New advertising malware?

Status
Not open for further replies.
I just ran ComboFix... log file appears below.

I'll monitor this for a couple of days to see if it comes back and keep you posted.


ComboFix 15-02-16.01 - Henry 02/25/2015 9:00.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16289.12882 [GMT -5:00]
Running from: c:\users\Henry\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6584\AddOnDownloaded\0124e21d-018c-4ce0-92a3-b9e205a76bc0.dll
c:\programdata\PCDr\6584\AddOnDownloaded\01729c78-925e-4e01-a2dd-3c0f0989e6d1.dll
c:\programdata\PCDr\6584\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6584\AddOnDownloaded\095557b2-2408-4eaf-b39b-d55c8606482c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6584\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6584\AddOnDownloaded\10494c60-ec8b-4856-b24a-b6d076c4499f.dll
c:\programdata\PCDr\6584\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6584\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6584\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6584\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2b7a7ebb-6083-4253-a1e6-149883b6eb45.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6584\AddOnDownloaded\481fbe3e-ec08-4d5a-94ea-95c753609e7c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\48476a77-44f9-40a8-a623-f3402f22b01b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6584\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6584\AddOnDownloaded\5c57a158-1254-45f6-b629-b2debbf1fd29.dll
c:\programdata\PCDr\6584\AddOnDownloaded\5dc7cfd3-e8ce-4478-9404-0ae32511b353.dll
c:\programdata\PCDr\6584\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\649574c7-1acb-458c-a846-1bc04bfcdb93.dll
c:\programdata\PCDr\6584\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6f9e83ca-5216-40db-863d-61ffff2a1563.dll
c:\programdata\Roaming
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
.
.
((((((((((((((((((((((((( Files Created from 2015-01-25 to 2015-02-25 )))))))))))))))))))))))))))))))
.
.
2015-02-25 14:10 . 2015-02-25 14:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-22 19:17 . 2015-02-22 19:17 -------- d-----w- c:\users\Henry\AppData\Roaming\PCDr
2015-02-22 19:17 . 2015-02-22 19:17 -------- d-----w- c:\programdata\PCDr
2015-02-22 16:43 . 2015-02-22 17:14 -------- d-----w- C:\AdwCleaner
2015-02-16 21:26 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-16 21:26 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-16 21:26 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-16 21:26 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-15 19:01 . 2015-02-15 19:01 -------- d-----w- c:\program files (x86)\YouTube-Downloader
2015-02-13 02:42 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 02:42 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 02:42 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 02:42 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-11 16:04 . 2015-02-11 16:04 -------- d-----w- c:\programdata\PC-Doctor for Windows
2015-02-11 16:04 . 2015-02-11 16:04 -------- d-----w- c:\program files\Dell Support Center
2015-02-10 21:41 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-10 21:40 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-07 14:20 . 2015-02-07 14:20 -------- d-----w- c:\users\Henry\AppData\Local\GARMIN_Corp
2015-02-04 03:09 . 2015-02-23 21:39 -------- d-----w- C:\FRST
2015-02-04 03:07 . 2015-02-04 03:07 -------- d-----w- C:\RegBackup
2015-01-27 22:02 . 2015-01-27 22:02 -------- d-----w- c:\program files (x86)\AVIGenerator
2015-01-27 22:01 . 2015-01-27 22:04 -------- d-----w- c:\users\Henry\VideoPlayer Picture
2015-01-27 22:01 . 2015-01-27 22:01 -------- d-----w- c:\users\Henry\AppData\Roaming\VideoPlayer
2015-01-27 22:01 . 2015-01-27 22:01 -------- d-----w- c:\program files (x86)\Lorex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-21 01:56 . 2015-01-03 14:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-12 21:41 . 2014-11-01 16:00 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 17:28 . 2014-10-26 21:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 17:28 . 2014-10-26 21:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-08 14:55 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-23 15:41 . 2014-12-23 15:41 150440 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2014-12-23 15:41 . 2014-12-23 15:41 150440 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2014-12-20 22:31 . 2014-12-20 22:31 40344 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2014-12-19 03:06 . 2015-01-13 22:53 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 22:53 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-18 22:31 . 2014-12-18 22:31 97176 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2014-12-15 09:13 . 2015-01-21 00:28 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{562FEE9C-CBF4-419A-AF96-3B7E1C49643C}\mpengine.dll
2014-12-11 23:12 . 2014-12-11 23:12 1120752 ----a-w- c:\windows\boinc.scr
2014-12-11 17:47 . 2015-01-13 22:53 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-09 02:24 . 2014-12-09 02:24 260888 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-12-06 04:17 . 2015-01-13 22:53 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-13 22:53 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-13 22:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1C52FA7C-51B7-4621-9D5A-11101BA13134}]
2015-02-12 23:18 973000 ----a-w- c:\program files (x86)\Invincea\Enterprise\InvRedirHostIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-02 389120]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2015-02-19 109480]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-01-28 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-02 767200]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-12-03 3498728]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-07-22 5562736]
"NetSetMan"="c:\program files (x86)\NetSetMan\netsetman.exe" [2014-06-03 5414056]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2013-04-19 36168]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2013-04-19 18248]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2012-02-17 141160]
"PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2012-02-17 641384]
"OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe" [2012-02-24 1893224]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-12-18 3667472]
"P-215II CaptureOnTouch"="c:\program files (x86)\Canon Electronics\P215II\TouchDR.exe" [2014-03-30 2251056]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
.
c:\users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice 4.1.1.lnk - c:\program files (x86)\OpenOffice 4\program\quickstart.exe [2014-7-29 117248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2014-11-7 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz134;cpuz134;c:\users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service;c:\windows\SysWOW64\dllhost.exe;c:\windows\SysWOW64\dllhost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TGBVPNVirtM;TheGreenBow Virtual Miniport;c:\windows\system32\DRIVERS\TGBVPNVirtM.sys;c:\windows\SYSNATIVE\DRIVERS\TGBVPNVirtM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 Wibukey2_64;Wibukey2_64;c:\windows\system32\drivers\wibukey2_64.sys;c:\windows\SYSNATIVE\drivers\wibukey2_64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x]
R4 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 CredFltL;Dell SED PBA Filter;c:\windows\system32\DRIVERS\CredFltL.sys;c:\windows\SYSNATIVE\DRIVERS\CredFltL.sys [x]
S0 DLACDBHE;DLACDBHE;c:\windows\System32\Drivers\DLACDBHE.SYS;c:\windows\SYSNATIVE\Drivers\DLACDBHE.SYS [x]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS;c:\windows\SYSNATIVE\Drivers\DRVECDB.SYS [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SEDFilter;Dell SED PBA Enhancement;c:\windows\system32\DRIVERS\SEDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\SEDFilter.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS;c:\windows\SYSNATIVE\Drivers\DLARTL_E.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ApHidMonitorService;Alps HID Monitor Service;c:\program files\DellTPad\HidMonitorSvc.exe;c:\program files\DellTPad\HidMonitorSvc.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 DellMgmtAgent;Dell Management Agent Service;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [x]
S2 DellMgmtLoader;Dell Security Framework Loader;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [x]
S2 DellMgmtServer;DELL Security Framework Local Server;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [x]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\Drivers\DLABMFSE.SYS;c:\windows\SYSNATIVE\Drivers\DLABMFSE.SYS [x]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\Drivers\DLABOIOE.SYS;c:\windows\SYSNATIVE\Drivers\DLABOIOE.SYS [x]
S2 DLADResE;DLADResE;c:\windows\system32\Drivers\DLADResE.SYS;c:\windows\SYSNATIVE\Drivers\DLADResE.SYS [x]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\Drivers\DLAIFS_E.SYS;c:\windows\SYSNATIVE\Drivers\DLAIFS_E.SYS [x]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\Drivers\DLAOPIOE.SYS;c:\windows\SYSNATIVE\Drivers\DLAOPIOE.SYS [x]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\Drivers\DLAPoolE.SYS;c:\windows\SYSNATIVE\Drivers\DLAPoolE.SYS [x]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\Drivers\DLAUDF_E.SYS;c:\windows\SYSNATIVE\Drivers\DLAUDF_E.SYS [x]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\Drivers\DLAUDFAE.SYS;c:\windows\SYSNATIVE\Drivers\DLAUDFAE.SYS [x]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS;c:\windows\SYSNATIVE\Drivers\DRVEDDM.SYS [x]
S2 Emc.Captiva.WebCaptureService;EMC Captiva Cloud Service;c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe;c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iBtSiva;Intel Bluetooth Service;c:\program files (x86)\Intel\Bluetooth\ibtsiva.exe;c:\program files (x86)\Intel\Bluetooth\ibtsiva.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 InvProtectSvc;Invincea Enterprise Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nsmService;NSM Service;c:\program files (x86)\NetSetMan\nsmservice.exe;c:\program files (x86)\NetSetMan\nsmservice.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 poaService;Dell PPO Service;c:\program files\Dell\PPO\poaService.exe;c:\program files\Dell\PPO\poaService.exe [x]
S2 PoaSMSrv;Dell PPO System Maintenance Service;c:\program files\Dell\PPO\poaSmSrv.exe;c:\program files\Dell\PPO\poaSmSrv.exe [x]
S2 poaTaServ;Dell PPO Track & Analyze Service;c:\program files\Dell\PPO\poaTaServ.exe;c:\program files\Dell\PPO\poaTaServ.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 RWAR3HV_0002_0;RWAR3HV_0002_0;c:\program files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE;c:\program files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE [x]
S2 RWAR3Monitor;RWAR3Monitor;c:\program files\Visioneer\RWAR3\RWAR3Monitor.exe;c:\program files\Visioneer\RWAR3\RWAR3Monitor.exe [x]
S2 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TgbIke Starter;TgbIke Starter;c:\windows\SysWOW64\TgbStarter.exe;c:\windows\SysWOW64\TgbStarter.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WindowsVNT_R3;Windows Virtual Network (WVN3);c:\program files (x86)\Windows Network Accelerater\v3\winvxm.exe;c:\program files (x86)\Windows Network Accelerater\v3\winvxm.exe [x]
S2 YouTubeDownload_A3;YouTube Downloader Services (A3);c:\program files (x86)\YouTube-Downloader\A3\youtubeserv.exe;c:\program files (x86)\YouTube-Downloader\A3\youtubeserv.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
S3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 O2FJ2RDR;O2FJ2RDR;c:\windows\system32\DRIVERS\O2FJ2w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2FJ2w7x64.sys [x]
S3 POADrvr;POADrvr;c:\windows\system32\drivers\POADrvr.sys;c:\windows\SYSNATIVE\drivers\POADrvr.sys [x]
S3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
S3 TGBMPEnum;TheGreenBow VPN Miniport Enumerator;c:\windows\system32\DRIVERS\TGBMPEnum.sys;c:\windows\SYSNATIVE\DRIVERS\TGBMPEnum.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\wbfcvusbdrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NAL
*Deregistered* - NAL
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-26 17:28]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15 18:03]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15 18:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C52FA7C-51B7-4621-9D5A-11101BA13134}]
2015-02-12 23:19 1179336 ----a-w- c:\program files (x86)\Invincea\Enterprise\X64\InvRedirHostIE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2014-03-13 727896]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-01-18 7510232]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-01-14 1374936]
"WavesSvc"="c:\program files\Realtek\Audio\HDA\WavesSvc64.exe" [2013-12-31 285272]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-01-14 1374936]
"DellPoaEvents"="c:\program files\Dell\PPO\DellPoaEvents.exe" [2014-08-15 396496]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2014-03-26 7825720]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-05-28 36352]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2014-05-30 4876528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"CSFTrayApp"="c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe" [2014-09-11 232288]
"InvProtect"="c:\program files (x86)\Invincea\Enterprise\X64\InvProtect64.exe" [2015-02-12 6779592]
"CANON P-215II SVC"="P215IISvc.dll" [2014-01-29 132608]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2014-12-11 67056]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2014-12-11 9639920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.excite.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Open with Nuance PDF Converter 7 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
Trusted Zone: dell.com
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 208.67.222.222 208.67.222.220 192.168.0.1
FF - ProfilePath - c:\users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\
FF - prefs.js: browser.startup.homepage - www.excite.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DellSystemDetect - c:\users\Henry\AppData\Local\Apps\2.0\NAYH0GJE.AQP\Z389LM6C.22Q\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
Completion time: 2015-02-25 09:12:45
ComboFix-quarantined-files.txt 2015-02-25 14:12
.
Pre-Run: 662,444,105,728 bytes free
Post-Run: 667,668,533,248 bytes free
.
- - End Of File - - C1B5AAC5F518523202D0D45AE314A997
5C616939100B85E558DA92B899A0FC36
 
I ran ComboFix, but the problem remains. Now I have two invisible Internet Explorer applications running instead of just one, and they are both pointing to the same web page. What was happening before, was that the single application would change web pages about once every second or so.
 

Attachments

  • Capture01.JPG
    Capture01.JPG
    27.5 KB · Views: 5
  • Capture02.JPG
    Capture02.JPG
    47.9 KB · Views: 3
Not sure why but it makes me think it's coming from FlashPlayer?

Delete cache and other browser data in Chrome
  • Select Tools.
  • Select Clear browsing data.
  • In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete cookies and other site and plug-in data
  • Clear saved passwords
  • Clear saved Auto-fill form data
  • Clear data from hosted apps
  • De-authorize content licenses
  • Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
  • Click Clear browsing data.
=========================

~~~

Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
  • In Firefox, Options
  • Select Options
  • Select Privacy tab
  • Find the section that reads: You might want to clear your recent history or remove individual cookies
  • Select clear your recent history
  • Click the Details drop-down arrow
  • Make sure a check mark is placed in the following boxes:
  • Cookies
  • Cache
  • Next select the Time Range to Clear drop-down menu
  • Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
  • Click Clear Now
=========================


Clear Browser Cache in IE11
  • Close all Internet Explorer and Windows Explorer windows that are currently open.
  • Open Internet Explorer.
  • Click the Tools button
    ietoolsbutton.jpg
    , and then select theGeneral tab, then select Browsing history select the Delete button.
  • Select the check box next to each of the following categories.
  • Temporary Internet files and website files
  • Cookies and website data
  • History
  • Click Delete

Please Download Flash Cookie Killer by Bobbie Flekman and save it to your Desktop

==========

Warning

Steps (1-3) will delete all existing highscores and game settings for flash games. Steps (4-8) might prevent the ability to save highscores in some games all together.

==========

  1. Double click
    2mfktht.png



    from your desktop
  2. Check "Everything but Adobe Site Settings"
  3. Mouse click "Make it so!"
    soqx38.png


  4. Now go to the Adobe Flash Player Settings Manager
  5. In the "Website Storage Settings" choose the "Delete All Sites" tab then "Confirm"
    2dkwnbn.png


  6. Next in the "Global Storage Settings" uncheck "Allow third-party Flash content to store on your computer"
    10qkhp2.png


  7. Finally in the "Global Privacy Settings" choose "Always Deny" then "Confirm"
    29q15za.png

  8. You have now successfully deleted cookies stored and changed the Flash Players default settings to prevent access in the future.

~~~~~~~~~~~~~~~~~~~~`

Download OTM by OldTimer Here & save it to your desktop.
  • Double click on OTM.exe to run it
  • Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error
Code: 
:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

~~~~~~~~~~~
 
I was checking on this problem other places, and found some interesting information. Other people with this particular problem have made the observation that the rogue Iexplore processes only happen when connected to the internet via wireless (WiFi only, not when hard-wired). I checked this on my computer, and verified that yes, that is the case.

On a BleepingComputer forum, the problem has been identified. Here's the URL that I found, and the message from the thread:


http://www.bleepingcomputer.com/forums/t/537155/rogue-iexplorerexe-processes/


Posted 10 June 2014 - 06:18 PM
Hi Machiavelli,
I was not expecting a response so soon. But thank you very much.

Before reading your reply, and expecting a 5 day wait, I started investigating other cases that seemed similar to mine. This is contrary to what your response asked me to do, so I apologize for that. However, I believe that things have turned out fairly well.

After reading about rootkits and how they pose a special difficulty for malware removal, I noticed that I had not checked off "rootkit protection" when I ran the malwarebytes anti-malware program using the default settings. I don't seem to have a good copy of the malwarebytes log file but its report mentioned two instances of "forged physical sector" occurring on Drive 0, sector 1 and 211.

As I mentioned previously, the infected computer only displayed symptoms (multiple high-impact iexplorer.exe tasks) when connected to the internet. I ran this scan with the computer off the network and stayed off while I ran the Kaspersky TDSSKILLER program, again looking for rootkits.

In addition to three unsigned file messages that were listed as PUP, TDSSKiller reported the detection of Rootkit.Boot.Cidox which it later "cured". Here is the excerpt:

09:55:15.0059 0x17a4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB,

63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows

\system32\services.exe
09:55:15.0069 0x17a4 [ Global ] - ok
09:55:15.0069 0x17a4 ================ Scan MBR ==================================
09:55:15.0079 0x17a4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:55:15.0639 0x17a4 \Device\Harddisk0\DR0 - ok
09:55:15.0639 0x17a4 ================ Scan VBR ==================================
09:55:15.0649 0x17a4 [ AC3F64BF335A44CC7222D4C2A19002D0 ] \Device\Harddisk0\DR0\Partition1
09:55:15.0649 0x17a4 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
09:55:15.0649 0x17a4 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
09:55:15.0659 0x17a4 [ 043101663774E869C1BCB9508EDD43F1 ] \Device\Harddisk0\DR0\Partition2
09:55:15.0669 0x17a4 \Device\Harddisk0\DR0\Partition2 - ok
09:55:15.0669 0x17a4 [ 1D1077A86F92C7F9AA9635B3BBE17D3A ] \Device\Harddisk0\DR0\Partition3
09:55:15.0679 0x17a4 \Device\Harddisk0\DR0\Partition3 - ok
09:55:15.0709 0x17a4 [ EE5049425E0028B6FBA80D41E309EDC0 ] \Device\Harddisk0\DR0\Partition4
09:55:15.0709 0x17a4 \Device\Harddisk0\DR0\Partition4 - ok


After TDSSKILLER finished, I rebooted the system. Only then did I dare try connecting to the network to see if the symptoms (iexplorer.exe processes) would return. 10 hours later, they still have not, so I am feeling fairly confident of having stumbled into a fix.

Based on this, I will withdraw my request for help and ask that this case be closed. Thank you very much, though, for the help. It was only after learning that there was a 5 day backlog that I started reading up on rootkits and I chose to try TDSSKILLER after reading about a case similar to mine where it had worked.


I am not the person who normally uses this laptop and it is not clear how this situation arose in the first place. However, I believe they received a flurry of frightening messages that may have caused them to click "OK" a few times when they should not have.

Regards and thanks for this great collection of information.

mwamateur
 
I was checking on this problem other places, and found some interesting information. Other people with this particular problem have made the observation that the rogue Iexplore processes only happen when connected to the internet via wireless (WiFi only, not when hard-wired). I checked this on my computer, and verified that yes, that is the case.
Click to expand...
OK, let me see if I understand.

You have no extra IE processes if your not connected to WiFi?
I was checking for background services that might use IE to do what they call "call home"

~~~~
We can have you run TDSSKiller too.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application
    tdss%20start.JPG

  • Then click on Change parameters.

    tdss%20Change%20param.JPG

  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss%20threat.JPG

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    tdss%20report.JPG

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.



