\Harddisk0\DR0\Partition1 - ok
12:38:49.0591 0x0ea0 [ 5CEE1D84F9F64EB58772E1615BA28FC6 ] \Device\Harddisk0\DR0\Partition2
12:38:49.0591 0x0ea0 \Device\Harddisk0\DR0\Partition2 - ok
12:38:49.0622 0x0ea0 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
12:38:49.0622 0x0ea0 Win FW state via NFP2: enabled
12:38:52.0477 0x0ea0 ============================================================
12:38:52.0477 0x0ea0 Scan finished
12:38:52.0477 0x0ea0 ============================================================
12:38:52.0493 0x0d7c Detected object count: 0
12:38:52.0493 0x0d7c Actual detected object count: 0

[barlee]

12:41:10.0303 0x1098 ============================================================
12:41:10.0303 0x1098 Scan started
12:41:10.0303 0x1098 Mode: Manual;
12:41:10.0303 0x1098 ============================================================
12:41:10.0303 0x1098 KSN ping started
12:41:14.0812 0x1098 KSN ping finished: true
12:41:15.0170 0x1098 ================ Scan system memory ========================
12:41:15.0170 0x1098 System memory - ok
12:41:15.0170 0x1098 ================ Scan services =============================
12:41:15.0358 0x1098 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:41:15.0373 0x1098 1394ohci - ok
12:41:15.0436 0x1098 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:41:15.0436 0x1098 ACPI - ok
12:41:15.0467 0x1098 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:41:15.0467 0x1098 AcpiPmi - ok
12:41:15.0545 0x1098 [ 3927397AC60D943DAF8808AFFED582B7, 2688254085C219E8CA9C5494ABDAD8FAE52533CEF7FA3C152715E0B78D591BCF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:41:15.0545 0x1098 AdobeARMservice - ok
12:41:15.0670 0x1098 [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:41:15.0685 0x1098 AdobeFlashPlayerUpdateSvc - ok
12:41:15.0732 0x1098 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:41:15.0763 0x1098 adp94xx - ok
12:41:15.0794 0x1098 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:41:15.0810 0x1098 adpahci - ok
12:41:15.0826 0x1098 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:41:15.0826 0x1098 adpu320 - ok
12:41:15.0872 0x1098 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:41:15.0872 0x1098 AeLookupSvc - ok
12:41:15.0935 0x1098 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
12:41:15.0966 0x1098 AFD - ok
12:41:16.0013 0x1098 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:41:16.0013 0x1098 agp440 - ok
12:41:16.0060 0x1098 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:41:16.0060 0x1098 ALG - ok
12:41:16.0091 0x1098 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:41:16.0106 0x1098 aliide - ok
12:41:16.0138 0x1098 [ 671D9DCA48DA807780D8409C18ED0AE0, 0502328A9334EF9703547619EC3CB2532AAE33460AD85EFEBD461899C602A7AA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:41:16.0153 0x1098 AMD External Events Utility - ok
12:41:16.0184 0x1098 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:41:16.0184 0x1098 amdide - ok
12:41:16.0216 0x1098 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:41:16.0216 0x1098 AmdK8 - ok
12:41:16.0512 0x1098 [ D3E6B2E1394D93FE9DB0BA24814B0D8F, C4B00C280B562E4DD4F1DF56CFBFCFB486224006585A71B0827BF271AE163DD6 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
12:41:16.0684 0x1098 amdkmdag - ok
12:41:16.0746 0x1098 [ CC4D915D786D3DA973B2EA9B95D59A29, 8089D5CB60A26784EB164D49A7EF907D7053D614F04B50C9A9672605FFA16164 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:41:16.0762 0x1098 amdkmdap - ok
12:41:16.0777 0x1098 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:41:16.0777 0x1098 AmdPPM - ok
12:41:16.0808 0x1098 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:41:16.0808 0x1098 amdsata - ok
12:41:16.0840 0x1098 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:41:16.0855 0x1098 amdsbs - ok
12:41:16.0871 0x1098 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:41:16.0871 0x1098 amdxata - ok
12:41:16.0902 0x1098 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
12:41:16.0902 0x1098 AppID - ok
12:41:16.0949 0x1098 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:41:16.0949 0x1098 AppIDSvc - ok
12:41:16.0980 0x1098 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
12:41:16.0996 0x1098 Appinfo - ok
12:41:17.0027 0x1098 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:41:17.0027 0x1098 arc - ok
12:41:17.0058 0x1098 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:41:17.0058 0x1098 arcsas - ok
12:41:17.0167 0x1098 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:41:17.0183 0x1098 aspnet_state - ok
12:41:17.0214 0x1098 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:41:17.0214 0x1098 AsyncMac - ok
12:41:17.0245 0x1098 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:41:17.0245 0x1098 atapi - ok
12:41:17.0370 0x1098 [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:41:17.0432 0x1098 athr - ok
12:41:17.0448 0x1098 [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:41:17.0448 0x1098 AtiPcie - ok
12:41:17.0510 0x1098 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:41:17.0526 0x1098 AudioEndpointBuilder - ok
12:41:17.0557 0x1098 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:41:17.0573 0x1098 AudioSrv - ok
12:41:17.0604 0x1098 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:41:17.0620 0x1098 AxInstSV - ok
12:41:17.0682 0x1098 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:41:17.0698 0x1098 b06bdrv - ok
12:41:17.0729 0x1098 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:41:17.0729 0x1098 b57nd60a - ok
12:41:17.0791 0x1098 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:41:17.0791 0x1098 BDESVC - ok
12:41:17.0822 0x1098 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:41:17.0822 0x1098 Beep - ok
12:41:17.0900 0x1098 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:41:17.0916 0x1098 BFE - ok
12:41:17.0994 0x1098 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
12:41:18.0025 0x1098 BITS - ok
12:41:18.0041 0x1098 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:41:18.0041 0x1098 blbdrive - ok
12:41:18.0103 0x1098 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:41:18.0103 0x1098 bowser - ok
12:41:18.0150 0x1098 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:41:18.0150 0x1098 BrFiltLo - ok
12:41:18.0150 0x1098 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:41:18.0150 0x1098 BrFiltUp - ok
12:41:18.0197 0x1098 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:41:18.0212 0x1098 Browser - ok
12:41:18.0228 0x1098 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:41:18.0228 0x1098 Brserid - ok
12:41:18.0244 0x1098 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:41:18.0244 0x1098 BrSerWdm - ok
12:41:18.0244 0x1098 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:41:18.0244 0x1098 BrUsbMdm - ok
12:41:18.0259 0x1098 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:41:18.0259 0x1098 BrUsbSer - ok
12:41:18.0259 0x1098 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:41:18.0275 0x1098 BTHMODEM - ok
12:41:18.0290 0x1098 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:41:18.0290 0x1098 bthserv - ok
12:41:18.0306 0x1098 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:41:18.0322 0x1098 cdfs - ok
12:41:18.0353 0x1098 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:41:18.0368 0x1098 cdrom - ok
12:41:18.0415 0x1098 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:41:18.0415 0x1098 CertPropSvc - ok
12:41:18.0446 0x1098 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:41:18.0462 0x1098 circlass - ok
12:41:18.0493 0x1098 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
12:41:18.0493 0x1098 CLFS - ok
12:41:18.0571 0x1098 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:41:18.0587 0x1098 clr_optimization_v2.0.50727_32 - ok
12:41:18.0634 0x1098 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:41:18.0634 0x1098 clr_optimization_v2.0.50727_64 - ok
12:41:18.0712 0x1098 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:41:18.0712 0x1098 clr_optimization_v4.0.30319_32 - ok
12:41:18.0743 0x1098 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:41:18.0743 0x1098 clr_optimization_v4.0.30319_64 - ok
12:41:18.0758 0x1098 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:41:18.0758 0x1098 CmBatt - ok
12:41:18.0790 0x1098 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:41:18.0790 0x1098 cmdide - ok
12:41:18.0836 0x1098 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
12:41:18.0852 0x1098 CNG - ok
12:41:18.0883 0x1098 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:41:18.0883 0x1098 Compbatt - ok
12:41:18.0930 0x1098 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:41:18.0930 0x1098 CompositeBus - ok
12:41:18.0946 0x1098 COMSysApp - ok
12:41:18.0961 0x1098 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:41:18.0961 0x1098 crcdisk - ok
12:41:19.0008 0x1098 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:41:19.0008 0x1098 CryptSvc - ok
12:41:19.0070 0x1098 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:41:19.0102 0x1098 DcomLaunch - ok
12:41:19.0164 0x1098 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:41:19.0180 0x1098 defragsvc - ok
12:41:19.0211 0x1098 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:41:19.0211 0x1098 DfsC - ok
12:41:19.0242 0x1098 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:41:19.0258 0x1098 Dhcp - ok
12:41:19.0273 0x1098 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:41:19.0289 0x1098 discache - ok
12:41:19.0304 0x1098 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:41:19.0304 0x1098 Disk - ok
12:41:19.0320 0x1098 dkab_device - ok
12:41:19.0351 0x1098 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:41:19.0351 0x1098 Dnscache - ok
12:41:19.0414 0x1098 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:41:19.0429 0x1098 dot3svc - ok
12:41:19.0476 0x1098 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:41:19.0476 0x1098 DPS - ok
12:41:19.0507 0x1098 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:41:19.0507 0x1098 drmkaud - ok
12:41:19.0585 0x1098 [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:41:19.0601 0x1098 DsiWMIService - ok
12:41:19.0694 0x1098 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:41:19.0726 0x1098 DXGKrnl - ok
12:41:19.0741 0x1098 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:41:19.0757 0x1098 EapHost - ok
12:41:19.0928 0x1098 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:41:20.0006 0x1098 ebdrv - ok
