Spybot 2.4.40.0 - first system scan scan hangs on Zlob.ZipCodec
- Thread starter Big_Sam
- Start date
- Status
OCD
Malware Team-Emeritus
Hi Big_Sam,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
Security Check
Download Security Check by screen317 from here or here.
aswMBR
Download aswMBR.exe and save it to your desktop.
Download Farbar Recovery Scan Tool and save to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
In your next post please provide the following:
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
- Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
Security CheckDownload Security Check by screen317 from here or here.
- Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
aswMBRDownload aswMBR.exe and save it to your desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- When asked if you want to download Avast's virus definitions please select Yes.
- Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
Download Farbar Recovery Scan Tool and save to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
In your next post please provide the following:
- checkup.txt
- aswMBR.txt
- attach MBR.zip
- FRST.txt
- Addition.txt
Scan results
Thanks for helping out.
Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 5.0
Spybot - Search & Destroy
Advanced WindowsCare Personal 2.6.0
Java(TM) 6 Update 39
Java version 32-bit out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-23 12:44:18
-----------------------------
12:44:18.209 OS Version: Windows x64 6.1.7601 Service Pack 1
12:44:18.210 Number of processors: 4 586 0x2502
12:44:18.211 ComputerName: OWNER-PC UserName: Owner
12:44:19.549 Initialize success
12:44:20.451 VM: initialized successfully
12:44:20.452 VM: Intel CPU supported
12:45:12.874 VM: supported disk I/O ataport.SYS
12:51:20.003 AVAST engine defs: 14122300
12:51:52.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:51:52.249 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11
12:51:52.415 VM: Disk 0 MBR read successfully
12:51:52.417 Disk 0 MBR scan
12:51:52.467 Disk 0 Windows 7 default MBR code
12:51:52.479 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
12:51:52.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 206848
12:51:52.552 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 20686848
12:51:52.558 Disk 0 default boot code
12:51:52.604 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 466738 MB offset 20891648
12:51:52.701 Disk 0 scanning C:\Windows\system32\drivers
12:52:12.327 Service scanning
12:52:50.334 Modules scanning
12:52:50.340 Disk 0 trace - called modules:
12:52:50.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:52:50.364 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be6060]
12:52:50.369 3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004923060]
12:52:51.369 AVAST engine scan C:\Windows
12:52:54.614 AVAST engine scan C:\Windows\system32
12:58:04.547 AVAST engine scan C:\Windows\system32\drivers
12:58:27.599 AVAST engine scan C:\Users\Owner
13:13:11.132 AVAST engine scan C:\ProgramData
13:17:48.208 Disk 0 statistics 4175554/0/26 @ 2.39 MB/s
13:17:48.215 Scan finished successfully
13:18:10.632 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
13:18:10.686 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014
Ran by Owner (administrator) on OWNER-PC on 23-12-2014 13:20:57
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Sandy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1807360 2011-10-19] (Dominik Reichl)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: D - D:\MotoCastSetup.exe -a
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {10a6fdd2-2ba4-11e0-a78e-0026b9163789} - D:\setup.exe -a
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {13c53942-1d69-11e2-bebd-0026b9163789} - D:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {34bba2e2-1f90-11e2-be83-0026b9163789} - D:\MotoCastSetup.exe -a
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {5beb2bdf-2d42-11e0-9c18-0026b9163789} - D:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {ad1bda0c-744c-11e2-9521-0026b9163789} - D:\MotoCastSetup.exe -a
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {f213755d-ab8d-11df-b875-0026b9163789} - D:\LaunchU3.exe -a
Startup: C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-713969557-3948734433-3494438272-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-713969557-3948734433-3494438272-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-713969557-3948734433-3494438272-1000 -> {B73E8240-1508-4677-92AC-C36519FDC0AA} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-713969557-3948734433-3494438272-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-713969557-3948734433-3494438272-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-713969557-3948734433-3494438272-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-713969557-3948734433-3494438272-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox [2010-04-24]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.com1_
CHR DefaultSearchURL: Default -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05]
CHR Extension: (Entanglement Web App) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-11-05]
CHR Extension: (Angry Birds) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-11-05]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (Reditr Web App - The Best Reddit Client) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmiceoebcclihjdpnmmkdcmcboekibc [2014-11-05]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-11-05]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05]
CHR Extension: (SuperSorter) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2014-11-05]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-11-05]
CHR Extension: (StumbleUpon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-11-05]
CHR Extension: (Whois this!!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-11-05]
CHR Extension: (Google Maps) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-11-05]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR Extension: (TabCloud) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2014-11-05]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-11-05]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-11-05]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]
CHR HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [94208 2008-05-28] (SEIKO EPSON CORPORATION) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 DCamUSBET; C:\Windows\System32\DRIVERS\etDevice64.sys [178304 2009-11-17] (eMPIA Technology, Inc.)
S3 FiltUSBET; C:\Windows\System32\DRIVERS\etFilter64.sys [347264 2010-02-08] (eMPIA Technology Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 ScanUSBET; C:\Windows\System32\DRIVERS\etScan64.sys [9088 2009-06-28] (eMPIA Technology, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-14] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Owner\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 13:20 - 2014-12-23 13:21 - 00021261 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-12-23 13:20 - 2014-12-23 13:21 - 00000000 ____D () C:\FRST
2014-12-23 13:19 - 2014-12-23 13:19 - 02122240 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-12-23 13:18 - 2014-12-23 13:18 - 00002278 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-12-23 13:18 - 2014-12-23 13:18 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-12-23 12:43 - 2014-12-23 12:43 - 00001105 _____ () C:\Users\Owner\Desktop\checkup.txt
2014-12-23 12:39 - 2014-12-23 12:40 - 05198336 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-12-23 12:37 - 2014-12-23 12:37 - 00852505 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-12-23 06:55 - 2014-12-23 06:55 - 00001039 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-12-23 06:55 - 2014-12-23 06:55 - 00000000 ____D () C:\ProgramData\Licenses
2014-12-23 06:54 - 2014-12-23 06:55 - 04095448 _____ (BrightFort LLC ) C:\Users\Owner\Downloads\spywareblastersetup50.exe
2014-12-22 15:01 - 2014-12-22 15:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-22 15:01 - 2014-12-22 15:01 - 00000000 _____ () C:\Windows\setupact.log
2014-12-22 11:56 - 2014-12-22 11:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-22 11:56 - 2014-12-22 11:56 - 00001351 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-22 11:56 - 2014-12-22 11:56 - 00001339 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-22 11:56 - 2014-12-22 11:56 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-22 11:56 - 2014-12-22 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-22 11:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-22 11:51 - 2014-12-22 11:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2014-12-22 09:59 - 2014-12-22 09:59 - 00000000 ____D () C:\FXCM HGImatrix
2014-12-22 09:28 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 09:28 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 03:31 - 2014-12-11 03:31 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:04 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:04 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 03:04 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 03:04 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 03:04 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 03:04 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 03:04 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 03:04 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 03:04 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 03:04 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 05:39 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 05:39 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 05:39 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 05:39 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 05:39 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 05:39 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 05:39 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 05:39 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 05:39 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 05:39 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 05:39 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 05:39 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 05:39 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 05:39 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 05:39 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 05:39 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 05:39 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 05:39 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 05:39 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 05:39 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 05:39 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 05:39 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 05:39 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 05:39 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 05:39 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 05:39 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 05:39 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 05:39 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 05:39 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 05:39 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 05:39 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 05:39 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 05:39 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 05:39 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 05:39 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 05:39 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 05:39 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 05:39 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 05:39 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 05:39 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 05:39 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 05:39 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 05:39 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 05:39 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 05:39 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 05:39 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 05:39 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 05:39 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 05:39 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 05:39 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 05:39 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 05:39 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 05:39 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 05:39 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 05:39 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 05:39 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 05:39 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:39 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:39 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 05:37 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:37 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:37 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 05:37 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 05:37 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 05:37 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 05:37 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 05:37 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 05:37 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 05:37 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 05:37 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 05:37 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 05:37 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 05:37 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-07 18:58 - 2014-12-07 18:58 - 00001724 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-12-07 18:56 - 2014-12-07 18:57 - 04362512 _____ (Piriform Ltd) C:\Users\Owner\Downloads\dfsetup218.exe
2014-12-07 18:10 - 2014-12-07 18:10 - 00158288 _____ () C:\Users\Owner\Downloads\Pipcruiser%27s Pipmasher (1).mq4
2014-12-07 17:42 - 2014-12-22 09:59 - 00001498 _____ () C:\Users\Public\Desktop\FXCM MetaTrader 4.lnk
2014-12-07 17:21 - 2014-12-07 17:21 - 00804985 _____ () C:\Users\Owner\Downloads\RegpairSetup.exe
2014-12-07 17:21 - 2014-12-07 17:21 - 00000991 _____ () C:\Users\Sandy\Desktop\Free Window Registry Repair.lnk
2014-12-07 17:19 - 2014-12-07 17:19 - 00042416 _____ () C:\cc_20141207_171919.reg
2014-12-07 17:14 - 2014-12-07 17:14 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-07 17:14 - 2014-12-07 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-07 17:12 - 2014-12-07 17:12 - 05162080 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup500.exe
2014-12-07 17:02 - 2014-12-07 17:02 - 00003142 _____ () C:\Windows\System32\Tasks\{61478681-2B3A-4F67-99EA-576AA345124A}
2014-12-07 16:58 - 2014-12-07 17:42 - 00000000 ____D () C:\FXCM Pipcruisers Pipsmasher
2014-12-07 16:55 - 2014-12-07 16:55 - 00440144 _____ (MetaQuotes Software Corp.) C:\Users\Owner\Desktop\FXCM-MT4Install (1).exe
2014-12-07 16:26 - 2014-12-07 16:27 - 05729769 _____ () C:\Users\Owner\Downloads\HGI V.14.02.zip
2014-12-07 16:26 - 2014-12-07 16:26 - 00049226 _____ () C:\Users\Owner\Downloads\HGI_Dark.V.14.05.ex4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 13:19 - 2010-04-09 15:33 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CE891936-DEE4-41AC-BDD0-70A68434CF65}
2014-12-23 13:11 - 2010-04-26 17:07 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000UA.job
2014-12-23 13:11 - 2010-04-24 05:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 10:13 - 2011-02-15 21:43 - 01596049 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 07:18 - 2014-11-05 18:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-23 07:17 - 2011-02-02 10:38 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-23 07:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2014-12-23 06:56 - 2011-02-02 10:38 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-12-23 06:55 - 2011-02-02 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-12-22 20:24 - 2010-04-26 17:07 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000Core.job
2014-12-22 20:24 - 2010-04-24 05:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 18:27 - 2014-11-05 18:08 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-22 18:27 - 2014-11-05 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-22 18:27 - 2014-11-05 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-22 15:01 - 2013-05-31 11:08 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-22 12:01 - 2010-07-06 21:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-22 11:56 - 2010-07-06 21:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-22 10:11 - 2014-02-09 18:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TeamViewer
2014-12-22 10:11 - 2010-09-28 19:12 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-12-22 10:11 - 2010-04-23 19:49 - 00000000 ___DC () C:\Users\Owner\AppData\Local\MigWiz
2014-12-22 10:11 - 2010-04-09 15:48 - 00000000 ____D () C:\Windows\Panther
2014-12-22 09:59 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 09:59 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 09:51 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 09:40 - 2014-03-31 06:38 - 04441216 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-12-12 14:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 02:11 - 2014-11-05 18:43 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 03:32 - 2014-04-24 05:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:16 - 2013-08-03 09:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:08 - 2011-04-20 16:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:08 - 2010-04-09 18:29 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 15:02 - 2014-10-03 07:42 - 00109280 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-12-07 19:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-07 18:59 - 2010-12-19 13:38 - 00000000 ____D () C:\Program Files\Defraggler
2014-12-07 17:37 - 2010-04-24 08:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-12-07 17:36 - 2011-10-30 06:24 - 00000000 ____D () C:\Program Files (x86)\Free Window Registry Repair
2014-12-07 17:35 - 2010-04-24 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\KeePass
2014-12-07 17:21 - 2011-10-30 06:24 - 00000991 _____ () C:\Users\Guest\Desktop\Free Window Registry Repair.lnk
2014-12-07 17:14 - 2010-04-24 08:01 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-12-07 16:54 - 2012-10-22 13:53 - 00000000 ___RD () C:\Users\Owner\Google Drive
2014-12-07 16:45 - 2014-03-31 06:38 - 00000000 ____D () C:\FXDD - MetaTrader Entropy
2014-12-07 16:24 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucuvlp.dll
C:\Users\Sandy\AppData\Local\Temp\GUR7B66.exe
C:\Users\Sandy\AppData\Local\Temp\GURAB9F.exe
C:\Users\Sandy\AppData\Local\Temp\GURE170.exe
C:\Users\Sandy\AppData\Local\Temp\GURFB7.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 00:20
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014
Ran by Owner at 2014-12-23 13:22:00
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version: - )
Advanced WindowsCare Personal 2.6.0 (HKLM-x32\...\Advanced WindowsCare V2 Personal_is1) (Version: 2.6.0 - IObit)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version: - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Convert (HKLM-x32\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Driver Download Manager (HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.104 - ALPS ELECTRIC CO., LTD.)
DELL Webcam Center (HKLM-x32\...\DELL Webcam Center) (Version: - )
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DELL Webcam Manager (HKLM-x32\...\DELL Webcam Manager) (Version: - )
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Dynon Support 5.5.0 (HKLM-x32\...\Dynon Support Program_is1) (Version: - Dynon Avionics, Inc.)
EASetup (HKLM-x32\...\EASetup) (Version: - Andrew West)
EPSON USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.40.000 - SEIKO EPSON CORPORATION)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Garmin Flightbook (HKLM-x32\...\{52993FFF-98F1-45F7-BDF2-0E39A8FE2D34}) (Version: 2.5.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gears (HKLM-x32\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 4.8.0.723 (HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java(TM) 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.390 - Oracle)
KeePass Password Safe 2.17 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Live! Cam Avatar v1.0 (HKLM-x32\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MetaTrader 4 Client Terminal (HKLM-x32\...\MetaTrader 4 Client Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
PdaNet for Android 3.02 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.2 - Frank Heindörfer, Philip Chinery)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30098 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
thinkorswim (HKLM-x32\...\thinkorswim) (Version: - thinkorswim, Inc.)
USBCam (HKLM-x32\...\USBCam) (Version: - )
USBCam Intraoral Camera (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
yEd Graph Editor 3.6 (HKLM-x32\...\yEd Graph Editor 3.6) (Version: - yWorks GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-713969557-3948734433-3494438272-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-713969557-3948734433-3494438272-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-713969557-3948734433-3494438272-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2011-02-02 11:00 - 00429816 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {082EC1F7-C29B-4CA3-B82F-695AC188660D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {11B4C26B-11AA-499D-A977-EBEFC774024F} - System32\Tasks\Owner-PC\Owner - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {18F1BDD1-2321-4B80-93AA-62CD67F65ECF} - System32\Tasks\{6184E005-9521-40FC-9BE8-124FFD6CB199} => pcalua.exe -a "C:\Users\Owner\Downloads\chromeinstall-8u25 (1).exe" -d C:\Users\Owner\Downloads
Task: {28E4DC60-3B02-468D-8354-7A9B973B74CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {2B73DD17-88E0-44A5-84C8-A184A29E7194} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4CD38E85-1FDF-4B71-B0D2-0BF0E2947CFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {4F0F5E70-D18F-4705-BBAF-2DD84F952A09} - System32\Tasks\{9F54DE57-495A-421C-A619-FF601A2888D1} => pcalua.exe -a C:\Users\Owner\Downloads\chromeinstall-8u25.exe -d C:\Users\Owner\Downloads
Task: {50934C07-9BFE-4EFE-A906-6AEA7DB8E388} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {7049A3B8-DE4A-46B6-B0E6-D6820A4122FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {7D02E60A-EF1B-4830-B962-60215FFD2321} - System32\Tasks\{ED7B43B0-8B16-4150-9DC2-F29C6C43377C} => pcalua.exe -a E:\setup.exe -d E:\
Task: {93126C41-0C77-4724-A534-CA53C859C9F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {AB46625F-0699-4A87-BD93-A9282A3B1348} - System32\Tasks\{6EB28C64-DFCE-4959-B109-1A9A1435D579} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Temp\Temp1_PC-piston-zipped1.zip\PC piston to be zipped\VB_Piston_Sim publish\setup.exe"
Task: {BAB31C44-0F9E-4104-9E5E-D20A0174176E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {DA36A833-8C4B-4B0A-AE98-9C6D322C4246} - System32\Tasks\{61478681-2B3A-4F67-99EA-576AA345124A} => pcalua.exe -a "C:\Users\Owner\Desktop\FXCM-MT4Install (1).exe" -d C:\Users\Owner\Desktop
Task: {E01EC20A-331E-4967-BC2B-10D7AE62AADB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E41D05E7-BCF2-4001-A112-D5D1684789D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {EC629ACD-697D-4507-972E-9D9D6C60372D} - System32\Tasks\{4ACCD477-CE10-425A-A885-A9B3681ADC3B} => pcalua.exe -a "C:\Users\Owner\Documents\My Airplane\EFI & Ignition\EC3 Mapping Programs\EC3PistonReader063009.exe" -d "C:\Users\Owner\Documents\My Airplane\EFI & Ignition\EC3 Mapping Programs"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-04-09 13:58 - 2009-07-17 08:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-04-09 13:58 - 2009-07-17 08:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-09-28 19:12 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-04-18 11:06 - 1999-12-31 18:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-12 02:11 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 02:11 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 02:11 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 02:11 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-22 11:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-22 11:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-22 11:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-22 11:56 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-22 11:56 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2014-12-22 11:56 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Sandy\Downloads\Cool Advertising gimmicks.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files (x86)\Dell\DELL Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: dellsupportcenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: EPSON_UD_START => "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MSSE => "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-713969557-3948734433-3494438272-500 - Administrator - Disabled)
Guest (S-1-5-21-713969557-3948734433-3494438272-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-713969557-3948734433-3494438272-1002 - Limited - Enabled)
Owner (S-1-5-21-713969557-3948734433-3494438272-1000 - Administrator - Enabled) => C:\Users\Owner
Sandy (S-1-5-21-713969557-3948734433-3494438272-1004 - Limited - Enabled) => C:\Users\Sandy
==================== Faulty Device Manager Devices =============
Name: PdaNet Broadband Adapter
Description: PdaNet Broadband Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: June Fabrics Technology Inc.
Service: pneteth
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/22/2014 10:13:14 AM) (Source: ESENT) (EventID: 485) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to delete the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:13:04 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:59 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:39 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:29 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:19 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:09 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:09:59 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:09:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (12/22/2014 11:32:03 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (12/22/2014 09:51:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:46:25 AM on 12/22/2014 was unexpected.
Error: (12/07/2014 08:09:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (12/07/2014 07:34:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:26:58 PM on 12/7/2014 was unexpected.
Error: (12/07/2014 07:02:05 PM) (Source: volsnap) (EventID: 9) (User: )
Description: The flush and hold writes operation on volume \\?\Volume{5cb9ae49-4419-11df-aa47-806e6f6e6963} timed out while waiting for file system cleanup.
Error: (12/07/2014 06:50:46 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/07/2014 06:50:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:48:22 PM on 12/7/2014 was unexpected.
Error: (12/07/2014 06:50:11 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/07/2014 06:50:11 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/07/2014 06:38:25 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Microsoft Office Sessions:
=========================
Error: (12/22/2014 10:13:14 AM) (Source: ESENT) (EventID: 485) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:13:04 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:59 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:39 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:29 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:19 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:09 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:09:59 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:09:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 52%
Total physical RAM: 3892.52 MB
Available physical RAM: 1843.25 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 4895.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:455.8 GB) (Free:401.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E635605C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=455.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Thanks for helping out.
Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 5.0
Spybot - Search & Destroy
Advanced WindowsCare Personal 2.6.0
Java(TM) 6 Update 39
Java version 32-bit out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-23 12:44:18
-----------------------------
12:44:18.209 OS Version: Windows x64 6.1.7601 Service Pack 1
12:44:18.210 Number of processors: 4 586 0x2502
12:44:18.211 ComputerName: OWNER-PC UserName: Owner
12:44:19.549 Initialize success
12:44:20.451 VM: initialized successfully
12:44:20.452 VM: Intel CPU supported
12:45:12.874 VM: supported disk I/O ataport.SYS
12:51:20.003 AVAST engine defs: 14122300
12:51:52.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:51:52.249 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11
12:51:52.415 VM: Disk 0 MBR read successfully
12:51:52.417 Disk 0 MBR scan
12:51:52.467 Disk 0 Windows 7 default MBR code
12:51:52.479 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
12:51:52.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 206848
12:51:52.552 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 20686848
12:51:52.558 Disk 0 default boot code
12:51:52.604 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 466738 MB offset 20891648
12:51:52.701 Disk 0 scanning C:\Windows\system32\drivers
12:52:12.327 Service scanning
12:52:50.334 Modules scanning
12:52:50.340 Disk 0 trace - called modules:
12:52:50.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:52:50.364 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be6060]
12:52:50.369 3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004923060]
12:52:51.369 AVAST engine scan C:\Windows
12:52:54.614 AVAST engine scan C:\Windows\system32
12:58:04.547 AVAST engine scan C:\Windows\system32\drivers
12:58:27.599 AVAST engine scan C:\Users\Owner
13:13:11.132 AVAST engine scan C:\ProgramData
13:17:48.208 Disk 0 statistics 4175554/0/26 @ 2.39 MB/s
13:17:48.215 Scan finished successfully
13:18:10.632 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
13:18:10.686 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014
Ran by Owner (administrator) on OWNER-PC on 23-12-2014 13:20:57
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Sandy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1807360 2011-10-19] (Dominik Reichl)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: D - D:\MotoCastSetup.exe -a
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {10a6fdd2-2ba4-11e0-a78e-0026b9163789} - D:\setup.exe -a
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {13c53942-1d69-11e2-bebd-0026b9163789} - D:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {34bba2e2-1f90-11e2-be83-0026b9163789} - D:\MotoCastSetup.exe -a
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {5beb2bdf-2d42-11e0-9c18-0026b9163789} - D:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {ad1bda0c-744c-11e2-9521-0026b9163789} - D:\MotoCastSetup.exe -a
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\MountPoints2: {f213755d-ab8d-11df-b875-0026b9163789} - D:\LaunchU3.exe -a
Startup: C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-713969557-3948734433-3494438272-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-713969557-3948734433-3494438272-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-713969557-3948734433-3494438272-1000 -> {B73E8240-1508-4677-92AC-C36519FDC0AA} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-713969557-3948734433-3494438272-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-713969557-3948734433-3494438272-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-713969557-3948734433-3494438272-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-713969557-3948734433-3494438272-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox [2010-04-24]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.com1_
CHR DefaultSearchURL: Default -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05]
CHR Extension: (Entanglement Web App) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-11-05]
CHR Extension: (Angry Birds) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-11-05]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (Reditr Web App - The Best Reddit Client) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmiceoebcclihjdpnmmkdcmcboekibc [2014-11-05]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-11-05]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05]
CHR Extension: (SuperSorter) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2014-11-05]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-11-05]
CHR Extension: (StumbleUpon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-11-05]
CHR Extension: (Whois this!!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-11-05]
CHR Extension: (Google Maps) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-11-05]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR Extension: (TabCloud) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2014-11-05]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-11-05]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-11-05]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]
CHR HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [94208 2008-05-28] (SEIKO EPSON CORPORATION) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 DCamUSBET; C:\Windows\System32\DRIVERS\etDevice64.sys [178304 2009-11-17] (eMPIA Technology, Inc.)
S3 FiltUSBET; C:\Windows\System32\DRIVERS\etFilter64.sys [347264 2010-02-08] (eMPIA Technology Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 ScanUSBET; C:\Windows\System32\DRIVERS\etScan64.sys [9088 2009-06-28] (eMPIA Technology, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-14] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Owner\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 13:20 - 2014-12-23 13:21 - 00021261 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-12-23 13:20 - 2014-12-23 13:21 - 00000000 ____D () C:\FRST
2014-12-23 13:19 - 2014-12-23 13:19 - 02122240 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-12-23 13:18 - 2014-12-23 13:18 - 00002278 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-12-23 13:18 - 2014-12-23 13:18 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-12-23 12:43 - 2014-12-23 12:43 - 00001105 _____ () C:\Users\Owner\Desktop\checkup.txt
2014-12-23 12:39 - 2014-12-23 12:40 - 05198336 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-12-23 12:37 - 2014-12-23 12:37 - 00852505 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-12-23 06:55 - 2014-12-23 06:55 - 00001039 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-12-23 06:55 - 2014-12-23 06:55 - 00000000 ____D () C:\ProgramData\Licenses
2014-12-23 06:54 - 2014-12-23 06:55 - 04095448 _____ (BrightFort LLC ) C:\Users\Owner\Downloads\spywareblastersetup50.exe
2014-12-22 15:01 - 2014-12-22 15:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-22 15:01 - 2014-12-22 15:01 - 00000000 _____ () C:\Windows\setupact.log
2014-12-22 11:56 - 2014-12-22 11:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-22 11:56 - 2014-12-22 11:56 - 00001351 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-22 11:56 - 2014-12-22 11:56 - 00001339 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-22 11:56 - 2014-12-22 11:56 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-22 11:56 - 2014-12-22 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-22 11:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-22 11:51 - 2014-12-22 11:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2014-12-22 09:59 - 2014-12-22 09:59 - 00000000 ____D () C:\FXCM HGImatrix
2014-12-22 09:28 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 09:28 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 03:31 - 2014-12-11 03:31 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:04 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:04 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 03:04 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 03:04 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 03:04 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 03:04 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 03:04 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 03:04 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 03:04 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 03:04 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 05:39 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 05:39 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 05:39 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 05:39 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 05:39 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 05:39 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 05:39 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 05:39 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 05:39 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 05:39 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 05:39 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 05:39 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 05:39 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 05:39 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 05:39 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 05:39 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 05:39 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 05:39 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 05:39 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 05:39 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 05:39 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 05:39 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 05:39 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 05:39 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 05:39 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 05:39 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 05:39 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 05:39 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 05:39 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 05:39 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 05:39 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 05:39 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 05:39 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 05:39 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 05:39 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 05:39 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 05:39 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 05:39 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 05:39 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 05:39 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 05:39 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 05:39 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 05:39 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 05:39 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 05:39 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 05:39 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 05:39 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 05:39 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 05:39 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 05:39 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 05:39 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 05:39 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 05:39 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 05:39 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 05:39 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 05:39 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 05:39 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 05:39 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:39 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:39 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 05:37 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:37 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:37 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 05:37 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 05:37 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 05:37 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 05:37 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 05:37 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 05:37 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 05:37 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 05:37 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 05:37 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 05:37 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 05:37 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-07 18:58 - 2014-12-07 18:58 - 00001724 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-12-07 18:56 - 2014-12-07 18:57 - 04362512 _____ (Piriform Ltd) C:\Users\Owner\Downloads\dfsetup218.exe
2014-12-07 18:10 - 2014-12-07 18:10 - 00158288 _____ () C:\Users\Owner\Downloads\Pipcruiser%27s Pipmasher (1).mq4
2014-12-07 17:42 - 2014-12-22 09:59 - 00001498 _____ () C:\Users\Public\Desktop\FXCM MetaTrader 4.lnk
2014-12-07 17:21 - 2014-12-07 17:21 - 00804985 _____ () C:\Users\Owner\Downloads\RegpairSetup.exe
2014-12-07 17:21 - 2014-12-07 17:21 - 00000991 _____ () C:\Users\Sandy\Desktop\Free Window Registry Repair.lnk
2014-12-07 17:19 - 2014-12-07 17:19 - 00042416 _____ () C:\cc_20141207_171919.reg
2014-12-07 17:14 - 2014-12-07 17:14 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-07 17:14 - 2014-12-07 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-07 17:12 - 2014-12-07 17:12 - 05162080 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup500.exe
2014-12-07 17:02 - 2014-12-07 17:02 - 00003142 _____ () C:\Windows\System32\Tasks\{61478681-2B3A-4F67-99EA-576AA345124A}
2014-12-07 16:58 - 2014-12-07 17:42 - 00000000 ____D () C:\FXCM Pipcruisers Pipsmasher
2014-12-07 16:55 - 2014-12-07 16:55 - 00440144 _____ (MetaQuotes Software Corp.) C:\Users\Owner\Desktop\FXCM-MT4Install (1).exe
2014-12-07 16:26 - 2014-12-07 16:27 - 05729769 _____ () C:\Users\Owner\Downloads\HGI V.14.02.zip
2014-12-07 16:26 - 2014-12-07 16:26 - 00049226 _____ () C:\Users\Owner\Downloads\HGI_Dark.V.14.05.ex4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 13:19 - 2010-04-09 15:33 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CE891936-DEE4-41AC-BDD0-70A68434CF65}
2014-12-23 13:11 - 2010-04-26 17:07 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000UA.job
2014-12-23 13:11 - 2010-04-24 05:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 10:13 - 2011-02-15 21:43 - 01596049 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 07:18 - 2014-11-05 18:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-23 07:17 - 2011-02-02 10:38 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-23 07:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2014-12-23 06:56 - 2011-02-02 10:38 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-12-23 06:55 - 2011-02-02 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-12-22 20:24 - 2010-04-26 17:07 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000Core.job
2014-12-22 20:24 - 2010-04-24 05:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 18:27 - 2014-11-05 18:08 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-22 18:27 - 2014-11-05 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-22 18:27 - 2014-11-05 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-22 15:01 - 2013-05-31 11:08 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-22 12:01 - 2010-07-06 21:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-22 11:56 - 2010-07-06 21:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-22 10:11 - 2014-02-09 18:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TeamViewer
2014-12-22 10:11 - 2010-09-28 19:12 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-12-22 10:11 - 2010-04-23 19:49 - 00000000 ___DC () C:\Users\Owner\AppData\Local\MigWiz
2014-12-22 10:11 - 2010-04-09 15:48 - 00000000 ____D () C:\Windows\Panther
2014-12-22 09:59 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 09:59 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 09:51 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 09:40 - 2014-03-31 06:38 - 04441216 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-12-12 14:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 02:11 - 2014-11-05 18:43 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 03:32 - 2014-04-24 05:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:16 - 2013-08-03 09:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:08 - 2011-04-20 16:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:08 - 2010-04-09 18:29 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 15:02 - 2014-10-03 07:42 - 00109280 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-12-07 19:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-07 18:59 - 2010-12-19 13:38 - 00000000 ____D () C:\Program Files\Defraggler
2014-12-07 17:37 - 2010-04-24 08:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-12-07 17:36 - 2011-10-30 06:24 - 00000000 ____D () C:\Program Files (x86)\Free Window Registry Repair
2014-12-07 17:35 - 2010-04-24 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\KeePass
2014-12-07 17:21 - 2011-10-30 06:24 - 00000991 _____ () C:\Users\Guest\Desktop\Free Window Registry Repair.lnk
2014-12-07 17:14 - 2010-04-24 08:01 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-12-07 16:54 - 2012-10-22 13:53 - 00000000 ___RD () C:\Users\Owner\Google Drive
2014-12-07 16:45 - 2014-03-31 06:38 - 00000000 ____D () C:\FXDD - MetaTrader Entropy
2014-12-07 16:24 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucuvlp.dll
C:\Users\Sandy\AppData\Local\Temp\GUR7B66.exe
C:\Users\Sandy\AppData\Local\Temp\GURAB9F.exe
C:\Users\Sandy\AppData\Local\Temp\GURE170.exe
C:\Users\Sandy\AppData\Local\Temp\GURFB7.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 00:20
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014
Ran by Owner at 2014-12-23 13:22:00
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version: - )
Advanced WindowsCare Personal 2.6.0 (HKLM-x32\...\Advanced WindowsCare V2 Personal_is1) (Version: 2.6.0 - IObit)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version: - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Convert (HKLM-x32\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Driver Download Manager (HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.104 - ALPS ELECTRIC CO., LTD.)
DELL Webcam Center (HKLM-x32\...\DELL Webcam Center) (Version: - )
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DELL Webcam Manager (HKLM-x32\...\DELL Webcam Manager) (Version: - )
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Dynon Support 5.5.0 (HKLM-x32\...\Dynon Support Program_is1) (Version: - Dynon Avionics, Inc.)
EASetup (HKLM-x32\...\EASetup) (Version: - Andrew West)
EPSON USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.40.000 - SEIKO EPSON CORPORATION)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Garmin Flightbook (HKLM-x32\...\{52993FFF-98F1-45F7-BDF2-0E39A8FE2D34}) (Version: 2.5.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gears (HKLM-x32\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 4.8.0.723 (HKU\S-1-5-21-713969557-3948734433-3494438272-1000\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java(TM) 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.390 - Oracle)
KeePass Password Safe 2.17 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Live! Cam Avatar v1.0 (HKLM-x32\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MetaTrader 4 Client Terminal (HKLM-x32\...\MetaTrader 4 Client Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
PdaNet for Android 3.02 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.2 - Frank Heindörfer, Philip Chinery)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30098 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
thinkorswim (HKLM-x32\...\thinkorswim) (Version: - thinkorswim, Inc.)
USBCam (HKLM-x32\...\USBCam) (Version: - )
USBCam Intraoral Camera (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
yEd Graph Editor 3.6 (HKLM-x32\...\yEd Graph Editor 3.6) (Version: - yWorks GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-713969557-3948734433-3494438272-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-713969557-3948734433-3494438272-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-713969557-3948734433-3494438272-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2011-02-02 11:00 - 00429816 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {082EC1F7-C29B-4CA3-B82F-695AC188660D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {11B4C26B-11AA-499D-A977-EBEFC774024F} - System32\Tasks\Owner-PC\Owner - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {18F1BDD1-2321-4B80-93AA-62CD67F65ECF} - System32\Tasks\{6184E005-9521-40FC-9BE8-124FFD6CB199} => pcalua.exe -a "C:\Users\Owner\Downloads\chromeinstall-8u25 (1).exe" -d C:\Users\Owner\Downloads
Task: {28E4DC60-3B02-468D-8354-7A9B973B74CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {2B73DD17-88E0-44A5-84C8-A184A29E7194} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4CD38E85-1FDF-4B71-B0D2-0BF0E2947CFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {4F0F5E70-D18F-4705-BBAF-2DD84F952A09} - System32\Tasks\{9F54DE57-495A-421C-A619-FF601A2888D1} => pcalua.exe -a C:\Users\Owner\Downloads\chromeinstall-8u25.exe -d C:\Users\Owner\Downloads
Task: {50934C07-9BFE-4EFE-A906-6AEA7DB8E388} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {7049A3B8-DE4A-46B6-B0E6-D6820A4122FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {7D02E60A-EF1B-4830-B962-60215FFD2321} - System32\Tasks\{ED7B43B0-8B16-4150-9DC2-F29C6C43377C} => pcalua.exe -a E:\setup.exe -d E:\
Task: {93126C41-0C77-4724-A534-CA53C859C9F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {AB46625F-0699-4A87-BD93-A9282A3B1348} - System32\Tasks\{6EB28C64-DFCE-4959-B109-1A9A1435D579} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Temp\Temp1_PC-piston-zipped1.zip\PC piston to be zipped\VB_Piston_Sim publish\setup.exe"
Task: {BAB31C44-0F9E-4104-9E5E-D20A0174176E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {DA36A833-8C4B-4B0A-AE98-9C6D322C4246} - System32\Tasks\{61478681-2B3A-4F67-99EA-576AA345124A} => pcalua.exe -a "C:\Users\Owner\Desktop\FXCM-MT4Install (1).exe" -d C:\Users\Owner\Desktop
Task: {E01EC20A-331E-4967-BC2B-10D7AE62AADB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E41D05E7-BCF2-4001-A112-D5D1684789D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {EC629ACD-697D-4507-972E-9D9D6C60372D} - System32\Tasks\{4ACCD477-CE10-425A-A885-A9B3681ADC3B} => pcalua.exe -a "C:\Users\Owner\Documents\My Airplane\EFI & Ignition\EC3 Mapping Programs\EC3PistonReader063009.exe" -d "C:\Users\Owner\Documents\My Airplane\EFI & Ignition\EC3 Mapping Programs"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713969557-3948734433-3494438272-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-04-09 13:58 - 2009-07-17 08:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-04-09 13:58 - 2009-07-17 08:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-09-28 19:12 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-04-18 11:06 - 1999-12-31 18:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-12 02:11 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 02:11 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 02:11 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 02:11 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-22 11:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-22 11:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-22 11:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-22 11:56 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-22 11:56 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2014-12-22 11:56 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Sandy\Downloads\Cool Advertising gimmicks.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files (x86)\Dell\DELL Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: dellsupportcenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: EPSON_UD_START => "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: MSSE => "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-713969557-3948734433-3494438272-500 - Administrator - Disabled)
Guest (S-1-5-21-713969557-3948734433-3494438272-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-713969557-3948734433-3494438272-1002 - Limited - Enabled)
Owner (S-1-5-21-713969557-3948734433-3494438272-1000 - Administrator - Enabled) => C:\Users\Owner
Sandy (S-1-5-21-713969557-3948734433-3494438272-1004 - Limited - Enabled) => C:\Users\Sandy
==================== Faulty Device Manager Devices =============
Name: PdaNet Broadband Adapter
Description: PdaNet Broadband Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: June Fabrics Technology Inc.
Service: pneteth
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/22/2014 10:13:14 AM) (Source: ESENT) (EventID: 485) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to delete the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:13:04 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:59 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:39 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:29 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:19 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:10:09 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:09:59 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (12/22/2014 10:09:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (2832) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (12/22/2014 11:32:03 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (12/22/2014 09:51:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:46:25 AM on 12/22/2014 was unexpected.
Error: (12/07/2014 08:09:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (12/07/2014 07:34:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:26:58 PM on 12/7/2014 was unexpected.
Error: (12/07/2014 07:02:05 PM) (Source: volsnap) (EventID: 9) (User: )
Description: The flush and hold writes operation on volume \\?\Volume{5cb9ae49-4419-11df-aa47-806e6f6e6963} timed out while waiting for file system cleanup.
Error: (12/07/2014 06:50:46 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/07/2014 06:50:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:48:22 PM on 12/7/2014 was unexpected.
Error: (12/07/2014 06:50:11 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/07/2014 06:50:11 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (12/07/2014 06:38:25 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Microsoft Office Sessions:
=========================
Error: (12/22/2014 10:13:14 AM) (Source: ESENT) (EventID: 485) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:13:04 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:59 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:39 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:29 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:19 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:10:09 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:09:59 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
Error: (12/22/2014 10:09:49 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost2832WebCacheLocal: C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 52%
Total physical RAM: 3892.52 MB
Available physical RAM: 1843.25 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 4895.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:455.8 GB) (Free:401.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E635605C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=455.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
OCD
Malware Team-Emeritus
Hi Big_Sam,
Do you still use DropBox?
FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
TDSSKiller
Please download TDSSKiller.zip - Extract it to your desktop
or from here >> http://www.bleepingcomputer.com/download/tdsskiller/
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download the version suitable to your computer.
=========================
In your next post please provide the following:
Do you still use DropBox?
FRST Fix ScriptOpen notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Code:
Start
GroupPolicyUsers\S-1-5-21-713969557-3948734433-3494438272-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-713969557-3948734433-3494438272-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucuvlp.dll
C:\Users\Sandy\AppData\Local\Temp\GUR7B66.exe
C:\Users\Sandy\AppData\Local\Temp\GURAB9F.exe
C:\Users\Sandy\AppData\Local\Temp\GURE170.exe
C:\Users\Sandy\AppData\Local\Temp\GURFB7.exe
EmptyTemp:
CMD: ipconfig /flushdns
EndNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
TDSSKillerPlease download TDSSKiller.zip - Extract it to your desktop
or from here >> http://www.bleepingcomputer.com/download/tdsskiller/
- TDSSKiller.exe
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Select Change Parameters.