A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
Juliet said:
OK, let me see if I understand.

You have no extra IE processes if your not connected to WiFi?
Click to expand...


Well.... that's what it acted like, until I just got it with WiFi shut off and on a hard line connection. I thought I had located a good clue as to the source of the problem, but it's not acting that way now. Maybe a variant of what the other person had???

Do you still want me to run TDSSKiller, or should I hold on that?
 
I Ran TDSSKiller. The only thing it found was a driver for a portable page scanner that I returned (Visioneer Road Warrior 3). Here's the log file:

21:45:18.0535 0x2ff8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:45:43.0800 0x2ff8 ============================================================
21:45:43.0800 0x2ff8 Current date / time: 2015/02/25 21:45:43.0800
21:45:43.0800 0x2ff8 SystemInfo:
21:45:43.0800 0x2ff8
21:45:43.0800 0x2ff8 OS Version: 6.1.7601 ServicePack: 1.0
21:45:43.0800 0x2ff8 Product type: Workstation
21:45:43.0801 0x2ff8 ComputerName: ELSERVICE13
21:45:43.0801 0x2ff8 UserName: Henry
21:45:43.0801 0x2ff8 Windows directory: C:\Windows
21:45:43.0801 0x2ff8 System windows directory: C:\Windows
21:45:43.0801 0x2ff8 Running under WOW64
21:45:43.0801 0x2ff8 Processor architecture: Intel x64
21:45:43.0801 0x2ff8 Number of processors: 8
21:45:43.0801 0x2ff8 Page size: 0x1000
21:45:43.0801 0x2ff8 Boot type: Normal boot
21:45:43.0801 0x2ff8 ============================================================
21:45:50.0193 0x2ff8 KLMD registered as C:\Windows\system32\drivers\53617272.sys
21:45:50.0517 0x2ff8 System UUID: {95FE5133-F7DA-3D54-FF6A-4340E6870587}
21:45:51.0052 0x2ff8 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:45:51.0070 0x2ff8 ============================================================
21:45:51.0070 0x2ff8 \Device\Harddisk0\DR0:
21:45:51.0070 0x2ff8 MBR partitions:
21:45:51.0070 0x2ff8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1777000
21:45:51.0070 0x2ff8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x178B000, BlocksNum 0x72F7B000
21:45:51.0070 0x2ff8 ============================================================
21:45:51.0116 0x2ff8 C: <-> \Device\Harddisk0\DR0\Partition2
21:45:51.0117 0x2ff8 ============================================================
21:45:51.0117 0x2ff8 Initialize success
21:45:51.0117 0x2ff8 ============================================================
21:46:03.0129 0x2d38 ============================================================
21:46:03.0129 0x2d38 Scan started
21:46:03.0129 0x2d38 Mode: Manual; SigCheck; TDLFS;
21:46:03.0129 0x2d38 ============================================================
21:46:03.0129 0x2d38 KSN ping started
21:46:05.0840 0x2d38 KSN ping finished: true
21:46:07.0843 0x2d38 ================ Scan system memory ========================
21:46:07.0843 0x2d38 System memory - ok
21:46:07.0844 0x2d38 ================ Scan services =============================
21:46:08.0342 0x2d38 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:46:08.0477 0x2d38 1394ohci - ok
21:46:08.0500 0x2d38 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:46:08.0519 0x2d38 ACPI - ok
21:46:08.0526 0x2d38 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:46:08.0591 0x2d38 AcpiPmi - ok
21:46:08.0694 0x2d38 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:46:08.0707 0x2d38 AdobeARMservice - ok
21:46:09.0192 0x2d38 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:46:09.0207 0x2d38 AdobeFlashPlayerUpdateSvc - ok
21:46:09.0268 0x2d38 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:46:09.0290 0x2d38 adp94xx - ok
21:46:09.0308 0x2d38 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:46:09.0326 0x2d38 adpahci - ok
21:46:09.0337 0x2d38 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:46:09.0359 0x2d38 adpu320 - ok
21:46:09.0379 0x2d38 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:46:09.0489 0x2d38 AeLookupSvc - ok
21:46:09.0545 0x2d38 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
21:46:09.0586 0x2d38 AFD - ok
21:46:09.0592 0x2d38 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
21:46:09.0608 0x2d38 agp440 - ok
21:46:09.0619 0x2d38 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
21:46:09.0648 0x2d38 ALG - ok
21:46:09.0692 0x2d38 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
21:46:09.0706 0x2d38 aliide - ok
21:46:09.0735 0x2d38 [ 7FE5CA98F71699F728972AA8BA03EC22, 6C9A122281C66F657887712E0AC2BD8263B46A45ECF972DAFE080B77E24C96C1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:46:09.0791 0x2d38 AMD External Events Utility - ok
21:46:09.0804 0x2d38 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
21:46:09.0818 0x2d38 amdide - ok
21:46:09.0862 0x2d38 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:46:09.0888 0x2d38 AmdK8 - ok
21:46:10.0476 0x2d38 [ 83508FB41256A868CECEB9A35E767DE8, 6B2254B139643DB8D6BBBCF25E6D9BDDDB68417346D6F7583FF8203182702D3F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:10.0985 0x2d38 amdkmdag - ok
21:46:11.0045 0x2d38 [ B8AE73945B29A4B8ABCADCB20C36EFBA, 65FCE35D6F6081B1AEC41DC38AC215582942F6849DEE3B5EEF517DEAF99BDA32 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:46:11.0076 0x2d38 amdkmdap - ok
21:46:11.0087 0x2d38 [ EF4680F07516F6D61F6E0BA1D34B3A3A, C367B323B26CF56AA6260E41129AE5F2DC97CFD0A9D984D9D5C051BE61ACD247 ] amdkmpfd C:\Windows\system32\DRIVERS\amdkmpfd.sys
21:46:11.0101 0x2d38 amdkmpfd - ok
21:46:11.0105 0x2d38 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:46:11.0119 0x2d38 AmdPPM - ok
21:46:11.0125 0x2d38 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:46:11.0139 0x2d38 amdsata - ok
21:46:11.0147 0x2d38 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:46:11.0164 0x2d38 amdsbs - ok
21:46:11.0179 0x2d38 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:46:11.0191 0x2d38 amdxata - ok
21:46:11.0239 0x2d38 [ 4D8EBB1749651A5BAF59EB89878B2EE4, EE1DE79F078D60978219EEECB29520D6BC035D69A3D5C86C232BA1B92F55577D ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
21:46:11.0252 0x2d38 AnyDVD - ok
21:46:11.0382 0x2d38 [ 02C7FFB7791AC5B0A2A5EBA5E01F18CA, FE07FC0417F7BC7A5F36A14FC717C17EA12236C400D51A0B3165CF604AEFFFBF ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:46:11.0404 0x2d38 ApfiltrService - ok
21:46:11.0466 0x2d38 [ 39E327BC1E1FB314E1C3960B68A25DF5, 1C508FB786C7CC16A8C90312EC184A137D3C54B1E9AD3D8D072E40D2AFCF1C24 ] ApHidMonitorService C:\Program Files\DellTPad\HidMonitorSvc.exe
21:46:11.0475 0x2d38 ApHidMonitorService - ok
21:46:11.0482 0x2d38 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
21:46:12.0057 0x2d38 AppID - ok
21:46:12.0074 0x2d38 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:46:12.0119 0x2d38 AppIDSvc - ok
21:46:12.0159 0x2d38 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
21:46:12.0184 0x2d38 Appinfo - ok
21:46:12.0251 0x2d38 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
21:46:12.0281 0x2d38 AppMgmt - ok
21:46:12.0293 0x2d38 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
21:46:12.0309 0x2d38 arc - ok
21:46:12.0316 0x2d38 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:46:12.0333 0x2d38 arcsas - ok
21:46:12.0395 0x2d38 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:46:12.0414 0x2d38 aspnet_state - ok
21:46:12.0433 0x2d38 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:12.0484 0x2d38 AsyncMac - ok
21:46:12.0508 0x2d38 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
21:46:12.0522 0x2d38 atapi - ok
21:46:12.0582 0x2d38 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:46:12.0639 0x2d38 AudioEndpointBuilder - ok
21:46:12.0666 0x2d38 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:46:12.0704 0x2d38 AudioSrv - ok
21:46:12.0727 0x2d38 [ 54FE1CAFA3B3029B282E6A05EA672031, E972B8A22322FF06903A1E3AB20585E02A21C3A6EA9A75C172231494A08D14D1 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
21:46:12.0744 0x2d38 Avgdiska - ok
21:46:12.0938 0x2d38 [ 225B28E9303D375314C744AE181DF95F, 6BC8F19F6B4D901661022CD8F4EA90A8F1895B6B3BD1225B3708E2CBDCAB8D50 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
21:46:13.0080 0x2d38 AVGIDSAgent - ok
21:46:13.0185 0x2d38 [ A3124AC9C0AF30ABD000A7CB5779C101, 1719EE6986FC29EE4EA383B2DAF4CAF9C1E70A1F547F75F8D51EDA027D3E5236 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:46:13.0211 0x2d38 AVGIDSDriver - ok
21:46:13.0268 0x2d38 [ 68070AEEE757ACC6EC5BC291B1E8EA1A, 8A4902CE6F4696F33CD6CF98F96FDA7895B99A676916F3137CF34192AF3C25A4 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:46:13.0295 0x2d38 AVGIDSHA - ok
21:46:13.0330 0x2d38 [ 7C9E8FD2BFCE60BDF9B5944C0BE47C87, 0F51507BAECDEF7B6F553066621A03832FF070EC6837A8E304AABA1227F779BF ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:46:13.0363 0x2d38 Avgldx64 - ok
21:46:13.0419 0x2d38 [ 734DCC05A7F327FDCE43A18BA011FD4E, E5245314E60D86911A6A9FC1FE4A0C0D0284D972CE642C28B9B1A43D1553AFA5 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
21:46:13.0451 0x2d38 Avgloga - ok
21:46:13.0504 0x2d38 [ B4D589C734D796B5B76E0A0E5DA50397, CACAB2C0D01583CEB55C62334A4E9BB46A2E399BE9B7EDC988AEC785DF1FCC1C ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:46:13.0524 0x2d38 Avgmfx64 - ok
21:46:13.0570 0x2d38 [ 3CE824D46BA1871713ABF147E6BAD556, B4D8AFC388BE06D6E3C5CDC865F80FF101E731E1D2B221FFC6C1E28487E1B3CD ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:46:13.0587 0x2d38 Avgrkx64 - ok
21:46:13.0611 0x2d38 [ 0BB7ECAC81554D83A66A0B9F961BB9D0, BBCE86FE8980E06F5A92E8636D6D3F2FD7B6EF7DB999BBEB0E68A5FCB220EDC9 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:46:13.0639 0x2d38 Avgtdia - ok
21:46:13.0660 0x2d38 [ 2B38C7E964FA19A298D04CA177FF8B6F, B233B6AD03217AD72A8F4253FDCF182E6007B5D28178F38BDCACBC16BD69D0CB ] avgwd C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
21:46:13.0690 0x2d38 avgwd - ok
21:46:13.0782 0x2d38 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:46:13.0832 0x2d38 AxInstSV - ok
21:46:13.0869 0x2d38 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:46:13.0896 0x2d38 b06bdrv - ok
21:46:13.0919 0x2d38 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:46:13.0976 0x2d38 b57nd60a - ok
21:46:14.0020 0x2d38 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
21:46:14.0050 0x2d38 BDESVC - ok
21:46:14.0063 0x2d38 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
21:46:14.0101 0x2d38 Beep - ok
21:46:14.0145 0x2d38 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
21:46:14.0187 0x2d38 BFE - ok
21:46:14.0256 0x2d38 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
21:46:14.0342 0x2d38 BITS - ok
21:46:14.0348 0x2d38 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:46:14.0363 0x2d38 blbdrive - ok
21:46:14.0479 0x2d38 [ FEFF60CA0FBC86A043495FA79581CEA9, E8C4762AB9168C59DE6BABF6CEF5D02918D79F255FA86E7EA4324384C91733D0 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:46:14.0514 0x2d38 Bluetooth Device Monitor - ok
21:46:14.0648 0x2d38 [ F6234C4C494D411DEE452483C866EFC8, 9F12A93D9DDF2D436900447B64855549866B8E895128B1A9BE9717ED77F722F7 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:46:14.0694 0x2d38 Bluetooth Media Service - ok
21:46:14.0749 0x2d38 [ 075D93A7094E1BCBDE3A2D8EBA803745, 9E141EB26358D5B526D30A224DBF4EBE00EFAA19A78A22881AAF5E51C20DBED6 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:46:14.0784 0x2d38 Bluetooth OBEX Service - ok
21:46:14.0828 0x2d38 [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:46:14.0851 0x2d38 Bonjour Service - ok
21:46:14.0867 0x2d38 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:46:14.0897 0x2d38 bowser - ok
21:46:14.0905 0x2d38 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:46:14.0923 0x2d38 BrFiltLo - ok
21:46:14.0930 0x2d38 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:46:14.0950 0x2d38 BrFiltUp - ok
21:46:14.0973 0x2d38 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:46:15.0055 0x2d38 BridgeMP - ok
21:46:15.0118 0x2d38 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
21:46:15.0178 0x2d38 Browser - ok
21:46:15.0214 0x2d38 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:46:15.0243 0x2d38 Brserid - ok
21:46:15.0260 0x2d38 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:46:15.0281 0x2d38 BrSerWdm - ok
21:46:15.0300 0x2d38 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:46:15.0337 0x2d38 BrUsbMdm - ok
21:46:15.0342 0x2d38 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:46:15.0366 0x2d38 BrUsbSer - ok
21:46:15.0384 0x2d38 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:46:15.0413 0x2d38 BthEnum - ok
21:46:15.0428 0x2d38 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:46:15.0452 0x2d38 BTHMODEM - ok
21:46:15.0466 0x2d38 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:46:15.0523 0x2d38 BthPan - ok
21:46:15.0583 0x2d38 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:46:15.0618 0x2d38 BTHPORT - ok
21:46:15.0686 0x2d38 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
21:46:15.0738 0x2d38 bthserv - ok
21:46:15.0753 0x2d38 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:46:15.0772 0x2d38 BTHUSB - ok
21:46:15.0797 0x2d38 [ 4E10213D463B3AC9D003980398A16F01, F04CC0693006E5A8336A358F1E31C239EB3CED5D4487CD1F95F75C43A6BAFEC4 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
21:46:15.0811 0x2d38 btmaux - ok
21:46:15.0880 0x2d38 [ C446E06887B7064B204E7778C4A4D192, DB3F26C76D0380FAB4F324D9E0E3DF790B294A1FB9B271004130E50E8F7E69F1 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
21:46:15.0941 0x2d38 btmhsf - ok
21:46:15.0995 0x2d38 catchme - ok
21:46:16.0032 0x2d38 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:46:16.0165 0x2d38 cdfs - ok
21:46:16.0184 0x2d38 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:46:16.0205 0x2d38 cdrom - ok
21:46:16.0249 0x2d38 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
21:46:16.0300 0x2d38 CertPropSvc - ok
21:46:16.0305 0x2d38 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
21:46:16.0327 0x2d38 circlass - ok
21:46:16.0353 0x2d38 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
21:46:16.0379 0x2d38 CLFS - ok
21:46:16.0464 0x2d38 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:16.0482 0x2d38 clr_optimization_v2.0.50727_32 - ok
21:46:16.0520 0x2d38 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:46:16.0551 0x2d38 clr_optimization_v2.0.50727_64 - ok
21:46:16.0765 0x2d38 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:46:16.0780 0x2d38 clr_optimization_v4.0.30319_32 - ok
21:46:16.0814 0x2d38 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:46:16.0828 0x2d38 clr_optimization_v4.0.30319_64 - ok
21:46:16.0885 0x2d38 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:46:16.0899 0x2d38 CmBatt - ok
21:46:16.0918 0x2d38 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:46:16.0929 0x2d38 cmdide - ok
21:46:16.0993 0x2d38 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
21:46:17.0020 0x2d38 CNG - ok
21:46:17.0040 0x2d38 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:46:17.0051 0x2d38 Compbatt - ok
21:46:17.0058 0x2d38 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:46:17.0089 0x2d38 CompositeBus - ok
21:46:17.0092 0x2d38 COMSysApp - ok
21:46:17.0734 0x2d38 [ 9B91E372C494ED0E2CEC9A6478605A5D, 0B806C84B231A5586DA36180AD1D81E1CDC3CA7585954E139E9535F3DCF2F3E0 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:46:17.0777 0x2d38 cphs - ok
21:46:17.0868 0x2d38 cpuz134 - ok
21:46:17.0876 0x2d38 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:46:17.0886 0x2d38 crcdisk - ok
21:46:17.0991 0x2d38 [ 5A0A034F89061A8336CD54111CC381DB, A8AB4528C006131CD366714EBEC190270A04D625C2F733954F253AFC6A3A605A ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
21:46:18.0037 0x2d38 Credential Vault Host Control Service - ok
21:46:18.0051 0x2d38 [ 9B578ED25F4F3E91DD71353F24578D57, 46BFAC2383101718D8A51AF4988308599F60F12C02626A1185B991A3EBC3A54E ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
21:46:18.0062 0x2d38 Credential Vault Host Storage - ok
21:46:18.0098 0x2d38 [ C82FFA9188ECB7818449643E55DD7C5D, AE79F9A71BF174DD4F7E823B7849DAB6CE90CEABC994DB924B61E4DBA73CB2D2 ] CredFltL C:\Windows\system32\DRIVERS\CredFltL.sys
21:46:18.0111 0x2d38 CredFltL - ok
21:46:18.0140 0x2d38 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:46:18.0182 0x2d38 CryptSvc - ok
21:46:18.0214 0x2d38 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
21:46:18.0261 0x2d38 CSC - ok
21:46:18.0305 0x2d38 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
21:46:18.0351 0x2d38 CscService - ok
21:46:18.0358 0x2d38 [ F85BC7EDA17B871BC0898438319787AF, B982063BD4097765953DF277B81E04F7775F27F95DE3DFB5D7D9498594CBD08C ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
21:46:18.0371 0x2d38 cvusbdrv - ok
21:46:18.0394 0x2d38 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:46:18.0476 0x2d38 DcomLaunch - ok
21:46:18.0518 0x2d38 [ B56714DED87E29377F1EE930691DADA2, B3C3BC4F546A786A93823C1471D560BF678A9C95237065E3B99B2B80E6C28131 ] DDDriver C:\Windows\system32\drivers\DDDriver64Dcsa.sys
21:46:18.0530 0x2d38 DDDriver - ok
21:46:18.0575 0x2d38 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
21:46:18.0636 0x2d38 defragsvc - ok
21:46:18.0697 0x2d38 [ AB33E055B5941276B78C754B8A3A7CFA, EEA4AC0964086919207CC3AE7D80F4381BA22CA8E5F3FF460256D77D2086C48E ] Dell Foundation Services C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
21:46:18.0722 0x2d38 Dell Foundation Services - ok
21:46:18.0726 0x2d38 Dell.CommandPowerManager.Service - ok
21:46:18.0852 0x2d38 [ 08A2D0B5E1F4CB9E449DB2FA5A253A66, C40F5EFA617C3EDFEC363F2ABB154093DF565E2F7B52D749D42C29D108C1AC88 ] DellDataVault C:\Program Files\Dell\DellDataVault\DellDataVault.exe
21:46:19.0003 0x2d38 DellDataVault - ok
21:46:19.0033 0x2d38 [ ECBC33C3106FDA2B4B2DBFBAC2EA87B7, 9CE15F4899B415556D96239B86D97AF77DB22EFD1CF5F441B7178C2CA85D34D9 ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
21:46:19.0052 0x2d38 DellDataVaultWiz - ok
21:46:19.0064 0x2d38 [ EA26A4A4EFF6F5677C8745D274E23913, 32B9CB58B34E23126E18CFB5AA75AEC2EF1D5A8A7ACBCBEF4B3ACCB20FD1B8C4 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
21:46:19.0081 0x2d38 DellDigitalDelivery - ok
21:46:19.0158 0x2d38 [ 5461CF7CDE4EB6D912721FA73B1B98B1, 43FCDF3D92AACC050B8400867D291191DDC7FA391F30C313FDF918AEAAE2E6B2 ] DellMgmtAgent C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
21:46:19.0178 0x2d38 DellMgmtAgent - ok
21:46:19.0183 0x2d38 [ 7E9271E255162E725DB929F1487F5EE7, AB781AF9435EE98D5141E7D57B659465E2CD614ED5EFAAC06CC61FA366D062EC ] DellMgmtLoader C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
21:46:19.0194 0x2d38 DellMgmtLoader - ok
21:46:19.0204 0x2d38 [ 95CFA0A0A4DA659A4B172C0DC8978539, 59FB9997117C534D4645923DBFD06B8FD77A2342921127667893752D5C24ED9F ] DellMgmtServer C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
21:46:19.0215 0x2d38 DellMgmtServer - ok
21:46:19.0226 0x2d38 [ 66C87079CFCB61B650086802693114E0, B1EE411DF69BB98D5D9FA2D88C4C9FE1E4877FD8BBF572C3F444C90576ED0724 ] DellProf C:\Windows\system32\drivers\DellProf.sys
21:46:19.0239 0x2d38 DellProf - ok
21:46:19.0259 0x2d38 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:46:19.0324 0x2d38 DfsC - ok
21:46:19.0378 0x2d38 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:46:19.0416 0x2d38 Dhcp - ok
21:46:19.0435 0x2d38 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
21:46:19.0486 0x2d38 discache - ok
21:46:19.0532 0x2d38 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
21:46:19.0585 0x2d38 Disk - ok
21:46:19.0606 0x2d38 [ EA30E307C7597CD63FD80789381AA7EE, 0E9A9A3ECD1263BB70295BE2A2D1D215B22740EC4EECB2EBA0B03B70AED3AB9C ] DLABMFSE C:\Windows\system32\Drivers\DLABMFSE.SYS
21:46:19.0615 0x2d38 DLABMFSE - ok
21:46:19.0631 0x2d38 [ 1D393BA0B3E3CD9C104CB38FF72FBE95, EDAD19EBD00511E0CDFE70FCC981A7A6FABFFE167897DEC1444E1EFF6119029A ] DLABOIOE C:\Windows\system32\Drivers\DLABOIOE.SYS