12:41:20.0084 0x1098 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
12:41:20.0084 0x1098 EFS - ok
12:41:20.0194 0x1098 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:41:20.0225 0x1098 ehRecvr - ok
12:41:20.0272 0x1098 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
12:41:20.0272 0x1098 ehSched - ok
12:41:20.0334 0x1098 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:41:20.0365 0x1098 elxstor - ok
12:41:20.0490 0x1098 [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
12:41:20.0521 0x1098 ePowerSvc - ok
12:41:20.0552 0x1098 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:41:20.0552 0x1098 ErrDev - ok
12:41:20.0615 0x1098 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:41:20.0630 0x1098 EventSystem - ok
12:41:20.0677 0x1098 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
12:41:20.0677 0x1098 exfat - ok
12:41:20.0708 0x1098 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:41:20.0708 0x1098 fastfat - ok
12:41:20.0786 0x1098 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:41:20.0833 0x1098 Fax - ok
12:41:20.0864 0x1098 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:41:20.0864 0x1098 fdc - ok
12:41:20.0896 0x1098 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:41:20.0911 0x1098 fdPHost - ok
12:41:20.0927 0x1098 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:41:20.0927 0x1098 FDResPub - ok
12:41:20.0958 0x1098 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:41:20.0958 0x1098 FileInfo - ok
12:41:20.0974 0x1098 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:41:20.0974 0x1098 Filetrace - ok
12:41:21.0052 0x1098 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:41:21.0083 0x1098 FLEXnet Licensing Service - ok
12:41:21.0098 0x1098 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:41:21.0098 0x1098 flpydisk - ok
12:41:21.0145 0x1098 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:41:21.0145 0x1098 FltMgr - ok
12:41:21.0223 0x1098 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
12:41:21.0254 0x1098 FontCache - ok
12:41:21.0317 0x1098 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:41:21.0317 0x1098 FontCache3.0.0.0 - ok
12:41:21.0364 0x1098 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:41:21.0364 0x1098 FsDepends - ok
12:41:21.0395 0x1098 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:41:21.0395 0x1098 Fs_Rec - ok
12:41:21.0442 0x1098 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:41:21.0457 0x1098 fvevol - ok
12:41:21.0488 0x1098 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:41:21.0504 0x1098 gagp30kx - ok
12:41:21.0551 0x1098 [ CE16683CFD11FE70BDE435DDA5EA1FCA, 43D850361F2B5C9389F7FABC3C62BD1517349C03834F436579DD01CFD09919F4 ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
12:41:21.0566 0x1098 GameConsoleService - ok
12:41:21.0660 0x1098 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
12:41:21.0691 0x1098 gpsvc - ok
12:41:21.0738 0x1098 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:41:21.0738 0x1098 GREGService - ok
12:41:21.0769 0x1098 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
12:41:21.0769 0x1098 hamachi - ok
12:41:21.0800 0x1098 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:41:21.0800 0x1098 hcw85cir - ok
12:41:21.0847 0x1098 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:41:21.0847 0x1098 HdAudAddService - ok
12:41:21.0894 0x1098 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:41:21.0894 0x1098 HDAudBus - ok
12:41:21.0910 0x1098 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:41:21.0910 0x1098 HidBatt - ok
12:41:21.0910 0x1098 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:41:21.0925 0x1098 HidBth - ok
12:41:21.0925 0x1098 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:41:21.0925 0x1098 HidIr - ok
12:41:21.0956 0x1098 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
12:41:21.0956 0x1098 hidserv - ok
12:41:22.0003 0x1098 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:41:22.0003 0x1098 HidUsb - ok
12:41:22.0034 0x1098 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:41:22.0050 0x1098 hkmsvc - ok
12:41:22.0097 0x1098 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:41:22.0112 0x1098 HomeGroupListener - ok
12:41:22.0144 0x1098 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:41:22.0159 0x1098 HomeGroupProvider - ok
12:41:22.0190 0x1098 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:41:22.0190 0x1098 HpSAMD - ok
12:41:22.0253 0x1098 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:41:22.0268 0x1098 HTTP - ok
12:41:22.0300 0x1098 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:41:22.0300 0x1098 hwpolicy - ok
12:41:22.0346 0x1098 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:41:22.0362 0x1098 i8042prt - ok
12:41:22.0456 0x1098 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:41:22.0487 0x1098 iaStorV - ok
12:41:22.0580 0x1098 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:41:22.0643 0x1098 idsvc - ok
12:41:22.0658 0x1098 IEEtwCollectorService - ok
12:41:22.0690 0x1098 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:41:22.0705 0x1098 iirsp - ok
12:41:22.0799 0x1098 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
12:41:22.0830 0x1098 IKEEXT - ok
12:41:22.0986 0x1098 [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:41:23.0048 0x1098 IntcAzAudAddService - ok
12:41:23.0080 0x1098 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:41:23.0095 0x1098 intelide - ok
12:41:23.0126 0x1098 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:41:23.0126 0x1098 intelppm - ok
12:41:23.0173 0x1098 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:41:23.0173 0x1098 IPBusEnum - ok
12:41:23.0204 0x1098 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:41:23.0220 0x1098 IpFilterDriver - ok
12:41:23.0298 0x1098 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:41:23.0314 0x1098 iphlpsvc - ok
12:41:23.0360 0x1098 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:41:23.0376 0x1098 IPMIDRV - ok
12:41:23.0407 0x1098 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:41:23.0423 0x1098 IPNAT - ok
12:41:23.0438 0x1098 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:41:23.0438 0x1098 IRENUM - ok
12:41:23.0485 0x1098 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:41:23.0485 0x1098 isapnp - ok
12:41:23.0532 0x1098 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:41:23.0532 0x1098 iScsiPrt - ok
12:41:23.0594 0x1098 [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
12:41:23.0610 0x1098 k57nd60a - ok
12:41:23.0626 0x1098 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:41:23.0626 0x1098 kbdclass - ok
12:41:23.0657 0x1098 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:41:23.0657 0x1098 kbdhid - ok
12:41:23.0672 0x1098 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
12:41:23.0672 0x1098 KeyIso - ok
12:41:23.0704 0x1098 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:41:23.0704 0x1098 KSecDD - ok
12:41:23.0719 0x1098 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:41:23.0735 0x1098 KSecPkg - ok
12:41:23.0766 0x1098 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:41:23.0766 0x1098 ksthunk - ok
12:41:23.0813 0x1098 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:41:23.0844 0x1098 KtmRm - ok
12:41:23.0891 0x1098 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:41:23.0906 0x1098 LanmanServer - ok
12:41:23.0938 0x1098 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:41:23.0938 0x1098 LanmanWorkstation - ok
12:41:23.0953 0x1098 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:41:23.0953 0x1098 lltdio - ok
12:41:24.0016 0x1098 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:41:24.0031 0x1098 lltdsvc - ok
12:41:24.0047 0x1098 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:41:24.0047 0x1098 lmhosts - ok
12:41:24.0062 0x1098 LMIGuardianSvc - ok
12:41:24.0094 0x1098 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:41:24.0094 0x1098 LSI_FC - ok
12:41:24.0109 0x1098 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:41:24.0109 0x1098 LSI_SAS - ok
12:41:24.0125 0x1098 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:41:24.0125 0x1098 LSI_SAS2 - ok
12:41:24.0140 0x1098 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:41:24.0140 0x1098 LSI_SCSI - ok
12:41:24.0156 0x1098 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:41:24.0172 0x1098 luafv - ok
12:41:24.0203 0x1098 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:41:24.0203 0x1098 Mcx2Svc - ok
12:41:24.0218 0x1098 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:41:24.0234 0x1098 megasas - ok
12:41:24.0250 0x1098 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:41:24.0250 0x1098 MegaSR - ok
12:41:24.0281 0x1098 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:41:24.0281 0x1098 MMCSS - ok
12:41:24.0312 0x1098 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:41:24.0312 0x1098 Modem - ok
12:41:24.0328 0x1098 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:41:24.0328 0x1098 monitor - ok
12:41:24.0343 0x1098 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:41:24.0343 0x1098 mouclass - ok
12:41:24.0390 0x1098 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:41:24.0390 0x1098 mouhid - ok
12:41:24.0437 0x1098 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:41:24.0437 0x1098 mountmgr - ok
12:41:24.0484 0x1098 [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:41:24.0499 0x1098 MozillaMaintenance - ok
12:41:24.0530 0x1098 [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:41:24.0562 0x1098 MpFilter - ok
12:41:24.0593 0x1098 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:41:24.0608 0x1098 mpio - ok
12:41:24.0640 0x1098 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:41:24.0640 0x1098 mpsdrv - ok
12:41:24.0718 0x1098 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:41:24.0780 0x1098 MpsSvc - ok
12:41:24.0811 0x1098 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:41:24.0811 0x1098 MRxDAV - ok
12:41:24.0858 0x1098 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:41:24.0874 0x1098 mrxsmb - ok
12:41:24.0905 0x1098 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:41:24.0905 0x1098 mrxsmb10 - ok
12:41:24.0936 0x1098 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:41:24.0936 0x1098 mrxsmb20 - ok
12:41:24.0967 0x1098 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:41:24.0967 0x1098 msahci - ok
12:41:24.0998 0x1098 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:41:25.0014 0x1098 msdsm - ok