- Under Additional Options, select all options. The select OK.
- Next press the Start Scan button.
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
SystemLookPlease download SystemLook from one of the links below and save it to your Desktop.
Download the version suitable to your computer.
- 32 bit System:
- 64 bit System:
- Right click SystemLook.exe and select "Run as Administrator" to run it.
- Copy the content of the following code-box into the main text-field:
Code::filefind Zlob.ZipCodec - Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
=========================
In your next post please provide the following:
- Fixlog.txt
- TDSSKiller log
- SystemLook.txt
- Are you experiencing any symptoms?
Second round... And no, can't say I'm experiencing any symptoms, other than hangng up when running spybot.
I will be unable to do any more hunting for about five days, because the motor is running, the wife is in the car, and it's time to go!
Thanks again, and Merry Christmas!
Big_Sam
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by Owner at 2014-12-24 07:44:17 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Sandy & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
GroupPolicyUsers\S-1-5-21-713969557-3948734433-3494438272-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-713969557-3948734433-3494438272-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucuvlp.dll
C:\Users\Sandy\AppData\Local\Temp\GUR7B66.exe
C:\Users\Sandy\AppData\Local\Temp\GURAB9F.exe
C:\Users\Sandy\AppData\Local\Temp\GURE170.exe
C:\Users\Sandy\AppData\Local\Temp\GURFB7.exe
EmptyTemp:
CMD: ipconfig /flushdns
End
*****************
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-713969557-3948734433-3494438272-1004\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucuvlp.dll => Moved successfully.
C:\Users\Sandy\AppData\Local\Temp\GUR7B66.exe => Moved successfully.
C:\Users\Sandy\AppData\Local\Temp\GURAB9F.exe => Moved successfully.
C:\Users\Sandy\AppData\Local\Temp\GURE170.exe => Moved successfully.
C:\Users\Sandy\AppData\Local\Temp\GURFB7.exe => Moved successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => Removed 863 MB temporary data.
The system needed a reboot.
==== End of Fixlog 07:44:33 ====
07:54:19.0391 0x08e0 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
07:54:27.0694 0x08e0 ============================================================
07:54:27.0694 0x08e0 Current date / time: 2014/12/24 07:54:27.0694
07:54:27.0694 0x08e0 SystemInfo:
07:54:27.0694 0x08e0
07:54:27.0694 0x08e0 OS Version: 6.1.7601 ServicePack: 1.0
07:54:27.0694 0x08e0 Product type: Workstation
07:54:27.0694 0x08e0 ComputerName: OWNER-PC
07:54:27.0694 0x08e0 UserName: Owner
07:54:27.0694 0x08e0 Windows directory: C:\Windows
07:54:27.0694 0x08e0 System windows directory: C:\Windows
07:54:27.0694 0x08e0 Running under WOW64
07:54:27.0694 0x08e0 Processor architecture: Intel x64
07:54:27.0694 0x08e0 Number of processors: 4
07:54:27.0694 0x08e0 Page size: 0x1000
07:54:27.0694 0x08e0 Boot type: Normal boot
07:54:27.0694 0x08e0 ============================================================
07:54:32.0001 0x08e0 KLMD registered as C:\Windows\system32\drivers\41427924.sys
07:54:32.0469 0x08e0 System UUID: {9D61D258-5749-B949-F25C-192B687D4AF4}
07:54:33.0311 0x08e0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:54:33.0327 0x08e0 ============================================================
07:54:33.0327 0x08e0 \Device\Harddisk0\DR0:
07:54:33.0327 0x08e0 MBR partitions:
07:54:33.0327 0x08e0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
07:54:33.0327 0x08e0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x32000
07:54:33.0327 0x08e0 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13EC800, BlocksNum 0x38F99000
07:54:33.0327 0x08e0 ============================================================
07:54:33.0358 0x08e0 C: <-> \Device\Harddisk0\DR0\Partition3
07:54:33.0358 0x08e0 ============================================================
07:54:33.0358 0x08e0 Initialize success
07:54:33.0358 0x08e0 ============================================================
07:55:19.0720 0x0900 Deinitialize success
07:55:24.0354 0x0a40 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
07:55:28.0223 0x0a40 ============================================================
07:55:28.0223 0x0a40 Current date / time: 2014/12/24 07:55:28.0223
07:55:28.0223 0x0a40 SystemInfo:
07:55:28.0223 0x0a40
07:55:28.0223 0x0a40 OS Version: 6.1.7601 ServicePack: 1.0
07:55:28.0223 0x0a40 Product type: Workstation
07:55:28.0223 0x0a40 ComputerName: OWNER-PC
07:55:28.0223 0x0a40 UserName: Owner
07:55:28.0223 0x0a40 Windows directory: C:\Windows
07:55:28.0223 0x0a40 System windows directory: C:\Windows
07:55:28.0223 0x0a40 Running under WOW64
07:55:28.0223 0x0a40 Processor architecture: Intel x64
07:55:28.0223 0x0a40 Number of processors: 4
07:55:28.0223 0x0a40 Page size: 0x1000
07:55:28.0223 0x0a40 Boot type: Normal boot
07:55:28.0223 0x0a40 ============================================================
07:55:30.0641 0x0a40 KLMD registered as C:\Windows\system32\drivers\15903239.sys
07:55:30.0953 0x0a40 System UUID: {9D61D258-5749-B949-F25C-192B687D4AF4}
07:55:31.0577 0x0a40 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:55:31.0577 0x0a40 ============================================================
07:55:31.0577 0x0a40 \Device\Harddisk0\DR0:
07:55:31.0577 0x0a40 MBR partitions:
07:55:31.0577 0x0a40 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
07:55:31.0577 0x0a40 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x32000
07:55:31.0577 0x0a40 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13EC800, BlocksNum 0x38F99000
07:55:31.0577 0x0a40 ============================================================
07:55:31.0624 0x0a40 C: <-> \Device\Harddisk0\DR0\Partition3
07:55:31.0624 0x0a40 ============================================================
07:55:31.0624 0x0a40 Initialize success
07:55:31.0624 0x0a40 ============================================================
07:55:49.0276 0x0904 ============================================================
07:55:49.0276 0x0904 Scan started
07:55:49.0276 0x0904 Mode: Manual; SigCheck; TDLFS;
07:55:49.0276 0x0904 ============================================================
07:55:49.0276 0x0904 KSN ping started
07:55:52.0244 0x0904 KSN ping finished: true
07:55:54.0116 0x0904 ================ Scan system memory ========================
07:55:54.0116 0x0904 System memory - ok
07:55:54.0116 0x0904 ================ Scan services =============================
07:55:54.0350 0x0904 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:55:54.0428 0x0904 1394ohci - ok
07:55:54.0490 0x0904 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:55:54.0506 0x0904 ACPI - ok
07:55:54.0552 0x0904 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:55:54.0568 0x0904 AcpiPmi - ok
07:55:54.0630 0x0904 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:55:54.0662 0x0904 adp94xx - ok
07:55:54.0693 0x0904 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:55:54.0724 0x0904 adpahci - ok
07:55:54.0740 0x0904 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:55:54.0755 0x0904 adpu320 - ok
07:55:54.0786 0x0904 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:55:54.0833 0x0904 AeLookupSvc - ok
07:55:54.0927 0x0904 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
07:55:54.0958 0x0904 AERTFilters - ok
07:55:55.0020 0x0904 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
07:55:55.0052 0x0904 AFD - ok
07:55:55.0098 0x0904 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
07:55:55.0114 0x0904 agp440 - ok
07:55:55.0161 0x0904 [ 94C0972B06C75456ED574DD46417B1D8, D775EF79CD103752AE08187B28B73227546D0D7583B9CA4FD338931B334EFF0B ] aksdf C:\Windows\system32\drivers\aksdf.sys
07:55:55.0192 0x0904 aksdf - ok
07:55:55.0239 0x0904 [ 7B0BC062CA6ABAB23F88EA483B5A538E, 47E7B0B130460EBE01003982252A9AF48F7E33E7E35BEDB3C2074BF0E3B35264 ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
07:55:55.0270 0x0904 aksfridge - ok
07:55:55.0301 0x0904 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
07:55:55.0317 0x0904 ALG - ok
07:55:55.0364 0x0904 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
07:55:55.0395 0x0904 aliide - ok
07:55:55.0410 0x0904 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
07:55:55.0426 0x0904 amdide - ok
07:55:55.0488 0x0904 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:55:55.0520 0x0904 AmdK8 - ok
07:55:55.0551 0x0904 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:55:55.0582 0x0904 AmdPPM - ok
07:55:55.0629 0x0904 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:55:55.0660 0x0904 amdsata - ok
07:55:55.0691 0x0904 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:55:55.0707 0x0904 amdsbs - ok
07:55:55.0722 0x0904 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:55:55.0738 0x0904 amdxata - ok
07:55:55.0785 0x0904 [ 8655A2983A86D6675135B1FF6892055D, 1A983C11987138A606E2E1E87E353F27BA69832B6881071315886878ECBD27E1 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
07:55:55.0816 0x0904 ApfiltrService - ok
07:55:55.0847 0x0904 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
07:55:55.0910 0x0904 AppID - ok
07:55:55.0941 0x0904 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:55:56.0003 0x0904 AppIDSvc - ok
07:55:56.0034 0x0904 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
07:55:56.0050 0x0904 Appinfo - ok
07:55:56.0112 0x0904 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:55:56.0159 0x0904 arc - ok
07:55:56.0175 0x0904 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:55:56.0190 0x0904 arcsas - ok
07:55:56.0331 0x0904 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:55:56.0362 0x0904 aspnet_state - ok
07:55:56.0378 0x0904 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:55:56.0424 0x0904 AsyncMac - ok
07:55:56.0456 0x0904 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
07:55:56.0471 0x0904 atapi - ok
07:55:56.0549 0x0904 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:55:56.0627 0x0904 AudioEndpointBuilder - ok
07:55:56.0658 0x0904 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:55:56.0690 0x0904 AudioSrv - ok
07:55:56.0752 0x0904 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:55:56.0783 0x0904 AxInstSV - ok
07:55:56.0861 0x0904 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:55:56.0908 0x0904 b06bdrv - ok
07:55:56.0986 0x0904 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:55:57.0033 0x0904 b57nd60a - ok
07:55:57.0080 0x0904 [ E001DD475A7C27EBE5A0DB45C11BAD71, BA6A13E49F30BBBAB9FB0C7686FA6FD0376D506A51CEDB2829E3EF3C728394BA ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
07:55:57.0080 0x0904 BCM42RLY - ok
07:55:57.0220 0x0904 [ 37394D3553E220FB732C21E217E1BD8B, 1B4ACDDDD2A2D9771240778A47BA067F0F6C7C40C84BC8BFD5852E5772EAB298 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
07:55:57.0329 0x0904 BCM43XX - ok
07:55:57.0407 0x0904 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
07:55:57.0438 0x0904 BDESVC - ok
07:55:57.0501 0x0904 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
07:55:57.0563 0x0904 Beep - ok
07:55:57.0641 0x0904 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
07:55:57.0688 0x0904 BFE - ok
07:55:57.0750 0x0904 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
07:55:57.0844 0x0904 BITS - ok
07:55:57.0953 0x0904 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:55:58.0031 0x0904 blbdrive - ok
07:55:58.0140 0x0904 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:55:58.0203 0x0904 bowser - ok
07:55:58.0250 0x0904 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:55:58.0390 0x0904 BrFiltLo - ok
07:55:58.0421 0x0904 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:55:58.0452 0x0904 BrFiltUp - ok
07:55:58.0499 0x0904 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
07:55:58.0624 0x0904 Browser - ok
07:55:58.0764 0x0904 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:55:58.0780 0x0904 Brserid - ok
07:55:58.0858 0x0904 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:55:59.0014 0x0904 BrSerWdm - ok
07:55:59.0045 0x0904 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:55:59.0092 0x0904 BrUsbMdm - ok
07:55:59.0108 0x0904 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:55:59.0154 0x0904 BrUsbSer - ok
07:55:59.0186 0x0904 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:55:59.0232 0x0904 BTHMODEM - ok
07:55:59.0264 0x0904 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
07:55:59.0326 0x0904 bthserv - ok
07:55:59.0373 0x0904 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:55:59.0451 0x0904 cdfs - ok
07:55:59.0482 0x0904 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:55:59.0529 0x0904 cdrom - ok
07:55:59.0560 0x0904 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
07:55:59.0654 0x0904 CertPropSvc - ok
07:55:59.0669 0x0904 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:55:59.0685 0x0904 circlass - ok
07:55:59.0747 0x0904 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
07:55:59.0778 0x0904 CLFS - ok
07:55:59.0856 0x0904 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:55:59.0888 0x0904 clr_optimization_v2.0.50727_32 - ok
07:55:59.0950 0x0904 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:55:59.0981 0x0904 clr_optimization_v2.0.50727_64 - ok
07:56:00.0075 0x0904 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:56:00.0106 0x0904 clr_optimization_v4.0.30319_32 - ok
07:56:00.0137 0x0904 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:56:00.0168 0x0904 clr_optimization_v4.0.30319_64 - ok
07:56:00.0215 0x0904 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:56:00.0246 0x0904 CmBatt - ok
07:56:00.0278 0x0904 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:56:00.0293 0x0904 cmdide - ok
07:56:00.0356 0x0904 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
07:56:00.0418 0x0904 CNG - ok
07:56:00.0449 0x0904 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:56:00.0465 0x0904 Compbatt - ok
07:56:00.0496 0x0904 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:56:00.0543 0x0904 CompositeBus - ok
07:56:00.0558 0x0904 COMSysApp - ok
07:56:00.0590 0x0904 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:56:00.0605 0x0904 crcdisk - ok
07:56:00.0668 0x0904 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:56:00.0699 0x0904 CryptSvc - ok
07:56:00.0808 0x0904 [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:56:00.0839 0x0904 CtClsFlt - ok
07:56:00.0886 0x0904 [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
07:56:00.0933 0x0904 dc3d - ok
07:56:00.0995 0x0904 [ DCDF34C65AF336DA7CFC0FB04D54E26B, 4E9E5125CA45B3D4BA427155381650F6781EAE2234DB5AAE30A0DC3D5FD708A3 ] DCamUSBET C:\Windows\system32\DRIVERS\etDevice64.sys
07:56:01.0042 0x0904 DCamUSBET - ok
07:56:01.0104 0x0904 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:56:01.0167 0x0904 DcomLaunch - ok
07:56:01.0229 0x0904 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
07:56:01.0292 0x0904 defragsvc - ok
07:56:01.0338 0x0904 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:56:01.0385 0x0904 DfsC - ok
07:56:01.0432 0x0904 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:56:01.0463 0x0904 Dhcp - ok
07:56:01.0494 0x0904 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
07:56:01.0541 0x0904 discache - ok
07:56:01.0572 0x0904 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:56:01.0604 0x0904 Disk - ok
07:56:01.0666 0x0904 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:56:01.0713 0x0904 Dnscache - ok
07:56:01.0791 0x0904 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
07:56:01.0869 0x0904 dot3svc - ok
07:56:01.0916 0x0904 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
07:56:02.0009 0x0904 DPS - ok
07:56:02.0056 0x0904 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:56:02.0087 0x0904 drmkaud - ok
07:56:02.0165 0x0904 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:56:02.0212 0x0904 DXGKrnl - ok
07:56:02.0274 0x0904 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
07:56:02.0337 0x0904 EapHost - ok
07:56:02.0493 0x0904 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:56:02.0664 0x0904 ebdrv - ok
07:56:02.0711 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
07:56:02.0742 0x0904 EFS - ok
07:56:02.0852 0x0904 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:56:02.0914 0x0904 ehRecvr - ok
07:56:02.0945 0x0904 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
07:56:03.0008 0x0904 ehSched - ok
07:56:03.0164 0x0904 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:56:03.0195 0x0904 elxstor - ok
07:56:03.0351 0x0904 [ 0BA213AF65FAE7941D1CDA2875BCFF5D, 314C3918916B1F8BEED934C7095B88AE8765DD25138798596573A8E0D954CFC7 ] EMP_UDSA C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
07:56:03.0476 0x0904 EMP_UDSA - detected UnsignedFile.Multi.Generic ( 1 )
07:56:06.0486 0x0904 Detect skipped due to KSN trusted
07:56:06.0486 0x0904 EMP_UDSA - ok
07:56:06.0533 0x0904 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:56:06.0564 0x0904 ErrDev - ok
07:56:06.0627 0x0904 esgiguard - ok
07:56:06.0705 0x0904 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
07:56:06.0783 0x0904 EventSystem - ok
07:56:06.0814 0x0904 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
07:56:06.0876 0x0904 exfat - ok
07:56:06.0923 0x0904 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:56:06.0970 0x0904 fastfat - ok
07:56:07.0048 0x0904 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
07:56:07.0095 0x0904 Fax - ok
07:56:07.0110 0x0904 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:56:07.0142 0x0904 fdc - ok
07:56:07.0173 0x0904 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
07:56:07.0282 0x0904 fdPHost - ok
07:56:07.0298 0x0904 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
07:56:07.0360 0x0904 FDResPub - ok
07:56:07.0391 0x0904 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:56:07.0422 0x0904 FileInfo - ok
07:56:07.0454 0x0904 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:56:07.0516 0x0904 Filetrace - ok
07:56:07.0641 0x0904 [ 00FB01323E4A9D713B6D32A1D9605271, F7AA3A3051669E55AC0D7C8A3D5DFFDDD9D091E158E17B1EF4270B02E3651E36 ] FiltUSBET C:\Windows\system32\DRIVERS\etFilter64.sys
07:56:07.0734 0x0904 FiltUSBET - ok
07:56:07.0859 0x0904 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:56:07.0906 0x0904 flpydisk - ok
07:56:07.0968 0x0904 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:56:08.0093 0x0904 FltMgr - ok
07:56:08.0327 0x0904 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
07:56:08.0422 0x0904 FontCache - ok
07:56:08.0547 0x0904 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:56:08.0578 0x0904 FontCache3.0.0.0 - ok
07:56:08.0609 0x0904 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:56:08.0625 0x0904 FsDepends - ok
07:56:08.0703 0x0904 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:56:08.0734 0x0904 Fs_Rec - ok
07:56:08.0796 0x0904 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:56:08.0827 0x0904 fvevol - ok
07:56:08.0874 0x0904 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:56:08.0890 0x0904 gagp30kx - ok
07:56:08.0937 0x0904 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
07:56:09.0015 0x0904 gpsvc - ok
07:56:09.0093 0x0904 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:56:09.0124 0x0904 gupdate - ok
07:56:09.0171 0x0904 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:56:09.0186 0x0904 gupdatem - ok
07:56:09.0327 0x0904 [ 78FAD9117E4527F2CA82259DA10F40BD, 9CE5102C681B8147BFC189897C19852D2BF82A9B95DE6301EBBCD13A604A41F3 ] hardlock C:\Windows\system32\drivers\hardlock.sys
07:56:09.0373 0x0904 hardlock - ok
07:56:09.0389 0x0904 hasplms - ok
07:56:09.0420 0x0904 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:56:09.0451 0x0904 hcw85cir - ok
07:56:09.0498 0x0904 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:56:09.0529 0x0904 HdAudAddService - ok
07:56:09.0592 0x0904 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:56:09.0639 0x0904 HDAudBus - ok
07:56:09.0685 0x0904 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:56:09.0701 0x0904 HECIx64 - ok
07:56:09.0717 0x0904 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:56:09.0732 0x0904 HidBatt - ok
07:56:09.0748 0x0904 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:56:09.0779 0x0904 HidBth - ok
07:56:09.0810 0x0904 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:56:09.0826 0x0904 HidIr - ok
07:56:09.0888 0x0904 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