21:46:19.0640 0x2d38 DLABOIOE - ok
21:46:19.0657 0x2d38 [ 2575C3CA7C51B9D14A3ABFC622C9E6C7, 1731C33FDAB7424A35F934B98B451427054A0FA779EB1B9160A0E812AEED3F0A ] DLACDBHE C:\Windows\system32\Drivers\DLACDBHE.SYS
21:46:19.0667 0x2d38 DLACDBHE - ok
21:46:19.0680 0x2d38 [ 5DDF633063FF1FEE3DC0237080067E4A, D3DAE4931B4EAD2D778D6DBAA30571134DADC185280EF20825C21D53AC13D37C ] DLADResE C:\Windows\system32\Drivers\DLADResE.SYS
21:46:19.0689 0x2d38 DLADResE - ok
21:46:19.0702 0x2d38 [ 431F127D564ABADE3AC737B4575C6B9C, 182C7D80A6FC07EABACA7FC0AFC62A64C136D2D7DB11958CAE675BA442B58F91 ] DLAIFS_E C:\Windows\system32\Drivers\DLAIFS_E.SYS
21:46:19.0713 0x2d38 DLAIFS_E - ok
21:46:19.0738 0x2d38 [ EC379D9C31DD6597CFDF97DB44C3B370, 7F5A9704FBEB712A5E9A086E20343DA9ED14C1746D79C388CFF84CBA7B6D7754 ] DLAOPIOE C:\Windows\system32\Drivers\DLAOPIOE.SYS
21:46:19.0748 0x2d38 DLAOPIOE - ok
21:46:19.0759 0x2d38 [ 4F64A963E4213FC83943B8D6E6C4C5C6, FBCC1B7FAEA93D92477FBED10154A014B3526742ECE2205D524747B2F2E7A4A3 ] DLAPoolE C:\Windows\system32\Drivers\DLAPoolE.SYS
21:46:19.0767 0x2d38 DLAPoolE - ok
21:46:19.0775 0x2d38 [ 6D818721DD4A5E86683CC4BC5FD447FB, F65983642986D29700627843E9820DD673045B95044CE7FFE123AAC24D7A17B1 ] DLARTL_E C:\Windows\system32\Drivers\DLARTL_E.SYS
21:46:19.0784 0x2d38 DLARTL_E - ok
21:46:19.0791 0x2d38 [ 3ADEF2CF78438F74035F5D1248204124, 69F5B9B1A395407472D717B9729A37C2C7E99AAF75BB2F02501E88718BEE408C ] DLAUDFAE C:\Windows\system32\Drivers\DLAUDFAE.SYS
21:46:19.0803 0x2d38 DLAUDFAE - ok
21:46:19.0860 0x2d38 [ ADF79D03473E320788EC0F2CFF3091D4, 09078CB9F5A0450584DF4920F72E19EFEF303C48673168BF34BD19687CD752D3 ] DLAUDF_E C:\Windows\system32\Drivers\DLAUDF_E.SYS
21:46:19.0872 0x2d38 DLAUDF_E - ok
21:46:19.0901 0x2d38 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:46:19.0932 0x2d38 dmvsc - ok
21:46:19.0954 0x2d38 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:46:19.0987 0x2d38 Dnscache - ok
21:46:20.0018 0x2d38 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
21:46:20.0071 0x2d38 dot3svc - ok
21:46:20.0135 0x2d38 [ 4B235DC5019D66670E5A53284CA6CCBC, 3573FD68128E298E78B01F50DD33B93C46D05C84AC2654E6F8496C6A73774EE3 ] DpHost C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
21:46:20.0154 0x2d38 DpHost - ok
21:46:20.0176 0x2d38 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
21:46:20.0222 0x2d38 DPS - ok
21:46:20.0240 0x2d38 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:46:20.0292 0x2d38 drmkaud - ok
21:46:20.0309 0x2d38 [ 0E0C5B8768CFB27A513FE8528A291EF9, 6FE26740D63C1289E90A1593A0337DBDF1E2F96F851BDCBA11425CE2E9026B61 ] DRVECDB C:\Windows\system32\Drivers\DRVECDB.SYS
21:46:20.0321 0x2d38 DRVECDB - ok
21:46:20.0337 0x2d38 [ FBF2605C90BD04C3B625A67961EEABB6, E42363221D3124AC46B5CB9971DEB614F0651EB0A534816F6DBBD94D8AE74F4E ] DRVEDDM C:\Windows\system32\Drivers\DRVEDDM.SYS
21:46:20.0346 0x2d38 DRVEDDM - ok
21:46:20.0459 0x2d38 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:46:20.0491 0x2d38 DXGKrnl - ok
21:46:20.0553 0x2d38 [ C47C212490AE1C2AB4A34A40C39485B4, 1B739D8F5BA344F14C78B547ABE281EEE13916D976A7E97B39A9E779D198B9E3 ] e1dexpress C:\Windows\system32\DRIVERS\e1d62x64.sys
21:46:20.0576 0x2d38 e1dexpress - ok
21:46:20.0600 0x2d38 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
21:46:20.0637 0x2d38 EapHost - ok
21:46:20.0758 0x2d38 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:46:20.0923 0x2d38 ebdrv - ok
21:46:20.0938 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
21:46:20.0970 0x2d38 EFS - ok
21:46:21.0052 0x2d38 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:46:21.0116 0x2d38 ehRecvr - ok
21:46:21.0124 0x2d38 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
21:46:21.0145 0x2d38 ehSched - ok
21:46:21.0170 0x2d38 [ BDD265EEB37DF5953A547FE412E2472F, 17EB4FD54D62207937F8CA7454837DBF1EEC867AEDAF201FC2E839A3ED357F4F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
21:46:21.0183 0x2d38 ElbyCDIO - ok
21:46:21.0218 0x2d38 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:46:21.0251 0x2d38 elxstor - ok
21:46:21.0284 0x2d38 [ 8470CEC3C8BB1418687AD3ADED13845D, 107F8F36AB7D3BF8E15EF6EC1BC6A95FE33827B3F281C3B481A5AE8A962EADAC ] Emc.Captiva.WebCaptureService C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
21:46:21.0296 0x2d38 Emc.Captiva.WebCaptureService - ok
21:46:21.0306 0x2d38 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:46:21.0341 0x2d38 ErrDev - ok
21:46:21.0372 0x2d38 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
21:46:21.0448 0x2d38 EventSystem - ok
21:46:21.0498 0x2d38 [ BF220856C02DF9AB74786BE92246A0E1, 9F35F4A08967634206B965BF94469380C0ACCF8A6C973E90ED85ECECF284CE34 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:46:21.0532 0x2d38 EvtEng - ok
21:46:21.0543 0x2d38 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
21:46:21.0602 0x2d38 exfat - ok
21:46:21.0628 0x2d38 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:46:21.0684 0x2d38 fastfat - ok
21:46:21.0732 0x2d38 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
21:46:21.0778 0x2d38 Fax - ok
21:46:21.0792 0x2d38 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
21:46:21.0824 0x2d38 fdc - ok
21:46:21.0828 0x2d38 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
21:46:21.0888 0x2d38 fdPHost - ok
21:46:21.0894 0x2d38 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
21:46:21.0944 0x2d38 FDResPub - ok
21:46:21.0950 0x2d38 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:46:21.0965 0x2d38 FileInfo - ok
21:46:21.0979 0x2d38 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:46:22.0029 0x2d38 Filetrace - ok
21:46:22.0044 0x2d38 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:46:22.0062 0x2d38 flpydisk - ok
21:46:22.0085 0x2d38 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:46:22.0107 0x2d38 FltMgr - ok
21:46:22.0164 0x2d38 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
21:46:22.0235 0x2d38 FontCache - ok
21:46:22.0257 0x2d38 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:46:22.0271 0x2d38 FontCache3.0.0.0 - ok
21:46:22.0279 0x2d38 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:46:22.0295 0x2d38 FsDepends - ok
21:46:22.0309 0x2d38 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:46:22.0323 0x2d38 Fs_Rec - ok
21:46:22.0363 0x2d38 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:46:22.0387 0x2d38 fvevol - ok
21:46:22.0411 0x2d38 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:46:22.0423 0x2d38 gagp30kx - ok
21:46:22.0513 0x2d38 [ 12CD74D8F037AE10E03C2415EFF59EF5, EDE7187DC57010119A46730B63EAF1548E3BDC170D375568880478AB36340726 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
21:46:22.0533 0x2d38 Garmin Core Update Service - ok
21:46:22.0627 0x2d38 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
21:46:22.0678 0x2d38 gpsvc - ok
21:46:22.0733 0x2d38 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:46:22.0759 0x2d38 gupdate - ok
21:46:22.0767 0x2d38 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:46:22.0778 0x2d38 gupdatem - ok
21:46:22.0783 0x2d38 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:46:22.0798 0x2d38 hcw85cir - ok
21:46:22.0857 0x2d38 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:46:22.0882 0x2d38 HdAudAddService - ok
21:46:22.0937 0x2d38 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:46:22.0953 0x2d38 HDAudBus - ok
21:46:22.0965 0x2d38 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:46:22.0991 0x2d38 HidBatt - ok
21:46:23.0008 0x2d38 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:46:23.0024 0x2d38 HidBth - ok
21:46:23.0042 0x2d38 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
21:46:23.0057 0x2d38 HidIr - ok
21:46:23.0107 0x2d38 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
21:46:23.0141 0x2d38 hidserv - ok
21:46:23.0178 0x2d38 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:46:23.0219 0x2d38 HidUsb - ok
21:46:23.0244 0x2d38 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:46:23.0307 0x2d38 hkmsvc - ok
21:46:23.0339 0x2d38 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:46:23.0384 0x2d38 HomeGroupListener - ok
21:46:23.0412 0x2d38 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:46:23.0436 0x2d38 HomeGroupProvider - ok
21:46:23.0442 0x2d38 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:46:23.0454 0x2d38 HpSAMD - ok
21:46:23.0485 0x2d38 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:46:23.0545 0x2d38 HTTP - ok
21:46:23.0560 0x2d38 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:46:23.0569 0x2d38 hwpolicy - ok
21:46:23.0608 0x2d38 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:46:23.0647 0x2d38 i8042prt - ok
21:46:23.0690 0x2d38 [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
21:46:23.0727 0x2d38 iaStorA - ok
21:46:23.0746 0x2d38 [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:46:23.0758 0x2d38 IAStorDataMgrSvc - ok
21:46:23.0776 0x2d38 [ C018747131B4E90E9267BA5B31EB43A7, 0FA045B63500D6AA98CADD72BA8052BD2631387FD1270A9FD5A77EB7A7A14536 ] iaStorF C:\Windows\system32\drivers\iaStorF.sys
21:46:23.0789 0x2d38 iaStorF - ok
21:46:23.0818 0x2d38 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:46:23.0846 0x2d38 iaStorV - ok
21:46:23.0891 0x2d38 [ C42FA2C2CB77604E94530E0A8560FA99, BA84B88C1D3951E4D10D9A783090B72261FD9825F8003DDD01716D4E0A8EED09 ] iBtSiva C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
21:46:23.0907 0x2d38 iBtSiva - ok
21:46:23.0918 0x2d38 [ 0316165998C74A0C109D5943F0027925, 91093906A100DD3FDC635AF8274910DB4BCEA10D6A003702786246D208CC4BBB ] ibtusb C:\Windows\system32\DRIVERS\ibtusb.sys
21:46:23.0937 0x2d38 ibtusb - ok
21:46:24.0028 0x2d38 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:46:24.0091 0x2d38 idsvc - ok
21:46:24.0096 0x2d38 IEEtwCollectorService - ok
21:46:24.0316 0x2d38 [ 623DB9620F552B480690AD882AFACED1, F44039122CF6001CB40A4032D3C108D9A83F06FC700A5B47D83EF605F83C9D2F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:46:24.0720 0x2d38 igfx - ok
21:46:24.0764 0x2d38 [ 8283E1A55FF84ECAA4371890C6B83778, 2F932E554691877AEEA269A527ED451A205DBEDC1BB344A1AA3AE03F2D22FC70 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
21:46:24.0788 0x2d38 igfxCUIService1.0.0.0 - ok
21:46:24.0826 0x2d38 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:46:24.0841 0x2d38 iirsp - ok
21:46:24.0904 0x2d38 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
21:46:24.0963 0x2d38 IKEEXT - ok
21:46:24.0997 0x2d38 [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:46:25.0030 0x2d38 intaud_WaveExtensible - ok
21:46:25.0126 0x2d38 [ D2B9E3E977B57E783D48A6593A5BD000, C159BAAB4A54AD8F7719719A66458B2BA3F96635B71486475077F82C4549C544 ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
21:46:25.0224 0x2d38 IntcAzAudAddService - ok
21:46:25.0292 0x2d38 [ 890144FA6AB42F2B54EE633BF96A019A, 8741904C66170BA11C78D31681E3759537C0BF2338538678BC64234DB8FDE93F ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:46:25.0311 0x2d38 IntcDAud - ok
21:46:25.0432 0x2d38 [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:46:25.0491 0x2d38 Intel(R) Capability Licensing Service TCP IP Interface - ok
21:46:25.0524 0x2d38 [ 98D8094CC724D751E8EC3B2B3446FAA3, DC88496C0D92B4BCCD71467DE3C5D346DF9B5A27BAE703FF53168A284D2F64A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
21:46:25.0576 0x2d38 Intel(R) PROSet Monitoring Service - ok
21:46:25.0627 0x2d38 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
21:46:25.0638 0x2d38 intelide - ok
21:46:25.0682 0x2d38 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:46:25.0702 0x2d38 intelppm - ok
21:46:25.0745 0x2d38 [ 2D680A69BBBAA7D7F0469D7B0CD7EE91, 653740ECFE873EE6FB11AE944A9C20B37A53EDC1B03F78F552CF430B68086827 ] InvProtectDrv C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys
21:46:25.0755 0x2d38 InvProtectDrv - ok
21:46:25.0831 0x2d38 [ 9CD310FBD9B81D1CF15E51BB6DE4A549, 59002A12AB346B89CCA8A87C7CAF0ACFE29DCB56AE7733C3928AA054E68B5408 ] InvProtectSvc C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
21:46:25.0921 0x2d38 InvProtectSvc - ok
21:46:25.0948 0x2d38 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:46:26.0001 0x2d38 IPBusEnum - ok
21:46:26.0011 0x2d38 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:26.0063 0x2d38 IpFilterDriver - ok
21:46:26.0087 0x2d38 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:46:26.0146 0x2d38 iphlpsvc - ok
21:46:26.0162 0x2d38 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:46:26.0176 0x2d38 IPMIDRV - ok
21:46:26.0182 0x2d38 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:46:26.0220 0x2d38 IPNAT - ok
21:46:26.0234 0x2d38 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:46:26.0256 0x2d38 IRENUM - ok
21:46:26.0260 0x2d38 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:46:26.0269 0x2d38 isapnp - ok
21:46:26.0298 0x2d38 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:46:26.0314 0x2d38 iScsiPrt - ok
21:46:26.0351 0x2d38 [ 5C9B001D8970C2DA36254A916F3DA8F7, 625AC5C3DFAE52BD34EC3F93742D1D2C229785E4F0F3484CFB7B8728A1C830DF ] iumsvc C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
21:46:26.0364 0x2d38 iumsvc - ok
21:46:26.0375 0x2d38 [ 83E5C169258459BC8D069C08106E6779, 1D5441EA2779CFC5A93A1372A7C34CD968A75D58A71107858468A1640721F47E ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:46:26.0384 0x2d38 iusb3hcs - ok
21:46:26.0440 0x2d38 [ A858FEA618433EA053858F4C63A411EA, A194E8C07332847ABC09CC55ABB3D4AA9FEC29F053A3025FCAC7841AFE5F21F2 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
21:46:26.0465 0x2d38 iusb3hub - ok
21:46:26.0553 0x2d38 [ C77F6D488C5F4A7AB4357895BD6EC1FF, EED9B5A71E2C58E15482F36218815E9D9C091F9CEC43D1FD9E90BCAD6A8DB216 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:46:26.0591 0x2d38 iusb3xhc - ok
21:46:26.0609 0x2d38 [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
21:46:26.0622 0x2d38 iwdbus - ok
21:46:26.0672 0x2d38 [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:46:26.0689 0x2d38 jhi_service - ok
21:46:26.0708 0x2d38 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:46:26.0724 0x2d38 kbdclass - ok
21:46:26.0747 0x2d38 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:46:26.0766 0x2d38 kbdhid - ok
21:46:26.0774 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
21:46:26.0790 0x2d38 KeyIso - ok
21:46:26.0801 0x2d38 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:46:26.0818 0x2d38 KSecDD - ok
21:46:26.0862 0x2d38 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:46:26.0880 0x2d38 KSecPkg - ok
21:46:26.0903 0x2d38 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:46:26.0952 0x2d38 ksthunk - ok
21:46:27.0036 0x2d38 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
21:46:27.0100 0x2d38 KtmRm - ok
21:46:27.0130 0x2d38 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:46:27.0188 0x2d38 LanmanServer - ok
21:46:27.0211 0x2d38 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:46:27.0273 0x2d38 LanmanWorkstation - ok
21:46:27.0294 0x2d38 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:46:27.0358 0x2d38 lltdio - ok
21:46:27.0385 0x2d38 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:46:27.0453 0x2d38 lltdsvc - ok
21:46:27.0464 0x2d38 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:46:27.0521 0x2d38 lmhosts - ok
21:46:27.0578 0x2d38 [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:46:27.0605 0x2d38 LMS - ok
21:46:27.0621 0x2d38 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:46:27.0638 0x2d38 LSI_FC - ok
21:46:27.0672 0x2d38 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:46:27.0703 0x2d38 LSI_SAS - ok
21:46:27.0714 0x2d38 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:46:27.0730 0x2d38 LSI_SAS2 - ok
21:46:27.0749 0x2d38 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:46:27.0780 0x2d38 LSI_SCSI - ok
21:46:27.0799 0x2d38 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
21:46:27.0864 0x2d38 luafv - ok
21:46:27.0899 0x2d38 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:46:27.0934 0x2d38 Mcx2Svc - ok
21:46:27.0962 0x2d38 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:46:27.0981 0x2d38 MDM - detected UnsignedFile.Multi.Generic ( 1 )
21:46:30.0685 0x2d38 Detect skipped due to KSN trusted
21:46:30.0685 0x2d38 MDM - ok
21:46:30.0722 0x2d38 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
21:46:30.0755 0x2d38 megasas - ok
21:46:30.0775 0x2d38 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:46:30.0799 0x2d38 MegaSR - ok
21:46:30.0830 0x2d38 [ 8751062F2F7EC78DE92D778A08099DDE, F10BE771FF9E02A51CF3A167BB967167DE4F66647D7F1508CB27D8FDD8623700 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
21:46:30.0848 0x2d38 MEIx64 - ok
21:46:30.0867 0x2d38 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:46:30.0926 0x2d38 MMCSS - ok
21:46:30.0942 0x2d38 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:46:31.0006 0x2d38 Modem - ok
21:46:31.0025 0x2d38 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:46:31.0041 0x2d38 monitor - ok
21:46:31.0056 0x2d38 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:46:31.0067 0x2d38 mouclass - ok
21:46:31.0095 0x2d38 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:46:31.0122 0x2d38 mouhid - ok
21:46:31.0154 0x2d38 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:46:31.0167 0x2d38 mountmgr - ok
21:46:31.0231 0x2d38 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:46:31.0245 0x2d38 MozillaMaintenance - ok
21:46:31.0267 0x2d38 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:46:31.0282 0x2d38 mpio - ok
21:46:31.0291 0x2d38 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:46:31.0333 0x2d38 mpsdrv - ok
21:46:31.0364 0x2d38 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:46:31.0422 0x2d38 MpsSvc - ok
21:46:31.0487 0x2d38 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:46:31.0541 0x2d38 MRxDAV - ok
21:46:31.0549 0x2d38 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:31.0581 0x2d38 mrxsmb - ok
21:46:31.0613 0x2d38 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:31.0650 0x2d38 mrxsmb10 - ok
21:46:31.0689 0x2d38 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:31.0704 0x2d38 mrxsmb20 - ok
21:46:31.0745 0x2d38 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:46:31.0756 0x2d38 msahci - ok
21:46:31.0798 0x2d38 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:46:31.0861 0x2d38 msdsm - ok
21:46:31.0887 0x2d38 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:46:31.0903 0x2d38 MSDTC - ok
21:46:31.0942 0x2d38 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:46:31.0976 0x2d38 Msfs - ok
21:46:31.0989 0x2d38 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:46:32.0025 0x2d38 mshidkmdf - ok
21:46:32.0040 0x2d38 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:46:32.0049 0x2d38 msisadrv - ok
21:46:32.0067 0x2d38 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:46:32.0105 0x2d38 MSiSCSI - ok
21:46:32.0109 0x2d38 msiserver - ok
21:46:32.0139 0x2d38 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:46:32.0198 0x2d38 MSKSSRV - ok
21:46:32.0220 0x2d38 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:32.0297 0x2d38 MSPCLOCK - ok
21:46:32.0314 0x2d38 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:46:32.0364 0x2d38 MSPQM - ok
21:46:32.0398 0x2d38 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:46:32.0425 0x2d38 MsRPC - ok
21:46:32.0442 0x2d38 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:46:32.0456 0x2d38 mssmbios - ok
21:46:32.0483 0x2d38 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:46:32.0532 0x2d38 MSTEE - ok
21:46:32.0540 0x2d38 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:46:32.0559 0x2d38 MTConfig - ok
21:46:32.0573 0x2d38 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:46:32.0587 0x2d38 Mup - ok