[barlee]

12:41:25.0061 0x1098 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:41:25.0076 0x1098 MSDTC - ok
12:41:25.0139 0x1098 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:41:25.0139 0x1098 Msfs - ok
12:41:25.0154 0x1098 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:41:25.0154 0x1098 mshidkmdf - ok
12:41:25.0201 0x1098 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:41:25.0201 0x1098 msisadrv - ok
12:41:25.0248 0x1098 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:41:25.0264 0x1098 MSiSCSI - ok
12:41:25.0279 0x1098 msiserver - ok
12:41:25.0295 0x1098 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:41:25.0295 0x1098 MSKSSRV - ok
12:41:25.0357 0x1098 [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:41:25.0373 0x1098 MsMpSvc - ok
12:41:25.0388 0x1098 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:41:25.0388 0x1098 MSPCLOCK - ok
12:41:25.0404 0x1098 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:41:25.0420 0x1098 MSPQM - ok
12:41:25.0482 0x1098 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:41:25.0498 0x1098 MsRPC - ok
12:41:25.0529 0x1098 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:41:25.0529 0x1098 mssmbios - ok
12:41:25.0560 0x1098 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:41:25.0560 0x1098 MSTEE - ok
12:41:25.0576 0x1098 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:41:25.0576 0x1098 MTConfig - ok
12:41:25.0591 0x1098 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:41:25.0591 0x1098 Mup - ok
12:41:25.0622 0x1098 [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:41:25.0622 0x1098 mwlPSDFilter - ok
12:41:25.0622 0x1098 [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:41:25.0638 0x1098 mwlPSDNServ - ok
12:41:25.0654 0x1098 [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:41:25.0654 0x1098 mwlPSDVDisk - ok
12:41:25.0716 0x1098 [ 3E5E20817259F7328C8F3BE5421F35B9, 9BF20E1CE75647BF5654AD603BD7D17E36CC0AD15EEAFF4FACE637D235C34190 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
12:41:25.0716 0x1098 MWLService - ok
12:41:25.0778 0x1098 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:41:25.0794 0x1098 napagent - ok
12:41:25.0841 0x1098 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:41:25.0841 0x1098 NativeWifiP - ok
12:41:25.0934 0x1098 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
12:41:25.0966 0x1098 NDIS - ok
12:41:25.0997 0x1098 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:41:25.0997 0x1098 NdisCap - ok
12:41:26.0012 0x1098 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:41:26.0012 0x1098 NdisTapi - ok
12:41:26.0028 0x1098 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:41:26.0028 0x1098 Ndisuio - ok
12:41:26.0075 0x1098 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:41:26.0075 0x1098 NdisWan - ok
12:41:26.0122 0x1098 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:41:26.0122 0x1098 NDProxy - ok
12:41:26.0153 0x1098 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:41:26.0168 0x1098 NetBIOS - ok
12:41:26.0215 0x1098 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:41:26.0231 0x1098 NetBT - ok
12:41:26.0262 0x1098 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
12:41:26.0262 0x1098 Netlogon - ok
12:41:26.0324 0x1098 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:41:26.0340 0x1098 Netman - ok
12:41:26.0418 0x1098 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:26.0434 0x1098 NetMsmqActivator - ok
12:41:26.0449 0x1098 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:26.0449 0x1098 NetPipeActivator - ok
12:41:26.0512 0x1098 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:41:26.0543 0x1098 netprofm - ok
12:41:26.0574 0x1098 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:26.0574 0x1098 NetTcpActivator - ok
12:41:26.0590 0x1098 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:26.0590 0x1098 NetTcpPortSharing - ok
12:41:26.0636 0x1098 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:41:26.0636 0x1098 nfrd960 - ok
12:41:26.0683 0x1098 [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:41:26.0683 0x1098 NisDrv - ok
12:41:26.0746 0x1098 [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:41:26.0746 0x1098 NisSrv - ok
12:41:26.0793 0x1098 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:41:26.0808 0x1098 NlaSvc - ok
12:41:26.0824 0x1098 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:41:26.0824 0x1098 Npfs - ok
12:41:26.0855 0x1098 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:41:26.0855 0x1098 nsi - ok
12:41:26.0871 0x1098 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:41:26.0871 0x1098 nsiproxy - ok
12:41:26.0995 0x1098 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:41:27.0058 0x1098 Ntfs - ok
12:41:27.0261 0x1098 [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
12:41:27.0276 0x1098 NTI IScheduleSvc - ok
12:41:27.0307 0x1098 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
12:41:27.0307 0x1098 NTIDrvr - ok
12:41:27.0323 0x1098 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:41:27.0323 0x1098 Null - ok
12:41:27.0354 0x1098 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:41:27.0354 0x1098 nvraid - ok
12:41:27.0385 0x1098 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:41:27.0401 0x1098 nvstor - ok
12:41:27.0448 0x1098 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:41:27.0448 0x1098 nv_agp - ok
12:41:27.0463 0x1098 obpedscx - ok
12:41:27.0588 0x1098 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:41:27.0588 0x1098 odserv - ok
12:41:27.0619 0x1098 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:41:27.0619 0x1098 ohci1394 - ok
12:41:27.0666 0x1098 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:41:27.0682 0x1098 ose - ok
12:41:27.0729 0x1098 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:41:27.0744 0x1098 p2pimsvc - ok
12:41:27.0791 0x1098 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:41:27.0807 0x1098 p2psvc - ok
12:41:27.0853 0x1098 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:41:27.0853 0x1098 Parport - ok
12:41:27.0885 0x1098 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:41:27.0885 0x1098 partmgr - ok
12:41:27.0931 0x1098 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
12:41:27.0947 0x1098 PcaSvc - ok
12:41:28.0009 0x1098 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:41:28.0025 0x1098 pci - ok
12:41:28.0056 0x1098 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:41:28.0056 0x1098 pciide - ok
12:41:28.0119 0x1098 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:41:28.0134 0x1098 pcmcia - ok
12:41:28.0150 0x1098 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:41:28.0150 0x1098 pcw - ok
12:41:28.0197 0x1098 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:41:28.0228 0x1098 PEAUTH - ok
12:41:28.0321 0x1098 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:41:28.0321 0x1098 PerfHost - ok
12:41:28.0462 0x1098 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
12:41:28.0493 0x1098 pla - ok
12:41:28.0555 0x1098 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:41:28.0587 0x1098 PlugPlay - ok
12:41:28.0618 0x1098 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:41:28.0618 0x1098 PNRPAutoReg - ok
12:41:28.0665 0x1098 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:41:28.0665 0x1098 PNRPsvc - ok
12:41:28.0727 0x1098 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:41:28.0727 0x1098 PolicyAgent - ok
12:41:28.0774 0x1098 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
12:41:28.0774 0x1098 Power - ok
12:41:28.0805 0x1098 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:41:28.0805 0x1098 PptpMiniport - ok
12:41:28.0852 0x1098 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:41:28.0852 0x1098 Processor - ok
12:41:28.0899 0x1098 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
12:41:28.0914 0x1098 ProfSvc - ok
12:41:28.0930 0x1098 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:41:28.0930 0x1098 ProtectedStorage - ok
12:41:28.0977 0x1098 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:41:28.0992 0x1098 Psched - ok
12:41:29.0086 0x1098 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:41:29.0117 0x1098 ql2300 - ok
12:41:29.0133 0x1098 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:41:29.0148 0x1098 ql40xx - ok
12:41:29.0195 0x1098 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:41:29.0195 0x1098 QWAVE - ok
12:41:29.0226 0x1098 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:41:29.0226 0x1098 QWAVEdrv - ok
12:41:29.0242 0x1098 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:41:29.0242 0x1098 RasAcd - ok
12:41:29.0273 0x1098 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:41:29.0273 0x1098 RasAgileVpn - ok
12:41:29.0304 0x1098 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:41:29.0304 0x1098 RasAuto - ok
12:41:29.0335 0x1098 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:41:29.0335 0x1098 Rasl2tp - ok
12:41:29.0382 0x1098 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:41:29.0398 0x1098 RasMan - ok
12:41:29.0429 0x1098 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:41:29.0429 0x1098 RasPppoe - ok
12:41:29.0476 0x1098 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:41:29.0476 0x1098 RasSstp - ok
12:41:29.0538 0x1098 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:41:29.0554 0x1098 rdbss - ok
12:41:29.0569 0x1098 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:41:29.0569 0x1098 rdpbus - ok
12:41:29.0585 0x1098 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:41:29.0601 0x1098 RDPCDD - ok
12:41:29.0601 0x1098 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:41:29.0601 0x1098 RDPENCDD - ok
12:41:29.0632 0x1098 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:41:29.0632 0x1098 RDPREFMP - ok
12:41:29.0679 0x1098 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:41:29.0694 0x1098 RDPWD - ok
12:41:29.0741 0x1098 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:41:29.0741 0x1098 rdyboost - ok
12:41:29.0772 0x1098 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:41:29.0788 0x1098 RemoteAccess - ok
12:41:29.0835 0x1098 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:41:29.0835 0x1098 RemoteRegistry - ok
12:41:29.0866 0x1098 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:41:29.0881 0x1098 RpcEptMapper - ok
12:41:29.0897 0x1098 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:41:29.0897 0x1098 RpcLocator - ok
12:41:29.0944 0x1098 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:41:29.0991 0x1098 RpcSs - ok
12:41:30.0022 0x1098 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:41:30.0022 0x1098 rspndr - ok
12:41:30.0084 0x1098 [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:41:30.0100 0x1098 RSUSBSTOR - ok
12:41:30.0147 0x1098 [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:41:30.0162 0x1098 RTHDMIAzAudService - ok
12:41:30.0178 0x1098 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
12:41:30.0178 0x1098 SamSs - ok
12:41:30.0209 0x1098 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:41:30.0225 0x1098 sbp2port - ok
12:41:30.0271 0x1098 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:41:30.0287 0x1098 SCardSvr - ok
12:41:30.0318 0x1098 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:41:30.0318 0x1098 scfilter - ok
12:41:30.0427 0x1098 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:41:30.0443 0x1098 Schedule - ok
12:41:30.0490 0x1098 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:41:30.0505 0x1098 SCPolicySvc - ok
12:41:30.0552 0x1098 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:41:30.0552 0x1098 SDRSVC - ok
12:41:30.0583 0x1098 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:41:30.0583 0x1098 secdrv - ok
12:41:30.0615 0x1098 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:41:30.0615 0x1098 seclogon - ok
12:41:30.0646 0x1098 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
12:41:30.0646 0x1098 SENS - ok
12:41:30.0677 0x1098 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:41:30.0677 0x1098 SensrSvc - ok
12:41:30.0708 0x1098 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:41:30.0708 0x1098 Serenum - ok
12:41:30.0724 0x1098 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:41:30.0724 0x1098 Serial - ok
12:41:30.0755 0x1098 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:41:30.0755 0x1098 sermouse - ok
12:41:30.0833 0x1098 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:41:30.0849 0x1098 SessionEnv - ok
12:41:30.0864 0x1098 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:41:30.0864 0x1098 sffdisk - ok
12:41:30.0880 0x1098 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:41:30.0880 0x1098 sffp_mmc - ok
12:41:30.0895 0x1098 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:41:30.0895 0x1098 sffp_sd - ok
12:41:30.0927 0x1098 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:41:30.0927 0x1098 sfloppy - ok
12:41:30.0989 0x1098 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:41:31.0005 0x1098 SharedAccess - ok
12:41:31.0067 0x1098 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:41:31.0098 0x1098 ShellHWDetection - ok
12:41:31.0114 0x1098 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:41:31.0114 0x1098 SiSRaid2 - ok