07:56:09.0951 0x0904 hidserv - ok
07:56:09.0997 0x0904 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:56:10.0013 0x0904 HidUsb - ok
07:56:10.0060 0x0904 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:56:10.0107 0x0904 hkmsvc - ok
07:56:10.0138 0x0904 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:56:10.0169 0x0904 HomeGroupListener - ok
07:56:10.0216 0x0904 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:56:10.0247 0x0904 HomeGroupProvider - ok
07:56:10.0294 0x0904 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:56:10.0325 0x0904 HpSAMD - ok
07:56:10.0419 0x0904 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:56:10.0512 0x0904 HTTP - ok
07:56:10.0543 0x0904 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:56:10.0559 0x0904 hwpolicy - ok
07:56:10.0637 0x0904 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:56:10.0653 0x0904 i8042prt - ok
07:56:10.0746 0x0904 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:56:10.0777 0x0904 iaStorV - ok
07:56:11.0121 0x0904 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:56:11.0167 0x0904 idsvc - ok
07:56:11.0183 0x0904 IEEtwCollectorService - ok
07:56:11.0869 0x0904 [ C458A0B66D11CBABD113EAC828276A8C, FF31B49BAF36358A16FA5478036C6431DE877BA30D6F6DF85FD0A2FA6E6CB0E1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:56:12.0509 0x0904 igfx - ok
07:56:12.0571 0x0904 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:56:12.0587 0x0904 iirsp - ok
07:56:12.0665 0x0904 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
07:56:12.0743 0x0904 IKEEXT - ok
07:56:12.0790 0x0904 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
07:56:12.0805 0x0904 Impcd - ok
07:56:13.0071 0x0904 [ 01262E2BE97708F54666E700482027DE, 7643FCFB6EBFABDD7D1A914C40FADE97DDC633C5D75BE2CADBAC61675564E5CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:56:13.0289 0x0904 IntcAzAudAddService - ok
07:56:13.0476 0x0904 [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
07:56:13.0554 0x0904 IntcDAud - ok
07:56:13.0601 0x0904 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
07:56:13.0632 0x0904 intelide - ok
07:56:13.0695 0x0904 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:56:13.0741 0x0904 intelppm - ok
07:56:13.0757 0x0904 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:56:13.0804 0x0904 IPBusEnum - ok
07:56:13.0835 0x0904 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:56:13.0882 0x0904 IpFilterDriver - ok
07:56:13.0960 0x0904 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:56:14.0007 0x0904 iphlpsvc - ok
07:56:14.0038 0x0904 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:56:14.0053 0x0904 IPMIDRV - ok
07:56:14.0085 0x0904 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:56:14.0147 0x0904 IPNAT - ok
07:56:14.0194 0x0904 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:56:14.0225 0x0904 IRENUM - ok
07:56:14.0272 0x0904 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:56:14.0287 0x0904 isapnp - ok
07:56:14.0319 0x0904 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:56:14.0350 0x0904 iScsiPrt - ok
07:56:14.0381 0x0904 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:56:14.0397 0x0904 kbdclass - ok
07:56:14.0443 0x0904 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:56:14.0490 0x0904 kbdhid - ok
07:56:14.0506 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
07:56:14.0537 0x0904 KeyIso - ok
07:56:14.0599 0x0904 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:56:14.0646 0x0904 KSecDD - ok
07:56:14.0693 0x0904 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:56:14.0724 0x0904 KSecPkg - ok
07:56:14.0755 0x0904 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:56:14.0818 0x0904 ksthunk - ok
07:56:14.0865 0x0904 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
07:56:14.0943 0x0904 KtmRm - ok
07:56:15.0005 0x0904 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:56:15.0083 0x0904 LanmanServer - ok
07:56:15.0130 0x0904 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:56:15.0192 0x0904 LanmanWorkstation - ok
07:56:15.0223 0x0904 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:56:15.0270 0x0904 lltdio - ok
07:56:15.0317 0x0904 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:56:15.0379 0x0904 lltdsvc - ok
07:56:15.0411 0x0904 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:56:15.0473 0x0904 lmhosts - ok
07:56:15.0647 0x0904 [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:56:15.0678 0x0904 LMS - ok
07:56:15.0740 0x0904 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:56:15.0771 0x0904 LSI_FC - ok
07:56:15.0803 0x0904 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:56:15.0834 0x0904 LSI_SAS - ok
07:56:15.0849 0x0904 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:56:15.0865 0x0904 LSI_SAS2 - ok
07:56:15.0881 0x0904 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:56:15.0896 0x0904 LSI_SCSI - ok
07:56:15.0943 0x0904 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
07:56:16.0005 0x0904 luafv - ok
07:56:16.0037 0x0904 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:56:16.0052 0x0904 Mcx2Svc - ok
07:56:16.0193 0x0904 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
07:56:16.0224 0x0904 MDM - ok
07:56:16.0239 0x0904 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:56:16.0255 0x0904 megasas - ok
07:56:16.0286 0x0904 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:56:16.0302 0x0904 MegaSR - ok
07:56:16.0349 0x0904 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
07:56:16.0427 0x0904 MMCSS - ok
07:56:16.0458 0x0904 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
07:56:16.0505 0x0904 Modem - ok
07:56:16.0536 0x0904 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:56:16.0567 0x0904 monitor - ok
07:56:16.0614 0x0904 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:56:16.0645 0x0904 mouclass - ok
07:56:16.0676 0x0904 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:56:16.0707 0x0904 mouhid - ok
07:56:16.0754 0x0904 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:56:16.0785 0x0904 mountmgr - ok
07:56:16.0848 0x0904 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
07:56:16.0879 0x0904 MpFilter - ok
07:56:16.0973 0x0904 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
07:56:17.0004 0x0904 mpio - ok
07:56:17.0051 0x0904 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:56:17.0097 0x0904 mpsdrv - ok
07:56:17.0144 0x0904 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:56:17.0238 0x0904 MpsSvc - ok
07:56:17.0269 0x0904 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:56:17.0300 0x0904 MRxDAV - ok
07:56:17.0331 0x0904 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:56:17.0363 0x0904 mrxsmb - ok
07:56:17.0425 0x0904 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:56:17.0472 0x0904 mrxsmb10 - ok
07:56:17.0487 0x0904 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:56:17.0519 0x0904 mrxsmb20 - ok
07:56:17.0565 0x0904 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
07:56:17.0612 0x0904 msahci - ok
07:56:17.0675 0x0904 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:56:17.0706 0x0904 msdsm - ok
07:56:17.0784 0x0904 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
07:56:17.0846 0x0904 MSDTC - ok
07:56:17.0909 0x0904 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:56:17.0971 0x0904 Msfs - ok
07:56:18.0002 0x0904 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:56:18.0065 0x0904 mshidkmdf - ok
07:56:18.0096 0x0904 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:56:18.0111 0x0904 msisadrv - ok
07:56:18.0158 0x0904 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:56:18.0236 0x0904 MSiSCSI - ok
07:56:18.0236 0x0904 msiserver - ok
07:56:18.0267 0x0904 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:56:18.0314 0x0904 MSKSSRV - ok
07:56:18.0408 0x0904 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:56:18.0439 0x0904 MsMpSvc - ok
07:56:18.0455 0x0904 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:56:18.0517 0x0904 MSPCLOCK - ok
07:56:18.0533 0x0904 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:56:18.0642 0x0904 MSPQM - ok
07:56:18.0704 0x0904 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:56:18.0735 0x0904 MsRPC - ok
07:56:18.0767 0x0904 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:56:18.0782 0x0904 mssmbios - ok
07:56:18.0813 0x0904 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:56:18.0860 0x0904 MSTEE - ok
07:56:18.0891 0x0904 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:56:18.0907 0x0904 MTConfig - ok
07:56:18.0923 0x0904 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
07:56:18.0938 0x0904 Mup - ok
07:56:19.0125 0x0904 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
07:56:19.0203 0x0904 napagent - ok
07:56:19.0250 0x0904 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:56:19.0281 0x0904 NativeWifiP - ok
07:56:19.0375 0x0904 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
07:56:19.0422 0x0904 NDIS - ok
07:56:19.0437 0x0904 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:56:19.0484 0x0904 NdisCap - ok
07:56:19.0531 0x0904 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:56:19.0578 0x0904 NdisTapi - ok
07:56:19.0593 0x0904 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:56:19.0640 0x0904 Ndisuio - ok
07:56:19.0687 0x0904 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:56:19.0749 0x0904 NdisWan - ok
07:56:19.0812 0x0904 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:56:19.0890 0x0904 NDProxy - ok
07:56:19.0905 0x0904 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:56:19.0952 0x0904 NetBIOS - ok
07:56:20.0061 0x0904 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:56:20.0139 0x0904 NetBT - ok
07:56:20.0155 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
07:56:20.0171 0x0904 Netlogon - ok
07:56:20.0217 0x0904 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
07:56:20.0311 0x0904 Netman - ok
07:56:20.0373 0x0904 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:20.0420 0x0904 NetMsmqActivator - ok
07:56:20.0451 0x0904 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:20.0483 0x0904 NetPipeActivator - ok
07:56:20.0514 0x0904 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
07:56:20.0592 0x0904 netprofm - ok
07:56:20.0623 0x0904 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:20.0639 0x0904 NetTcpActivator - ok
07:56:20.0654 0x0904 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:20.0670 0x0904 NetTcpPortSharing - ok
07:56:20.0717 0x0904 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:56:20.0748 0x0904 nfrd960 - ok
07:56:20.0826 0x0904 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:56:20.0857 0x0904 NisDrv - ok
07:56:20.0888 0x0904 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
07:56:20.0919 0x0904 NisSrv - ok
07:56:21.0062 0x0904 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:56:21.0093 0x0904 NlaSvc - ok
07:56:21.0109 0x0904 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:56:21.0157 0x0904 Npfs - ok
07:56:21.0189 0x0904 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
07:56:21.0282 0x0904 nsi - ok
07:56:21.0298 0x0904 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:56:21.0345 0x0904 nsiproxy - ok
07:56:21.0501 0x0904 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:56:21.0594 0x0904 Ntfs - ok
07:56:21.0657 0x0904 [ D4012918D3A3847B44B888D56BC095D6, BE78F54CA01E8C37FD9129AA2869CCFE84BA8F5ED015486019305C7F40AE3B1B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
07:56:21.0672 0x0904 NuidFltr - ok
07:56:21.0703 0x0904 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
07:56:21.0750 0x0904 Null - ok
07:56:21.0797 0x0904 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:56:21.0828 0x0904 nvraid - ok
07:56:21.0844 0x0904 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:56:21.0859 0x0904 nvstor - ok
07:56:21.0906 0x0904 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:56:21.0937 0x0904 nv_agp - ok
07:56:21.0984 0x0904 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:56:22.0031 0x0904 ohci1394 - ok
07:56:22.0125 0x0904 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:56:22.0156 0x0904 ose64 - ok
07:56:22.0452 0x0904 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:56:22.0717 0x0904 osppsvc - ok
07:56:22.0795 0x0904 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:56:22.0827 0x0904 p2pimsvc - ok
07:56:22.0858 0x0904 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
07:56:22.0905 0x0904 p2psvc - ok
07:56:22.0951 0x0904 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:56:22.0983 0x0904 Parport - ok
07:56:23.0029 0x0904 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:56:23.0045 0x0904 partmgr - ok
07:56:23.0076 0x0904 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
07:56:23.0107 0x0904 PcaSvc - ok
07:56:23.0123 0x0904 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
07:56:23.0139 0x0904 pci - ok
07:56:23.0170 0x0904 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
07:56:23.0170 0x0904 pciide - ok
07:56:23.0201 0x0904 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:56:23.0232 0x0904 pcmcia - ok
07:56:23.0248 0x0904 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
07:56:23.0263 0x0904 pcw - ok
07:56:23.0310 0x0904 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:56:23.0388 0x0904 PEAUTH - ok
07:56:23.0482 0x0904 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:56:23.0529 0x0904 PerfHost - ok
07:56:23.0669 0x0904 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
07:56:23.0778 0x0904 pla - ok
07:56:23.0856 0x0904 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:56:23.0903 0x0904 PlugPlay - ok
07:56:23.0950 0x0904 [ 8AC5649C9070674D4607301C180AB10B, 7742903EDE7495A1EBBFB101C35CE79A1DD3711D594CAB5A9D23FE9FB482ACF5 ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
07:56:23.0997 0x0904 pneteth - ok
07:56:24.0043 0x0904 [ 06841F5CD8410B6BDC0B5A631B8F8787, 95CA940AAE0C713C7161899D7DD7109FC985B60A1B3817C4243ED9870DA5FDE0 ] pnetmdm C:\Windows\system32\DRIVERS\pnetmdm64.sys
07:56:24.0059 0x0904 pnetmdm - ok
07:56:24.0090 0x0904 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:56:24.0106 0x0904 PNRPAutoReg - ok
07:56:24.0153 0x0904 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:56:24.0184 0x0904 PNRPsvc - ok
07:56:24.0215 0x0904 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:56:24.0309 0x0904 PolicyAgent - ok
07:56:24.0355 0x0904 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
07:56:24.0449 0x0904 Power - ok
07:56:24.0496 0x0904 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:56:24.0543 0x0904 PptpMiniport - ok
07:56:24.0558 0x0904 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:56:24.0574 0x0904 Processor - ok
07:56:24.0636 0x0904 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
07:56:24.0667 0x0904 ProfSvc - ok
07:56:24.0699 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:56:24.0714 0x0904 ProtectedStorage - ok
07:56:24.0777 0x0904 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:56:24.0855 0x0904 Psched - ok
07:56:24.0964 0x0904 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:56:25.0026 0x0904 ql2300 - ok
07:56:25.0057 0x0904 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:56:25.0073 0x0904 ql40xx - ok
07:56:25.0120 0x0904 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
07:56:25.0182 0x0904 QWAVE - ok
07:56:25.0213 0x0904 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:56:25.0245 0x0904 QWAVEdrv - ok
07:56:25.0323 0x0904 [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
07:56:25.0354 0x0904 RapiMgr - ok
07:56:25.0385 0x0904 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:56:25.0447 0x0904 RasAcd - ok
07:56:25.0494 0x0904 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:56:25.0572 0x0904 RasAgileVpn - ok
07:56:25.0650 0x0904 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
07:56:25.0775 0x0904 RasAuto - ok
07:56:25.0806 0x0904 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:56:25.0853 0x0904 Rasl2tp - ok
07:56:25.0915 0x0904 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
07:56:26.0009 0x0904 RasMan - ok
07:56:26.0056 0x0904 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:56:26.0118 0x0904 RasPppoe - ok
07:56:26.0134 0x0904 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:56:26.0181 0x0904 RasSstp - ok
07:56:26.0321 0x0904 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:56:26.0383 0x0904 rdbss - ok
07:56:26.0415 0x0904 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:56:26.0477 0x0904 rdpbus - ok
07:56:26.0508 0x0904 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:56:26.0571 0x0904 RDPCDD - ok
07:56:26.0586 0x0904 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:56:26.0633 0x0904 RDPENCDD - ok
07:56:26.0649 0x0904 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:56:26.0695 0x0904 RDPREFMP - ok
07:56:26.0805 0x0904 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:56:26.0820 0x0904 RdpVideoMiniport - ok
07:56:26.0898 0x0904 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:56:26.0929 0x0904 RDPWD - ok
07:56:27.0007 0x0904 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:56:27.0023 0x0904 rdyboost - ok
07:56:27.0085 0x0904 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:56:27.0163 0x0904 RemoteAccess - ok
07:56:27.0241 0x0904 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:56:27.0335 0x0904 RemoteRegistry - ok
07:56:27.0397 0x0904 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
07:56:27.0444 0x0904 ROOTMODEM - ok
07:56:27.0460 0x0904 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:56:27.0522 0x0904 RpcEptMapper - ok
07:56:27.0538 0x0904 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
07:56:27.0569 0x0904 RpcLocator - ok
07:56:27.0631 0x0904 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
07:56:27.0694 0x0904 RpcSs - ok
07:56:27.0725 0x0904 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:56:27.0787 0x0904 rspndr - ok
07:56:27.0850 0x0904 [ 502B316947EA887CDDD325D4745EB7D0, 2B975AECC5EBAADE9812E3767E8794B3FD2FF987907323B19B0773279ACAD635 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
07:56:27.0897 0x0904 RSUSBSTOR - ok
07:56:27.0990 0x0904 [ 1BE36AB59242A109697870F16A8E0EF8, CAC949D97EEFA0CE5E89084D0950B6E331145870355367803530D0DED4962F2E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:56:28.0021 0x0904 RTL8167 - ok
07:56:28.0037 0x0904 RtsUIR - ok
07:56:28.0053 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
07:56:28.0068 0x0904 SamSs - ok
07:56:28.0099 0x0904 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:56:28.0131 0x0904 sbp2port - ok
07:56:28.0193 0x0904 [ AAD06F50CFA42E576BEDB1A1279F24EF, DE1AE25DF70627EAF72A2208C0FECE3B1B22AD5ECA5C43043F71753F775678CC ] ScanUSBET C:\Windows\system32\DRIVERS\etScan64.sys
07:56:28.0209 0x0904 ScanUSBET - ok
07:56:28.0240 0x0904 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:56:28.0333 0x0904 SCardSvr - ok
07:56:28.0365 0x0904 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:56:28.0427 0x0904 scfilter - ok
07:56:28.0708 0x0904 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
07:56:28.0801 0x0904 Schedule - ok
07:56:28.0833 0x0904 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:56:28.0879 0x0904 SCPolicySvc - ok
07:56:28.0926 0x0904 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:56:28.0957 0x0904 SDRSVC - ok
07:56:29.0503 0x0904 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
07:56:29.0566 0x0904 SDScannerService - ok
07:56:30.0299 0x0904 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
07:56:30.0377 0x0904 SDUpdateService - ok
07:56:30.0439 0x0904 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
07:56:30.0471 0x0904 SDWSCService - ok
07:56:30.0517 0x0904 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:56:30.0564 0x0904 secdrv - ok
07:56:30.0595 0x0904 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
07:56:30.0642 0x0904 seclogon - ok
07:56:30.0673 0x0904 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
07:56:30.0736 0x0904 SENS - ok
07:56:30.0767 0x0904 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:56:30.0798 0x0904 SensrSvc - ok
07:56:30.0845 0x0904 [ D666EBEC6374B2018CF61EE204C3CF50, 4BA0C0370F0C13AADBAE9724660F13210554B0B84C405494521502C2F6DEF27E ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
07:56:30.0861 0x0904 Ser2pl - ok
07:56:30.0876 0x0904 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:56:30.0907 0x0904 Serenum - ok