21:46:32.0627 0x2d38 [ 1EE90E273094252917843D111E898C94, D0D7D155E3CA022BC1F718327165E44F954A40B96259DEE5266C48ADCC8B4556 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:46:32.0649 0x2d38 MyWiFiDHCPDNS - ok
21:46:32.0754 0x2d38 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:46:32.0837 0x2d38 napagent - ok
21:46:32.0854 0x2d38 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:46:32.0892 0x2d38 NativeWifiP - ok
21:46:32.0986 0x2d38 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
21:46:33.0034 0x2d38 NDIS - ok
21:46:33.0072 0x2d38 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:46:33.0122 0x2d38 NdisCap - ok
21:46:33.0127 0x2d38 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:33.0179 0x2d38 NdisTapi - ok
21:46:33.0189 0x2d38 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:33.0238 0x2d38 Ndisuio - ok
21:46:33.0261 0x2d38 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:33.0314 0x2d38 NdisWan - ok
21:46:33.0327 0x2d38 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:46:33.0376 0x2d38 NDProxy - ok
21:46:33.0392 0x2d38 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:46:33.0442 0x2d38 NetBIOS - ok
21:46:33.0467 0x2d38 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:46:33.0533 0x2d38 NetBT - ok
21:46:33.0541 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
21:46:33.0558 0x2d38 Netlogon - ok
21:46:33.0581 0x2d38 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:46:33.0644 0x2d38 Netman - ok
21:46:33.0707 0x2d38 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:33.0728 0x2d38 NetMsmqActivator - ok
21:46:33.0736 0x2d38 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:33.0756 0x2d38 NetPipeActivator - ok
21:46:33.0788 0x2d38 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
21:46:33.0855 0x2d38 netprofm - ok
21:46:33.0887 0x2d38 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:33.0901 0x2d38 NetTcpActivator - ok
21:46:33.0907 0x2d38 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:33.0922 0x2d38 NetTcpPortSharing - ok
21:46:33.0961 0x2d38 [ 73CE12B8BDD747B0063CB0A7EF44CEA7, F570BB52BE460DBA6203698CC96FFD9674E1903D0E0F5C49375BE3F8D8E89582 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
21:46:33.0976 0x2d38 netvsc - ok
21:46:34.0098 0x2d38 [ C9D91D5E057D7A2C483DC838A7639C08, 405593E8195B61A05E83EDE85457D9BEFBBE332CC63C902B8548044429ED96D1 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw02.sys
21:46:34.0197 0x2d38 NETwNs64 - ok
21:46:34.0238 0x2d38 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:46:34.0264 0x2d38 nfrd960 - ok
21:46:34.0290 0x2d38 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:46:34.0319 0x2d38 NlaSvc - ok
21:46:34.0333 0x2d38 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:46:34.0369 0x2d38 Npfs - ok
21:46:34.0397 0x2d38 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
21:46:34.0431 0x2d38 nsi - ok
21:46:34.0450 0x2d38 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:46:34.0519 0x2d38 nsiproxy - ok
21:46:34.0636 0x2d38 [ CC1BA0DDFC9628671DD769F368CCD92A, 72918A56C386599511A0024504118F5B369774E56E5E229B7EA341DFCC86FA50 ] nsmService C:\Program Files (x86)\NetSetMan\nsmservice.exe
21:46:34.0707 0x2d38 nsmService - ok
21:46:34.0821 0x2d38 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:46:34.0887 0x2d38 Ntfs - ok
21:46:34.0917 0x2d38 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
21:46:34.0953 0x2d38 Null - ok
21:46:34.0981 0x2d38 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:46:35.0039 0x2d38 nvraid - ok
21:46:35.0155 0x2d38 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:46:35.0224 0x2d38 nvstor - ok
21:46:35.0255 0x2d38 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:46:35.0288 0x2d38 nv_agp - ok
21:46:35.0298 0x2d38 [ 59E028ED21D8C9F26DC9A5A110A90A9B, 8C2E825C372E962564A15922C259B9B83F3D3D720AD7489A2B0DEFF577AF3C2E ] O2FJ2RDR C:\Windows\system32\DRIVERS\O2FJ2w7x64.sys
21:46:35.0318 0x2d38 O2FJ2RDR - ok
21:46:35.0337 0x2d38 [ BBD0246FB5DCFF52C0AACC27212DDC55, AE148A89F1EF88735635C395BB8FCDEF1E3F4039F4C4CEFB8ED6AC056EB06C8B ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
21:46:35.0366 0x2d38 O2FLASH - ok
21:46:35.0375 0x2d38 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:46:35.0395 0x2d38 ohci1394 - ok
21:46:35.0430 0x2d38 [ 317B6041D94352D2AD4A6381AEBF91B5, 7251AC5A0827DFC6E60D76EF7C0FE9429E530B715FC32DC01BC4FFC5E36B7819 ] OneTouch 4.0 Monitor C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
21:46:35.0444 0x2d38 OneTouch 4.0 Monitor - detected UnsignedFile.Multi.Generic ( 1 )
21:46:38.0108 0x2d38 Detect skipped due to KSN trusted
21:46:38.0108 0x2d38 OneTouch 4.0 Monitor - ok
21:46:38.0145 0x2d38 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:46:38.0188 0x2d38 p2pimsvc - ok
21:46:38.0232 0x2d38 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
21:46:38.0265 0x2d38 p2psvc - ok
21:46:38.0284 0x2d38 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:46:38.0327 0x2d38 Parport - ok
21:46:38.0340 0x2d38 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:46:38.0355 0x2d38 partmgr - ok
21:46:38.0377 0x2d38 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
21:46:38.0408 0x2d38 PcaSvc - ok
21:46:38.0441 0x2d38 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
21:46:38.0460 0x2d38 pci - ok
21:46:38.0474 0x2d38 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
21:46:38.0488 0x2d38 pciide - ok
21:46:38.0509 0x2d38 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:46:38.0531 0x2d38 pcmcia - ok
21:46:38.0547 0x2d38 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
21:46:38.0562 0x2d38 pcw - ok
21:46:38.0632 0x2d38 [ D95602C43F2E13C052F431934EAB886E, F73389E308FEEFC6B427E6EFAC25BAADF812EC8FE2F077B861A3B2EB7ACABAC2 ] PDFProFiltSrv C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
21:46:38.0652 0x2d38 PDFProFiltSrv - ok
21:46:38.0710 0x2d38 [ 9DCBBB8A684834FDACE769F3A63E6C3C, 2C8E3A1A558F87F04FB1B1ABDEA49D02904AE854429EE734D0143DA3333693B0 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
21:46:38.0741 0x2d38 PDFProFiltSrvPP - ok
21:46:38.0780 0x2d38 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:46:38.0864 0x2d38 PEAUTH - ok
21:46:39.0008 0x2d38 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:46:39.0119 0x2d38 PeerDistSvc - ok
21:46:39.0487 0x2d38 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:46:39.0506 0x2d38 PerfHost - ok
21:46:39.0579 0x2d38 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
21:46:39.0670 0x2d38 pla - ok
21:46:39.0713 0x2d38 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:46:39.0750 0x2d38 PlugPlay - ok
21:46:39.0774 0x2d38 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:46:39.0787 0x2d38 PNRPAutoReg - ok
21:46:39.0830 0x2d38 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:46:39.0849 0x2d38 PNRPsvc - ok
21:46:39.0854 0x2d38 [ 37F907F88745FEFBC8985E926A72A92E, 41923E3D5FC3E5312A83673A72D58D6C9D40BD86AAC89F369B3D0CC7DEFA328D ] POADrvr C:\Windows\system32\drivers\POADrvr.sys
21:46:39.0863 0x2d38 POADrvr - ok
21:46:39.0928 0x2d38 [ 13A51556FCBA718D6E37679021F7036C, 0716044E47D37D251398F50B6ADD4F9F5E94CECCE9ED94733C1E8BF8CEE10E59 ] poaService C:\Program Files\Dell\PPO\poaService.exe
21:46:39.0958 0x2d38 poaService - ok
21:46:39.0968 0x2d38 [ 73D82EEC1C64E35C1C8B571A259C2C2E, 04F739665C941295F77EEB935F0C1CA4274BAE98B327800530964E546CE2647F ] PoaSMSrv C:\Program Files\Dell\PPO\poaSmSrv.exe
21:46:39.0985 0x2d38 PoaSMSrv - ok
21:46:40.0005 0x2d38 [ 307CA87D5D021478C4B9BF9DDEF8501E, 9A9C25CB06F32F5B5E78B989BC8DCE74BB5D577ADBED19B9CC330CC9CB5D8227 ] poaTaServ C:\Program Files\Dell\PPO\poaTaServ.exe
21:46:40.0031 0x2d38 poaTaServ - ok
21:46:40.0133 0x2d38 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:46:40.0190 0x2d38 PolicyAgent - ok
21:46:40.0210 0x2d38 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
21:46:40.0379 0x2d38 Power - ok
21:46:40.0402 0x2d38 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:46:40.0452 0x2d38 PptpMiniport - ok
21:46:40.0478 0x2d38 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
21:46:40.0510 0x2d38 Processor - ok
21:46:40.0539 0x2d38 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
21:46:40.0568 0x2d38 ProfSvc - ok
21:46:40.0576 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:46:40.0592 0x2d38 ProtectedStorage - ok
21:46:40.0611 0x2d38 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:46:40.0647 0x2d38 Psched - ok
21:46:40.0656 0x2d38 [ 05F46042208E515B9C240AAFC54E7AA2, 267526D72F76F79CCAA3FD63366C8AEB2346465BBA9BB43006FDC13CABB5352D ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:46:40.0665 0x2d38 PxHlpa64 - ok
21:46:40.0718 0x2d38 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:46:40.0788 0x2d38 ql2300 - ok
21:46:40.0810 0x2d38 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:46:40.0841 0x2d38 ql40xx - ok
21:46:40.0868 0x2d38 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
21:46:40.0903 0x2d38 QWAVE - ok
21:46:40.0917 0x2d38 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:46:40.0947 0x2d38 QWAVEdrv - ok
21:46:40.0961 0x2d38 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:46:41.0016 0x2d38 RasAcd - ok
21:46:41.0043 0x2d38 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:46:41.0122 0x2d38 RasAgileVpn - ok
21:46:41.0147 0x2d38 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
21:46:41.0201 0x2d38 RasAuto - ok
21:46:41.0230 0x2d38 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:41.0295 0x2d38 Rasl2tp - ok
21:46:41.0331 0x2d38 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
21:46:41.0393 0x2d38 RasMan - ok
21:46:41.0404 0x2d38 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:41.0463 0x2d38 RasPppoe - ok
21:46:41.0477 0x2d38 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:46:41.0556 0x2d38 RasSstp - ok
21:46:41.0581 0x2d38 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:46:41.0645 0x2d38 rdbss - ok
21:46:41.0658 0x2d38 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:46:41.0679 0x2d38 rdpbus - ok
21:46:41.0699 0x2d38 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:41.0749 0x2d38 RDPCDD - ok
21:46:41.0783 0x2d38 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:46:41.0806 0x2d38 RDPDR - ok
21:46:41.0811 0x2d38 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:46:41.0859 0x2d38 RDPENCDD - ok
21:46:41.0866 0x2d38 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:46:41.0914 0x2d38 RDPREFMP - ok
21:46:42.0039 0x2d38 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:46:42.0084 0x2d38 RdpVideoMiniport - ok
21:46:42.0117 0x2d38 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:46:42.0142 0x2d38 RDPWD - ok
21:46:42.0171 0x2d38 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:46:42.0192 0x2d38 rdyboost - ok
21:46:42.0228 0x2d38 [ 37F021CF7D670D305C1687781173069E, 286D6D04B0A9C4399086BE8DDA5126CDE462EE3B9F5B40A65CD9CD2B7C160886 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:46:42.0244 0x2d38 RegSrvc - ok
21:46:42.0272 0x2d38 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:46:42.0325 0x2d38 RemoteAccess - ok
21:46:42.0351 0x2d38 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:46:42.0409 0x2d38 RemoteRegistry - ok
21:46:42.0450 0x2d38 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:46:42.0488 0x2d38 RFCOMM - ok
21:46:42.0505 0x2d38 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:46:42.0540 0x2d38 RpcEptMapper - ok
21:46:42.0554 0x2d38 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
21:46:42.0566 0x2d38 RpcLocator - ok
21:46:42.0585 0x2d38 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
21:46:42.0628 0x2d38 RpcSs - ok
21:46:42.0634 0x2d38 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:46:42.0672 0x2d38 rspndr - ok
21:46:42.0702 0x2d38 [ 6158659D8A14CE144CF2634B881399D6, 39A8C92DD1103E8CAE0EB39D58308FBE8CE1EC3B7455A2F1A783BF519D086830 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
21:46:42.0717 0x2d38 RtkAudioService - ok
21:46:42.0732 0x2d38 [ 751D4D5E2218E5046B0873FBA4933B2D, FC074263156581BA733AA6DC7B3ABF6614A592DB6D842D5E91D089FCAF89B0DD ] RWAR3HV_0002_0 C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE
21:46:42.0757 0x2d38 RWAR3HV_0002_0 - ok
21:46:42.0811 0x2d38 [ 8A83A9B9572CAF7D2308FBD2B8534C92, 595E432C465DCAE0EF3ED9DFB3F9FB02670CAC94DF6DDA704C8DCC9C914CC95B ] RWAR3Monitor C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe
21:46:42.0823 0x2d38 RWAR3Monitor - detected UnsignedFile.Multi.Generic ( 1 )
21:46:47.0195 0x2d38 RWAR3Monitor ( UnsignedFile.Multi.Generic ) - warning
21:46:49.0733 0x2d38 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:46:49.0759 0x2d38 s3cap - ok
21:46:49.0773 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
21:46:49.0790 0x2d38 SamSs - ok
21:46:49.0830 0x2d38 [ FD0501CF895DB359B79C5FFB577A39CA, 8171D09618ABEF23A7B1B73063F7568946EA31139A088095E33BD1D2DEBA37D2 ] SboxDrv C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys
21:46:49.0847 0x2d38 SboxDrv - ok
21:46:49.0857 0x2d38 [ 3B4A593ACF267986E17CE46B4BB23B63, F63294E12B3BF6DAD33180FD9858AA85039B8E45C3A47B780B8659BBA1DC8432 ] SboxSvc C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
21:46:49.0873 0x2d38 SboxSvc - ok
21:46:49.0896 0x2d38 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:46:49.0928 0x2d38 sbp2port - ok
21:46:49.0951 0x2d38 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:46:50.0015 0x2d38 SCardSvr - ok
21:46:50.0028 0x2d38 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:46:50.0076 0x2d38 scfilter - ok
21:46:50.0133 0x2d38 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
21:46:50.0220 0x2d38 Schedule - ok
21:46:50.0244 0x2d38 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:46:50.0294 0x2d38 SCPolicySvc - ok
21:46:50.0348 0x2d38 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:46:50.0399 0x2d38 sdbus - ok
21:46:50.0435 0x2d38 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:46:50.0472 0x2d38 SDRSVC - ok
21:46:50.0482 0x2d38 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:46:50.0531 0x2d38 secdrv - ok
21:46:50.0537 0x2d38 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
21:46:50.0590 0x2d38 seclogon - ok
21:46:50.0646 0x2d38 [ D11FD9191B3DB268AA985143A7AD43FB, 31A62F21D5714D648D35028CD3056DB7017BD809E042C1BBA9F7E297E0058253 ] SEDFilter C:\Windows\system32\DRIVERS\SEDFilter.sys
21:46:50.0660 0x2d38 SEDFilter - ok
21:46:50.0669 0x2d38 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
21:46:50.0731 0x2d38 SENS - ok
21:46:50.0760 0x2d38 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:46:50.0785 0x2d38 SensrSvc - ok
21:46:50.0816 0x2d38 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:46:50.0833 0x2d38 Serenum - ok
21:46:50.0859 0x2d38 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
21:46:50.0906 0x2d38 Serial - ok
21:46:50.0939 0x2d38 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:46:51.0038 0x2d38 sermouse - ok
21:46:51.0062 0x2d38 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
21:46:51.0098 0x2d38 SessionEnv - ok
21:46:51.0127 0x2d38 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:46:51.0161 0x2d38 sffdisk - ok
21:46:51.0177 0x2d38 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:46:51.0200 0x2d38 sffp_mmc - ok
21:46:51.0214 0x2d38 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:46:51.0248 0x2d38 sffp_sd - ok
21:46:51.0258 0x2d38 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:46:51.0289 0x2d38 sfloppy - ok
21:46:51.0436 0x2d38 [ B9C662D8A5DEC62F37EFC0ADD4A1E14C, EAC25DCFC8ED24AA4B8C90DAAF9BF517C4728AD4B1D849EC4F96C33AE1283C30 ] SftService C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
21:46:51.0521 0x2d38 SftService - ok
21:46:51.0549 0x2d38 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:46:51.0604 0x2d38 SharedAccess - ok
21:46:51.0697 0x2d38 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:46:51.0766 0x2d38 ShellHWDetection - ok
21:46:51.0816 0x2d38 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:46:51.0845 0x2d38 SiSRaid2 - ok
21:46:51.0888 0x2d38 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:46:51.0899 0x2d38 SiSRaid4 - ok
21:46:51.0919 0x2d38 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:46:51.0974 0x2d38 Smb - ok
21:46:51.0997 0x2d38 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:46:52.0018 0x2d38 SNMPTRAP - ok
21:46:52.0034 0x2d38 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
21:46:52.0043 0x2d38 spldr - ok
21:46:52.0073 0x2d38 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
21:46:52.0101 0x2d38 Spooler - ok
21:46:52.0300 0x2d38 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
21:46:52.0669 0x2d38 sppsvc - ok
21:46:52.0699 0x2d38 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:46:52.0764 0x2d38 sppuinotify - ok
21:46:52.0784 0x2d38 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:46:52.0828 0x2d38 srv - ok
21:46:52.0847 0x2d38 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:46:52.0877 0x2d38 srv2 - ok
21:46:52.0900 0x2d38 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:46:52.0921 0x2d38 srvnet - ok
21:46:52.0936 0x2d38 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:46:52.0988 0x2d38 SSDPSRV - ok
21:46:52.0993 0x2d38 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
21:46:53.0009 0x2d38 SSPORT - ok
21:46:53.0022 0x2d38 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:46:53.0076 0x2d38 SstpSvc - ok
21:46:53.0109 0x2d38 [ E4EA2412FB1B8AEE33667A9CC6D456A4, E553D07BBD98CB026033D7D10D859795682D1BFCB9D33D494177B2E747EA5064 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
21:46:53.0124 0x2d38 stdcfltn - ok
21:46:53.0144 0x2d38 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:46:53.0160 0x2d38 stexstor - ok
21:46:53.0179 0x2d38 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:46:53.0209 0x2d38 StillCam - ok
21:46:53.0250 0x2d38 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
21:46:53.0297 0x2d38 stisvc - ok
21:46:53.0317 0x2d38 [ DE3E7A2345EBAA3CE8E6957DFB55FB15, DEFA772F7B08ADE3FCC4FDEDE14FD388E32E7395F44E67E3DAB2CD26E417D5C9 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:46:53.0353 0x2d38 stllssvr - detected UnsignedFile.Multi.Generic ( 1 )
21:46:56.0076 0x2d38 Detect skipped due to KSN trusted
21:46:56.0076 0x2d38 stllssvr - ok
21:46:56.0103 0x2d38 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
21:46:56.0135 0x2d38 StorSvc - ok
21:46:56.0150 0x2d38 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:46:56.0164 0x2d38 storvsc - ok
21:46:56.0176 0x2d38 [ AB1C3402A04C4594D9A778574E87C4B2, 46D20F5432B9A8ED5FAEDC75838AD86548585C1BA86E160AB9C5F893FB11815C ] ST_ACCEL C:\Windows\system32\DRIVERS\ST_Accel.sys
21:46:56.0190 0x2d38 ST_ACCEL - ok
21:46:56.0208 0x2d38 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:46:56.0221 0x2d38 swenum - ok
21:46:56.0306 0x2d38 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
21:46:56.0379 0x2d38 swprv - ok
21:46:56.0410 0x2d38 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA, 89A2A1604C2BF985894000F51D9D376B32F1327197866850B5BF8640272DE828 ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
21:46:56.0425 0x2d38 SynthVid - ok
21:46:56.0506 0x2d38 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
21:46:56.0597 0x2d38 SysMain - ok
21:46:56.0611 0x2d38 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:46:56.0661 0x2d38 TabletInputService - ok
21:46:56.0681 0x2d38 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:46:56.0727 0x2d38 TapiSrv - ok
21:46:56.0758 0x2d38 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
21:46:56.0794 0x2d38 TBS - ok
21:46:57.0064 0x2d38 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:46:57.0159 0x2d38 Tcpip - ok
21:46:57.0328 0x2d38 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:46:57.0382 0x2d38 TCPIP6 - ok
21:46:57.0390 0x2d38 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:46:57.0402 0x2d38 tcpipreg - ok