12:41:31.0129 0x1098 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:41:31.0129 0x1098 SiSRaid4 - ok
12:41:31.0176 0x1098 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:41:31.0192 0x1098 SkypeUpdate - ok
12:41:31.0239 0x1098 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:41:31.0254 0x1098 Smb - ok
12:41:31.0285 0x1098 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:41:31.0301 0x1098 SNMPTRAP - ok
12:41:31.0317 0x1098 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:41:31.0317 0x1098 spldr - ok
12:41:31.0379 0x1098 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:41:31.0426 0x1098 Spooler - ok
12:41:31.0597 0x1098 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:41:31.0691 0x1098 sppsvc - ok
12:41:31.0722 0x1098 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:41:31.0738 0x1098 sppuinotify - ok
12:41:31.0785 0x1098 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:41:31.0800 0x1098 srv - ok
12:41:31.0831 0x1098 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:41:31.0847 0x1098 srv2 - ok
12:41:31.0878 0x1098 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:41:31.0878 0x1098 srvnet - ok
12:41:31.0925 0x1098 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:41:31.0925 0x1098 SSDPSRV - ok
12:41:31.0941 0x1098 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:41:31.0941 0x1098 SstpSvc - ok
12:41:32.0003 0x1098 [ C3D855CC0A8E5E373FDFCF4F743C5C9D, 8DFDD2470DCCC63FCF1621B6B3A996285C75EE330BE8AC905B2176E5DE52C150 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:41:32.0003 0x1098 Steam Client Service - ok
12:41:32.0034 0x1098 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:41:32.0050 0x1098 stexstor - ok
12:41:32.0112 0x1098 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:41:32.0128 0x1098 stisvc - ok
12:41:32.0237 0x1098 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:41:32.0237 0x1098 swenum - ok
12:41:32.0362 0x1098 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:41:32.0393 0x1098 swprv - ok
12:41:32.0533 0x1098 [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:41:32.0549 0x1098 SynTP - ok
12:41:32.0736 0x1098 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:41:32.0783 0x1098 SysMain - ok
12:41:32.0814 0x1098 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:41:32.0830 0x1098 TabletInputService - ok
12:41:32.0861 0x1098 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:41:32.0892 0x1098 TapiSrv - ok
12:41:32.0939 0x1098 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:41:32.0939 0x1098 TBS - ok
12:41:33.0064 0x1098 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:41:33.0111 0x1098 Tcpip - ok
12:41:33.0189 0x1098 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:41:33.0235 0x1098 TCPIP6 - ok
12:41:33.0282 0x1098 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:41:33.0282 0x1098 tcpipreg - ok
12:41:33.0313 0x1098 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:41:33.0313 0x1098 TDPIPE - ok
12:41:33.0345 0x1098 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:41:33.0345 0x1098 TDTCP - ok
12:41:33.0391 0x1098 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:41:33.0391 0x1098 tdx - ok
12:41:33.0423 0x1098 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:41:33.0423 0x1098 TermDD - ok
12:41:33.0516 0x1098 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
12:41:33.0563 0x1098 TermService - ok
12:41:33.0610 0x1098 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
12:41:33.0625 0x1098 Themes - ok
12:41:33.0641 0x1098 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:41:33.0657 0x1098 THREADORDER - ok
12:41:33.0672 0x1098 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:41:33.0688 0x1098 TrkWks - ok
12:41:33.0735 0x1098 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:41:33.0735 0x1098 TrustedInstaller - ok
12:41:33.0781 0x1098 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:41:33.0781 0x1098 tssecsrv - ok
12:41:33.0828 0x1098 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:41:33.0828 0x1098 TsUsbFlt - ok
12:41:33.0875 0x1098 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:41:33.0891 0x1098 tunnel - ok
12:41:33.0922 0x1098 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:41:33.0922 0x1098 uagp35 - ok
12:41:33.0937 0x1098 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
12:41:33.0937 0x1098 UBHelper - ok
12:41:34.0000 0x1098 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:41:34.0015 0x1098 udfs - ok
12:41:34.0062 0x1098 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:41:34.0062 0x1098 UI0Detect - ok
12:41:34.0093 0x1098 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:41:34.0109 0x1098 uliagpkx - ok
12:41:34.0140 0x1098 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
12:41:34.0156 0x1098 umbus - ok
12:41:34.0171 0x1098 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:41:34.0171 0x1098 UmPass - ok
12:41:34.0234 0x1098 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:41:34.0249 0x1098 Updater Service - ok
12:41:34.0327 0x1098 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:41:34.0343 0x1098 upnphost - ok
12:41:34.0405 0x1098 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:41:34.0421 0x1098 usbaudio - ok
12:41:34.0468 0x1098 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:41:34.0483 0x1098 usbccgp - ok
12:41:34.0515 0x1098 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:41:34.0530 0x1098 usbcir - ok
12:41:34.0577 0x1098 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:41:34.0577 0x1098 usbehci - ok
12:41:34.0655 0x1098 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:41:34.0671 0x1098 usbhub - ok
12:41:34.0717 0x1098 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:41:34.0717 0x1098 usbohci - ok
12:41:34.0764 0x1098 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:41:34.0764 0x1098 usbprint - ok
12:41:34.0811 0x1098 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:41:34.0811 0x1098 USBSTOR - ok
12:41:34.0842 0x1098 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:41:34.0842 0x1098 usbuhci - ok
12:41:34.0889 0x1098 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:41:34.0889 0x1098 usbvideo - ok
12:41:34.0920 0x1098 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:41:34.0936 0x1098 UxSms - ok
12:41:34.0951 0x1098 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
12:41:34.0951 0x1098 VaultSvc - ok
12:41:34.0983 0x1098 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:41:34.0998 0x1098 vdrvroot - ok
12:41:35.0076 0x1098 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:41:35.0107 0x1098 vds - ok
12:41:35.0154 0x1098 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:41:35.0170 0x1098 vga - ok
12:41:35.0185 0x1098 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:41:35.0185 0x1098 VgaSave - ok
12:41:35.0232 0x1098 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:41:35.0248 0x1098 vhdmp - ok
12:41:35.0295 0x1098 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:41:35.0295 0x1098 viaide - ok
12:41:35.0310 0x1098 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:41:35.0326 0x1098 volmgr - ok
12:41:35.0388 0x1098 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:41:35.0404 0x1098 volmgrx - ok
12:41:35.0466 0x1098 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:41:35.0466 0x1098 volsnap - ok
12:41:35.0513 0x1098 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:41:35.0529 0x1098 vsmraid - ok
12:41:35.0622 0x1098 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:41:35.0653 0x1098 VSS - ok
12:41:35.0685 0x1098 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:41:35.0685 0x1098 vwifibus - ok
12:41:35.0700 0x1098 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:41:35.0700 0x1098 vwififlt - ok
12:41:35.0731 0x1098 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:41:35.0747 0x1098 W32Time - ok
12:41:35.0778 0x1098 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:41:35.0778 0x1098 WacomPen - ok
12:41:35.0794 0x1098 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:41:35.0809 0x1098 WANARP - ok
12:41:35.0809 0x1098 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:41:35.0809 0x1098 Wanarpv6 - ok
12:41:35.0903 0x1098 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:41:35.0965 0x1098 WatAdminSvc - ok
12:41:36.0168 0x1098 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:41:36.0215 0x1098 wbengine - ok
12:41:36.0277 0x1098 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:41:36.0293 0x1098 WbioSrvc - ok
12:41:36.0340 0x1098 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:41:36.0355 0x1098 wcncsvc - ok
12:41:36.0387 0x1098 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:41:36.0387 0x1098 WcsPlugInService - ok
12:41:36.0433 0x1098 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:41:36.0433 0x1098 Wd - ok
12:41:36.0527 0x1098 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:41:36.0543 0x1098 Wdf01000 - ok
12:41:36.0605 0x1098 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:41:36.0605 0x1098 WdiServiceHost - ok
12:41:36.0605 0x1098 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:41:36.0621 0x1098 WdiSystemHost - ok
12:41:36.0667 0x1098 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
12:41:36.0683 0x1098 WebClient - ok
12:41:36.0730 0x1098 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:41:36.0745 0x1098 Wecsvc - ok
12:41:36.0777 0x1098 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:41:36.0777 0x1098 wercplsupport - ok
12:41:36.0792 0x1098 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:41:36.0808 0x1098 WerSvc - ok
12:41:36.0839 0x1098 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:41:36.0839 0x1098 WfpLwf - ok
12:41:36.0855 0x1098 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:41:36.0855 0x1098 WIMMount - ok
12:41:36.0886 0x1098 WinDefend - ok
12:41:36.0901 0x1098 WinHttpAutoProxySvc - ok
12:41:36.0995 0x1098 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:41:37.0011 0x1098 Winmgmt - ok
12:41:37.0135 0x1098 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
12:41:37.0182 0x1098 WinRM - ok
12:41:37.0276 0x1098 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:41:37.0291 0x1098 WinUsb - ok
12:41:37.0385 0x1098 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:41:37.0432 0x1098 Wlansvc - ok
12:41:37.0619 0x1098 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:41:37.0681 0x1098 wlidsvc - ok
12:41:37.0775 0x1098 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:41:37.0791 0x1098 WmiAcpi - ok
12:41:37.0837 0x1098 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:41:37.0853 0x1098 wmiApSrv - ok
12:41:37.0884 0x1098 WMPNetworkSvc - ok
12:41:37.0915 0x1098 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:41:37.0931 0x1098 WPCSvc - ok
12:41:37.0962 0x1098 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:41:37.0978 0x1098 WPDBusEnum - ok
12:41:38.0009 0x1098 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:41:38.0009 0x1098 ws2ifsl - ok
12:41:38.0025 0x1098 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
12:41:38.0025 0x1098 wscsvc - ok
12:41:38.0040 0x1098 WSearch - ok
12:41:38.0196 0x1098 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
12:41:38.0259 0x1098 wuauserv - ok
12:41:38.0399 0x1098 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:41:38.0399 0x1098 WudfPf - ok
12:41:38.0430 0x1098 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:41:38.0446 0x1098 WUDFRd - ok
12:41:38.0493 0x1098 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:41:38.0493 0x1098 wudfsvc - ok
12:41:38.0571 0x1098 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:41:38.0586 0x1098 WwanSvc - ok
12:41:38.0602 0x1098 ================ Scan global ===============================
12:41:38.0633 0x1098 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:41:38.0711 0x1098 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:41:38.0727 0x1098 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:41:38.0773 0x1098 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:41:38.0820 0x1098 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:41:38.0836 0x1098 [ Global ] - ok
12:41:38.0836 0x1098 ================ Scan MBR ==================================
12:41:38.0851 0x1098 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:41:39.0429 0x1098 \Device\Harddisk0\DR0 - ok
12:41:39.0429 0x1098 ================ Scan VBR ==================================
12:41:39.0444 0x1098 [ E37277CA43758313B81E90E86B850A72 ] \Device\Harddisk0\DR0\Partition1
12:41:39.0491 0x1098 \Device\Harddisk0\DR0\Partition1 - ok
12:41:39.0491 0x1098 [ 5CEE1D84F9F64EB58772E1615BA28FC6 ] \Device\Harddisk0\DR0\Partition2
12:41:39.0507 0x1098 \Device\Harddisk0\DR0\Partition2 - ok
12:41:39.0522 0x1098 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
12:41:39.0538 0x1098 Win FW state via NFP2: enabled
12:41:42.0393 0x1098 ============================================================
12:41:42.0393 0x1098 Scan finished
12:41:42.0393 0x1098 ============================================================
12:41:42.0408 0x12d4 Detected object count: 0
12:41:42.0408 0x12d4 Actual detected object count: 0