07:56:30.0939 0x0904 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:56:30.0970 0x0904 Serial - ok
07:56:31.0001 0x0904 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:56:31.0017 0x0904 sermouse - ok
07:56:31.0048 0x0904 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
07:56:31.0141 0x0904 SessionEnv - ok
07:56:31.0173 0x0904 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:56:31.0188 0x0904 sffdisk - ok
07:56:31.0219 0x0904 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:56:31.0235 0x0904 sffp_mmc - ok
07:56:31.0251 0x0904 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:56:31.0266 0x0904 sffp_sd - ok
07:56:31.0297 0x0904 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:56:31.0329 0x0904 sfloppy - ok
07:56:31.0391 0x0904 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:56:31.0453 0x0904 SharedAccess - ok
07:56:31.0485 0x0904 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:56:31.0578 0x0904 ShellHWDetection - ok
07:56:31.0625 0x0904 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:56:31.0641 0x0904 SiSRaid2 - ok
07:56:31.0656 0x0904 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:56:31.0672 0x0904 SiSRaid4 - ok
07:56:31.0703 0x0904 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:56:31.0765 0x0904 Smb - ok
07:56:31.0843 0x0904 [ 678D197CAD249F930B7FDD2AFA4C91B0, 5CE65B8A72225B663534A14BA31DCAB8EA5A7CE9BE05C3A18837FE8B554EF1FA ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
07:56:31.0890 0x0904 SmbDrvI - ok
07:56:31.0968 0x0904 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:56:31.0984 0x0904 SNMPTRAP - ok
07:56:32.0015 0x0904 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
07:56:32.0046 0x0904 spldr - ok
07:56:32.0124 0x0904 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
07:56:32.0171 0x0904 Spooler - ok
07:56:32.0483 0x0904 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
07:56:32.0779 0x0904 sppsvc - ok
07:56:32.0842 0x0904 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:56:32.0920 0x0904 sppuinotify - ok
07:56:33.0060 0x0904 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:56:33.0123 0x0904 srv - ok
07:56:33.0169 0x0904 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:56:33.0201 0x0904 srv2 - ok
07:56:33.0247 0x0904 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:56:33.0294 0x0904 srvnet - ok
07:56:33.0341 0x0904 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:56:33.0419 0x0904 SSDPSRV - ok
07:56:33.0450 0x0904 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:56:33.0497 0x0904 SstpSvc - ok
07:56:33.0544 0x0904 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:56:33.0575 0x0904 stexstor - ok
07:56:33.0747 0x0904 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
07:56:33.0825 0x0904 stisvc - ok
07:56:33.0903 0x0904 [ 9CFEFD62D86DABFAC12D1C5ED72BA6A4, 1FFE4371450F53FD774CA0349CC28F559695761C18759CEB04933FDF2FD98F65 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
07:56:33.0934 0x0904 SWDUMon - ok
07:56:33.0981 0x0904 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
07:56:34.0012 0x0904 swenum - ok
07:56:34.0090 0x0904 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
07:56:34.0168 0x0904 swprv - ok
07:56:34.0620 0x0904 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
07:56:34.0729 0x0904 SysMain - ok
07:56:34.0761 0x0904 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:56:34.0823 0x0904 TabletInputService - ok
07:56:34.0885 0x0904 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
07:56:34.0948 0x0904 TapiSrv - ok
07:56:34.0995 0x0904 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
07:56:35.0041 0x0904 TBS - ok
07:56:35.0197 0x0904 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:56:35.0275 0x0904 Tcpip - ok
07:56:35.0369 0x0904 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:56:35.0431 0x0904 TCPIP6 - ok
07:56:35.0509 0x0904 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:56:35.0572 0x0904 tcpipreg - ok
07:56:35.0619 0x0904 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:56:35.0634 0x0904 TDPIPE - ok
07:56:35.0665 0x0904 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:56:35.0681 0x0904 TDTCP - ok
07:56:35.0743 0x0904 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:56:35.0806 0x0904 tdx - ok
07:56:36.0243 0x0904 [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
07:56:36.0742 0x0904 TeamViewer9 - ok
07:56:36.0804 0x0904 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
07:56:36.0835 0x0904 TermDD - ok
07:56:37.0023 0x0904 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
07:56:37.0085 0x0904 TermService - ok
07:56:37.0116 0x0904 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
07:56:37.0147 0x0904 Themes - ok
07:56:37.0179 0x0904 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
07:56:37.0257 0x0904 THREADORDER - ok
07:56:37.0272 0x0904 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
07:56:37.0319 0x0904 TrkWks - ok
07:56:37.0413 0x0904 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:56:37.0506 0x0904 TrustedInstaller - ok
07:56:37.0537 0x0904 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:56:37.0553 0x0904 tssecsrv - ok
07:56:37.0600 0x0904 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:56:37.0631 0x0904 TsUsbFlt - ok
07:56:37.0678 0x0904 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:56:37.0756 0x0904 tunnel - ok
07:56:37.0771 0x0904 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:56:37.0787 0x0904 uagp35 - ok
07:56:37.0896 0x0904 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:56:38.0021 0x0904 udfs - ok
07:56:38.0052 0x0904 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:56:38.0099 0x0904 UI0Detect - ok
07:56:38.0130 0x0904 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:56:38.0161 0x0904 uliagpkx - ok
07:56:38.0208 0x0904 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
07:56:38.0239 0x0904 umbus - ok
07:56:38.0286 0x0904 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:56:38.0302 0x0904 UmPass - ok
07:56:38.0678 0x0904 [ 765F2DD351BA064F657751D8D75E58C0, 954834FF6F05E065C2BE6CEC22136A0399026BFF9D91BE859E8E047C3ED8267F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:56:38.0787 0x0904 UNS - ok
07:56:38.0865 0x0904 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
07:56:38.0943 0x0904 upnphost - ok
07:56:39.0021 0x0904 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:56:39.0053 0x0904 usbccgp - ok
07:56:39.0053 0x0904 USBCCID - ok
07:56:39.0115 0x0904 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:56:39.0177 0x0904 usbcir - ok
07:56:39.0209 0x0904 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
07:56:39.0240 0x0904 usbehci - ok
07:56:39.0333 0x0904 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:56:39.0380 0x0904 usbhub - ok
07:56:39.0458 0x0904 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:56:39.0505 0x0904 usbohci - ok
07:56:39.0552 0x0904 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:56:39.0583 0x0904 usbprint - ok
07:56:39.0614 0x0904 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:56:39.0630 0x0904 usbscan - ok
07:56:39.0661 0x0904 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:56:39.0692 0x0904 USBSTOR - ok
07:56:39.0723 0x0904 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:56:39.0739 0x0904 usbuhci - ok
07:56:39.0833 0x0904 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:56:39.0864 0x0904 usbvideo - ok
07:56:39.0895 0x0904 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
07:56:39.0957 0x0904 UxSms - ok
07:56:39.0989 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
07:56:40.0004 0x0904 VaultSvc - ok
07:56:40.0051 0x0904 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:56:40.0067 0x0904 vdrvroot - ok
07:56:40.0145 0x0904 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
07:56:40.0238 0x0904 vds - ok
07:56:40.0285 0x0904 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:56:40.0316 0x0904 vga - ok
07:56:40.0332 0x0904 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:56:40.0379 0x0904 VgaSave - ok
07:56:40.0472 0x0904 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:56:40.0503 0x0904 vhdmp - ok
07:56:40.0566 0x0904 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
07:56:40.0613 0x0904 viaide - ok
07:56:40.0644 0x0904 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:56:40.0659 0x0904 volmgr - ok
07:56:40.0691 0x0904 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:56:40.0722 0x0904 volmgrx - ok
07:56:40.0737 0x0904 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:56:40.0769 0x0904 volsnap - ok
07:56:40.0815 0x0904 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:56:40.0831 0x0904 vsmraid - ok
07:56:40.0940 0x0904 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
07:56:41.0065 0x0904 VSS - ok
07:56:41.0081 0x0904 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:56:41.0127 0x0904 vwifibus - ok
07:56:41.0159 0x0904 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:56:41.0221 0x0904 vwififlt - ok
07:56:41.0268 0x0904 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
07:56:41.0330 0x0904 W32Time - ok
07:56:41.0361 0x0904 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:56:41.0408 0x0904 WacomPen - ok
07:56:41.0439 0x0904 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:56:41.0502 0x0904 WANARP - ok
07:56:41.0502 0x0904 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:56:41.0549 0x0904 Wanarpv6 - ok
07:56:41.0673 0x0904 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:56:41.0736 0x0904 WatAdminSvc - ok
07:56:42.0017 0x0904 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
07:56:42.0110 0x0904 wbengine - ok
07:56:42.0188 0x0904 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:56:42.0266 0x0904 WbioSrvc - ok
07:56:42.0313 0x0904 [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
07:56:42.0344 0x0904 WcesComm - ok
07:56:42.0422 0x0904 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:56:42.0485 0x0904 wcncsvc - ok
07:56:42.0500 0x0904 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:56:42.0516 0x0904 WcsPlugInService - ok
07:56:42.0547 0x0904 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:56:42.0578 0x0904 Wd - ok
07:56:42.0769 0x0904 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:56:42.0832 0x0904 Wdf01000 - ok
07:56:42.0879 0x0904 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:56:42.0925 0x0904 WdiServiceHost - ok
07:56:42.0941 0x0904 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:56:42.0972 0x0904 WdiSystemHost - ok
07:56:43.0019 0x0904 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
07:56:43.0066 0x0904 WebClient - ok
07:56:43.0097 0x0904 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:56:43.0159 0x0904 Wecsvc - ok
07:56:43.0175 0x0904 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:56:43.0237 0x0904 wercplsupport - ok
07:56:43.0269 0x0904 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
07:56:43.0331 0x0904 WerSvc - ok
07:56:43.0378 0x0904 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:56:43.0440 0x0904 WfpLwf - ok
07:56:43.0471 0x0904 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:56:43.0487 0x0904 WIMMount - ok
07:56:43.0503 0x0904 WinDefend - ok
07:56:43.0534 0x0904 WinHttpAutoProxySvc - ok
07:56:43.0846 0x0904 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:56:43.0971 0x0904 Winmgmt - ok
07:56:44.0127 0x0904 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
07:56:44.0267 0x0904 WinRM - ok
07:56:44.0314 0x0904 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WINUSB C:\Windows\system32\DRIVERS\WinUsb.sys
07:56:44.0345 0x0904 WINUSB - ok
07:56:44.0548 0x0904 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:56:44.0626 0x0904 Wlansvc - ok
07:56:44.0766 0x0904 [ 13B0A570E1AE451C92DA550085D72CF3, 4C67F000EE65B3B1DF17D228C93E9F2D3E13EAB2FD125806A16F70FF365097AC ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
07:56:44.0844 0x0904 wltrysvc - detected UnsignedFile.Multi.Generic ( 1 )
07:56:47.0545 0x0904 Detect skipped due to KSN trusted
07:56:47.0545 0x0904 wltrysvc - ok
07:56:47.0623 0x0904 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:56:47.0639 0x0904 WmiAcpi - ok
07:56:47.0685 0x0904 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:56:47.0748 0x0904 wmiApSrv - ok
07:56:47.0779 0x0904 WMPNetworkSvc - ok
07:56:47.0810 0x0904 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:56:47.0826 0x0904 WPCSvc - ok
07:56:47.0873 0x0904 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:56:47.0904 0x0904 WPDBusEnum - ok
07:56:47.0935 0x0904 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:56:47.0997 0x0904 ws2ifsl - ok
07:56:48.0013 0x0904 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
07:56:48.0060 0x0904 wscsvc - ok
07:56:48.0060 0x0904 WSearch - ok
07:56:48.0216 0x0904 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
07:56:48.0309 0x0904 wuauserv - ok
07:56:48.0341 0x0904 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:56:48.0356 0x0904 WudfPf - ok
07:56:48.0403 0x0904 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:56:48.0450 0x0904 WUDFRd - ok
07:56:48.0465 0x0904 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:56:48.0481 0x0904 wudfsvc - ok
07:56:48.0543 0x0904 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
07:56:48.0590 0x0904 WwanSvc - ok
07:56:48.0621 0x0904 ================ Scan global ===============================
07:56:48.0653 0x0904 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:56:48.0684 0x0904 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:56:48.0699 0x0904 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:56:48.0731 0x0904 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:56:48.0777 0x0904 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
07:56:48.0793 0x0904 [ Global ] - ok
07:56:48.0793 0x0904 ================ Scan MBR ==================================
07:56:48.0809 0x0904 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:56:49.0292 0x0904 \Device\Harddisk0\DR0 - ok
07:56:49.0292 0x0904 ================ Scan VBR ==================================
07:56:49.0323 0x0904 [ CE5930B5AF712151CFBBDAA1E8996462 ] \Device\Harddisk0\DR0\Partition1
07:56:49.0323 0x0904 \Device\Harddisk0\DR0\Partition1 - ok
07:56:49.0339 0x0904 [ 77085E355E7AFA7F5F96D6526B3898C4 ] \Device\Harddisk0\DR0\Partition2
07:56:49.0339 0x0904 \Device\Harddisk0\DR0\Partition2 - ok
07:56:49.0355 0x0904 [ A5CB5C8FB8261B2C0A728762A14DA3C3 ] \Device\Harddisk0\DR0\Partition3
07:56:49.0355 0x0904 \Device\Harddisk0\DR0\Partition3 - ok
07:56:49.0370 0x0904 ================ Scan generic autorun ======================
07:56:49.0479 0x0904 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
07:56:49.0542 0x0904 MSC - ok
07:56:49.0573 0x0904 [ 306A6F71C5B0D70342BCBB688520B6E0, C9DA050583AB997576431DB1BC5C3ABE264A602A6F7954A2B53C17CA1CC0B0EB ] C:\Windows\system32\igfxtray.exe
07:56:49.0604 0x0904 IgfxTray - ok
07:56:49.0635 0x0904 [ 06C86503532053215395C43778E600D6, 2D4DC52615719B1159B9D04C6AA5D65A650E708B5D7E6156331C81EFCB49AF6A ] C:\Windows\system32\hkcmd.exe
07:56:49.0651 0x0904 HotKeysCmds - ok
07:56:49.0698 0x0904 [ 5ECE936A024FA8F49D806FD382DFD7F6, F1DF0B683FE186372EF8FBA82C2C7F4D98006F0E816ED637725066A5D27E12EB ] C:\Windows\system32\igfxpers.exe
07:56:49.0729 0x0904 Persistence - ok
07:56:50.0259 0x0904 [ 37C6C318D6AFAFA2EBA99820EDF21DA6, 5693AA141B947761EE41FBDC6F16FDC5BBB5BA8EBE1DEC90AD6EF33BFAF885A5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
07:56:50.0837 0x0904 RtHDVCpl - ok
07:56:50.0961 0x0904 [ 80B62FF105908EC9E4B072AFB1CFC824, B124F309CB42167D59097DB3346487A26D431EC05694CECF19F0C5938312B3E8 ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
07:56:50.0993 0x0904 Dell Webcam Central - detected UnsignedFile.Multi.Generic ( 1 )
07:56:53.0727 0x0904 Detect skipped due to KSN trusted
07:56:53.0727 0x0904 Dell Webcam Central - ok
07:56:53.0867 0x0904 [ 74693E8465ACA1A57BEF1BC29C1E1BCE, 9DD001203AD92BEFA93A2A623BDC9741DB7937C78C5CC42B7E3E3DB45309D263 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
07:56:53.0945 0x0904 KeePass 2 PreLoad - detected UnsignedFile.Multi.Generic ( 1 )
07:56:57.0049 0x0904 Detect skipped due to KSN trusted
07:56:57.0049 0x0904 KeePass 2 PreLoad - ok
07:56:57.0252 0x0904 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
07:56:57.0377 0x0904 SDTray - ok
07:56:57.0517 0x0904 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:56:57.0595 0x0904 Sidebar - ok
07:56:57.0627 0x0904 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:56:57.0658 0x0904 mctadmin - ok
07:56:57.0705 0x0904 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:56:57.0767 0x0904 Sidebar - ok
07:56:57.0767 0x0904 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:56:57.0798 0x0904 mctadmin - ok
07:56:57.0954 0x0904 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
07:56:57.0985 0x0904 Google Update - ok
07:56:58.0095 0x0904 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
07:56:58.0173 0x0904 Sidebar - ok
07:56:58.0219 0x0904 GoogleDriveSync - ok
07:56:58.0313 0x0904 [ 5F3587E344F2990B59C941FB405CAA0F, FECEC63F515EF66FAD84FF589E95B931574CA1F6BDFC9D6E016B0604AFF18498 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07:56:58.0360 0x0904 GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 - ok
07:56:58.0672 0x0904 [ 18EE6C694976C4D205AF24D6CCE3B660, 262F8B929CBBC8BFDD465826A27625ED9508A7C325C45F1964A4EFAC36D60056 ] C:\Program Files (x86)\CCleaner\CCleaner64.exe
07:56:58.0999 0x0904 CCleaner Monitoring - ok
07:56:59.0077 0x0904 [ 066302E42EA8BC9A0F2F1B666E50B9BF, 9FD19CE4D65BACDDC5E1F570A71D577AC300E649757C5CCA1FF6C6E905E91999 ] C:\Program Files (x86)\Dell\DELL Webcam Manager\DellWMgr.exe
07:56:59.0218 0x0904 DELL Webcam Manager - detected UnsignedFile.Multi.Generic ( 1 )
07:57:01.0948 0x0904 Detect skipped due to KSN trusted
07:57:01.0948 0x0904 DELL Webcam Manager - ok
07:57:01.0995 0x0904 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
07:57:02.0010 0x0904 Google Update - ok
07:57:02.0010 0x0904 [ 066302E42EA8BC9A0F2F1B666E50B9BF, 9FD19CE4D65BACDDC5E1F570A71D577AC300E649757C5CCA1FF6C6E905E91999 ] C:\Program Files (x86)\Dell\DELL Webcam Manager\DellWMgr.exe
07:57:02.0026 0x0904 DELL Webcam Manager - detected UnsignedFile.Multi.Generic ( 1 )
07:57:02.0026 0x0904 Detect skipped due to KSN trusted
07:57:02.0026 0x0904 DELL Webcam Manager - ok
07:57:02.0026 0x0904 Waiting for KSN requests completion. In queue: 8
07:57:03.0040 0x0904 Waiting for KSN requests completion. In queue: 8
07:57:04.0054 0x0904 Waiting for KSN requests completion. In queue: 8
07:57:05.0083 0x0904 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
07:57:05.0115 0x0904 Win FW state via NFP2: enabled
07:57:08.0328 0x0904 ============================================================
07:57:08.0328 0x0904 Scan finished
07:57:08.0328 0x0904 ============================================================
07:57:08.0328 0x0bcc Detected object count: 0
07:57:08.0328 0x0bcc Actual detected object count: 0
08:11:38.0509 0x0a18 Deinitialize success
I will be unable to do any more hunting for about five days, because the motor is running, the wife is in the car, and it's time to go!
Thanks again, and Merry Christmas!
Big_Sam
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by Owner at 2014-12-24 07:44:17 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Sandy & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
GroupPolicyUsers\S-1-5-21-713969557-3948734433-3494438272-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-713969557-3948734433-3494438272-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucuvlp.dll
C:\Users\Sandy\AppData\Local\Temp\GUR7B66.exe
C:\Users\Sandy\AppData\Local\Temp\GURAB9F.exe
C:\Users\Sandy\AppData\Local\Temp\GURE170.exe
C:\Users\Sandy\AppData\Local\Temp\GURFB7.exe
EmptyTemp:
CMD: ipconfig /flushdns
End
*****************
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-713969557-3948734433-3494438272-1004\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-713969557-3948734433-3494438272-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucuvlp.dll => Moved successfully.
C:\Users\Sandy\AppData\Local\Temp\GUR7B66.exe => Moved successfully.
C:\Users\Sandy\AppData\Local\Temp\GURAB9F.exe => Moved successfully.
C:\Users\Sandy\AppData\Local\Temp\GURE170.exe => Moved successfully.
C:\Users\Sandy\AppData\Local\Temp\GURFB7.exe => Moved successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => Removed 863 MB temporary data.
The system needed a reboot.