21:46:57.0476 0x2d38 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:46:57.0488 0x2d38 TDPIPE - ok
21:46:57.0509 0x2d38 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:46:57.0538 0x2d38 TDTCP - ok
21:46:57.0562 0x2d38 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:46:57.0591 0x2d38 tdx - ok
21:46:57.0620 0x2d38 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:46:57.0631 0x2d38 TermDD - ok
21:46:57.0706 0x2d38 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
21:46:57.0739 0x2d38 TermService - ok
21:46:57.0790 0x2d38 [ E7E9574AA220D0DB4F6A0CD82B9FB48A, 6130D5D85B8B58FBA25BBCA3EC7B78F8F93DFA5DD89D09268E5BEB57F0240C53 ] TgbIke Starter C:\Windows\SysWOW64\TgbStarter.exe
21:46:57.0807 0x2d38 TgbIke Starter - ok
21:46:57.0817 0x2d38 [ C8FBA733B218B3BB60F0E7775154C2A4, 89964A09FB66A648A90E1B69263D2D182FA948FA0C6AB45B73235B4ADF81ACC0 ] TGBMPEnum C:\Windows\system32\DRIVERS\TGBMPEnum.sys
21:46:57.0828 0x2d38 TGBMPEnum - ok
21:46:57.0869 0x2d38 [ 54B6948D19DB5CD870E9B4B2B145DA9A, 344D7D4843D71D97734F901E8A4E7056DA11D7C9E690242A4105BB5B6404CC8E ] TGBVPNVirtM C:\Windows\system32\DRIVERS\TGBVPNVirtM.sys
21:46:57.0900 0x2d38 TGBVPNVirtM - ok
21:46:57.0919 0x2d38 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
21:46:57.0954 0x2d38 Themes - ok
21:46:57.0995 0x2d38 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
21:46:58.0047 0x2d38 THREADORDER - ok
21:46:58.0062 0x2d38 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
21:46:58.0132 0x2d38 TrkWks - ok
21:46:58.0180 0x2d38 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:46:58.0235 0x2d38 TrustedInstaller - ok
21:46:58.0257 0x2d38 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:58.0284 0x2d38 tssecsrv - ok
21:46:58.0346 0x2d38 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:46:58.0397 0x2d38 TsUsbFlt - ok
21:46:58.0416 0x2d38 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:46:58.0432 0x2d38 TsUsbGD - ok
21:46:58.0465 0x2d38 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:46:58.0538 0x2d38 tunnel - ok
21:46:58.0560 0x2d38 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:46:58.0575 0x2d38 uagp35 - ok
21:46:58.0606 0x2d38 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:46:58.0669 0x2d38 udfs - ok
21:46:58.0684 0x2d38 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:46:58.0704 0x2d38 UI0Detect - ok
21:46:58.0718 0x2d38 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:46:58.0734 0x2d38 uliagpkx - ok
21:46:58.0740 0x2d38 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:46:58.0757 0x2d38 umbus - ok
21:46:58.0769 0x2d38 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:46:58.0785 0x2d38 UmPass - ok
21:46:58.0812 0x2d38 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
21:46:58.0836 0x2d38 UmRdpService - ok
21:46:58.0863 0x2d38 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
21:46:58.0927 0x2d38 upnphost - ok
21:46:58.0965 0x2d38 [ 73E350C9099837826A08792D3E96E189, D4C07C70E8140FFCB5F98EF377B7851D8CA01E1C2FAE9852FF3286E8C8337180 ] usb3Hub C:\Windows\system32\DRIVERS\usb3Hub.sys
21:46:58.0984 0x2d38 usb3Hub - ok
21:46:59.0004 0x2d38 [ 724DABDE1A9C48C6E5FE0F9F7E583940, 6B5FB81D0D6096CB827AC32DD5EE7C92F1E2EEFD54EC9E047EC6AF50610B4885 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:59.0049 0x2d38 usbccgp - ok
21:46:59.0070 0x2d38 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:46:59.0097 0x2d38 usbcir - ok
21:46:59.0107 0x2d38 [ CA11C28D69925E356CC27749CC41C3E1, E0AEB9EA23E7EFB982C1548508583B16A89A5568750EA23A313C8AC40CCB84C5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:46:59.0125 0x2d38 usbehci - ok
21:46:59.0151 0x2d38 [ 8FA7BAF75209D59E7302BCF0308C52A7, 00F5F7442BBD25E7455ECDE5AE5D40C60E878BAF53A7D535DB59EE2C3F027245 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:46:59.0195 0x2d38 usbhub - ok
21:46:59.0221 0x2d38 [ BB33E6D8006EDD67CAB91E9417417710, 16CC4A00FB1793C7B723F6A99A39725C87A71C2958CFA0916A55BB084973C96F ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:46:59.0236 0x2d38 usbohci - ok
21:46:59.0291 0x2d38 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:46:59.0312 0x2d38 usbprint - ok
21:46:59.0338 0x2d38 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:46:59.0355 0x2d38 usbscan - ok
21:46:59.0370 0x2d38 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:59.0389 0x2d38 USBSTOR - ok
21:46:59.0420 0x2d38 [ 8565793CAF1EF768DB669BE0C3C71EDF, 8FD8904C5C0F2BFC66A17EE51E2E50C4BB11B77A18F51F4893D079B2F37F6B21 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:46:59.0436 0x2d38 usbuhci - ok
21:46:59.0453 0x2d38 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:46:59.0484 0x2d38 usbvideo - ok
21:46:59.0490 0x2d38 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
21:46:59.0542 0x2d38 UxSms - ok
21:46:59.0559 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
21:46:59.0573 0x2d38 VaultSvc - ok
21:46:59.0590 0x2d38 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:46:59.0602 0x2d38 vdrvroot - ok
21:46:59.0629 0x2d38 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
21:46:59.0677 0x2d38 vds - ok
21:46:59.0686 0x2d38 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:59.0707 0x2d38 vga - ok
21:46:59.0711 0x2d38 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:46:59.0749 0x2d38 VgaSave - ok
21:46:59.0839 0x2d38 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:46:59.0904 0x2d38 vhdmp - ok
21:46:59.0941 0x2d38 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
21:46:59.0952 0x2d38 viaide - ok
21:46:59.0987 0x2d38 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:47:00.0052 0x2d38 VMBusHID - ok
21:47:00.0094 0x2d38 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:47:00.0126 0x2d38 volmgr - ok
21:47:00.0160 0x2d38 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:47:00.0178 0x2d38 volmgrx - ok
21:47:00.0218 0x2d38 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:47:00.0234 0x2d38 volsnap - ok
21:47:00.0291 0x2d38 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:47:00.0308 0x2d38 vsmraid - ok
21:47:00.0443 0x2d38 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
21:47:00.0552 0x2d38 VSS - ok
21:47:00.0579 0x2d38 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:47:00.0600 0x2d38 vwifibus - ok
21:47:00.0616 0x2d38 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:47:00.0639 0x2d38 vwififlt - ok
21:47:00.0646 0x2d38 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:47:00.0666 0x2d38 vwifimp - ok
21:47:00.0705 0x2d38 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
21:47:00.0770 0x2d38 W32Time - ok
21:47:00.0792 0x2d38 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:47:00.0818 0x2d38 WacomPen - ok
21:47:00.0858 0x2d38 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:47:00.0909 0x2d38 WANARP - ok
21:47:00.0915 0x2d38 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:47:00.0964 0x2d38 Wanarpv6 - ok
21:47:01.0034 0x2d38 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:47:01.0095 0x2d38 WatAdminSvc - ok
21:47:01.0166 0x2d38 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
21:47:01.0241 0x2d38 wbengine - ok
21:47:01.0273 0x2d38 [ 4984E484B9184970AE8075FDA19650E8, 8B09FD98D925F85CD61119AA9778150ACAFB3441210436963A095A630F675722 ] wbfcvusbdrv C:\Windows\system32\Drivers\wbfcvusbdrv.sys
21:47:01.0285 0x2d38 wbfcvusbdrv - ok
21:47:01.0317 0x2d38 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:47:01.0348 0x2d38 WbioSrvc - ok
21:47:01.0365 0x2d38 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:47:01.0404 0x2d38 wcncsvc - ok
21:47:01.0415 0x2d38 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:47:01.0449 0x2d38 WcsPlugInService - ok
21:47:01.0466 0x2d38 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
21:47:01.0480 0x2d38 Wd - ok
21:47:01.0545 0x2d38 [ 502FA6BD01D9141D34C2FCA8F8726E3F, 078D88854404F989445725B3693F1B22B8C25F5DCCD9AD5B15AE0E6521FB04D7 ] WDBackup C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
21:47:01.0600 0x2d38 WDBackup - ok
21:47:01.0697 0x2d38 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
21:47:01.0715 0x2d38 WDC_SAM - ok
21:47:01.0769 0x2d38 [ C50B1A397F35908EEA98C964E77A6A97, FBA623EE0C5A72836ED80C0ACA163461E9B1B601B99C35B9EEE36B07B7F0839E ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
21:47:01.0790 0x2d38 WDDriveService - ok
21:47:01.0846 0x2d38 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:47:01.0891 0x2d38 Wdf01000 - ok
21:47:01.0914 0x2d38 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:47:01.0947 0x2d38 WdiServiceHost - ok
21:47:01.0953 0x2d38 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:47:01.0972 0x2d38 WdiSystemHost - ok
21:47:01.0999 0x2d38 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
21:47:02.0059 0x2d38 WebClient - ok
21:47:02.0092 0x2d38 [ CBA25A299ECDBAE3A2300B68598AABA3, 5AC6F75FBDA58CD9D17922AF2780A37B89067EB4A97EE792A644B238BE94490D ] Wecsvc C:\Windows\system32\wecsvc.dll
21:47:02.0118 0x2d38 Wecsvc - ok
21:47:02.0138 0x2d38 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:47:02.0194 0x2d38 wercplsupport - ok
21:47:02.0214 0x2d38 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
21:47:02.0278 0x2d38 WerSvc - ok
21:47:02.0290 0x2d38 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:47:02.0340 0x2d38 WfpLwf - ok
21:47:02.0363 0x2d38 [ 064E179AFF2E2819ED8C0B39AB42B6D5, AB892B1FAB35157339ACDE5AF60AA60CBE9B83EC5C61B575F2D05750F684741D ] WIBUKEY C:\Windows\system32\DRIVERS\WibuKey64.sys
21:47:02.0432 0x2d38 WIBUKEY - ok
21:47:02.0472 0x2d38 [ 9B33BD737B6620E5DCD4909EFF719216, B32CFC5992FB390C1192979A02A03A2E166B4788F6C10AB3052B33B028805A27 ] Wibukey2_64 C:\Windows\system32\drivers\wibukey2_64.sys
21:47:02.0548 0x2d38 Wibukey2_64 - ok
21:47:02.0571 0x2d38 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:47:02.0583 0x2d38 WIMMount - ok
21:47:02.0612 0x2d38 WinDefend - ok
21:47:02.0822 0x2d38 [ 3853778242E374E49BDA5EAB72DD8E60, 26BC53AE79161297782743C1A2CC71B7D0FE8338C9763B88EB3F298EB8FA1882 ] WindowsVNT_R3 C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
21:47:02.0966 0x2d38 WindowsVNT_R3 - detected UnsignedFile.Multi.Generic ( 1 )
21:47:05.0483 0x2d38 Detect skipped due to KSN trusted
21:47:05.0483 0x2d38 WindowsVNT_R3 - ok
21:47:05.0486 0x2d38 WinHttpAutoProxySvc - ok
21:47:05.0581 0x2d38 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:47:05.0641 0x2d38 Winmgmt - ok
21:47:05.0779 0x2d38 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
21:47:05.0887 0x2d38 WinRM - ok
21:47:05.0918 0x2d38 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:47:05.0932 0x2d38 WinUsb - ok
21:47:05.0965 0x2d38 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:47:06.0013 0x2d38 Wlansvc - ok
21:47:06.0059 0x2d38 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:47:06.0097 0x2d38 WmiAcpi - ok
21:47:06.0130 0x2d38 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:47:06.0148 0x2d38 wmiApSrv - ok
21:47:06.0152 0x2d38 WMPNetworkSvc - ok
21:47:06.0157 0x2d38 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:47:06.0170 0x2d38 WPCSvc - ok
21:47:06.0188 0x2d38 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:47:06.0253 0x2d38 WPDBusEnum - ok
21:47:06.0279 0x2d38 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:47:06.0321 0x2d38 ws2ifsl - ok
21:47:06.0340 0x2d38 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
21:47:06.0367 0x2d38 wscsvc - ok
21:47:06.0396 0x2d38 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:47:06.0442 0x2d38 WSDPrintDevice - ok
21:47:06.0454 0x2d38 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
21:47:06.0489 0x2d38 WSDScan - ok
21:47:06.0493 0x2d38 WSearch - ok
21:47:06.0608 0x2d38 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
21:47:06.0721 0x2d38 wuauserv - ok
21:47:06.0737 0x2d38 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:47:06.0765 0x2d38 WudfPf - ok
21:47:06.0777 0x2d38 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:06.0799 0x2d38 WUDFRd - ok
21:47:06.0815 0x2d38 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:47:06.0834 0x2d38 wudfsvc - ok
21:47:06.0868 0x2d38 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:47:06.0899 0x2d38 WwanSvc - ok
21:47:07.0067 0x2d38 [ 7F4350B20A49FE6F64F0EEE046972A1A, 2CEC6C2155DE3C02396673DDFE0811A6180A370937B6C764FC296ABC8E85462F ] YouTubeDownload_A3 C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
21:47:07.0231 0x2d38 YouTubeDownload_A3 - ok
21:47:07.0452 0x2d38 [ 8D809F4ECFE9E80723C49B427854068A, 4186B6C56BA70106A95D28371360C780F55FECA1A1C61966F091A07A390BA189 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:47:07.0637 0x2d38 ZeroConfigService - ok
21:47:07.0693 0x2d38 ================ Scan global ===============================
21:47:07.0703 0x2d38 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:47:07.0718 0x2d38 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:47:07.0737 0x2d38 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:47:07.0752 0x2d38 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:47:07.0782 0x2d38 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:47:07.0794 0x2d38 [ Global ] - ok
21:47:07.0794 0x2d38 ================ Scan MBR ==================================
21:47:07.0807 0x2d38 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:47:08.0216 0x2d38 \Device\Harddisk0\DR0 - ok
21:47:08.0217 0x2d38 ================ Scan VBR ==================================
21:47:08.0226 0x2d38 [ B65B3D19501FD0EE8911BC9E01BF9CE8 ] \Device\Harddisk0\DR0\Partition1
21:47:08.0280 0x2d38 \Device\Harddisk0\DR0\Partition1 - ok
21:47:08.0282 0x2d38 [ 99374DBF9D0ADB117381D1B67F5FC2CA ] \Device\Harddisk0\DR0\Partition2
21:47:08.0303 0x2d38 \Device\Harddisk0\DR0\Partition2 - ok
21:47:08.0303 0x2d38 ================ Scan generic autorun ======================
21:47:08.0338 0x2d38 [ FAF64638A42A32B449E7EB474064731A, 40462B51B3CAE21E5650525F90BAB5FCB6C1B44EA4C2DBB8AA0991A0F2EE7837 ] C:\Program Files\DellTPad\Apoint.exe
21:47:08.0370 0x2d38 Apoint - ok
21:47:08.0627 0x2d38 [ 7A3C577879C1D092453BFCF688C0B5F7, 8835F572C05FB50A9B59F78F3BBF708D4552C431C5FA9E313335114480E93F7C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:47:08.0877 0x2d38 RtHDVCpl - ok
21:47:08.0935 0x2d38 [ 1F52D0A814E34E36FBE3EB97A9CD1CD0, 610802343959C8EAFC415F64DF868C533FA010742D1EDC3E5D12F2CA90AC988B ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:47:08.0974 0x2d38 RtHDVBg - ok
21:47:08.0995 0x2d38 [ 15C9F763CCFC9C1B8C269D94B30EF619, 00E2BD04736DBDE84AAD7C239CC30E9427468A33FF6954BE28D361481B09F48B ] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
21:47:09.0009 0x2d38 WavesSvc - ok
21:47:09.0080 0x2d38 [ 1F52D0A814E34E36FBE3EB97A9CD1CD0, 610802343959C8EAFC415F64DF868C533FA010742D1EDC3E5D12F2CA90AC988B ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:47:09.0122 0x2d38 RtHDVBg_PushButton - ok
21:47:09.0181 0x2d38 [ 9B779DD4C1C4B71599A8A42623C99B4A, 5361EC5F218777351C6B0C57AE5F6D1B0870158EDD04263C09BA15F6A48A2070 ] C:\Program Files\Dell\PPO\DellPoaEvents.exe
21:47:09.0198 0x2d38 DellPoaEvents - ok
21:47:09.0200 0x2d38 BTMTrayAgent - ok
21:47:09.0220 0x2d38 [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:47:09.0230 0x2d38 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
21:47:11.0705 0x2d38 Detect skipped due to KSN trusted
21:47:11.0705 0x2d38 IAStorIcon - ok
21:47:11.0901 0x2d38 [ 86ABD61318AA20217A75F67023C5AAE5, ED188D96319B652E0EA57BBBCDD8FA29621329F0E0EA24F3B31FC27FFA58198E ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
21:47:12.0078 0x2d38 IntelPROSet - ok
21:47:12.0140 0x2d38 [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
21:47:12.0193 0x2d38 AdobeAAMUpdater-1.0 - ok
21:47:12.0233 0x2d38 [ 835D7CF56DA941D24F791AC25A31FED7, EE5C8C5D3BB5DCD8AA820D5A7696DF316FB73856B09680E72A5CE375BA5982A3 ] C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
21:47:12.0251 0x2d38 CSFTrayApp - ok
21:47:12.0592 0x2d38 [ 77E19B0303F2E2D2E1B8809C7602BACE, 767AFA45192F302F165AEBCA15677E51ACAE9244CE721C205A3DAE869E67C1B2 ] C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe
21:47:12.0884 0x2d38 InvProtect - ok
21:47:12.0893 0x2d38 CANON P-215II SVC - ok
21:47:12.0909 0x2d38 [ 8643344BA3BC0FEA6095ED111F45C63D, 1DE57C380BB5EC767DB1905B43AD5E5278D798D23974C396A0CE76C9472E8927 ] C:\Program Files\BOINC\boinctray.exe
21:47:12.0938 0x2d38 boinctray - detected UnsignedFile.Multi.Generic ( 1 )
21:47:16.0174 0x2d38 Detect skipped due to KSN trusted
21:47:16.0174 0x2d38 boinctray - ok
21:47:16.0565 0x2d38 [ 5B4BBF7D0DC9C4D3C69B4C3D43EE9A9C, FB3AF6F73C29F524069378D40D5763CA83CE2486BC11B2F545B31B7561E4761B ] C:\Program Files\BOINC\boincmgr.exe
21:47:16.0886 0x2d38 boincmgr - detected UnsignedFile.Multi.Generic ( 1 )
21:47:19.0428 0x2d38 Detect skipped due to KSN trusted
21:47:19.0428 0x2d38 boincmgr - ok
21:47:19.0480 0x2d38 [ 5956CEBC6E2DF8BB255DE08901533985, 3F9362485F64FC50429297CA339ED5964FF0889B855307E2A944A08818434CE3 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:47:19.0502 0x2d38 USB3MON - ok
21:47:19.0838 0x2d38 [ 208000B15AE976369C2EF0A6626096D7, 4EE5DFB3C334365AC88DCC2F0513DDAE81BFA7520BAA77599B0B0B7F21454458 ] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
21:47:19.0886 0x2d38 StartCCC - ok
21:47:20.0076 0x2d38 [ 4281BF9B8FD5F888E0671EF389DC1C8F, 756FFE7584D00A52410E78AACAFE9FCEF6EA8278FB78E828A9A9350543932EC3 ] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
21:47:20.0176 0x2d38 Acrobat Assistant 8.0 - ok
21:47:20.0488 0x2d38 [ E84F189BE4353A47EBF063D8EA3C4B63, C9AD8FA3E0DE9860D3100E17F90F91C7CAD01730A98E8E12E5936B47EF23E546 ] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
21:47:20.0714 0x2d38 WD Quick View - ok
21:47:20.0969 0x2d38 [ 7D1414B4F90831CB09F3EABECD3B2390, 486A341EE7B604F012EA4EDE0B70FC4A1A8BA720A6A3E6747EA0819FD4CA1658 ] C:\Program Files (x86)\NetSetMan\netsetman.exe
21:47:21.0166 0x2d38 NetSetMan - ok
21:47:21.0213 0x2d38 [ FFA3D681B293C476675EAA78BE2B75FF, 4F1012215B593349367B80FB13B052532857CFCE841362FC1B585EDB4FBDDB83 ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
21:47:21.0243 0x2d38 HydraVisionDesktopManager - detected UnsignedFile.Multi.Generic ( 1 )
21:47:24.0055 0x2d38 Detect skipped due to KSN trusted
21:47:24.0055 0x2d38 HydraVisionDesktopManager - ok
21:47:24.0136 0x2d38 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
21:47:24.0294 0x2d38 Sidebar - ok
21:47:24.0455 0x2d38 [ 43D083268A0919F3527A2837390BAF63, 58B62697B01B8C9396271A64424178691FA85D4625DAF2AC8DE7F06A64F64C2A ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
21:47:24.0498 0x2d38 ISUSPM - ok
21:47:24.0522 0x2d38 [ 49D80CFEA86E49CE0C405FC2CBEEB0B2, 48D224DACD0860D87786F1D744830E6BC62B11B3DE81169332A8CCA2DCA605E7 ] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
21:47:24.0538 0x2d38 AnyDVD - ok
21:47:24.0592 0x2d38 [ EEA6332ADF062AC5B24535C098DF1F3C, 91969C7BEBEDA1CA5B49324A1A63CD309DBAD2CB9970B041665F98B0ADC779E6 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
21:47:24.0625 0x2d38 GarminExpressTrayApp - ok
21:47:24.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:25.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:26.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:27.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:28.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:29.0657 0x2d38 AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5645 ), 0x41000 ( enabled : updated )
21:47:29.0675 0x2d38 Win FW state via NFP2: enabled
21:47:32.0172 0x2d38 ============================================================
21:47:32.0172 0x2d38 Scan finished
21:47:32.0172 0x2d38 ============================================================
21:47:32.0181 0x0914 Detected object count: 1
21:47:32.0181 0x0914 Actual detected object count: 1
21:47:45.0049 0x0914 RWAR3Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:45.0050 0x0914 RWAR3Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
 