[barlee]

Ok, so that is all of the TDSSKiller.txt log.


ComboFix.txt
ComboFix 14-03-24.01 - Bob 03/24/2014 20:52:08.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2305 [GMT -4:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-25 to 2014-03-25 )))))))))))))))))))))))))))))))
.
.
2014-03-25 01:32 . 2014-03-25 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-23 22:15 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA47D435-74EA-4C67-944B-C64B9652C794}\mpengine.dll
2014-03-21 20:48 . 2014-03-22 14:50 -------- d-----w- C:\FRST
2014-03-21 11:22 . 2014-03-14 20:35 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-21 11:22 . 2014-03-14 20:35 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D22BF887-C83A-43A7-AD04-29A795D8D7C0}\gapaengine.dll
2014-03-21 11:22 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-20 12:30 . 2014-03-20 12:34 -------- d-----w- c:\program files (x86)\ERUNT
2014-03-14 20:33 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-14 20:33 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-14 20:33 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-14 20:33 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-14 20:31 . 2014-03-14 20:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-03-14 20:31 . 2014-03-14 20:31 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-14 19:43 . 2014-03-14 19:44 -------- d-----w- C:\50afdc55646263780c
2014-03-13 17:21 . 2014-03-13 17:21 -------- d-----w- c:\users\Bob\AppData\Local\Macromedia
2014-03-09 12:16 . 2014-02-04 23:09 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-03-09 11:48 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D1492DC-CAD1-4835-85BC-6685686EAE8C}\mpengine.dll
2014-02-26 16:46 . 2014-02-26 16:46 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 17:03 . 2012-08-20 13:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 17:03 . 2012-08-20 13:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33 . 2012-08-19 18:40 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-16 00:42 . 2014-01-16 00:42 608032 ----a-w- C:\SecurityScanner.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 obpedscx;obpedscx;c:\windows\system32\drivers\obpedscx.sys;c:\windows\SYSNATIVE\drivers\obpedscx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe;c:\windows\SYSNATIVE\DKabcoms.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\qlnbmrfl.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1803198997-23066263-2989206535-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1803198997-23066263-2989206535-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-25 02:48:49
ComboFix-quarantined-files.txt 2014-03-25 06:48
.
Pre-Run: 138,639,278,080 bytes free
Post-Run: 147,057,278,976 bytes free
.
- - End Of File - - 86EBF30EBD71DA6AB1B6B32A2CF0460B
A36C5E4F47E84449FF07ED3517B43A31


VirusTool
I searched my hard drive but could not find the obpedscx.sys file you requested I scan.

[OCD]

Hi barlee,

VirusTool
I searched my hard drive but could not find the obpedscx.sys file you requested I scan.

The file may be hidden, please unhide files and folders and attempt the VirusTotal step again. If the file can still not be found, go ahead and rehide the files and folders.

Show Hidden Files & Folders in Windows 7

• To show hidden files, just click on the Organize button in any folder, and then select “Folder and Search Options” from the menu.
• Click the View tab, and then you should select “Show hidden files and folders” in the list.
• Then click OK.

=========================

VirusTotal

Please go to: VirusTotal

• Click the Browse button and search for the following file: C:\Windows\system32\drivers\obpedscx.sys
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

=========================

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

• ooVoo
• ooVoo Toolbar
• Update for Zip Opener

=========================

System Configuration - selective startup

Go to the Start Orb type "msconfig" (without quotes) in the search box.
When the System Configuration window appears, on the General tab, click the Selective Startup button.



Next select the Startup tab



Locate the following items and remove the check-mark from the box.

• McAfee Security Scan Plus
• PowerReg Scheduler V3.exe
• ooVoo.exe

Click Apply, then click OK



Close msconfig, you will be prompted to restart, do so at this time.

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

HKU\S-1-5-21-1803198997-23066263-2989206535-1003\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Jordan\AppData\Local\Temp\siqusiw\sveirfr\wow.dll ATTENTION! ====> ZeroAccess?
GroupPolicyUsers\S-1-5-21-1803198997-23066263-2989206535-1003\User: Group Policy restriction detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406?appid=394
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=6564558371054311&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=6564558371054311&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
ooVoo toolbar, powered by Ask.com Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.0.25589 - Ask.com) <==== ATTENTION
Update for Zip Opener (HKCU\...\DSite) (Version:  - ) <==== ATTENTION

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

• VirusTotal results, if available
• Fixlog.txt

[barlee]

OCD,

VirusTotal
I verified that 'show hidden files' is enabled and I still don't find the file obpedscx.sys.


Uninstall Programs
Done - I uninstalled the listed programs.


Selective Startup
Done


FRST Fix
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Bob at 2014-03-25 21:39:26 Run:1
Running from C:\Users\Bob\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1803198997-23066263-2989206535-1003\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Jordan\AppData\Local\Temp\siqusiw\sveirfr\wow.dll ATTENTION! ====> ZeroAccess?
GroupPolicyUsers\S-1-5-21-1803198997-23066263-2989206535-1003\User: Group Policy restriction detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406?appid=394
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=6564558371054311&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=6564558371054311&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
ooVoo toolbar, powered by Ask.com Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.0.25589 - Ask.com) <==== ATTENTION
Update for Zip Opener (HKCU\...\DSite) (Version: - ) <==== ATTENTION
*****************

HKU\S-1-5-21-1803198997-23066263-2989206535-1003\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1803198997-23066263-2989206535-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.


The system needed a reboot.

==== End of Fixlog ====

[OCD]

Hi barlee,

Re-run Farbar Recovery Scan Tool it should of been saved to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

• FRST.txt
• Any change in performance?

[barlee]

OCD,

FRST.txt
I reran the Farbar Recovery Scan Tool while logged in as the user who was experiencing the most problems. Here is the log file

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Jordan (ATTENTION: The logged in user is not administrator) on LAPTOP-JORDAN on 26-03-2014 06:17:32
Running from C:\Users\Jordan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] - C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-08-13] ()
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-1803198997-23066263-2989206535-1003\...\Run: [ROBLOX Corporation Update] - regsvr32.exe "C:\Users\Jordan\AppData\Local\ROBLOX Corporation\OGSDeviceDX9.dll"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406?appid=394
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=6564558371054311&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_uid=6564558371054311&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10

FireFox:
========
FF ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\s0ltswrk.default
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6564558371054311&o=APN10645&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\s0ltswrk.default\searchplugins\Search_Results.xml
FF Extension: WebToSave - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\s0ltswrk.default\Extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976} [2013-09-01]
FF Extension: Video Downloader - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\s0ltswrk.default\Extensions\chbnserfrc@chbnserfrc.org.xpi [2013-04-27]
FF Extension: New Tab - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\s0ltswrk.default\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}.xpi [2013-05-20]