==== End of Fixlog 07:44:33 ====
07:54:19.0391 0x08e0 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
07:54:27.0694 0x08e0 ============================================================
07:54:27.0694 0x08e0 Current date / time: 2014/12/24 07:54:27.0694
07:54:27.0694 0x08e0 SystemInfo:
07:54:27.0694 0x08e0
07:54:27.0694 0x08e0 OS Version: 6.1.7601 ServicePack: 1.0
07:54:27.0694 0x08e0 Product type: Workstation
07:54:27.0694 0x08e0 ComputerName: OWNER-PC
07:54:27.0694 0x08e0 UserName: Owner
07:54:27.0694 0x08e0 Windows directory: C:\Windows
07:54:27.0694 0x08e0 System windows directory: C:\Windows
07:54:27.0694 0x08e0 Running under WOW64
07:54:27.0694 0x08e0 Processor architecture: Intel x64
07:54:27.0694 0x08e0 Number of processors: 4
07:54:27.0694 0x08e0 Page size: 0x1000
07:54:27.0694 0x08e0 Boot type: Normal boot
07:54:27.0694 0x08e0 ============================================================
07:54:32.0001 0x08e0 KLMD registered as C:\Windows\system32\drivers\41427924.sys
07:54:32.0469 0x08e0 System UUID: {9D61D258-5749-B949-F25C-192B687D4AF4}
07:54:33.0311 0x08e0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:54:33.0327 0x08e0 ============================================================
07:54:33.0327 0x08e0 \Device\Harddisk0\DR0:
07:54:33.0327 0x08e0 MBR partitions:
07:54:33.0327 0x08e0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
07:54:33.0327 0x08e0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x32000
07:54:33.0327 0x08e0 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13EC800, BlocksNum 0x38F99000
07:54:33.0327 0x08e0 ============================================================
07:54:33.0358 0x08e0 C: <-> \Device\Harddisk0\DR0\Partition3
07:54:33.0358 0x08e0 ============================================================
07:54:33.0358 0x08e0 Initialize success
07:54:33.0358 0x08e0 ============================================================
07:55:19.0720 0x0900 Deinitialize success
07:55:24.0354 0x0a40 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
07:55:28.0223 0x0a40 ============================================================
07:55:28.0223 0x0a40 Current date / time: 2014/12/24 07:55:28.0223
07:55:28.0223 0x0a40 SystemInfo:
07:55:28.0223 0x0a40
07:55:28.0223 0x0a40 OS Version: 6.1.7601 ServicePack: 1.0
07:55:28.0223 0x0a40 Product type: Workstation
07:55:28.0223 0x0a40 ComputerName: OWNER-PC
07:55:28.0223 0x0a40 UserName: Owner
07:55:28.0223 0x0a40 Windows directory: C:\Windows
07:55:28.0223 0x0a40 System windows directory: C:\Windows
07:55:28.0223 0x0a40 Running under WOW64
07:55:28.0223 0x0a40 Processor architecture: Intel x64
07:55:28.0223 0x0a40 Number of processors: 4
07:55:28.0223 0x0a40 Page size: 0x1000
07:55:28.0223 0x0a40 Boot type: Normal boot
07:55:28.0223 0x0a40 ============================================================
07:55:30.0641 0x0a40 KLMD registered as C:\Windows\system32\drivers\15903239.sys
07:55:30.0953 0x0a40 System UUID: {9D61D258-5749-B949-F25C-192B687D4AF4}
07:55:31.0577 0x0a40 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:55:31.0577 0x0a40 ============================================================
07:55:31.0577 0x0a40 \Device\Harddisk0\DR0:
07:55:31.0577 0x0a40 MBR partitions:
07:55:31.0577 0x0a40 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
07:55:31.0577 0x0a40 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x32000
07:55:31.0577 0x0a40 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13EC800, BlocksNum 0x38F99000
07:55:31.0577 0x0a40 ============================================================
07:55:31.0624 0x0a40 C: <-> \Device\Harddisk0\DR0\Partition3
07:55:31.0624 0x0a40 ============================================================
07:55:31.0624 0x0a40 Initialize success
07:55:31.0624 0x0a40 ============================================================
07:55:49.0276 0x0904 ============================================================
07:55:49.0276 0x0904 Scan started
07:55:49.0276 0x0904 Mode: Manual; SigCheck; TDLFS;
07:55:49.0276 0x0904 ============================================================
07:55:49.0276 0x0904 KSN ping started
07:55:52.0244 0x0904 KSN ping finished: true
07:55:54.0116 0x0904 ================ Scan system memory ========================
07:55:54.0116 0x0904 System memory - ok
07:55:54.0116 0x0904 ================ Scan services =============================
07:55:54.0350 0x0904 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:55:54.0428 0x0904 1394ohci - ok
07:55:54.0490 0x0904 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:55:54.0506 0x0904 ACPI - ok
07:55:54.0552 0x0904 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:55:54.0568 0x0904 AcpiPmi - ok
07:55:54.0630 0x0904 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:55:54.0662 0x0904 adp94xx - ok
07:55:54.0693 0x0904 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:55:54.0724 0x0904 adpahci - ok
07:55:54.0740 0x0904 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:55:54.0755 0x0904 adpu320 - ok
07:55:54.0786 0x0904 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:55:54.0833 0x0904 AeLookupSvc - ok
07:55:54.0927 0x0904 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
07:55:54.0958 0x0904 AERTFilters - ok
07:55:55.0020 0x0904 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
07:55:55.0052 0x0904 AFD - ok
07:55:55.0098 0x0904 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
07:55:55.0114 0x0904 agp440 - ok
07:55:55.0161 0x0904 [ 94C0972B06C75456ED574DD46417B1D8, D775EF79CD103752AE08187B28B73227546D0D7583B9CA4FD338931B334EFF0B ] aksdf C:\Windows\system32\drivers\aksdf.sys
07:55:55.0192 0x0904 aksdf - ok
07:55:55.0239 0x0904 [ 7B0BC062CA6ABAB23F88EA483B5A538E, 47E7B0B130460EBE01003982252A9AF48F7E33E7E35BEDB3C2074BF0E3B35264 ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
07:55:55.0270 0x0904 aksfridge - ok
07:55:55.0301 0x0904 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
07:55:55.0317 0x0904 ALG - ok
07:55:55.0364 0x0904 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
07:55:55.0395 0x0904 aliide - ok
07:55:55.0410 0x0904 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
07:55:55.0426 0x0904 amdide - ok
07:55:55.0488 0x0904 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:55:55.0520 0x0904 AmdK8 - ok
07:55:55.0551 0x0904 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:55:55.0582 0x0904 AmdPPM - ok
07:55:55.0629 0x0904 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:55:55.0660 0x0904 amdsata - ok
07:55:55.0691 0x0904 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:55:55.0707 0x0904 amdsbs - ok
07:55:55.0722 0x0904 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:55:55.0738 0x0904 amdxata - ok
07:55:55.0785 0x0904 [ 8655A2983A86D6675135B1FF6892055D, 1A983C11987138A606E2E1E87E353F27BA69832B6881071315886878ECBD27E1 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
07:55:55.0816 0x0904 ApfiltrService - ok
07:55:55.0847 0x0904 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
07:55:55.0910 0x0904 AppID - ok
07:55:55.0941 0x0904 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:55:56.0003 0x0904 AppIDSvc - ok
07:55:56.0034 0x0904 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
07:55:56.0050 0x0904 Appinfo - ok
07:55:56.0112 0x0904 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:55:56.0159 0x0904 arc - ok
07:55:56.0175 0x0904 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:55:56.0190 0x0904 arcsas - ok
07:55:56.0331 0x0904 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:55:56.0362 0x0904 aspnet_state - ok
07:55:56.0378 0x0904 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:55:56.0424 0x0904 AsyncMac - ok
07:55:56.0456 0x0904 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
07:55:56.0471 0x0904 atapi - ok
07:55:56.0549 0x0904 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:55:56.0627 0x0904 AudioEndpointBuilder - ok
07:55:56.0658 0x0904 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:55:56.0690 0x0904 AudioSrv - ok
07:55:56.0752 0x0904 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:55:56.0783 0x0904 AxInstSV - ok
07:55:56.0861 0x0904 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:55:56.0908 0x0904 b06bdrv - ok
07:55:56.0986 0x0904 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:55:57.0033 0x0904 b57nd60a - ok
07:55:57.0080 0x0904 [ E001DD475A7C27EBE5A0DB45C11BAD71, BA6A13E49F30BBBAB9FB0C7686FA6FD0376D506A51CEDB2829E3EF3C728394BA ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
07:55:57.0080 0x0904 BCM42RLY - ok
07:55:57.0220 0x0904 [ 37394D3553E220FB732C21E217E1BD8B, 1B4ACDDDD2A2D9771240778A47BA067F0F6C7C40C84BC8BFD5852E5772EAB298 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
07:55:57.0329 0x0904 BCM43XX - ok
07:55:57.0407 0x0904 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
07:55:57.0438 0x0904 BDESVC - ok
07:55:57.0501 0x0904 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
07:55:57.0563 0x0904 Beep - ok
07:55:57.0641 0x0904 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
07:55:57.0688 0x0904 BFE - ok
07:55:57.0750 0x0904 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
07:55:57.0844 0x0904 BITS - ok
07:55:57.0953 0x0904 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:55:58.0031 0x0904 blbdrive - ok
07:55:58.0140 0x0904 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:55:58.0203 0x0904 bowser - ok
07:55:58.0250 0x0904 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:55:58.0390 0x0904 BrFiltLo - ok
07:55:58.0421 0x0904 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:55:58.0452 0x0904 BrFiltUp - ok
07:55:58.0499 0x0904 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
07:55:58.0624 0x0904 Browser - ok
07:55:58.0764 0x0904 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:55:58.0780 0x0904 Brserid - ok
07:55:58.0858 0x0904 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:55:59.0014 0x0904 BrSerWdm - ok
07:55:59.0045 0x0904 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:55:59.0092 0x0904 BrUsbMdm - ok
07:55:59.0108 0x0904 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:55:59.0154 0x0904 BrUsbSer - ok
07:55:59.0186 0x0904 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:55:59.0232 0x0904 BTHMODEM - ok
07:55:59.0264 0x0904 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
07:55:59.0326 0x0904 bthserv - ok
07:55:59.0373 0x0904 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:55:59.0451 0x0904 cdfs - ok
07:55:59.0482 0x0904 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:55:59.0529 0x0904 cdrom - ok
07:55:59.0560 0x0904 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
07:55:59.0654 0x0904 CertPropSvc - ok
07:55:59.0669 0x0904 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:55:59.0685 0x0904 circlass - ok
07:55:59.0747 0x0904 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
07:55:59.0778 0x0904 CLFS - ok
07:55:59.0856 0x0904 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:55:59.0888 0x0904 clr_optimization_v2.0.50727_32 - ok
07:55:59.0950 0x0904 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:55:59.0981 0x0904 clr_optimization_v2.0.50727_64 - ok
07:56:00.0075 0x0904 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:56:00.0106 0x0904 clr_optimization_v4.0.30319_32 - ok
07:56:00.0137 0x0904 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:56:00.0168 0x0904 clr_optimization_v4.0.30319_64 - ok
07:56:00.0215 0x0904 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:56:00.0246 0x0904 CmBatt - ok
07:56:00.0278 0x0904 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:56:00.0293 0x0904 cmdide - ok
07:56:00.0356 0x0904 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
07:56:00.0418 0x0904 CNG - ok
07:56:00.0449 0x0904 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:56:00.0465 0x0904 Compbatt - ok
07:56:00.0496 0x0904 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:56:00.0543 0x0904 CompositeBus - ok
07:56:00.0558 0x0904 COMSysApp - ok
07:56:00.0590 0x0904 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:56:00.0605 0x0904 crcdisk - ok
07:56:00.0668 0x0904 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:56:00.0699 0x0904 CryptSvc - ok
07:56:00.0808 0x0904 [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:56:00.0839 0x0904 CtClsFlt - ok
07:56:00.0886 0x0904 [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
07:56:00.0933 0x0904 dc3d - ok
07:56:00.0995 0x0904 [ DCDF34C65AF336DA7CFC0FB04D54E26B, 4E9E5125CA45B3D4BA427155381650F6781EAE2234DB5AAE30A0DC3D5FD708A3 ] DCamUSBET C:\Windows\system32\DRIVERS\etDevice64.sys
07:56:01.0042 0x0904 DCamUSBET - ok
07:56:01.0104 0x0904 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:56:01.0167 0x0904 DcomLaunch - ok
07:56:01.0229 0x0904 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
07:56:01.0292 0x0904 defragsvc - ok
07:56:01.0338 0x0904 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:56:01.0385 0x0904 DfsC - ok
07:56:01.0432 0x0904 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:56:01.0463 0x0904 Dhcp - ok
07:56:01.0494 0x0904 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
07:56:01.0541 0x0904 discache - ok
07:56:01.0572 0x0904 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:56:01.0604 0x0904 Disk - ok
07:56:01.0666 0x0904 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:56:01.0713 0x0904 Dnscache - ok
07:56:01.0791 0x0904 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
07:56:01.0869 0x0904 dot3svc - ok
07:56:01.0916 0x0904 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
07:56:02.0009 0x0904 DPS - ok
07:56:02.0056 0x0904 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:56:02.0087 0x0904 drmkaud - ok
07:56:02.0165 0x0904 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:56:02.0212 0x0904 DXGKrnl - ok
07:56:02.0274 0x0904 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
07:56:02.0337 0x0904 EapHost - ok
07:56:02.0493 0x0904 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:56:02.0664 0x0904 ebdrv - ok
07:56:02.0711 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
07:56:02.0742 0x0904 EFS - ok
07:56:02.0852 0x0904 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:56:02.0914 0x0904 ehRecvr - ok
07:56:02.0945 0x0904 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
07:56:03.0008 0x0904 ehSched - ok
07:56:03.0164 0x0904 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:56:03.0195 0x0904 elxstor - ok
07:56:03.0351 0x0904 [ 0BA213AF65FAE7941D1CDA2875BCFF5D, 314C3918916B1F8BEED934C7095B88AE8765DD25138798596573A8E0D954CFC7 ] EMP_UDSA C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
07:56:03.0476 0x0904 EMP_UDSA - detected UnsignedFile.Multi.Generic ( 1 )
07:56:06.0486 0x0904 Detect skipped due to KSN trusted
07:56:06.0486 0x0904 EMP_UDSA - ok
07:56:06.0533 0x0904 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:56:06.0564 0x0904 ErrDev - ok
07:56:06.0627 0x0904 esgiguard - ok
07:56:06.0705 0x0904 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
07:56:06.0783 0x0904 EventSystem - ok
07:56:06.0814 0x0904 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
07:56:06.0876 0x0904 exfat - ok
07:56:06.0923 0x0904 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:56:06.0970 0x0904 fastfat - ok
07:56:07.0048 0x0904 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
07:56:07.0095 0x0904 Fax - ok
07:56:07.0110 0x0904 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:56:07.0142 0x0904 fdc - ok
07:56:07.0173 0x0904 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
07:56:07.0282 0x0904 fdPHost - ok
07:56:07.0298 0x0904 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
07:56:07.0360 0x0904 FDResPub - ok
07:56:07.0391 0x0904 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:56:07.0422 0x0904 FileInfo - ok
07:56:07.0454 0x0904 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:56:07.0516 0x0904 Filetrace - ok
07:56:07.0641 0x0904 [ 00FB01323E4A9D713B6D32A1D9605271, F7AA3A3051669E55AC0D7C8A3D5DFFDDD9D091E158E17B1EF4270B02E3651E36 ] FiltUSBET C:\Windows\system32\DRIVERS\etFilter64.sys
07:56:07.0734 0x0904 FiltUSBET - ok
07:56:07.0859 0x0904 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:56:07.0906 0x0904 flpydisk - ok
07:56:07.0968 0x0904 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:56:08.0093 0x0904 FltMgr - ok
07:56:08.0327 0x0904 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
07:56:08.0422 0x0904 FontCache - ok
07:56:08.0547 0x0904 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:56:08.0578 0x0904 FontCache3.0.0.0 - ok
07:56:08.0609 0x0904 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:56:08.0625 0x0904 FsDepends - ok
07:56:08.0703 0x0904 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:56:08.0734 0x0904 Fs_Rec - ok
07:56:08.0796 0x0904 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:56:08.0827 0x0904 fvevol - ok
07:56:08.0874 0x0904 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:56:08.0890 0x0904 gagp30kx - ok
07:56:08.0937 0x0904 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
07:56:09.0015 0x0904 gpsvc - ok
07:56:09.0093 0x0904 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:56:09.0124 0x0904 gupdate - ok
07:56:09.0171 0x0904 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:56:09.0186 0x0904 gupdatem - ok
07:56:09.0327 0x0904 [ 78FAD9117E4527F2CA82259DA10F40BD, 9CE5102C681B8147BFC189897C19852D2BF82A9B95DE6301EBBCD13A604A41F3 ] hardlock C:\Windows\system32\drivers\hardlock.sys
07:56:09.0373 0x0904 hardlock - ok
07:56:09.0389 0x0904 hasplms - ok
07:56:09.0420 0x0904 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:56:09.0451 0x0904 hcw85cir - ok
07:56:09.0498 0x0904 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:56:09.0529 0x0904 HdAudAddService - ok
07:56:09.0592 0x0904 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:56:09.0639 0x0904 HDAudBus - ok
07:56:09.0685 0x0904 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:56:09.0701 0x0904 HECIx64 - ok
07:56:09.0717 0x0904 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:56:09.0732 0x0904 HidBatt - ok
07:56:09.0748 0x0904 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:56:09.0779 0x0904 HidBth - ok
07:56:09.0810 0x0904 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:56:09.0826 0x0904 HidIr - ok
07:56:09.0888 0x0904 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
07:56:09.0951 0x0904 hidserv - ok
07:56:09.0997 0x0904 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:56:10.0013 0x0904 HidUsb - ok
07:56:10.0060 0x0904 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:56:10.0107 0x0904 hkmsvc - ok
07:56:10.0138 0x0904 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:56:10.0169 0x0904 HomeGroupListener - ok
07:56:10.0216 0x0904 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:56:10.0247 0x0904 HomeGroupProvider - ok
07:56:10.0294 0x0904 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:56:10.0325 0x0904 HpSAMD - ok
07:56:10.0419 0x0904 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:56:10.0512 0x0904 HTTP - ok
07:56:10.0543 0x0904 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:56:10.0559 0x0904 hwpolicy - ok
07:56:10.0637 0x0904 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:56:10.0653 0x0904 i8042prt - ok
07:56:10.0746 0x0904 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:56:10.0777 0x0904 iaStorV - ok
07:56:11.0121 0x0904 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:56:11.0167 0x0904 idsvc - ok
07:56:11.0183 0x0904 IEEtwCollectorService - ok
07:56:11.0869 0x0904 [ C458A0B66D11CBABD113EAC828276A8C, FF31B49BAF36358A16FA5478036C6431DE877BA30D6F6DF85FD0A2FA6E6CB0E1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:56:12.0509 0x0904 igfx - ok
07:56:12.0571 0x0904 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:56:12.0587 0x0904 iirsp - ok
07:56:12.0665 0x0904 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
07:56:12.0743 0x0904 IKEEXT - ok
07:56:12.0790 0x0904 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
07:56:12.0805 0x0904 Impcd - ok
07:56:13.0071 0x0904 [ 01262E2BE97708F54666E700482027DE, 7643FCFB6EBFABDD7D1A914C40FADE97DDC633C5D75BE2CADBAC61675564E5CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:56:13.0289 0x0904 IntcAzAudAddService - ok
07:56:13.0476 0x0904 [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
07:56:13.0554 0x0904 IntcDAud - ok
07:56:13.0601 0x0904 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
07:56:13.0632 0x0904 intelide - ok
07:56:13.0695 0x0904 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:56:13.0741 0x0904 intelppm - ok
07:56:13.0757 0x0904 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:56:13.0804 0x0904 IPBusEnum - ok
07:56:13.0835 0x0904 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:56:13.0882 0x0904 IpFilterDriver - ok
07:56:13.0960 0x0904 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:56:14.0007 0x0904 iphlpsvc - ok
07:56:14.0038 0x0904 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:56:14.0053 0x0904 IPMIDRV - ok
07:56:14.0085 0x0904 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:56:14.0147 0x0904 IPNAT - ok
07:56:14.0194 0x0904 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:56:14.0225 0x0904 IRENUM - ok
07:56:14.0272 0x0904 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:56:14.0287 0x0904 isapnp - ok
07:56:14.0319 0x0904 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:56:14.0350 0x0904 iScsiPrt - ok
07:56:14.0381 0x0904 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:56:14.0397 0x0904 kbdclass - ok
07:56:14.0443 0x0904 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:56:14.0490 0x0904 kbdhid - ok
07:56:14.0506 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
07:56:14.0537 0x0904 KeyIso - ok
07:56:14.0599 0x0904 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:56:14.0646 0x0904 KSecDD - ok
07:56:14.0693 0x0904 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:56:14.0724 0x0904 KSecPkg - ok
07:56:14.0755 0x0904 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:56:14.0818 0x0904 ksthunk - ok
07:56:14.0865 0x0904 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
07:56:14.0943 0x0904 KtmRm - ok