By chance, did you run the instructions posted in post #24?


Right-Click FRST.exe / FRST64.exe and select
AVOiBNU.jpg
Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

~~~~~

bullseye_zpse9eaf36e.gif
Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png


  • Please click by the introduction screen on the Next button to continue.

MBAMAnti-Rootkit2update_zpsf85fca28.png


  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png


  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png


  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png


  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
 
Hope it sheds some light on something, so far it doesn't point to anything malware related.
 
Juliet said:
Hope it sheds some light on something, so far it doesn't point to anything malware related.
Click to expand...


Got my fingers crossed!

The OTM log file appears below. I had AVG detection turned off, but at reboot it automatically activated and killed OTM. If there were registry entries to be deleted, they weren't.



All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Henry
->Temp folder emptied: 10801127 bytes
->Temporary Internet Files folder emptied: 24549739 bytes
->FireFox cache emptied: 10149625 bytes
->Flash cache emptied: 758 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74233 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 912 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Henry
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 02262015_110059

Files moved on Reboot...
C:\Users\Henry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Invincea\InvProtectSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Logs from the first part of post #29...


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Henry (administrator) on ELSERVICE13 on 26-02-2015 11:22:33
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe" -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\nsmservice.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaService.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaSmSrv.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaTaServ.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Visioneer Inc.) C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE
(Visioneer Inc.) C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe
(TheGreenBow) C:\Windows\SysWOW64\TgbStarter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\PPO\DellPoaEvents.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\netsetman.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17633_none_854dedf9f74389b0\iexplore.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17633_none_7af943a7c2e2c7b5\iexplore.exe
(Microsoft Corporation) C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17633_none_854dedf9f74389b0\iexplore.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxRpcSs.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxDcomLaunch.exe
(Invincea, Inc.) C:\ProgramData\Invincea\Enterprise\Bin\x64\InvProtectAgent64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_78dd6e4cd6655603\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [DellPoaEvents] => C:\Program Files\Dell\PPO\DellPoaEvents.exe [396496 2014-08-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-09-11] ()
HKLM\...\Run: [InvProtect] => C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe [6779592 2015-02-12] (Invincea, Inc.)
HKLM\...\Run: [CANON P-215II SVC] => rundll32.exe P215IISvc.dll,EntryPointUserMessage
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [NetSetMan] => C:\Program Files (x86)\NetSetMan\netsetman.exe [5414056 2014-06-03] (Ilja Herlein)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [36168 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641384 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [1893224 2012-02-23] (TODO: <Company name>)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [P-215II CaptureOnTouch] => C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe [2251056 2014-03-30] (Canon Electronics Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-04-02] (AMD)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-02-19] (SlySoft, Inc.)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.1.1.lnk
ShortcutTarget: OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.excite.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\X64\InvRedirHostIE64.dll (Invincea, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll (Invincea, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\pkmcdo.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.222.220 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668
FF Homepage: www.excite.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: Garmin Communicator - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-26]
FF Extension: QuickJava - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-26]
FF Extension: Invincea Web Redirector - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\webredirector@invincea.com [2015-02-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection | Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2014-11-01]
FF Extension: PDF Converter 7.1 - C:\Program Files (x86)\Nuance\PDF Professional 7\FireFox [2014-11-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2542288 2014-08-13] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [199888 2014-08-13] (Dell Inc.)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [255328 2014-09-11] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-09-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-09-11] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [46400 2013-03-25] (EMC Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2150088 2015-02-12] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 nsmService; C:\Program Files (x86)\NetSetMan\nsmservice.exe [1277608 2014-06-02] (Ilja Herlein)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [232448 2014-09-30] (Visioneer Inc.) [File not signed]
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2012-02-17] (Nuance Communications, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-19] (Nuance Communications, Inc.)
R2 poaService; C:\Program Files\Dell\PPO\poaService.exe [721104 2014-08-15] (Dell Inc.)
R2 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [312016 2014-08-15] (Dell Inc.)
R2 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [645328 2014-08-16] (Dell Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-06] (Realtek Semiconductor)
R2 RWAR3HV_0002_0; C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE [430592 2013-08-14] (Visioneer Inc.)
R2 RWAR3Monitor; C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe [223744 2014-11-11] (Visioneer Inc.) [File not signed]
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [174792 2015-02-12] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 TgbIke Starter; C:\Windows\SysWOW64\TgbStarter.exe [239280 2012-03-21] (TheGreenBow)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-26] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{B72A21F9-6C42-44BF-BEBD-DD11EDF0E075}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-09-11] ()
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2014-08-13] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2014-08-13] (Dell Computer Corporation)
R2 DLABMFSE; C:\Windows\System32\Drivers\DLABMFSE.SYS [46448 2007-07-23] (Roxio)
R2 DLABOIOE; C:\Windows\System32\Drivers\DLABOIOE.SYS [42352 2007-07-23] (Roxio)
R0 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [17776 2007-07-23] (Roxio)
R2 DLADResE; C:\Windows\System32\Drivers\DLADResE.SYS [9968 2007-07-23] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\Drivers\DLAIFS_E.SYS [146672 2007-07-23] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\Drivers\DLAOPIOE.SYS [35056 2007-07-23] (Roxio)
R2 DLAPoolE; C:\Windows\System32\Drivers\DLAPoolE.SYS [19824 2007-07-23] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [41072 2007-07-23] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\Drivers\DLAUDFAE.SYS [135152 2007-07-23] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\Drivers\DLAUDF_E.SYS [144112 2007-07-23] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [124112 2007-07-23] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63984 2007-07-23] (Roxio)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2310488 2014-02-13] (Realtek Semiconductor Corp.)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [52232 2015-02-12] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2014-08-15] (Dell Computer Corporation)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183816 2015-02-12] (Invincea, Inc.)
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-09-11] (Dell Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [40624 2012-03-21] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [140976 2012-03-21] (TheGreenBow)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation) [File not signed]
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2014-08-02] ()
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [107008 2006-11-22] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\System32\drivers\wibukey2_64.sys [16896 2006-11-09] (WIBU-SYSTEMS AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 11:22 - 2015-02-26 11:23 - 00035319 _____ () C:\Users\Henry\Desktop\FRST.txt
2015-02-26 11:00 - 2015-02-26 11:00 - 00000000 ____D () C:\_OTM
2015-02-26 10:59 - 2015-02-26 10:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 10:45 - 2015-02-26 10:45 - 00172032 _____ (SteelWerX) C:\Users\Henry\Desktop\flushflash.exe
2015-02-25 22:44 - 2015-02-25 22:44 - 00001115 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-02-25 22:44 - 2015-02-25 22:44 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\com.wd.WDMyCloud
2015-02-25 21:51 - 2015-02-25 21:51 - 00126606 _____ () C:\Users\Henry\Desktop\TDSS_Kill.txt
2015-02-25 21:43 - 2015-02-25 21:43 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Henry\Desktop\tdsskiller.exe
2015-02-25 09:15 - 2015-02-25 09:15 - 00030647 _____ () C:\Users\Henry\Desktop\ComboFix.txt
2015-02-25 09:12 - 2015-02-25 09:12 - 00030647 _____ () C:\ComboFix.txt
2015-02-25 08:58 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-25 08:58 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-25 08:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-25 08:57 - 2015-02-25 09:12 - 00000000 ____D () C:\Qoobox
2015-02-25 08:57 - 2015-02-25 09:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-24 16:44 - 2015-02-24 16:44 - 05611903 ____R (Swearware) C:\Users\Henry\Desktop\ComboFix.exe
2015-02-22 14:52 - 2015-02-21 12:29 - 02347384 _____ (ESET) C:\Users\Henry\Desktop\esetsmartinstaller_enu.exe
2015-02-22 14:17 - 2015-02-22 14:17 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\PCDr
2015-02-22 14:17 - 2015-02-22 14:17 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-22 12:07 - 2015-02-22 12:07 - 00001832 _____ () C:\Users\Henry\Desktop\JRT.txt
2015-02-22 12:01 - 2015-02-22 12:01 - 01388274 _____ (Thisisu) C:\Users\Henry\Desktop\JRT.exe
2015-02-22 11:43 - 2015-02-22 12:14 - 00000000 ____D () C:\AdwCleaner
2015-02-22 11:42 - 2015-02-22 11:42 - 02126848 _____ () C:\Users\Henry\Desktop\AdwCleaner.exe
2015-02-22 11:34 - 2015-02-26 11:22 - 00000000 ____D () C:\Users\Henry\Desktop\FRST-OlderVersion
2015-02-22 11:33 - 2015-02-23 16:20 - 00000955 _____ () C:\Users\Henry\Desktop\fixlist.txt
2015-02-21 11:06 - 2015-02-26 11:22 - 02087936 _____ (Farbar) C:\Users\Henry\Desktop\FRST64.exe
2015-02-21 11:06 - 2015-02-21 11:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
2015-02-20 18:26 - 2015-02-20 18:26 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2015-02-19 20:29 - 2015-02-19 20:29 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 20:29 - 2015-02-19 20:29 - 00001850 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-16 16:26 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-16 16:26 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-16 16:26 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-16 16:26 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-15 14:01 - 2015-02-15 14:01 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-02-12 21:42 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:42 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:42 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:42 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 11:05 - 2015-02-25 14:48 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-11 11:05 - 2015-02-11 11:05 - 00004036 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-11 11:05 - 2015-02-11 11:05 - 00003224 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-10 16:42 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 16:42 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 16:42 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 16:42 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 16:42 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 16:42 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 16:42 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 16:42 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 16:42 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 16:42 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 16:42 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 16:42 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 16:42 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 16:42 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 16:42 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 16:42 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 16:42 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 16:42 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 16:42 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 16:42 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 16:42 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 16:42 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 16:42 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 16:42 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 16:42 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 16:42 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 16:42 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 16:42 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 16:42 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 16:42 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 16:42 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 16:42 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 16:42 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 16:42 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 16:42 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 16:42 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 16:42 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 16:42 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 16:42 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 16:42 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 16:42 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 16:42 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 16:42 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 16:42 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 16:42 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 16:42 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 16:41 - 2015-02-16 16:55 - 00025260 _____ () C:\Windows\system32\ScanResults.xml
2015-02-10 16:41 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 16:41 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 16:41 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 16:41 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 16:41 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 16:41 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 16:41 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 16:41 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 16:41 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 16:41 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 16:41 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 16:41 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 16:41 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 16:41 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 16:41 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 16:41 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 16:41 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 16:41 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 16:41 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 16:41 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 16:41 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 16:41 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 16:41 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 16:41 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 16:41 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 16:41 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 16:41 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 16:41 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 16:41 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 16:41 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 16:41 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 16:41 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 16:41 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 16:41 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 16:40 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 16:34 - 2015-02-16 16:48 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-07 09:20 - 2015-02-07 09:20 - 00000000 ____D () C:\Users\Henry\AppData\Local\GARMIN_Corp
2015-02-03 22:09 - 2015-02-26 11:22 - 00000000 ____D () C:\FRST
2015-02-03 22:07 - 2015-02-03 22:07 - 00000000 ____D () C:\RegBackup
2015-01-27 17:02 - 2015-01-27 17:02 - 00001017 _____ () C:\Users\Henry\Desktop\AVIGenerator.lnk
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVIGenerator
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIGenerator
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\Program Files (x86)\AVIGenerator
2015-01-27 17:01 - 2015-01-27 17:04 - 00000000 ____D () C:\Users\Henry\VideoPlayer Picture
2015-01-27 17:01 - 2015-01-27 17:01 - 00001079 _____ () C:\Users\Public\Desktop\LorexPlayer11.exe.lnk
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\VideoPlayer
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lorex Player 11
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Program Files (x86)\Lorex

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 11:20 - 2014-11-15 13:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 11:18 - 2014-10-26 17:08 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-26 11:18 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 11:18 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 11:14 - 2014-10-26 16:38 - 01101754 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 11:13 - 2014-10-26 17:06 - 00047299 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-26 11:12 - 2014-11-01 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 11:12 - 2014-11-01 11:51 - 00131072 ___SH () C:\CredSED.dat
2015-02-26 11:11 - 2014-11-29 16:32 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-02-26 11:11 - 2014-11-15 13:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 11:11 - 2014-11-02 11:06 - 00000000 ____D () C:\ProgramData\BOINC
2015-02-26 11:10 - 2015-01-14 16:53 - 00003378 _____ () C:\Windows\PFRO.log
2015-02-26 11:10 - 2015-01-11 15:06 - 00006348 _____ () C:\Windows\setupact.log
2015-02-26 11:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 11:07 - 2014-11-02 00:12 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-26 10:35 - 2014-11-02 00:27 - 00000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2015-02-26 10:30 - 2014-11-02 00:27 - 00000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2015-02-26 10:28 - 2014-10-26 16:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 08:09 - 2014-11-02 00:09 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-25 23:06 - 2014-11-01 19:32 - 00000000 ____D () C:\Users\Henry\Documents\MyCloud
2015-02-25 22:44 - 2014-11-01 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-02-25 22:44 - 2014-11-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-02-25 22:33 - 2014-11-18 17:09 - 00000184 _____ () C:\Windows\setscan.ini
2015-02-25 22:33 - 2014-11-01 20:20 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\.oit
2015-02-25 19:55 - 2009-07-14 00:13 - 00798530 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 17:23 - 2015-01-03 09:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 09:10 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-24 06:02 - 2014-11-03 16:33 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-23 16:39 - 2014-12-31 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox Update
2015-02-22 11:38 - 2014-11-11 21:48 - 00000008 __RSH () C:\Users\Henry\ntuser.pol
2015-02-22 11:38 - 2014-11-01 10:31 - 00000000 ____D () C:\Users\Henry
2015-02-22 11:35 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-20 18:26 - 2014-10-26 17:07 - 00001974 _____ () C:\Users\Public\Desktop\Protected Workspace.lnk
2015-02-20 18:26 - 2014-10-26 17:07 - 00000000 ____D () C:\Program Files (x86)\Invincea
2015-02-20 13:08 - 2014-11-14 22:26 - 00001063 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2015-02-19 22:17 - 2014-11-03 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 21:31 - 2014-11-01 12:58 - 00000000 ____D () C:\Users\Henry\Documents\Garmin Data
2015-02-19 20:40 - 2014-11-01 15:59 - 00000000 ____D () C:\Users\Henry\Documents\D
2015-02-19 20:30 - 2014-11-03 20:35 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 20:29 - 2014-11-03 20:33 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-19 20:29 - 2014-10-26 16:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 07:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-16 16:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-13 21:01 - 2014-11-01 19:09 - 00000000 ____D () C:\Users\Henry\Documents\Garmin
2015-02-13 20:50 - 2014-11-03 20:32 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GARMIN