==================== Services (Whitelisted) =================

S3 dkab_device; C:\Windows\system32\DKabcoms.exe [476568 2006-10-21] ( )
S3 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [508824 2006-10-21] ( )
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 obpedscx; \??\C:\Windows\system32\drivers\obpedscx.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 06:13 - 2014-03-21 07:13 - 02157056 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2014-03-25 02:48 - 2014-03-25 02:48 - 00014057 _____ () C:\ComboFix.txt
2014-03-24 12:51 - 2014-03-25 02:48 - 00000000 ____D () C:\Qoobox
2014-03-24 12:51 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 12:51 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 12:51 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-23 18:08 - 2014-03-23 18:11 - 00004586 _____ () C:\Users\Jordan\Desktop\Rkill.txt
2014-03-23 18:07 - 2014-03-23 18:07 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jordan\Desktop\rkill.exe
2014-03-22 13:32 - 2014-03-22 13:37 - 04110135 _____ () C:\Users\Jordan\Downloads\tdsskiller(1).zip
2014-03-22 11:26 - 2014-03-22 11:29 - 02218636 _____ () C:\Users\Jordan\Downloads\tdsskiller.zip
2014-03-22 10:39 - 2014-03-22 10:50 - 00030227 _____ () C:\Users\Jordan\Desktop\Addition.txt
2014-03-22 10:13 - 2014-03-26 06:17 - 00010622 _____ () C:\Users\Jordan\Desktop\FRST.txt
2014-03-21 16:48 - 2014-03-26 06:17 - 00000000 ____D () C:\FRST
2014-03-21 07:12 - 2014-03-21 07:12 - 00987448 _____ () C:\Users\Jordan\Desktop\SecurityCheck.exe
2014-03-20 08:37 - 2014-03-25 02:47 - 00000000 ____D () C:\Windows\ERDNT
2014-03-20 08:33 - 2014-03-20 08:33 - 00000909 _____ () C:\Users\Jordan\Desktop\ERUNT.lnk
2014-03-20 08:30 - 2014-03-20 08:34 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-19 13:46 - 2014-03-19 13:46 - 04745728 _____ (AVAST Software) C:\Users\Jordan\Desktop\aswMBR.exe
2014-03-19 13:44 - 2014-03-19 13:44 - 00688992 ____R (Swearware) C:\Users\Jordan\Desktop\dds.com
2014-03-19 13:33 - 2014-03-19 13:33 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Desktop\erunt-setup.exe
2014-03-14 16:34 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 16:34 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 16:34 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 16:34 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 16:34 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 16:34 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 16:34 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 16:34 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 16:34 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 16:34 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 16:34 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 16:34 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 16:34 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 16:34 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 16:34 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 16:34 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 16:34 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 16:34 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 16:34 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 16:34 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 16:34 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 16:34 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 16:34 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 16:34 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 16:34 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 16:34 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 16:34 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 16:34 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 16:34 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 16:34 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 16:34 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 16:34 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 16:34 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 16:34 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 16:34 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 16:34 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 16:34 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 16:34 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 16:34 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 16:34 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 16:34 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 16:34 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 16:34 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 16:34 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 16:33 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 16:33 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 16:33 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 16:33 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 16:31 - 2014-03-14 16:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-14 16:31 - 2014-03-14 16:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-14 16:30 - 2014-02-14 12:11 - 00000426 _____ () C:\AVScanner.ini
2014-03-14 15:44 - 2014-03-14 16:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-14 15:43 - 2014-03-14 15:44 - 00000000 ____D () C:\50afdc55646263780c
2014-03-14 15:37 - 2014-03-14 15:38 - 13670584 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\mseinstall.exe
2014-03-14 13:53 - 2014-03-25 21:45 - 00000282 __RSH () C:\Users\Jordan\ntuser.pol
2014-03-14 13:48 - 2014-03-25 21:41 - 00000008 __RSH () C:\Users\Bob\ntuser.pol
2014-03-14 11:09 - 2014-03-14 11:20 - 00000000 ____D () C:\Users\Jordan\Documents\Spanish II
2014-03-14 11:09 - 2014-03-14 11:19 - 00000000 ____D () C:\Users\Jordan\Documents\Honors Biology
2014-03-14 11:08 - 2014-03-14 11:20 - 00000000 ____D () C:\Users\Jordan\Documents\Honors English I
2014-03-09 12:41 - 2014-03-09 12:42 - 00688992 _____ (Swearware) C:\Users\Jordan\Downloads\dds.com
2014-03-09 12:35 - 2014-03-09 12:36 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Downloads\erunt-setup.exe
2014-03-09 11:53 - 2014-03-25 21:32 - 00000000 ____D () C:\Windows\pss
2014-03-09 08:16 - 2014-02-04 19:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-09 08:11 - 2014-03-09 08:13 - 25640672 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\Windows-KB890830-x64-V5.9.exe
2014-03-09 07:46 - 2014-03-09 07:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-26 06:17 - 2014-03-22 10:13 - 00010622 _____ () C:\Users\Jordan\Desktop\FRST.txt
2014-03-26 06:17 - 2014-03-21 16:48 - 00000000 ____D () C:\FRST
2014-03-26 06:13 - 2012-08-19 16:12 - 01207643 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 06:03 - 2012-08-20 09:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 23:03 - 2012-08-20 09:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-25 23:03 - 2012-08-20 09:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-25 21:48 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-25 21:48 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-25 21:45 - 2014-03-14 13:53 - 00000282 __RSH () C:\Users\Jordan\ntuser.pol
2014-03-25 21:45 - 2013-11-11 14:01 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Skype
2014-03-25 21:45 - 2012-08-19 14:17 - 00000000 ____D () C:\Users\Jordan
2014-03-25 21:41 - 2014-03-14 13:48 - 00000008 __RSH () C:\Users\Bob\ntuser.pol
2014-03-25 21:41 - 2012-08-19 13:58 - 00000000 ____D () C:\Users\Bob
2014-03-25 21:40 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-25 21:40 - 2009-07-14 00:51 - 00094787 _____ () C:\Windows\setupact.log
2014-03-25 21:39 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-25 21:32 - 2014-03-09 11:53 - 00000000 ____D () C:\Windows\pss
2014-03-25 21:26 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-25 21:11 - 2012-08-19 16:09 - 00157282 _____ () C:\Windows\PFRO.log
2014-03-25 02:48 - 2014-03-25 02:48 - 00014057 _____ () C:\ComboFix.txt
2014-03-25 02:48 - 2014-03-24 12:51 - 00000000 ____D () C:\Qoobox
2014-03-25 02:48 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-03-25 02:47 - 2014-03-20 08:37 - 00000000 ____D () C:\Windows\ERDNT
2014-03-25 02:44 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-23 18:11 - 2014-03-23 18:08 - 00004586 _____ () C:\Users\Jordan\Desktop\Rkill.txt
2014-03-23 18:07 - 2014-03-23 18:07 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jordan\Desktop\rkill.exe
2014-03-22 13:37 - 2014-03-22 13:32 - 04110135 _____ () C:\Users\Jordan\Downloads\tdsskiller(1).zip
2014-03-22 11:29 - 2014-03-22 11:26 - 02218636 _____ () C:\Users\Jordan\Downloads\tdsskiller.zip
2014-03-22 10:50 - 2014-03-22 10:39 - 00030227 _____ () C:\Users\Jordan\Desktop\Addition.txt
2014-03-21 07:13 - 2014-03-26 06:13 - 02157056 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2014-03-21 07:12 - 2014-03-21 07:12 - 00987448 _____ () C:\Users\Jordan\Desktop\SecurityCheck.exe
2014-03-20 08:34 - 2014-03-20 08:30 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-20 08:33 - 2014-03-20 08:33 - 00000909 _____ () C:\Users\Jordan\Desktop\ERUNT.lnk
2014-03-19 13:46 - 2014-03-19 13:46 - 04745728 _____ (AVAST Software) C:\Users\Jordan\Desktop\aswMBR.exe
2014-03-19 13:44 - 2014-03-19 13:44 - 00688992 ____R (Swearware) C:\Users\Jordan\Desktop\dds.com
2014-03-19 13:33 - 2014-03-19 13:33 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Desktop\erunt-setup.exe
2014-03-15 04:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-03-15 03:25 - 2009-07-14 00:45 - 00338000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 03:24 - 2013-08-19 15:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 03:24 - 2013-08-19 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 16:59 - 2012-08-19 19:03 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Skype
2014-03-14 16:47 - 2014-03-14 15:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-14 16:31 - 2014-03-14 16:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-14 16:31 - 2014-03-14 16:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-14 15:44 - 2014-03-14 15:43 - 00000000 ____D () C:\50afdc55646263780c
2014-03-14 15:38 - 2014-03-14 15:37 - 13670584 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\mseinstall.exe
2014-03-14 15:23 - 2013-12-24 00:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-14 12:11 - 2012-08-19 16:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-14 12:06 - 2012-08-19 13:59 - 00000000 ____D () C:\Program Files (x86)\Barnes & Noble
2014-03-14 11:20 - 2014-03-14 11:09 - 00000000 ____D () C:\Users\Jordan\Documents\Spanish II
2014-03-14 11:20 - 2014-03-14 11:08 - 00000000 ____D () C:\Users\Jordan\Documents\Honors English I
2014-03-14 11:19 - 2014-03-14 11:09 - 00000000 ____D () C:\Users\Jordan\Documents\Honors Biology
2014-03-14 11:19 - 2013-08-21 13:25 - 00000000 ____D () C:\Users\Jordan\Documents\FLVS English I Virtual Backpack
2014-03-09 12:42 - 2014-03-09 12:41 - 00688992 _____ (Swearware) C:\Users\Jordan\Downloads\dds.com
2014-03-09 12:36 - 2014-03-09 12:35 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Downloads\erunt-setup.exe
2014-03-09 09:39 - 2012-08-19 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-09 08:13 - 2014-03-09 08:11 - 25640672 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\Windows-KB890830-x64-V5.9.exe
2014-03-09 07:49 - 2012-08-19 15:01 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Mozilla
2014-03-09 07:46 - 2014-03-09 07:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-04 01:33 - 2013-07-22 20:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 01:33 - 2012-08-19 19:03 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 02:05 - 2014-03-14 16:34 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-14 16:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-14 16:34 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-14 16:34 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-14 16:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-14 16:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-14 16:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-14 16:34 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-14 16:34 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-14 16:34 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-14 16:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-14 16:34 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-14 16:34 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-14 16:34 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-14 16:34 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-14 16:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-14 16:34 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-14 16:34 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-14 16:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-14 16:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-14 16:34 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-14 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-14 16:34 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-14 16:34 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-14 16:34 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-14 16:34 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-14 16:34 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-14 16:34 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-14 16:34 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-14 16:34 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-14 16:34 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-14 16:34 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-14 16:34 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-14 16:34 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-14 16:34 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-14 16:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-14 16:34 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-14 16:34 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-14 16:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-14 16:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 16:34 - 2013-08-21 13:41 - 00000000 ____D () C:\Users\Public\Documents\TT Algebra 2
2014-02-26 14:20 - 2009-07-14 01:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 12:49 - 2013-08-18 13:30 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Performance
I let the computer run all night and I no longer see the large number of dllhost.exe *32 processes and the PC is running much better. I really appreciate your help!!!!!!!

[OCD]

Hi barlee,

I reran the Farbar Recovery Scan Tool while logged in as the user who was experiencing the most problems.

Please run all scans from the administrator account.

=========================

I let the computer run all night and I no longer see the large number of dllhost.exe *32 processes and the PC is running much better.

It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign.

