Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thorough virus/malware check


  • Please log in to reply
19 replies to this topic

#1 Danzar1

Danzar1

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 12 October 2013 - 10:36 PM

Hi folks

 

My friend asked me to look at his notebook as he'd been having problems since Avast detected a virus about a month back.  I checked Avast and couldn't see much to tell me what it was.  The machine seems ok to me, perhaps somewhat slow. 

 

Nonetheless, could I ask for some help in doing a through check? I had a similar issue on my PC a while back.  It turned out to be clean but I figured it can't hurt to double check this one as well.

 

I ran Security Scanner, Farbar Service Scanner and minitoolbox in an attempt to learn the ropes a bit myself but I'm not 100% confident yet.  I'll post these results now. 

 

Note that any active internet connections that show up in tests are via my wireless router.  He woudl have his own connection at his place as well.

 

Thanks again!

 

Dan

 

1. Security Scanner results:

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 15  
 Java version out of Date!
 Mozilla Firefox (24.0)
 Google Chrome 30.0.1599.66  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

 

2. Farbar Service Scanner results:

 

Farbar Service Scanner Version: 13-09-2013
Ran by Justin (administrator) on 13-10-2013 at 13:26:27
Running from "C:\Users\Justin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys
[2013-10-12 23:28] - [2013-09-14 11:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2013-10-12 23:28] - [2013-09-08 13:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2013-08-21 22:26] - [2013-07-09 15:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-28 10:53] - [2013-05-27 15:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

3. Minitoolbox results:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Justin (administrator) on 13-10-2013 at 13:39:11
Running from "C:\Users\Justin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Ralink RT3090 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Justin-Laptop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home.gateway

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : home.gateway
   Description . . . . . . . . . . . : Ralink RT3090 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : E0-2A-82-1B-F1-C3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1ddc:4867:3676:476e%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, 13 October 2013 12:39:05 PM
   Lease Expires . . . . . . . . . . : Monday, 14 October 2013 12:39:13 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 232794754
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-97-FE-71-64-31-50-68-F7-6C
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 64-31-50-68-F7-6C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2428:1864:3f57:fef7(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2428:1864:3f57:fef7%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home.gateway:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home.gateway
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  home.gateway
Address:  192.168.1.254

Name:    google.com
Addresses:  2404:6800:4006:803::1006
      74.125.237.104
      74.125.237.98
      74.125.237.101
      74.125.237.97
      74.125.237.96
      74.125.237.100
      74.125.237.110
      74.125.237.105
      74.125.237.99
      74.125.237.103
      74.125.237.102


Pinging google.com [74.125.237.104] with 32 bytes of data:
Reply from 74.125.237.104: bytes=32 time=17ms TTL=57
Reply from 74.125.237.104: bytes=32 time=17ms TTL=57

Ping statistics for 74.125.237.104:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 17ms, Average = 17ms
Server:  home.gateway
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=177ms TTL=51
Reply from 206.190.36.45: bytes=32 time=176ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 176ms, Maximum = 177ms, Average = 176ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...e0 2a 82 1b f1 c3 ......Ralink RT3090 802.11b/g/n WiFi Adapter
 10...64 31 50 68 f7 6c ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254      192.168.1.8     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.8    281
      192.168.1.8  255.255.255.255         On-link       192.168.1.8    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.8    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.8    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:9d38:90d7:2428:1864:3f57:fef7/128
                                    On-link
 13    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 13    281 fe80::1ddc:4867:3676:476e/128
                                    On-link
 17    306 fe80::2428:1864:3f57:fef7/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 09 C:\windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/12/2013 11:59:52 PM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (10/12/2013 08:58:40 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (10/08/2013 08:09:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485
Faulting module name: wmp.dll, version: 12.0.7601.17514, time stamp: 0x4ce7ba7f
Exception code: 0xc0000005
Fault offset: 0x0059966c
Faulting process id: 0xaa4
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3

Error: (10/07/2013 10:45:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7106.5001, time stamp: 0x520b3934
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83b16
Exception code: 0xc00000fd
Fault offset: 0x00006eba
Faulting process id: 0x1f18
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (10/07/2013 09:49:30 PM) (Source: RasClient) (User: )
Description: CoId={6704BFF4-1C2F-430F-8843-A679AF572702}: The user Justin-Laptop\Justin dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (10/07/2013 02:28:49 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (10/05/2013 00:01:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.0.3, time stamp: 0x4ab90f9f
Faulting module name: hpasset.exe, version: 3.0.0.3, time stamp: 0x4ab90f9f
Exception code: 0xc0000005
Fault offset: 0x0003f1c9
Faulting process id: 0x1d6c
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3

Error: (09/29/2013 01:09:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.0.3, time stamp: 0x4ab90f9f
Faulting module name: hpasset.exe, version: 3.0.0.3, time stamp: 0x4ab90f9f
Exception code: 0xc0000005
Fault offset: 0x0003f1c9
Faulting process id: 0x18bc
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3

Error: (09/16/2013 09:28:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.0.3, time stamp: 0x4ab90f9f
Faulting module name: hpasset.exe, version: 3.0.0.3, time stamp: 0x4ab90f9f
Exception code: 0xc0000005
Fault offset: 0x0003f1c9
Faulting process id: 0x418
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3

Error: (09/16/2013 09:26:16 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error


System errors:
=============
Error: (10/06/2013 08:49:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on D: cannot be read.