2015-02-13 20:38 - 2014-11-03 20:35 - 00000000 ____D () C:\Users\Henry\AppData\Local\Garmin
2015-02-12 17:17 - 2009-07-13 23:45 - 00316800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 17:16 - 2014-11-01 13:28 - 00000000 ____D () C:\Users\Henry\AppData\Local\CrashDumps
2015-02-12 17:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 16:46 - 2014-11-01 11:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 16:41 - 2014-11-01 11:00 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 16:37 - 2014-11-02 12:58 - 00000000 ____D () C:\Program Files (x86)\NetSetMan
2015-02-11 13:17 - 2014-11-01 13:31 - 00000000 ____D () C:\Users\Henry\Documents\AGFM
2015-02-11 11:04 - 2014-10-26 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-11 11:04 - 2014-10-26 16:40 - 00000000 ____D () C:\Program Files\Dell
2015-02-09 21:22 - 2014-11-01 19:10 - 00000000 ____D () C:\Users\Henry\Documents\Humor
2015-02-09 05:38 - 2014-11-17 06:06 - 00000576 _____ () C:\wifi-debug.xml
2015-02-07 12:17 - 2014-11-01 20:09 - 00000000 ____D () C:\Users\Henry\Documents\Product Manuals
2015-02-05 16:21 - 2014-11-05 18:33 - 00000000 ____D () C:\Users\Henry\AppData\Local\Deployment
2015-02-05 12:28 - 2014-10-26 16:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:28 - 2014-10-26 16:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:28 - 2014-10-26 16:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:15 - 2014-11-15 13:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:15 - 2014-11-15 13:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 09:27 - 2014-12-26 13:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-04 09:27 - 2014-12-04 22:11 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-02-04 09:27 - 2014-12-04 22:10 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-04 09:27 - 2014-11-08 17:45 - 00000000 ____D () C:\ProgramData\Ulead Systems
2015-02-04 09:27 - 2014-11-03 20:39 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\IrfanView
2015-02-04 09:27 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GHISLER
2015-02-04 09:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-04 09:26 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-04 09:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

==================== Files in the root of some directories =======

2014-12-25 11:45 - 2015-01-19 21:59 - 0000263 _____ () C:\Users\Henry\AppData\Roaming\Binary Clock_Settings.ini
2014-11-02 00:27 - 2015-02-26 10:30 - 0000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2014-11-02 00:27 - 2015-02-26 10:35 - 0000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2014-11-05 20:40 - 2014-12-31 10:37 - 0072704 _____ () C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-01 17:45 - 2014-11-01 17:45 - 0000093 _____ () C:\Users\Henry\AppData\Local\fusioncache.dat
2014-11-04 06:34 - 2014-12-28 23:19 - 0007597 _____ () C:\Users\Henry\AppData\Local\Resmon.ResmonCfg
2014-11-12 21:31 - 2014-11-12 21:31 - 0000040 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 07:19

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Henry at 2015-02-26 11:23:46
Running from C:\Users\Henry\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced IP Scanner v1.5 (HKLM-x32\...\Advanced IP Scanner v1.5) (Version: - )
Advanced LAN Scanner v1.0 BETA 1 (HKLM-x32\...\Advanced LAN Scanner v1.0 BETA 1) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{BF728146-387A-B1FE-28F1-F25B5363D5EA}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.8.0 - SlySoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVIGenerator 1.8.0.0 (HKLM-x32\...\AVIGenerator) (Version: 1.8.0.0 - )
BOINC (HKLM\...\{0DF28429-855F-4BDC-B264-058D2785965E}) (Version: 7.4.36 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Canon driver for P-215II (x64) (HKLM\...\{29365D7E-86E6-4828-AFE5-0BDBE73A39F6}) (Version: 1.0.5197 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Application (HKLM-x32\...\{2F5ED7FC-EB58-41C8-ACBD-094362D6DA4F}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Mail (HKLM-x32\...\{B6ADDC04-4138-490A-80B6-7D874008F281}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for PaperPort 14 (HKLM-x32\...\{1458CC10-F280-4D16-A791-B72893FC1DA1}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Presto! BizCard 6 (HKLM-x32\...\{8662E3EE-8811-4CDE-9B4C-2B75A3746DA8}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Printer (HKLM-x32\...\{BDFF5BF0-2949-450D-8030-E6892B0DB03C}) (Version: 1.0.5200 - Canon Electronics Inc.)
CmgMasterPrerequisites (x32 Version: 1.4.1.777 - Credant Technologies Inc.) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{AB904BBA-B274-44E7-9FDD-E96E5D69F9D3}) (Version: 2.3.440.224 - Broadcom Corporation)
Dell Data Protection | Client Security Framework (HKLM\...\{05FDD00D-1C45-44D1-AB3F-C24D45C39457}) (Version: 8.4.1.1717 - Dell, Inc.)
Dell Data Protection | Security Tools (HKLM-x32\...\InstallShield_{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.4.1.777 - Dell, Inc.)
Dell Data Protection | Security Tools (x32 Version: 1.4.1.777 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (HKLM\...\{0B72160B-9F67-47C0-858F-5A0074162148}) (Version: 1.3.1.433 - DigitalPersona, Inc.)
Dell Data Vault (Version: 4.0.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{0D2426EF-A4D1-403B-B78B-2897D6AD3021}) (Version: 1.1.333.0 - Dell Inc.)
Dell Precision Optimizer (HKLM-x32\...\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8}) (Version: 02.00.07 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.5.19821 - Invincea, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.110 - ALPS ELECTRIC CO., LTD.)
DraftSight (HKLM-x32\...\{87A003CE-22FD-4952-9B0F-B98304A13427}) (Version: 8.1.398 - Dassault Systemes)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.20 (HKLM-x32\...\{74699736-87EB-49E7-8B71-7527A45C35C6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.30 (HKLM-x32\...\{0F0E68E9-9463-4087-B211-E80FAC5F9BC6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}) (Version: 2.5.3.0 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.2.104.00 (HKLM\...\PROSetDX) (Version: 19.2.104.00 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{3b398ef6-924b-4943-ae2d-e8feb143622a}) (Version: 17.0.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Learn Microsoft Visual Basic 6.0 Now (HKLM-x32\...\Learn Microsoft Visual Basic 6.0 Now) (Version: - )
Lorex Client 10 (HKLM-x32\...\Lorex Client) (Version: 10 - )
Lorex Player 11 (HKLM-x32\...\{CA8CEEE3-8F1B-4A27-80A4-A1A00A3AE3F5}) (Version: 1.2.14 - Lorex)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio for Enterprise Architects SR-1 [English] (HKLM-x32\...\{90560409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.1.3313 - Microsoft Corporation)
Microsoft Visual Basic 6.0 Learning Edition (HKLM-x32\...\Visual Basic 6.0 Learning Edition) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio .NET Enterprise Architect 2003 - English (HKLM-x32\...\Visual Studio .NET Enterprise Architect 2003 - English) (Version: - Microsoft)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mozilla Sunbird (0.9) (HKLM-x32\...\Mozilla Sunbird (0.9)) (Version: 0.9 (en-US) - Mozilla)
MSDN Library - April 2003 (HKLM-x32\...\{8F729180-4934-49B5-8DAF-9320F5AAEE95}) (Version: 7.40.3085 - Microsoft)
MSDN Library - Visual Studio 6.0 (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
NETGEAR VPN Client Lite (HKLM-x32\...\NETGEAR VPN Client Lite) (Version: - NETGEAR)
NetSetMan Pro 3.7.3 (HKLM-x32\...\NetSetMan_is1) (Version: 3.7.3 - Ilja Herlein)
Nuance OmniPage 18 (HKLM-x32\...\{10FD521E-11D1-4A08-A497-BB49B701C6D8}) (Version: 18.1.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{43A4BB54-C319-4207-8948-42E79E66F47F}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 7 (HKLM\...\{D117E04F-3FF8-45E2-8C1A-3E173C3111FE}) (Version: 7.30.6212 - Nuance Communications, Inc.)
OneTouch 4 ScanSoft OmniPage 16.2 OCR Module (HKLM-x32\...\{F80376CE-BB27-4757-B2A1-F3873F7FC457}) (Version: 2.0.0 - Visioneer)
OneTouch 4.6 (HKLM-x32\...\{AF8B1525-17EF-4D2E-A018-8D79CE260BA8}) (Version: 4.6.2014.9305 - Visioneer Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
P-215II CaptureOnTouch (HKLM-x32\...\{21FE8257-EF7A-46A9-B4A0-C50E4E55795E}) (Version: 3.0 - Canon Electronics Inc.)
P-215II UserManual (HKLM-x32\...\{AA1A23EF-80B0-4F98-A0A5-603D2441657B}) (Version: 1.05.0000 - Canon Electronics Inc.)
PLI Viewer (HKLM-x32\...\PLI Viewer_is1) (Version: - Henry Rowehl)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6023 - Realtek Semiconductor Corp.)
Roxio Activation Module (HKLM-x32\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Scansoft PDF Professional (x32 Version: - ) Hidden
Scope (HKLM-x32\...\{F4070264-6752-4B25-82CD-451356E80E3C}) (Version: 5.23.0.0 - )
Scope (x32 Version: 5.23.0.0 - GFM GmbH, Austria) Hidden
Scope (x32 Version: 5.6.3.0 - GFM GmbH, Austria) Hidden
SetIP (HKLM-x32\...\SetIP) (Version: 2.00.00.00 - Xerox Ltd.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
Ulead Photo Express 4.0 SE (HKLM-x32\...\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}) (Version: - )
Ulead VideoStudio 7 SE Basic (HKLM-x32\...\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}) (Version: 7.0 - Ulead Systems, Inc.)
Visioneer Acuity Assets V1 (HKLM-x32\...\{8D4A39B4-5D75-462C-89A2-81C1D887B9B5}) (Version: 5.1.812.11295 - Visioneer)
Visioneer Acuity Assets V1 (HKLM-x32\...\{B18BA00A-8857-4A54-B1CF-82BBB33CBF96}) (Version: 5.1.1114.7042 - Visioneer Inc.)
Visioneer RoadWarrior 3 Driver (HKLM-x32\...\{518D2CF0-1451-4A51-B420-FA9C19ED9599}) (Version: 5.1.13.8153 - Visioneer Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WIBU-KEY Setup (WIBU-KEY Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 5.20b of 2007-Apr-18 (Setup) - WIBU-SYSTEMS AG)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Xerox WorkCentre 3315 (HKLM-x32\...\Xerox WorkCentre 3315) (Version: - Xerox Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

21-02-2015 18:28:42 Windows Backup
25-02-2015 08:58:09 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-23 09:56 - 2015-02-25 09:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01CDA079-E77B-421B-90B9-75C2DAAF2326} - System32\Tasks\{77EC7949-2166-4C99-A482-47664618375C} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {0E57CEDD-C6BA-479E-824F-9D9FB0182642} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {1B687C82-5794-4AEF-9227-5C5F2A0BDE02} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {26894EDA-0EB2-4937-B448-CD4DF445DD75} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {28B4D76D-CFC1-4BAF-A663-74CC919672C3} - System32\Tasks\{B43AC92C-8F82-4E72-883E-4A0B25F47BF4} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {3C1EFCB7-E81C-4EAA-95D3-D8A1A6D12A6F} - System32\Tasks\{321E17FF-DD87-4263-80FD-AD992F7D62E1} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {403103E9-5857-43F7-A4A4-C9F3B1691BB6} - System32\Tasks\Dell\PPO SM Manual Update => C:\Program Files\Dell\PPO\DcsuWrap.exe [2014-08-15] (Dell Inc.)
Task: {4B573AF8-25FE-49CC-AD1C-6ABE3F9FB781} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {571D3241-AEDC-4FA5-95E4-FF50179E65E6} - System32\Tasks\NetSetMan => C:\Program Files (x86)\NetSetMan\netsetman.exe [2014-06-03] (Ilja Herlein)
Task: {68D5D6E6-27B2-46DC-A690-A49805D6FCF5} - System32\Tasks\{18C23A6D-5405-41EE-8CBF-019CDF144345} => C:\totalcmd\TOTALCMD.EXE [2012-08-03] (Ghisler Software GmbH)
Task: {6E5BD55F-4A0A-4D72-9B2B-551C35D8517C} - System32\Tasks\{E5774B80-584C-477F-BDD4-089CE253FC27} => pcalua.exe -a C:\Users\Henry\Documents\Downloads\Visioneer\HiddenDevices.exe -d C:\Users\Henry\Documents\Downloads\Visioneer
Task: {7BD388DD-3811-4416-BF3B-F40C41F0A149} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8C04DBAF-00AC-4F7E-AA99-AB71337B4664} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {94179557-D46C-4493-A857-704EA6934870} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A22AFACB-6E1C-43DB-9A40-4BA28C01CBF0} - System32\Tasks\{76300760-610E-4F6A-871B-95BDAA2C3F34} => D:\SETUP.EXE
Task: {A3910C73-9DED-42CC-86EB-38687AD85BC2} - System32\Tasks\{BB86F365-1D4E-482E-AC11-BF302E1FD6F7} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {BFF99A1F-B2E1-4E8B-8889-FB37398862B9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C24C108D-795C-499C-B91C-B46713D3ABE2} - System32\Tasks\{F0E1B53D-B723-4DE0-BCFC-7E82834E305A} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {DC3082F6-F77F-460C-BABB-0256D4299225} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {DE7DE3E1-7DDA-42B8-BDED-247F8E2BBEBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {E2244DBB-385A-4C62-B727-9E65B19AEB08} - System32\Tasks\{665DC180-863A-496B-857C-BC8F4F3B89FD} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {EC53F16E-BE76-4247-86BD-646CA3DAB8A5} - System32\Tasks\{62BE403F-5535-4C72-A461-AE9059E0B730} => D:\SETUP.EXE
Task: {F4D39289-4BC2-4A70-8FF9-12990900D3E3} - System32\Tasks\{9CF71E80-E39E-4CEA-9770-D5981D522BF6} => D:\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-09-11 17:59 - 2014-09-11 17:59 - 00303968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\authproxy.dll
2014-11-01 12:58 - 2011-07-28 11:55 - 00034304 _____ () C:\Windows\System32\sxr2mlm.dll
2014-11-01 12:58 - 2012-11-06 06:48 - 01214464 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sxr2mdu.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00026464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
2014-09-11 17:59 - 2014-09-11 17:59 - 02172768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00027488 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00082272 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00062816 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.AuthProxy.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00079200 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.PBA.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00036192 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.SED.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00129376 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00666464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredCommon.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00879456 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CryptoProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00707424 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DBManager.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00353632 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\OPALProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 01507680 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\ConnectionProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00047968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\FVEProvider.dll
2014-10-26 17:08 - 2014-06-04 15:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-10-26 17:08 - 2014-06-04 15:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2007-07-23 15:05 - 2007-07-23 15:05 - 00066544 _____ () C:\Program Files\Roxio\Drag-to-Disc\DLAAPI_W.DLL
2014-10-26 17:08 - 2014-06-04 15:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00232288 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2014-09-11 17:59 - 2014-09-11 17:59 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2015-02-12 18:19 - 2015-02-12 18:19 - 00615112 _____ () C:\Program Files (x86)\Invincea\Enterprise\X64\SqlliteICD.dll
2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2014-09-29 19:51 - 2014-09-29 19:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2015-02-13 22:00 - 2015-02-13 22:00 - 03853824 _____ () C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
2014-10-26 17:08 - 2014-07-02 21:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-03-25 12:42 - 2013-03-25 12:42 - 00021824 _____ () C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\SSLSupport.dll
2014-08-13 08:27 - 2014-08-13 08:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-12-27 12:46 - 2014-12-27 12:46 - 00133120 _____ () C:\Users\Henry\AppData\Roaming\xaeojhej\colers.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-04-29 16:23 - 2014-04-29 16:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-26 17:08 - 2014-07-30 17:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-10-26 17:08 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-10-26 17:08 - 2012-11-25 23:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:151
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:154
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:273
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:276
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3538
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3590
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3691
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.222.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

ACTUser (S-1-5-21-1310488628-551009281-1505269296-1005 - Limited - Enabled)
Administrator (S-1-5-21-1310488628-551009281-1505269296-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1310488628-551009281-1505269296-1003 - Limited - Enabled)
Guest (S-1-5-21-1310488628-551009281-1505269296-501 - Limited - Enabled)
Henry (S-1-5-21-1310488628-551009281-1505269296-1000 - Administrator - Enabled) => C:\Users\Henry
HomeGroupUser$ (S-1-5-21-1310488628-551009281-1505269296-1011 - Limited - Enabled)
SQLDebugger (S-1-5-21-1310488628-551009281-1505269296-1006 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Visioneer RoadWarrior 3
Description: Visioneer RoadWarrior 3
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Visioneer Incorporated
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2015 11:14:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 11:13:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 11:10:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2015 11:05:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WbioSrvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0x80004004
Fault offset: 0x000000000000940d
Faulting process id: 0xaf0
Faulting application start time: 0xsvchost.exe_WbioSrvc0
Faulting application path: svchost.exe_WbioSrvc1
Faulting module path: svchost.exe_WbioSrvc2
Report Id: svchost.exe_WbioSrvc3

Error: (02/26/2015 11:04:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2015 11:03:47 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (02/26/2015 10:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 10:42:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 10:40:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 09:54:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


System errors:
=============
Error: (02/26/2015 11:09:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/26/2015 11:05:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/26/2015 11:01:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/26/2015 11:00:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/26/2015 00:04:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/25/2015 09:41:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/25/2015 09:34:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/25/2015 08:21:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Biometric Service service terminated unexpectedly. It has done this 2 time(s).

Error: (02/25/2015 08:20:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/25/2015 08:16:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.


Microsoft Office Sessions:
=========================
Error: (02/26/2015 11:14:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 11:13:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 11:10:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2015 11:05:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WbioSrvc6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.184095315a05a80004004000000000000940daf001d051ddd0c3f0cfC:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dll3d6d4846-bdd1-11e4-963c-801934512fa1

Error: (02/26/2015 11:04:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2015 11:03:47 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (02/26/2015 10:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 10:42:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 10:40:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/26/2015 09:54:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


CodeIntegrity Errors:
===================================
Date: 2015-02-25 09:09:19.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-25 09:09:19.402
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-09 16:43:42.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 12:46:22.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 12:36:23.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 11:55:27.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 11:30:57.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 11:08:00.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 10:52:31.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 10:44:27.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 16289.21 MB
Available physical RAM: 11424.9 MB
Total Pagefile: 32576.6 MB
Available Pagefile: 26680.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:620.82 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
 
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-02-11 11:05 - 2015-02-11 11:05 - 00004036 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-04 09:27 - 2014-12-04 22:10 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
Task: {DC3082F6-F77F-460C-BABB-0256D4299225} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {1B687C82-5794-4AEF-9227-5C5F2A0BDE02} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:151
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:154
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:273
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:276
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3538
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3590
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3691
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95
EmptyTemp:
Hosts:
End
Click to expand...

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~``

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Download RogueKiller to your desktop.

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.