=========================

AdwCleaner v3: Scan & Clean

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• Click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that log file in your next reply.
• A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Shut down your protection software now to avoid potential conflicts.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

=========================

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================


ESET Online Scanner

*Note:

• It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
• Please don't go surfing while your resident protection is disabled!
• Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
• Click Scan.
• Wait for the scan to finish.
• When the scan completes, click List of found threats
• click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
• Include the contents of this report in your next reply
  
  Note - when ESET doesn't find any threats, no report will be created.
• Push the back button.
• Push Finish
• Re-enable your Antivirus software.

=========================

In your next post please provide the following:

• AdwCleaner[S0].txt
• JRT.txt
• MBAM log
• ESET's log.txt
• How's the computer running, any symptoms?

[barlee]

OCD,


FRST.txt
I reran teh Farbar Recovery Scan Tool while logged in under an administrator account. Here's the log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Bob (administrator) on LAPTOP-JORDAN on 27-03-2014 10:35:17
Running from C:\Users\Bob\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] - C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-08-13] ()
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-1803198997-23066263-2989206535-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Backyard Football 2006 Registration.lnk
ShortcutTarget: Backyard Football 2006 Registration.lnk -> C:\Users\Bob\AppData\Local\Temp\{1C88E143-CB25-4E92-B8E5-94A34EDC9B93}\{17FE8A6F-9842-43E1-B274-9E2B08DE1035}\ATR1.EXE (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\qlnbmrfl.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

S3 dkab_device; C:\Windows\system32\DKabcoms.exe [476568 2006-10-21] ( )
S3 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [508824 2006-10-21] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 obpedscx; \??\C:\Windows\system32\drivers\obpedscx.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 10:34 - 2014-03-27 10:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 10:33 - 2014-03-27 10:33 - 01038974 _____ (Thisisu) C:\Users\Bob\Downloads\JRT.exe
2014-03-27 10:32 - 2014-03-27 10:33 - 01950720 _____ () C:\Users\Bob\Desktop\AdwCleaner.exe
2014-03-26 06:13 - 2014-03-21 07:13 - 02157056 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2014-03-26 06:09 - 2014-03-27 10:35 - 00010314 _____ () C:\Users\Bob\Desktop\FRST.txt
2014-03-25 06:20 - 2014-03-25 06:20 - 00369295 _____ () C:\Users\Bob\Desktop\TDSSKiller.txt
2014-03-25 06:01 - 2014-03-25 06:01 - 00014057 _____ () C:\Users\Bob\Desktop\combofix.txt
2014-03-25 02:48 - 2014-03-25 02:48 - 00014057 _____ () C:\ComboFix.txt
2014-03-24 12:51 - 2014-03-25 02:48 - 00000000 ____D () C:\Qoobox
2014-03-24 12:51 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 12:51 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 12:51 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 12:51 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-24 07:26 - 2014-03-24 07:26 - 00000000 ____D () C:\Users\Bob\Desktop\TDSSKiller
2014-03-24 07:25 - 2014-03-24 07:25 - 04113320 _____ () C:\Users\Bob\Downloads\tdsskiller.zip
2014-03-23 18:08 - 2014-03-23 18:11 - 00004586 _____ () C:\Users\Jordan\Desktop\Rkill.txt
2014-03-23 18:07 - 2014-03-23 18:07 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jordan\Desktop\rkill.exe
2014-03-22 13:32 - 2014-03-22 13:37 - 04110135 _____ () C:\Users\Jordan\Downloads\tdsskiller(1).zip
2014-03-22 11:30 - 2014-03-24 12:50 - 05192353 ____R (Swearware) C:\Users\Bob\Desktop\ComboFix.exe
2014-03-22 11:26 - 2014-03-22 11:29 - 02218636 _____ () C:\Users\Jordan\Downloads\tdsskiller.zip
2014-03-22 10:39 - 2014-03-22 10:50 - 00030227 _____ () C:\Users\Jordan\Desktop\Addition.txt
2014-03-22 10:13 - 2014-03-26 06:18 - 00031283 _____ () C:\Users\Jordan\Desktop\FRST.txt
2014-03-21 16:48 - 2014-03-27 10:35 - 00000000 ____D () C:\FRST
2014-03-21 07:13 - 2014-03-21 07:13 - 02157056 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-03-21 07:12 - 2014-03-21 07:12 - 00987448 _____ () C:\Users\Jordan\Desktop\SecurityCheck.exe
2014-03-20 21:10 - 2014-03-20 21:10 - 00001947 _____ () C:\Users\Bob\Desktop\aswMBR.txt
2014-03-20 21:10 - 2014-03-20 21:10 - 00000512 _____ () C:\Users\Bob\Desktop\MBR.dat
2014-03-20 11:30 - 2014-03-20 11:30 - 00002808 _____ () C:\Users\Bob\Desktop\attach.zip
2014-03-20 11:06 - 2014-03-20 11:06 - 00008311 _____ () C:\Users\Bob\Desktop\attach.txt
2014-03-20 11:06 - 2014-03-20 11:05 - 00008923 _____ () C:\Users\Bob\Desktop\dds.txt
2014-03-20 08:37 - 2014-03-25 02:47 - 00000000 ____D () C:\Windows\ERDNT
2014-03-20 08:33 - 2014-03-20 08:33 - 00000909 _____ () C:\Users\Jordan\Desktop\ERUNT.lnk
2014-03-20 08:33 - 2014-03-20 08:33 - 00000909 _____ () C:\Users\Bob\Desktop\ERUNT.lnk
2014-03-20 08:30 - 2014-03-20 08:34 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-19 13:46 - 2014-03-19 13:46 - 04745728 _____ (AVAST Software) C:\Users\Jordan\Desktop\aswMBR.exe
2014-03-19 13:44 - 2014-03-19 13:44 - 00688992 ____R (Swearware) C:\Users\Jordan\Desktop\dds.com
2014-03-19 13:33 - 2014-03-19 13:33 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Desktop\erunt-setup.exe
2014-03-14 16:34 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 16:34 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 16:34 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 16:34 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 16:34 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 16:34 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 16:34 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 16:34 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 16:34 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 16:34 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 16:34 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 16:34 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 16:34 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 16:34 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 16:34 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 16:34 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 16:34 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 16:34 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 16:34 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 16:34 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 16:34 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 16:34 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 16:34 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 16:34 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 16:34 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 16:34 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 16:34 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 16:34 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 16:34 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 16:34 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 16:34 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 16:34 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 16:34 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 16:34 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 16:34 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 16:34 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 16:34 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 16:34 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 16:34 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 16:34 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 16:34 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 16:34 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 16:34 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 16:34 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 16:33 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 16:33 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 16:33 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 16:33 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 16:31 - 2014-03-14 16:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-14 16:31 - 2014-03-14 16:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-14 16:30 - 2014-02-14 12:11 - 00000426 _____ () C:\AVScanner.ini
2014-03-14 16:03 - 2014-03-14 16:04 - 13670584 _____ (Microsoft Corporation) C:\Users\Bob\Downloads\mseinstall.exe
2014-03-14 15:44 - 2014-03-14 16:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-14 15:43 - 2014-03-14 15:44 - 00000000 ____D () C:\50afdc55646263780c
2014-03-14 15:37 - 2014-03-14 15:38 - 13670584 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\mseinstall.exe
2014-03-14 13:53 - 2014-03-25 21:45 - 00000282 __RSH () C:\Users\Jordan\ntuser.pol
2014-03-14 13:48 - 2014-03-25 21:41 - 00000008 __RSH () C:\Users\Bob\ntuser.pol
2014-03-14 11:09 - 2014-03-14 11:20 - 00000000 ____D () C:\Users\Jordan\Documents\Spanish II
2014-03-14 11:09 - 2014-03-14 11:19 - 00000000 ____D () C:\Users\Jordan\Documents\Honors Biology
2014-03-14 11:08 - 2014-03-14 11:20 - 00000000 ____D () C:\Users\Jordan\Documents\Honors English I
2014-03-13 13:21 - 2014-03-13 13:21 - 00000000 ____D () C:\Users\Bob\AppData\Local\Macromedia
2014-03-09 12:41 - 2014-03-09 12:42 - 00688992 _____ (Swearware) C:\Users\Jordan\Downloads\dds.com
2014-03-09 12:35 - 2014-03-09 12:36 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Downloads\erunt-setup.exe
2014-03-09 11:53 - 2014-03-25 21:32 - 00000000 ____D () C:\Windows\pss
2014-03-09 08:16 - 2014-02-04 19:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-09 08:11 - 2014-03-09 08:13 - 25640672 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\Windows-KB890830-x64-V5.9.exe
2014-03-09 07:46 - 2014-03-09 07:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-27 10:36 - 2014-03-26 06:09 - 00010314 _____ () C:\Users\Bob\Desktop\FRST.txt
2014-03-27 10:35 - 2014-03-21 16:48 - 00000000 ____D () C:\FRST
2014-03-27 10:34 - 2014-03-27 10:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 10:33 - 2014-03-27 10:33 - 01038974 _____ (Thisisu) C:\Users\Bob\Downloads\JRT.exe
2014-03-27 10:33 - 2014-03-27 10:32 - 01950720 _____ () C:\Users\Bob\Desktop\AdwCleaner.exe
2014-03-27 10:17 - 2012-08-19 16:12 - 01250967 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 10:03 - 2012-08-20 09:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 21:43 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:43 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:35 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 21:35 - 2009-07-14 00:51 - 00094843 _____ () C:\Windows\setupact.log
2014-03-26 07:05 - 2013-11-11 14:01 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Skype
2014-03-26 06:18 - 2014-03-22 10:13 - 00031283 _____ () C:\Users\Jordan\Desktop\FRST.txt
2014-03-25 23:03 - 2012-08-20 09:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-25 23:03 - 2012-08-20 09:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-25 23:03 - 2012-08-20 09:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-25 21:45 - 2014-03-14 13:53 - 00000282 __RSH () C:\Users\Jordan\ntuser.pol
2014-03-25 21:45 - 2012-08-19 14:17 - 00000000 ____D () C:\Users\Jordan
2014-03-25 21:41 - 2014-03-14 13:48 - 00000008 __RSH () C:\Users\Bob\ntuser.pol
2014-03-25 21:41 - 2012-08-19 13:58 - 00000000 ____D () C:\Users\Bob
2014-03-25 21:39 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-25 21:32 - 2014-03-09 11:53 - 00000000 ____D () C:\Windows\pss
2014-03-25 21:32 - 2012-08-19 14:02 - 00000000 ___RD () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-25 21:26 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-25 21:11 - 2012-08-19 16:09 - 00157282 _____ () C:\Windows\PFRO.log
2014-03-25 06:20 - 2014-03-25 06:20 - 00369295 _____ () C:\Users\Bob\Desktop\TDSSKiller.txt
2014-03-25 06:01 - 2014-03-25 06:01 - 00014057 _____ () C:\Users\Bob\Desktop\combofix.txt
2014-03-25 02:48 - 2014-03-25 02:48 - 00014057 _____ () C:\ComboFix.txt
2014-03-25 02:48 - 2014-03-24 12:51 - 00000000 ____D () C:\Qoobox
2014-03-25 02:48 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-03-25 02:47 - 2014-03-20 08:37 - 00000000 ____D () C:\Windows\ERDNT
2014-03-25 02:44 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-24 12:50 - 2014-03-22 11:30 - 05192353 ____R (Swearware) C:\Users\Bob\Desktop\ComboFix.exe
2014-03-24 07:26 - 2014-03-24 07:26 - 00000000 ____D () C:\Users\Bob\Desktop\TDSSKiller
2014-03-24 07:25 - 2014-03-24 07:25 - 04113320 _____ () C:\Users\Bob\Downloads\tdsskiller.zip
2014-03-23 18:11 - 2014-03-23 18:08 - 00004586 _____ () C:\Users\Jordan\Desktop\Rkill.txt
2014-03-23 18:07 - 2014-03-23 18:07 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jordan\Desktop\rkill.exe
2014-03-22 13:37 - 2014-03-22 13:32 - 04110135 _____ () C:\Users\Jordan\Downloads\tdsskiller(1).zip
2014-03-22 11:29 - 2014-03-22 11:26 - 02218636 _____ () C:\Users\Jordan\Downloads\tdsskiller.zip
2014-03-22 10:50 - 2014-03-22 10:39 - 00030227 _____ () C:\Users\Jordan\Desktop\Addition.txt
2014-03-21 07:13 - 2014-03-26 06:13 - 02157056 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2014-03-21 07:13 - 2014-03-21 07:13 - 02157056 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-03-21 07:12 - 2014-03-21 07:12 - 00987448 _____ () C:\Users\Jordan\Desktop\SecurityCheck.exe
2014-03-20 21:10 - 2014-03-20 21:10 - 00001947 _____ () C:\Users\Bob\Desktop\aswMBR.txt
2014-03-20 21:10 - 2014-03-20 21:10 - 00000512 _____ () C:\Users\Bob\Desktop\MBR.dat
2014-03-20 11:30 - 2014-03-20 11:30 - 00002808 _____ () C:\Users\Bob\Desktop\attach.zip
2014-03-20 11:06 - 2014-03-20 11:06 - 00008311 _____ () C:\Users\Bob\Desktop\attach.txt
2014-03-20 11:05 - 2014-03-20 11:06 - 00008923 _____ () C:\Users\Bob\Desktop\dds.txt
2014-03-20 08:34 - 2014-03-20 08:30 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-20 08:33 - 2014-03-20 08:33 - 00000909 _____ () C:\Users\Jordan\Desktop\ERUNT.lnk
2014-03-20 08:33 - 2014-03-20 08:33 - 00000909 _____ () C:\Users\Bob\Desktop\ERUNT.lnk
2014-03-19 13:46 - 2014-03-19 13:46 - 04745728 _____ (AVAST Software) C:\Users\Jordan\Desktop\aswMBR.exe
2014-03-19 13:44 - 2014-03-19 13:44 - 00688992 ____R (Swearware) C:\Users\Jordan\Desktop\dds.com
2014-03-19 13:33 - 2014-03-19 13:33 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Desktop\erunt-setup.exe
2014-03-15 04:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-03-15 03:25 - 2009-07-14 00:45 - 00338000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 03:24 - 2013-08-19 15:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 03:24 - 2013-08-19 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 16:59 - 2012-08-19 19:03 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Skype
2014-03-14 16:47 - 2014-03-14 15:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-14 16:31 - 2014-03-14 16:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-14 16:31 - 2014-03-14 16:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-14 16:04 - 2014-03-14 16:03 - 13670584 _____ (Microsoft Corporation) C:\Users\Bob\Downloads\mseinstall.exe
2014-03-14 15:44 - 2014-03-14 15:43 - 00000000 ____D () C:\50afdc55646263780c
2014-03-14 15:38 - 2014-03-14 15:37 - 13670584 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\mseinstall.exe
2014-03-14 15:23 - 2013-12-24 00:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-14 13:48 - 2012-12-05 17:12 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-03-14 12:11 - 2012-08-19 16:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-14 12:06 - 2012-08-19 13:59 - 00000000 ____D () C:\Program Files (x86)\Barnes & Noble
2014-03-14 11:20 - 2014-03-14 11:09 - 00000000 ____D () C:\Users\Jordan\Documents\Spanish II
2014-03-14 11:20 - 2014-03-14 11:08 - 00000000 ____D () C:\Users\Jordan\Documents\Honors English I
2014-03-14 11:19 - 2014-03-14 11:09 - 00000000 ____D () C:\Users\Jordan\Documents\Honors Biology
2014-03-14 11:19 - 2013-08-21 13:25 - 00000000 ____D () C:\Users\Jordan\Documents\FLVS English I Virtual Backpack
2014-03-13 13:21 - 2014-03-13 13:21 - 00000000 ____D () C:\Users\Bob\AppData\Local\Macromedia
2014-03-09 12:42 - 2014-03-09 12:41 - 00688992 _____ (Swearware) C:\Users\Jordan\Downloads\dds.com
2014-03-09 12:36 - 2014-03-09 12:35 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Downloads\erunt-setup.exe
2014-03-09 09:42 - 2013-11-11 14:01 - 00000000 ____D () C:\Users\Bob\AppData\Local\LogMeIn Hamachi
2014-03-09 09:39 - 2012-08-19 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-09 08:13 - 2014-03-09 08:11 - 25640672 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\Windows-KB890830-x64-V5.9.exe
2014-03-09 07:49 - 2012-08-19 15:01 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Mozilla
2014-03-09 07:46 - 2014-03-09 07:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-09 07:46 - 2012-08-19 14:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Mozilla
2014-03-09 07:43 - 2012-08-19 14:02 - 00001417 _____ () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-04 01:33 - 2013-07-22 20:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 01:33 - 2012-08-19 19:03 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 02:05 - 2014-03-14 16:34 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-14 16:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-14 16:34 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-14 16:34 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-14 16:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-14 16:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-14 16:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-14 16:34 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-14 16:34 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-14 16:34 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-14 16:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-14 16:34 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-14 16:34 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-14 16:34 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-14 16:34 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-14 16:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-14 16:34 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-14 16:34 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-14 16:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-14 16:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-14 16:34 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-14 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-14 16:34 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-14 16:34 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-14 16:34 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-14 16:34 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-14 16:34 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-14 16:34 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-14 16:34 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-14 16:34 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-14 16:34 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-14 16:34 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-14 16:34 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-14 16:34 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-14 16:34 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-14 16:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-14 16:34 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-14 16:34 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-14 16:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-14 16:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 16:34 - 2013-08-21 13:41 - 00000000 ____D () C:\Users\Public\Documents\TT Algebra 2
2014-02-26 14:20 - 2009-07-14 01:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 12:49 - 2013-08-18 13:30 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 07:39