07:56:15.0005 0x0904 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:56:15.0083 0x0904 LanmanServer - ok
07:56:15.0130 0x0904 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:56:15.0192 0x0904 LanmanWorkstation - ok
07:56:15.0223 0x0904 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:56:15.0270 0x0904 lltdio - ok
07:56:15.0317 0x0904 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:56:15.0379 0x0904 lltdsvc - ok
07:56:15.0411 0x0904 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:56:15.0473 0x0904 lmhosts - ok
07:56:15.0647 0x0904 [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:56:15.0678 0x0904 LMS - ok
07:56:15.0740 0x0904 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:56:15.0771 0x0904 LSI_FC - ok
07:56:15.0803 0x0904 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:56:15.0834 0x0904 LSI_SAS - ok
07:56:15.0849 0x0904 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:56:15.0865 0x0904 LSI_SAS2 - ok
07:56:15.0881 0x0904 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:56:15.0896 0x0904 LSI_SCSI - ok
07:56:15.0943 0x0904 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
07:56:16.0005 0x0904 luafv - ok
07:56:16.0037 0x0904 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:56:16.0052 0x0904 Mcx2Svc - ok
07:56:16.0193 0x0904 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
07:56:16.0224 0x0904 MDM - ok
07:56:16.0239 0x0904 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:56:16.0255 0x0904 megasas - ok
07:56:16.0286 0x0904 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:56:16.0302 0x0904 MegaSR - ok
07:56:16.0349 0x0904 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
07:56:16.0427 0x0904 MMCSS - ok
07:56:16.0458 0x0904 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
07:56:16.0505 0x0904 Modem - ok
07:56:16.0536 0x0904 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:56:16.0567 0x0904 monitor - ok
07:56:16.0614 0x0904 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:56:16.0645 0x0904 mouclass - ok
07:56:16.0676 0x0904 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:56:16.0707 0x0904 mouhid - ok
07:56:16.0754 0x0904 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:56:16.0785 0x0904 mountmgr - ok
07:56:16.0848 0x0904 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
07:56:16.0879 0x0904 MpFilter - ok
07:56:16.0973 0x0904 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
07:56:17.0004 0x0904 mpio - ok
07:56:17.0051 0x0904 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:56:17.0097 0x0904 mpsdrv - ok
07:56:17.0144 0x0904 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:56:17.0238 0x0904 MpsSvc - ok
07:56:17.0269 0x0904 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:56:17.0300 0x0904 MRxDAV - ok
07:56:17.0331 0x0904 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:56:17.0363 0x0904 mrxsmb - ok
07:56:17.0425 0x0904 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:56:17.0472 0x0904 mrxsmb10 - ok
07:56:17.0487 0x0904 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:56:17.0519 0x0904 mrxsmb20 - ok
07:56:17.0565 0x0904 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
07:56:17.0612 0x0904 msahci - ok
07:56:17.0675 0x0904 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:56:17.0706 0x0904 msdsm - ok
07:56:17.0784 0x0904 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
07:56:17.0846 0x0904 MSDTC - ok
07:56:17.0909 0x0904 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:56:17.0971 0x0904 Msfs - ok
07:56:18.0002 0x0904 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:56:18.0065 0x0904 mshidkmdf - ok
07:56:18.0096 0x0904 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:56:18.0111 0x0904 msisadrv - ok
07:56:18.0158 0x0904 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:56:18.0236 0x0904 MSiSCSI - ok
07:56:18.0236 0x0904 msiserver - ok
07:56:18.0267 0x0904 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:56:18.0314 0x0904 MSKSSRV - ok
07:56:18.0408 0x0904 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:56:18.0439 0x0904 MsMpSvc - ok
07:56:18.0455 0x0904 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:56:18.0517 0x0904 MSPCLOCK - ok
07:56:18.0533 0x0904 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:56:18.0642 0x0904 MSPQM - ok
07:56:18.0704 0x0904 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:56:18.0735 0x0904 MsRPC - ok
07:56:18.0767 0x0904 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:56:18.0782 0x0904 mssmbios - ok
07:56:18.0813 0x0904 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:56:18.0860 0x0904 MSTEE - ok
07:56:18.0891 0x0904 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:56:18.0907 0x0904 MTConfig - ok
07:56:18.0923 0x0904 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
07:56:18.0938 0x0904 Mup - ok
07:56:19.0125 0x0904 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
07:56:19.0203 0x0904 napagent - ok
07:56:19.0250 0x0904 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:56:19.0281 0x0904 NativeWifiP - ok
07:56:19.0375 0x0904 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
07:56:19.0422 0x0904 NDIS - ok
07:56:19.0437 0x0904 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:56:19.0484 0x0904 NdisCap - ok
07:56:19.0531 0x0904 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:56:19.0578 0x0904 NdisTapi - ok
07:56:19.0593 0x0904 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:56:19.0640 0x0904 Ndisuio - ok
07:56:19.0687 0x0904 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:56:19.0749 0x0904 NdisWan - ok
07:56:19.0812 0x0904 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:56:19.0890 0x0904 NDProxy - ok
07:56:19.0905 0x0904 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:56:19.0952 0x0904 NetBIOS - ok
07:56:20.0061 0x0904 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:56:20.0139 0x0904 NetBT - ok
07:56:20.0155 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
07:56:20.0171 0x0904 Netlogon - ok
07:56:20.0217 0x0904 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
07:56:20.0311 0x0904 Netman - ok
07:56:20.0373 0x0904 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:20.0420 0x0904 NetMsmqActivator - ok
07:56:20.0451 0x0904 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:20.0483 0x0904 NetPipeActivator - ok
07:56:20.0514 0x0904 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
07:56:20.0592 0x0904 netprofm - ok
07:56:20.0623 0x0904 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:20.0639 0x0904 NetTcpActivator - ok
07:56:20.0654 0x0904 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:20.0670 0x0904 NetTcpPortSharing - ok
07:56:20.0717 0x0904 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:56:20.0748 0x0904 nfrd960 - ok
07:56:20.0826 0x0904 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:56:20.0857 0x0904 NisDrv - ok
07:56:20.0888 0x0904 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
07:56:20.0919 0x0904 NisSrv - ok
07:56:21.0062 0x0904 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:56:21.0093 0x0904 NlaSvc - ok
07:56:21.0109 0x0904 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:56:21.0157 0x0904 Npfs - ok
07:56:21.0189 0x0904 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
07:56:21.0282 0x0904 nsi - ok
07:56:21.0298 0x0904 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:56:21.0345 0x0904 nsiproxy - ok
07:56:21.0501 0x0904 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:56:21.0594 0x0904 Ntfs - ok
07:56:21.0657 0x0904 [ D4012918D3A3847B44B888D56BC095D6, BE78F54CA01E8C37FD9129AA2869CCFE84BA8F5ED015486019305C7F40AE3B1B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
07:56:21.0672 0x0904 NuidFltr - ok
07:56:21.0703 0x0904 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
07:56:21.0750 0x0904 Null - ok
07:56:21.0797 0x0904 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:56:21.0828 0x0904 nvraid - ok
07:56:21.0844 0x0904 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:56:21.0859 0x0904 nvstor - ok
07:56:21.0906 0x0904 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:56:21.0937 0x0904 nv_agp - ok
07:56:21.0984 0x0904 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:56:22.0031 0x0904 ohci1394 - ok
07:56:22.0125 0x0904 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:56:22.0156 0x0904 ose64 - ok
07:56:22.0452 0x0904 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:56:22.0717 0x0904 osppsvc - ok
07:56:22.0795 0x0904 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:56:22.0827 0x0904 p2pimsvc - ok
07:56:22.0858 0x0904 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
07:56:22.0905 0x0904 p2psvc - ok
07:56:22.0951 0x0904 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:56:22.0983 0x0904 Parport - ok
07:56:23.0029 0x0904 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:56:23.0045 0x0904 partmgr - ok
07:56:23.0076 0x0904 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
07:56:23.0107 0x0904 PcaSvc - ok
07:56:23.0123 0x0904 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
07:56:23.0139 0x0904 pci - ok
07:56:23.0170 0x0904 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
07:56:23.0170 0x0904 pciide - ok
07:56:23.0201 0x0904 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:56:23.0232 0x0904 pcmcia - ok
07:56:23.0248 0x0904 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
07:56:23.0263 0x0904 pcw - ok
07:56:23.0310 0x0904 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:56:23.0388 0x0904 PEAUTH - ok
07:56:23.0482 0x0904 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:56:23.0529 0x0904 PerfHost - ok
07:56:23.0669 0x0904 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
07:56:23.0778 0x0904 pla - ok
07:56:23.0856 0x0904 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:56:23.0903 0x0904 PlugPlay - ok
07:56:23.0950 0x0904 [ 8AC5649C9070674D4607301C180AB10B, 7742903EDE7495A1EBBFB101C35CE79A1DD3711D594CAB5A9D23FE9FB482ACF5 ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
07:56:23.0997 0x0904 pneteth - ok
07:56:24.0043 0x0904 [ 06841F5CD8410B6BDC0B5A631B8F8787, 95CA940AAE0C713C7161899D7DD7109FC985B60A1B3817C4243ED9870DA5FDE0 ] pnetmdm C:\Windows\system32\DRIVERS\pnetmdm64.sys
07:56:24.0059 0x0904 pnetmdm - ok
07:56:24.0090 0x0904 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:56:24.0106 0x0904 PNRPAutoReg - ok
07:56:24.0153 0x0904 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:56:24.0184 0x0904 PNRPsvc - ok
07:56:24.0215 0x0904 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:56:24.0309 0x0904 PolicyAgent - ok
07:56:24.0355 0x0904 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
07:56:24.0449 0x0904 Power - ok
07:56:24.0496 0x0904 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:56:24.0543 0x0904 PptpMiniport - ok
07:56:24.0558 0x0904 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:56:24.0574 0x0904 Processor - ok
07:56:24.0636 0x0904 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
07:56:24.0667 0x0904 ProfSvc - ok
07:56:24.0699 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:56:24.0714 0x0904 ProtectedStorage - ok
07:56:24.0777 0x0904 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:56:24.0855 0x0904 Psched - ok
07:56:24.0964 0x0904 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:56:25.0026 0x0904 ql2300 - ok
07:56:25.0057 0x0904 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:56:25.0073 0x0904 ql40xx - ok
07:56:25.0120 0x0904 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
07:56:25.0182 0x0904 QWAVE - ok
07:56:25.0213 0x0904 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:56:25.0245 0x0904 QWAVEdrv - ok
07:56:25.0323 0x0904 [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
07:56:25.0354 0x0904 RapiMgr - ok
07:56:25.0385 0x0904 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:56:25.0447 0x0904 RasAcd - ok
07:56:25.0494 0x0904 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:56:25.0572 0x0904 RasAgileVpn - ok
07:56:25.0650 0x0904 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
07:56:25.0775 0x0904 RasAuto - ok
07:56:25.0806 0x0904 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:56:25.0853 0x0904 Rasl2tp - ok
07:56:25.0915 0x0904 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
07:56:26.0009 0x0904 RasMan - ok
07:56:26.0056 0x0904 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:56:26.0118 0x0904 RasPppoe - ok
07:56:26.0134 0x0904 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:56:26.0181 0x0904 RasSstp - ok
07:56:26.0321 0x0904 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:56:26.0383 0x0904 rdbss - ok
07:56:26.0415 0x0904 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:56:26.0477 0x0904 rdpbus - ok
07:56:26.0508 0x0904 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:56:26.0571 0x0904 RDPCDD - ok
07:56:26.0586 0x0904 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:56:26.0633 0x0904 RDPENCDD - ok
07:56:26.0649 0x0904 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:56:26.0695 0x0904 RDPREFMP - ok
07:56:26.0805 0x0904 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:56:26.0820 0x0904 RdpVideoMiniport - ok
07:56:26.0898 0x0904 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:56:26.0929 0x0904 RDPWD - ok
07:56:27.0007 0x0904 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:56:27.0023 0x0904 rdyboost - ok
07:56:27.0085 0x0904 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:56:27.0163 0x0904 RemoteAccess - ok
07:56:27.0241 0x0904 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:56:27.0335 0x0904 RemoteRegistry - ok
07:56:27.0397 0x0904 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
07:56:27.0444 0x0904 ROOTMODEM - ok
07:56:27.0460 0x0904 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:56:27.0522 0x0904 RpcEptMapper - ok
07:56:27.0538 0x0904 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
07:56:27.0569 0x0904 RpcLocator - ok
07:56:27.0631 0x0904 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
07:56:27.0694 0x0904 RpcSs - ok
07:56:27.0725 0x0904 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:56:27.0787 0x0904 rspndr - ok
07:56:27.0850 0x0904 [ 502B316947EA887CDDD325D4745EB7D0, 2B975AECC5EBAADE9812E3767E8794B3FD2FF987907323B19B0773279ACAD635 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
07:56:27.0897 0x0904 RSUSBSTOR - ok
07:56:27.0990 0x0904 [ 1BE36AB59242A109697870F16A8E0EF8, CAC949D97EEFA0CE5E89084D0950B6E331145870355367803530D0DED4962F2E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:56:28.0021 0x0904 RTL8167 - ok
07:56:28.0037 0x0904 RtsUIR - ok
07:56:28.0053 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
07:56:28.0068 0x0904 SamSs - ok
07:56:28.0099 0x0904 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:56:28.0131 0x0904 sbp2port - ok
07:56:28.0193 0x0904 [ AAD06F50CFA42E576BEDB1A1279F24EF, DE1AE25DF70627EAF72A2208C0FECE3B1B22AD5ECA5C43043F71753F775678CC ] ScanUSBET C:\Windows\system32\DRIVERS\etScan64.sys
07:56:28.0209 0x0904 ScanUSBET - ok
07:56:28.0240 0x0904 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:56:28.0333 0x0904 SCardSvr - ok
07:56:28.0365 0x0904 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:56:28.0427 0x0904 scfilter - ok
07:56:28.0708 0x0904 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
07:56:28.0801 0x0904 Schedule - ok
07:56:28.0833 0x0904 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:56:28.0879 0x0904 SCPolicySvc - ok
07:56:28.0926 0x0904 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:56:28.0957 0x0904 SDRSVC - ok
07:56:29.0503 0x0904 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
07:56:29.0566 0x0904 SDScannerService - ok
07:56:30.0299 0x0904 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
07:56:30.0377 0x0904 SDUpdateService - ok
07:56:30.0439 0x0904 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
07:56:30.0471 0x0904 SDWSCService - ok
07:56:30.0517 0x0904 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:56:30.0564 0x0904 secdrv - ok
07:56:30.0595 0x0904 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
07:56:30.0642 0x0904 seclogon - ok
07:56:30.0673 0x0904 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
07:56:30.0736 0x0904 SENS - ok
07:56:30.0767 0x0904 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:56:30.0798 0x0904 SensrSvc - ok
07:56:30.0845 0x0904 [ D666EBEC6374B2018CF61EE204C3CF50, 4BA0C0370F0C13AADBAE9724660F13210554B0B84C405494521502C2F6DEF27E ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
07:56:30.0861 0x0904 Ser2pl - ok
07:56:30.0876 0x0904 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:56:30.0907 0x0904 Serenum - ok
07:56:30.0939 0x0904 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:56:30.0970 0x0904 Serial - ok
07:56:31.0001 0x0904 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:56:31.0017 0x0904 sermouse - ok
07:56:31.0048 0x0904 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
07:56:31.0141 0x0904 SessionEnv - ok
07:56:31.0173 0x0904 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:56:31.0188 0x0904 sffdisk - ok
07:56:31.0219 0x0904 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:56:31.0235 0x0904 sffp_mmc - ok
07:56:31.0251 0x0904 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:56:31.0266 0x0904 sffp_sd - ok
07:56:31.0297 0x0904 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:56:31.0329 0x0904 sfloppy - ok
07:56:31.0391 0x0904 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:56:31.0453 0x0904 SharedAccess - ok
07:56:31.0485 0x0904 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:56:31.0578 0x0904 ShellHWDetection - ok
07:56:31.0625 0x0904 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:56:31.0641 0x0904 SiSRaid2 - ok
07:56:31.0656 0x0904 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:56:31.0672 0x0904 SiSRaid4 - ok
07:56:31.0703 0x0904 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:56:31.0765 0x0904 Smb - ok
07:56:31.0843 0x0904 [ 678D197CAD249F930B7FDD2AFA4C91B0, 5CE65B8A72225B663534A14BA31DCAB8EA5A7CE9BE05C3A18837FE8B554EF1FA ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
07:56:31.0890 0x0904 SmbDrvI - ok
07:56:31.0968 0x0904 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:56:31.0984 0x0904 SNMPTRAP - ok
07:56:32.0015 0x0904 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
07:56:32.0046 0x0904 spldr - ok
07:56:32.0124 0x0904 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
07:56:32.0171 0x0904 Spooler - ok
07:56:32.0483 0x0904 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
07:56:32.0779 0x0904 sppsvc - ok
07:56:32.0842 0x0904 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:56:32.0920 0x0904 sppuinotify - ok
07:56:33.0060 0x0904 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:56:33.0123 0x0904 srv - ok
07:56:33.0169 0x0904 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:56:33.0201 0x0904 srv2 - ok
07:56:33.0247 0x0904 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:56:33.0294 0x0904 srvnet - ok
07:56:33.0341 0x0904 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:56:33.0419 0x0904 SSDPSRV - ok
07:56:33.0450 0x0904 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:56:33.0497 0x0904 SstpSvc - ok
07:56:33.0544 0x0904 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:56:33.0575 0x0904 stexstor - ok
07:56:33.0747 0x0904 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
07:56:33.0825 0x0904 stisvc - ok
07:56:33.0903 0x0904 [ 9CFEFD62D86DABFAC12D1C5ED72BA6A4, 1FFE4371450F53FD774CA0349CC28F559695761C18759CEB04933FDF2FD98F65 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
07:56:33.0934 0x0904 SWDUMon - ok
07:56:33.0981 0x0904 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
07:56:34.0012 0x0904 swenum - ok
07:56:34.0090 0x0904 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
07:56:34.0168 0x0904 swprv - ok
07:56:34.0620 0x0904 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
07:56:34.0729 0x0904 SysMain - ok
07:56:34.0761 0x0904 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:56:34.0823 0x0904 TabletInputService - ok
07:56:34.0885 0x0904 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
07:56:34.0948 0x0904 TapiSrv - ok
07:56:34.0995 0x0904 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
07:56:35.0041 0x0904 TBS - ok
07:56:35.0197 0x0904 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:56:35.0275 0x0904 Tcpip - ok
07:56:35.0369 0x0904 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:56:35.0431 0x0904 TCPIP6 - ok
07:56:35.0509 0x0904 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:56:35.0572 0x0904 tcpipreg - ok
07:56:35.0619 0x0904 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:56:35.0634 0x0904 TDPIPE - ok
07:56:35.0665 0x0904 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:56:35.0681 0x0904 TDTCP - ok
07:56:35.0743 0x0904 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:56:35.0806 0x0904 tdx - ok
07:56:36.0243 0x0904 [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
07:56:36.0742 0x0904 TeamViewer9 - ok
07:56:36.0804 0x0904 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
07:56:36.0835 0x0904 TermDD - ok
07:56:37.0023 0x0904 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
07:56:37.0085 0x0904 TermService - ok
07:56:37.0116 0x0904 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
07:56:37.0147 0x0904 Themes - ok
07:56:37.0179 0x0904 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
07:56:37.0257 0x0904 THREADORDER - ok
07:56:37.0272 0x0904 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
07:56:37.0319 0x0904 TrkWks - ok
07:56:37.0413 0x0904 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:56:37.0506 0x0904 TrustedInstaller - ok
07:56:37.0537 0x0904 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:56:37.0553 0x0904 tssecsrv - ok
07:56:37.0600 0x0904 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:56:37.0631 0x0904 TsUsbFlt - ok
07:56:37.0678 0x0904 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:56:37.0756 0x0904 tunnel - ok
07:56:37.0771 0x0904 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:56:37.0787 0x0904 uagp35 - ok