~~~~~~~~~~~~~~~~~~~~~

Emsisoft Anti-Malware
  1. Download and save the Emsisoft Anti-Malware setup program to your desktop. The download is fairly large, so please be patient while it downloads.
  2. Once the file has been downloaded, close all open programs.
  3. Double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
  4. If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
  5. You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
  6. Click on the Freeware mode link:
    install-license-type.jpg
  7. You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
  8. Allow it to update the definitions. Please be patient as it may take a few minutes for the updates to finish downloading.
  9. When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
  10. Please select the Deep Scan option and then click on the Scan button. The Deep Scan option will take the longest time to scan your computer, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned. Please don't run any other program while it is scanning.
  11. When the scan has finished, the program will display the scan results that shows what infections where found.
  12. Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports)
  13. Click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.


fixlist.txt
RogueKiller log
Emsisoft Anti-Malware
 
I followed all the steps in your last post. Only had one glitch... the EMSISoft package was a different version than the one in your post. There was no 'Freeware Mode' selection available. I had to install it, run it, then uninstall it when I was done.

Just as a quick note, the processes terminated by RogueKiller are BOINC (Berkley Open Infrastructure for Network Computing) projects that I contribute computer time to. I've been running BOINC projects for several years on all my computers - they're all known safe.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Henry at 2015-02-26 17:51:00 Run:3
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-02-11 11:05 - 2015-02-11 11:05 - 00004036 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-04 09:27 - 2014-12-04 22:10 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
Task: {DC3082F6-F77F-460C-BABB-0256D4299225} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {1B687C82-5794-4AEF-9227-5C5F2A0BDE02} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:151
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:154
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:273
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:276
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3538
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3590
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3691
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask => Moved successfully.
C:\ProgramData\Optimizer => Moved successfully.
C:\ProgramData\PC-Doctor for Windows => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC3082F6-F77F-460C-BABB-0256D4299225}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC3082F6-F77F-460C-BABB-0256D4299225}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B687C82-5794-4AEF-9227-5C5F2A0BDE02}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B687C82-5794-4AEF-9227-5C5F2A0BDE02}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCDEventLauncherTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => Key deleted successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":151" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":154" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":273" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":276" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3538" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3590" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3691" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":95" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 113.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:51:06 ====



RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Henry [Administrator]
Mode : Scan -- Date : 02/26/2015 18:08:42

¤¤¤ Processes : 10 ¤¤¤
[Proc.Injected] Emc.Captiva.WebToolkitHost.exe(6448) -- C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe[7] -> Killed [TermProc]
[Suspicious.Path] InvProtectAgent64.exe(9076) -- C:\ProgramData\Invincea\Enterprise\Bin\x64\InvProtectAgent64.exe[7] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9724) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9732) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9748) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9768) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9784) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9804) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9816) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9840) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.excite.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.excite.com -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] zle9j8xn.default-1419567438668 : user_pref("browser.startup.homepage", "www.excite.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM 014-1EJ164 SCSI Disk Device +++++
--- User ---
[MBR] 582d12e969e35d633f5e753332544e8f
[BSP] 2a123dda8e7c133e1846ed90e48c905d : HP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK



Emsisoft Anti-Malware - Version 9.0
Last update: 2/26/2015 18:21:41
User account: ELSERVICE13\Henry

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, Y:\

Detect PUPs: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 2/26/2015 18:23:05
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546} detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE detected: Application.AdImage (A)
C:\FRST\Quarantine\C\Program Files (x86)\Mozilla FireFox Update\Bundle.exe.xBAD detected: Adware.Generic.1050251 (B)
C:\FRST\Quarantine\C\ProgramData\Optimizer\program\windows_firefoxupdateam.exe.xBAD -> (Instyler o) -> (Instyler Module 0) detected: Adware.Generic.1050251 (B)
C:\FRST\Quarantine\C\Users\Henry\Documents\AGFM\MemStick\autorun.inf.xBAD detected: Worm.Autorun.VIN (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\Milling\FNF-10\6503\6503Backup_FullVers.arj -> cnc\mmi\VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\Milling\FNF-10\6504\6504Backup_FullVers.arj -> cnc\mmi\VBMMI.EXE detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\ROUTERS\RMT-50\7503\PRENCCS\source\dual\Prenccs.exe detected: Gen:Variant.Symmi.28926 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\CM10\7701\7701_cnc.ZIP -> WINDOWS/Desktop/cnc/mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\CM10\7701\7701_cnc.ZIP -> WINDOWS/Desktop/cnc/Copy of mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\CM10\7708\7708_cnc.zip -> cnc/mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\CM10\7713\7713cnc.zip -> mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6341\cnc\mmi\VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6341\cnc_6341.zip -> cnc/mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\cnc6385.zip -> Split_Gerber/run/CTMP.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\cnc6385.zip -> Split_Gerber/run/WINCAM.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\cnc6385.zip -> Split_Gerber/run/POST.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\cnc6385.zip -> Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\Split_Gerber\run\CTMP.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\Split_Gerber\run\POST.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\Split_Gerber\run\sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\Split_Gerber\run\WINCAM.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6386\CNC6386.zip -> Split_Gerber/run/CTMP.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6386\CNC6386.zip -> Split_Gerber/run/WINCAM.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6386\CNC6386.zip -> Split_Gerber/run/POST.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6386\CNC6386.zip -> Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\USS40\6401\6401_cnc_20060115.zip -> CncBackup_6401/cnc/mmi/VbMmi.exe 5.20.11 detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\USS40\6401\6401_cnc_zip -> mmi/VbMmi.exe 5.20.11 detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7011.apk -> META-INF/CERT.RSA detected: Android.Adware.KyView.A (B)
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7013.apk -> META-INF/CERT.RSA detected: Android.Adware.KyView.A (B)

Scanned 483360
Found 82

Scan end: 2/26/2015 21:15:05
Scan time: 2:52:00

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE Quarantined Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Quarantined Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546} Quarantined Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Quarantined Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL Quarantined Application.AdImage (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)

Quarantined 6
 
Emisoft has made changes that we were not notified of.

Just as a quick note, the processes terminated by RogueKiller are BOINC (Berkley Open Infrastructure for Network Computing) projects that I contribute computer time to. I've been running BOINC projects for several years on all my computers - they're all known safe.
Click to expand...
Yes, it's labeled as PUP, Possible Unwanted Malware.

Below entries are ok IF you set excite as a Home page?
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.excite.com -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] zle9j8xn.default-1419567438668 : user_pref("browser.startup.homepage", "www.excite.com"); -> Found


https://herdprotect.com/rei_axcontrol.dll-c3a4e221d513d85510b0e1d9b4d374b1297ff9eb.aspx
The Reimage Protector service is designed to support Reimage, a purported PC optimization tool designed to 'fine-tune' the computer's registry.
Reimage is part of Crossrider group. Registry cleaner of which can cause harm, between 67% to 56% remove it.

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}
detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE detected: Application.AdImage (A)

~~

Mostly what was found by the Emisoft scan is on a backups?

And it quarantined 6 objects located in the registry.

~~~~~~~~~~~~~~~~~~~~~~~

What I'm thinking, if this hasn't stopped the extra IE processes, are applications loading at startup connecting to the internet.
Ideally these applications can be turned off and used on demand as needed. We have done enough rootkit scans that I'm sure have you seeing crosseyed now and no signs of any extra malware is showing up.

~~~

Let's see if there are any startup items we can disable to improve performance.

Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
 
Juliet said:
Below entries are ok IF you set excite as a Home page?
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.excite.com -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] zle9j8xn.default-1419567438668 : user_pref("browser.startup.homepage", "www.excite.com"); -> Found


https://herdprotect.com/rei_axcontrol.dll-c3a4e221d513d85510b0e1d9b4d374b1297ff9eb.aspx
The Reimage Protector service is designed to support Reimage, a purported PC optimization tool designed to 'fine-tune' the computer's registry.
Reimage is part of Crossrider group. Registry cleaner of which can cause harm, between 67% to 56% remove it.
Click to expand...


Yes, Excite is my home page. As far as ReImage, I tried to get rid of that a couple of times already, it's not gone yet?

Here's the Hijack log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:54:00, on 2/27/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
C:\ProgramData\BOINC\slots\7\enigma_0.76.exe
C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
C:\ProgramData\BOINC\slots\3\enigma_0.76.exe
C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
C:\ProgramData\BOINC\slots\4\enigma_0.76.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
C:\ProgramData\BOINC\slots\1\enigma_0.76.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.excite.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Invincea Web Redirector - {1C52FA7C-51B7-4621-9D5A-11101BA13134} - C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [NetSetMan] "C:\Program Files (x86)\NetSetMan\netsetman.exe" -h
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe
O4 - HKLM\..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe
O4 - HKLM\..\Run: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [P-215II CaptureOnTouch] "C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe" LOGON
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - Startup: OpenOffice 4.1.1.lnk = C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - res://C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: http://www.samsungsetup.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Management Agent Service (DellMgmtAgent) - Dell Inc. - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
O23 - Service: Dell Security Framework Loader (DellMgmtLoader) - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
O23 - Service: DELL Security Framework Local Server (DellMgmtServer) - Dell, Inc. - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
O23 - Service: @C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe,-200 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EMC Captiva Cloud Service (Emc.Captiva.WebCaptureService) - EMC Corporation - C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Invincea Enterprise Service (InvProtectSvc) - Invincea, Inc. - C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NSM Service (nsmService) - Ilja Herlein - C:\Program Files (x86)\NetSetMan\nsmservice.exe
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Dell PPO Service (poaService) - Dell Inc. - C:\Program Files\Dell\PPO\poaService.exe
O23 - Service: Dell PPO System Maintenance Service (PoaSMSrv) - Dell Inc. - C:\Program Files\Dell\PPO\poaSmSrv.exe
O23 - Service: Dell PPO Track & Analyze Service (poaTaServ) - Dell Inc. - C:\Program Files\Dell\PPO\poaTaServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: RWAR3HV_0002_0 - Visioneer Inc. - C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE
O23 - Service: RWAR3Monitor - Visioneer Inc. - C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SboxSvc - Invincea, Inc. - C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TgbIke Starter - TheGreenBow - C:\Windows\SysWOW64\TgbStarter.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: Windows Virtual Network (WVN3) (WindowsVNT_R3) - MicroStudio - C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 17040 bytes
 
Status
Not open for further replies.
Back
Top