==================== End Of Log ============================


AdwCleaner[S0].txt
# AdwCleaner v3.022 - Report created 27/03/2014 at 10:43:20
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob - LAPTOP-JORDAN
# Running from : C:\Users\Bob\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jordan\AppData\Local\iLivid
Folder Deleted : C:\Users\Jordan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\s0ltswrk.default\Extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}
File Deleted : C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\s0ltswrk.default\searchplugins\Search_Results.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v15.0.1 (en-US)

[ File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\qlnbmrfl.default\prefs.js ]


[ File : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\s0ltswrk.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6564558371054311&o=APN10645&q=");

*************************

AdwCleaner[R0].txt - [2231 octets] - [27/03/2014 10:39:22]
AdwCleaner[S0].txt - [2188 octets] - [27/03/2014 10:43:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2248 octets] ##########


JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bob on Thu 03/27/2014 at 10:49:43.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\qlnbmrfl.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/27/2014 at 10:58:31.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


MBAM Log
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/27/2014
Scan Time: 11:18:50 AM
Logfile: Malware Log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.27.04
Rootkit Database: v2014.03.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275329
Time Elapsed: 13 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1803198997-23066263-2989206535-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [f24e5cac0675241219eb09711de66b95],

Registry Values: 2
VirTool.Vbcrypt, HKU\S-1-5-21-1803198997-23066263-2989206535-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ROBLOX Corporation Update, regsvr32.exe "C:\Users\Jordan\AppData\Local\ROBLOX Corporation\OGSDeviceDX9.dll", Quarantined, [cc74a860f08b63d3000d515316eae31d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1803198997-23066263-2989206535-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0T0E0C1F2R0U2Y1R, Quarantined, [f24e5cac0675241219eb09711de66b95]

Registry Data: 1
Hijack.StartPage, HKU\S-1-5-21-1803198997-23066263-2989206535-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.searchnu.com/406?appid=394, Good: (http://www.google.com), Bad: (http://www.searchnu.com/406?appid=394),Replaced,[e45ca56396e5a294abddd037ae56a45c]

Folders: 0
(No malicious items detected)

Files: 1
VirTool.Vbcrypt, C:\Users\Jordan\AppData\Local\ROBLOX Corporation\OGSDeviceDX9.dll, Quarantined, [cc74a860f08b63d3000d515316eae31d],

Physical Sectors: 0
(No malicious items detected)


(end)


ESET's log
C:\Users\Jordan\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN potentially unwanted application


Computer Performance
PC still appears to be running much better. I do not see the dllhost.exe *32 processes appearing in the task manager.