07:56:37.0896 0x0904 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:56:38.0021 0x0904 udfs - ok
07:56:38.0052 0x0904 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:56:38.0099 0x0904 UI0Detect - ok
07:56:38.0130 0x0904 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:56:38.0161 0x0904 uliagpkx - ok
07:56:38.0208 0x0904 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
07:56:38.0239 0x0904 umbus - ok
07:56:38.0286 0x0904 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:56:38.0302 0x0904 UmPass - ok
07:56:38.0678 0x0904 [ 765F2DD351BA064F657751D8D75E58C0, 954834FF6F05E065C2BE6CEC22136A0399026BFF9D91BE859E8E047C3ED8267F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:56:38.0787 0x0904 UNS - ok
07:56:38.0865 0x0904 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
07:56:38.0943 0x0904 upnphost - ok
07:56:39.0021 0x0904 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:56:39.0053 0x0904 usbccgp - ok
07:56:39.0053 0x0904 USBCCID - ok
07:56:39.0115 0x0904 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:56:39.0177 0x0904 usbcir - ok
07:56:39.0209 0x0904 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
07:56:39.0240 0x0904 usbehci - ok
07:56:39.0333 0x0904 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:56:39.0380 0x0904 usbhub - ok
07:56:39.0458 0x0904 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:56:39.0505 0x0904 usbohci - ok
07:56:39.0552 0x0904 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:56:39.0583 0x0904 usbprint - ok
07:56:39.0614 0x0904 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:56:39.0630 0x0904 usbscan - ok
07:56:39.0661 0x0904 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:56:39.0692 0x0904 USBSTOR - ok
07:56:39.0723 0x0904 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:56:39.0739 0x0904 usbuhci - ok
07:56:39.0833 0x0904 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:56:39.0864 0x0904 usbvideo - ok
07:56:39.0895 0x0904 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
07:56:39.0957 0x0904 UxSms - ok
07:56:39.0989 0x0904 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
07:56:40.0004 0x0904 VaultSvc - ok
07:56:40.0051 0x0904 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:56:40.0067 0x0904 vdrvroot - ok
07:56:40.0145 0x0904 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
07:56:40.0238 0x0904 vds - ok
07:56:40.0285 0x0904 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:56:40.0316 0x0904 vga - ok
07:56:40.0332 0x0904 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:56:40.0379 0x0904 VgaSave - ok
07:56:40.0472 0x0904 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:56:40.0503 0x0904 vhdmp - ok
07:56:40.0566 0x0904 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
07:56:40.0613 0x0904 viaide - ok
07:56:40.0644 0x0904 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:56:40.0659 0x0904 volmgr - ok
07:56:40.0691 0x0904 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:56:40.0722 0x0904 volmgrx - ok
07:56:40.0737 0x0904 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:56:40.0769 0x0904 volsnap - ok
07:56:40.0815 0x0904 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:56:40.0831 0x0904 vsmraid - ok
07:56:40.0940 0x0904 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
07:56:41.0065 0x0904 VSS - ok
07:56:41.0081 0x0904 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:56:41.0127 0x0904 vwifibus - ok
07:56:41.0159 0x0904 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:56:41.0221 0x0904 vwififlt - ok
07:56:41.0268 0x0904 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
07:56:41.0330 0x0904 W32Time - ok
07:56:41.0361 0x0904 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:56:41.0408 0x0904 WacomPen - ok
07:56:41.0439 0x0904 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:56:41.0502 0x0904 WANARP - ok
07:56:41.0502 0x0904 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:56:41.0549 0x0904 Wanarpv6 - ok
07:56:41.0673 0x0904 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:56:41.0736 0x0904 WatAdminSvc - ok
07:56:42.0017 0x0904 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
07:56:42.0110 0x0904 wbengine - ok
07:56:42.0188 0x0904 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:56:42.0266 0x0904 WbioSrvc - ok
07:56:42.0313 0x0904 [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
07:56:42.0344 0x0904 WcesComm - ok
07:56:42.0422 0x0904 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:56:42.0485 0x0904 wcncsvc - ok
07:56:42.0500 0x0904 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:56:42.0516 0x0904 WcsPlugInService - ok
07:56:42.0547 0x0904 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:56:42.0578 0x0904 Wd - ok
07:56:42.0769 0x0904 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:56:42.0832 0x0904 Wdf01000 - ok
07:56:42.0879 0x0904 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:56:42.0925 0x0904 WdiServiceHost - ok
07:56:42.0941 0x0904 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:56:42.0972 0x0904 WdiSystemHost - ok
07:56:43.0019 0x0904 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
07:56:43.0066 0x0904 WebClient - ok
07:56:43.0097 0x0904 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:56:43.0159 0x0904 Wecsvc - ok
07:56:43.0175 0x0904 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:56:43.0237 0x0904 wercplsupport - ok
07:56:43.0269 0x0904 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
07:56:43.0331 0x0904 WerSvc - ok
07:56:43.0378 0x0904 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:56:43.0440 0x0904 WfpLwf - ok
07:56:43.0471 0x0904 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:56:43.0487 0x0904 WIMMount - ok
07:56:43.0503 0x0904 WinDefend - ok
07:56:43.0534 0x0904 WinHttpAutoProxySvc - ok
07:56:43.0846 0x0904 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:56:43.0971 0x0904 Winmgmt - ok
07:56:44.0127 0x0904 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
07:56:44.0267 0x0904 WinRM - ok
07:56:44.0314 0x0904 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WINUSB C:\Windows\system32\DRIVERS\WinUsb.sys
07:56:44.0345 0x0904 WINUSB - ok
07:56:44.0548 0x0904 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:56:44.0626 0x0904 Wlansvc - ok
07:56:44.0766 0x0904 [ 13B0A570E1AE451C92DA550085D72CF3, 4C67F000EE65B3B1DF17D228C93E9F2D3E13EAB2FD125806A16F70FF365097AC ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
07:56:44.0844 0x0904 wltrysvc - detected UnsignedFile.Multi.Generic ( 1 )
07:56:47.0545 0x0904 Detect skipped due to KSN trusted
07:56:47.0545 0x0904 wltrysvc - ok
07:56:47.0623 0x0904 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:56:47.0639 0x0904 WmiAcpi - ok
07:56:47.0685 0x0904 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:56:47.0748 0x0904 wmiApSrv - ok
07:56:47.0779 0x0904 WMPNetworkSvc - ok
07:56:47.0810 0x0904 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:56:47.0826 0x0904 WPCSvc - ok
07:56:47.0873 0x0904 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:56:47.0904 0x0904 WPDBusEnum - ok
07:56:47.0935 0x0904 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:56:47.0997 0x0904 ws2ifsl - ok
07:56:48.0013 0x0904 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
07:56:48.0060 0x0904 wscsvc - ok
07:56:48.0060 0x0904 WSearch - ok
07:56:48.0216 0x0904 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
07:56:48.0309 0x0904 wuauserv - ok
07:56:48.0341 0x0904 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:56:48.0356 0x0904 WudfPf - ok
07:56:48.0403 0x0904 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:56:48.0450 0x0904 WUDFRd - ok
07:56:48.0465 0x0904 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:56:48.0481 0x0904 wudfsvc - ok
07:56:48.0543 0x0904 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
07:56:48.0590 0x0904 WwanSvc - ok
07:56:48.0621 0x0904 ================ Scan global ===============================
07:56:48.0653 0x0904 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:56:48.0684 0x0904 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:56:48.0699 0x0904 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:56:48.0731 0x0904 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:56:48.0777 0x0904 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
07:56:48.0793 0x0904 [ Global ] - ok
07:56:48.0793 0x0904 ================ Scan MBR ==================================
07:56:48.0809 0x0904 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:56:49.0292 0x0904 \Device\Harddisk0\DR0 - ok
07:56:49.0292 0x0904 ================ Scan VBR ==================================
07:56:49.0323 0x0904 [ CE5930B5AF712151CFBBDAA1E8996462 ] \Device\Harddisk0\DR0\Partition1
07:56:49.0323 0x0904 \Device\Harddisk0\DR0\Partition1 - ok
07:56:49.0339 0x0904 [ 77085E355E7AFA7F5F96D6526B3898C4 ] \Device\Harddisk0\DR0\Partition2
07:56:49.0339 0x0904 \Device\Harddisk0\DR0\Partition2 - ok
07:56:49.0355 0x0904 [ A5CB5C8FB8261B2C0A728762A14DA3C3 ] \Device\Harddisk0\DR0\Partition3
07:56:49.0355 0x0904 \Device\Harddisk0\DR0\Partition3 - ok
07:56:49.0370 0x0904 ================ Scan generic autorun ======================
07:56:49.0479 0x0904 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
07:56:49.0542 0x0904 MSC - ok
07:56:49.0573 0x0904 [ 306A6F71C5B0D70342BCBB688520B6E0, C9DA050583AB997576431DB1BC5C3ABE264A602A6F7954A2B53C17CA1CC0B0EB ] C:\Windows\system32\igfxtray.exe
07:56:49.0604 0x0904 IgfxTray - ok
07:56:49.0635 0x0904 [ 06C86503532053215395C43778E600D6, 2D4DC52615719B1159B9D04C6AA5D65A650E708B5D7E6156331C81EFCB49AF6A ] C:\Windows\system32\hkcmd.exe
07:56:49.0651 0x0904 HotKeysCmds - ok
07:56:49.0698 0x0904 [ 5ECE936A024FA8F49D806FD382DFD7F6, F1DF0B683FE186372EF8FBA82C2C7F4D98006F0E816ED637725066A5D27E12EB ] C:\Windows\system32\igfxpers.exe
07:56:49.0729 0x0904 Persistence - ok
07:56:50.0259 0x0904 [ 37C6C318D6AFAFA2EBA99820EDF21DA6, 5693AA141B947761EE41FBDC6F16FDC5BBB5BA8EBE1DEC90AD6EF33BFAF885A5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
07:56:50.0837 0x0904 RtHDVCpl - ok
07:56:50.0961 0x0904 [ 80B62FF105908EC9E4B072AFB1CFC824, B124F309CB42167D59097DB3346487A26D431EC05694CECF19F0C5938312B3E8 ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
07:56:50.0993 0x0904 Dell Webcam Central - detected UnsignedFile.Multi.Generic ( 1 )
07:56:53.0727 0x0904 Detect skipped due to KSN trusted
07:56:53.0727 0x0904 Dell Webcam Central - ok
07:56:53.0867 0x0904 [ 74693E8465ACA1A57BEF1BC29C1E1BCE, 9DD001203AD92BEFA93A2A623BDC9741DB7937C78C5CC42B7E3E3DB45309D263 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
07:56:53.0945 0x0904 KeePass 2 PreLoad - detected UnsignedFile.Multi.Generic ( 1 )
07:56:57.0049 0x0904 Detect skipped due to KSN trusted
07:56:57.0049 0x0904 KeePass 2 PreLoad - ok
07:56:57.0252 0x0904 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
07:56:57.0377 0x0904 SDTray - ok
07:56:57.0517 0x0904 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:56:57.0595 0x0904 Sidebar - ok
07:56:57.0627 0x0904 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:56:57.0658 0x0904 mctadmin - ok
07:56:57.0705 0x0904 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:56:57.0767 0x0904 Sidebar - ok
07:56:57.0767 0x0904 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:56:57.0798 0x0904 mctadmin - ok
07:56:57.0954 0x0904 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
07:56:57.0985 0x0904 Google Update - ok
07:56:58.0095 0x0904 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
07:56:58.0173 0x0904 Sidebar - ok
07:56:58.0219 0x0904 GoogleDriveSync - ok
07:56:58.0313 0x0904 [ 5F3587E344F2990B59C941FB405CAA0F, FECEC63F515EF66FAD84FF589E95B931574CA1F6BDFC9D6E016B0604AFF18498 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07:56:58.0360 0x0904 GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 - ok
07:56:58.0672 0x0904 [ 18EE6C694976C4D205AF24D6CCE3B660, 262F8B929CBBC8BFDD465826A27625ED9508A7C325C45F1964A4EFAC36D60056 ] C:\Program Files (x86)\CCleaner\CCleaner64.exe
07:56:58.0999 0x0904 CCleaner Monitoring - ok
07:56:59.0077 0x0904 [ 066302E42EA8BC9A0F2F1B666E50B9BF, 9FD19CE4D65BACDDC5E1F570A71D577AC300E649757C5CCA1FF6C6E905E91999 ] C:\Program Files (x86)\Dell\DELL Webcam Manager\DellWMgr.exe
07:56:59.0218 0x0904 DELL Webcam Manager - detected UnsignedFile.Multi.Generic ( 1 )
07:57:01.0948 0x0904 Detect skipped due to KSN trusted
07:57:01.0948 0x0904 DELL Webcam Manager - ok
07:57:01.0995 0x0904 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
07:57:02.0010 0x0904 Google Update - ok
07:57:02.0010 0x0904 [ 066302E42EA8BC9A0F2F1B666E50B9BF, 9FD19CE4D65BACDDC5E1F570A71D577AC300E649757C5CCA1FF6C6E905E91999 ] C:\Program Files (x86)\Dell\DELL Webcam Manager\DellWMgr.exe
07:57:02.0026 0x0904 DELL Webcam Manager - detected UnsignedFile.Multi.Generic ( 1 )
07:57:02.0026 0x0904 Detect skipped due to KSN trusted
07:57:02.0026 0x0904 DELL Webcam Manager - ok
07:57:02.0026 0x0904 Waiting for KSN requests completion. In queue: 8
07:57:03.0040 0x0904 Waiting for KSN requests completion. In queue: 8
07:57:04.0054 0x0904 Waiting for KSN requests completion. In queue: 8
07:57:05.0083 0x0904 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
07:57:05.0115 0x0904 Win FW state via NFP2: enabled
07:57:08.0328 0x0904 ============================================================
07:57:08.0328 0x0904 Scan finished
07:57:08.0328 0x0904 ============================================================
07:57:08.0328 0x0bcc Detected object count: 0
07:57:08.0328 0x0bcc Actual detected object count: 0
08:11:38.0509 0x0a18 Deinitialize success
I'm back.
I had left my machine on over the holiday. After running everything listed above, I rebooted it and attempted to run Spybot again. This time it worked and identified some files that needed to be cleaned.
Thanks OCD! :bigthumb: I appreciate the time spent. Have a Happy New Year!
Big_Sam
I had left my machine on over the holiday. After running everything listed above, I rebooted it and attempted to run Spybot again. This time it worked and identified some files that needed to be cleaned.
Thanks OCD! :bigthumb: I appreciate the time spent. Have a Happy New Year!
Big_Sam
OCD
Malware Team-Emeritus
Hi Big_Sam,
Happy New Year to you too!
It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :bigthumb:
You didn't post the log from the System Look step.
SystemLook.txt
Happy New Year to you too!
It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :bigthumb:
You didn't post the log from the System Look step.
SystemLook.txt
OCD
Malware Team-Emeritus
Hi Big_Sam,
AdwCleaner v3: Scan & Clean
Junkware Removal Tool
Download Junkware Removal Tool to your desktop.
Download Malwarebytes' Anti-Malware to your desktop.
In your next post please provide the following:
AdwCleaner v3: Scan & Clean- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Click on the Scan button.
- AdwCleaner will begin to scan your computer like it did before.
- After the scan has finished...
- Click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
- Copy and paste the contents of that log file in your next reply.
- A copy of that log file will also be saved in the C:\AdwCleaner folder.
Junkware Removal ToolDownload Junkware Removal Tool to your desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Shut down your protection software now to avoid potential conflicts.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Download Malwarebytes' Anti-Malware to your desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- On the Dashboard click on Update Now
- Go to the Setting Tab
- Under Setting go to Detection and Protection
- Under PUP and PUM make sure both are set to show Treat Detections as Malware
- Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
- Then on the Dashboard click on Scan
- Make sure to select THREAT SCAN
- Then click on Scan
- When the scan is finished and the log pops up...select Copy to Clipboard
- Please paste the log back into this thread for review
- Exit Malwarebytes
In your next post please provide the following:
- AdwCleaner[S0].txt
- JRT.txt
- MBAM.txt
- How is the computer running?
Here we go.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 01/08/2015 at 19:17:05.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/08/2015 at 19:20:55.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/8/2015
Scan Time: 7:27:34 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.08.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420156
Time Elapsed: 15 min, 41 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 3
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\_metadata, , [40c2ec097514eb4b7e0bda694cb71ce4],
Files: 9
PUP.Optional.ClickYes, C:\Users\Guest\Downloads\Google-Chrome.exe, , [ac560ce9e3a669cdc9d58a5c42bf2bd5],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\background.js, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\bookmarklet.js, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\icon-128.png, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\icon-16.png, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\icon-48.png, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\manifest.json, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\_metadata\computed_hashes.json, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\_metadata\verified_contents.json, , [40c2ec097514eb4b7e0bda694cb71ce4],
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v4.107 - Report created 08/01/2015 at 17:19:30
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Folder Found : C:\Users\Guest\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Sandy\AppData\LocalLow\pdfforge
Folder Found : C:\Windows\SysWOW64\SearchProtect
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.95
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://gadling.search.aol.com/search?q={searchTerms}&s_it=search_addon
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_huffingtonpost&q={searchTerms}&s_it=search_addon
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.factcheck.org/archives/search-results?cx=000672474746801930868%3Aa87hh_euyka&cof=FORID%3A11%3BNB%3A1&ie=UTF-8&q={searchTerms}&sa=Search
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.people.com/TIISearch/people/search/search.html?search={searchTerms}&bu=&searchSubmit=Go
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [4879 octets] - [08/01/2015 17:19:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4939 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 01/08/2015 at 19:17:05.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/08/2015 at 19:20:55.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/8/2015
Scan Time: 7:27:34 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.08.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420156
Time Elapsed: 15 min, 41 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 3
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\_metadata, , [40c2ec097514eb4b7e0bda694cb71ce4],
Files: 9
PUP.Optional.ClickYes, C:\Users\Guest\Downloads\Google-Chrome.exe, , [ac560ce9e3a669cdc9d58a5c42bf2bd5],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\background.js, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\bookmarklet.js, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\icon-128.png, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\icon-16.png, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\icon-48.png, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\manifest.json, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\_metadata\computed_hashes.json, , [40c2ec097514eb4b7e0bda694cb71ce4],
PUP.Optional.CrossRider.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\0.1_0\_metadata\verified_contents.json, , [40c2ec097514eb4b7e0bda694cb71ce4],
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v4.107 - Report created 08/01/2015 at 17:19:30
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Folder Found : C:\Users\Guest\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Sandy\AppData\LocalLow\pdfforge
Folder Found : C:\Windows\SysWOW64\SearchProtect
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.95
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://gadling.search.aol.com/search?q={searchTerms}&s_it=search_addon
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_huffingtonpost&q={searchTerms}&s_it=search_addon
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.factcheck.org/archives/search-results?cx=000672474746801930868%3Aa87hh_euyka&cof=FORID%3A11%3BNB%3A1&ie=UTF-8&q={searchTerms}&sa=Search
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.people.com/TIISearch/people/search/search.html?search={searchTerms}&bu=&searchSubmit=Go
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [4879 octets] - [08/01/2015 17:19:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4939 octets] ##########
OCD
Malware Team-Emeritus
Hi Big_Sam,
Please refer back to my opening statement:
"Important: All tools MUST be run from the Desktop."
Please move the tools I request to the desktop prior to running them.
Re-run AdwCleaner, this time be sure to select "Clean" so the program will remove the bad entries.
Next re-run MBAM and if malicious items are found be sure that everything is checked, and click Quarantine .
In your next post please provide the following:
Please refer back to my opening statement:
"Important: All tools MUST be run from the Desktop."
Please move the tools I request to the desktop prior to running them.
Re-run AdwCleaner, this time be sure to select "Clean" so the program will remove the bad entries.
Next re-run MBAM and if malicious items are found be sure that everything is checked, and click Quarantine .
In your next post please provide the following:
- AdwCleaner[S0].txt
- MBAM.txt
- How is the computer running?
OCD
Malware Team-Emeritus
This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.
If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.
------------------------------------
Admin Edit
Thank you OCD.
If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.
------------------------------------
Admin Edit
Thank you OCD.
- Status