Error: (10/04/2013 08:20:40 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Error: (09/26/2013 07:12:04 AM) (Source: Service Control Manager) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
%%1053

Error: (09/26/2013 07:12:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

Error: (09/26/2013 07:11:34 AM) (Source: Service Control Manager) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
%%1053

Error: (09/26/2013 07:11:34 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

Error: (09/26/2013 07:11:34 AM) (Source: DCOM) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}

Error: (09/26/2013 07:10:25 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:49:39 PM on ?16/?09/?2013 was unexpected.

Error: (09/16/2013 09:49:00 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/16/2013 09:48:59 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (10/12/2013 11:59:52 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Error: (10/12/2013 08:58:40 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (10/08/2013 08:09:18 PM) (Source: Application Error)(User: )
Description: wmplayer.exe12.0.7601.175144ce7a485wmp.dll12.0.7601.175144ce7ba7fc00000050059966caa401cec405051dcc06C:\Program Files\Windows Media Player\wmplayer.exeC:\windows\system32\wmp.dll4f3091b9-2ff9-11e3-ab42-64315068f76c

Error: (10/07/2013 10:45:24 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.7106.5001520b3934KERNELBASE.dll6.1.7601.1801550b83b16c00000fd00006eba1f1801cec3528f5b423dC:\PROGRA~1\MICROS~2\Office14\WINWORD.EXEC:\windows\system32\KERNELBASE.dllf3804a76-2f45-11e3-8d20-64315068f76c

Error: (10/07/2013 09:49:30 PM) (Source: RasClient)(User: )
Description: {6704BFF4-1C2F-430F-8843-A679AF572702}Justin-Laptop\JustinBroadband Connection651

Error: (10/07/2013 02:28:49 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (10/05/2013 00:01:25 PM) (Source: Application Error)(User: )
Description: hpasset.exe3.0.0.34ab90f9fhpasset.exe3.0.0.34ab90f9fc00000050003f1c91d6c01cec16664c3430fC:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exea7c8a843-2d59-11e3-925e-64315068f76c

Error: (09/29/2013 01:09:19 PM) (Source: Application Error)(User: )
Description: hpasset.exe3.0.0.34ab90f9fhpasset.exe3.0.0.34ab90f9fc00000050003f1c918bc01cebcb8e4815909C:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe25c4e367-28ac-11e3-8b13-64315068f76c

Error: (09/16/2013 09:28:00 PM) (Source: Application Error)(User: )
Description: hpasset.exe3.0.0.34ab90f9fhpasset.exe3.0.0.34ab90f9fc00000050003f1c941801ceb2c76323c27aC:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exea88aa03b-1eba-11e3-aa82-64315068f76c

Error: (09/16/2013 09:26:16 PM) (Source: ATIeRecord)(User: )
Description:


=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
avast! Free Antivirus (Version: 8.0.1497.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Canon MX320 series MP Drivers
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (Version: 2010.0805.358.5180)
CCC Help Chinese Standard (Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (Version: 2010.0805.0357.5180)
CCC Help Czech (Version: 2010.0805.0357.5180)
CCC Help Danish (Version: 2010.0805.0357.5180)
CCC Help Dutch (Version: 2010.0805.0357.5180)
CCC Help English (Version: 2010.0805.0357.5180)
CCC Help Finnish (Version: 2010.0805.0357.5180)
CCC Help French (Version: 2010.0805.0357.5180)
CCC Help German (Version: 2010.0805.0357.5180)
CCC Help Greek (Version: 2010.0805.0357.5180)
CCC Help Hungarian (Version: 2010.0805.0357.5180)
CCC Help Italian (Version: 2010.0805.0357.5180)
CCC Help Japanese (Version: 2010.0805.0357.5180)
CCC Help Korean (Version: 2010.0805.0357.5180)
CCC Help Norwegian (Version: 2010.0805.0357.5180)
CCC Help Polish (Version: 2010.0805.0357.5180)
CCC Help Portuguese (Version: 2010.0805.0357.5180)
CCC Help Russian (Version: 2010.0805.0357.5180)
CCC Help Spanish (Version: 2010.0805.0357.5180)
CCC Help Swedish (Version: 2010.0805.0357.5180)
CCC Help Thai (Version: 2010.0805.0357.5180)
CCC Help Turkish (Version: 2010.0805.0357.5180)
ccc-core-static (Version: 2010.0805.358.5180)
ccc-utility (Version: 2010.0805.358.5180)
CCleaner (Version: 4.06)
Corel Home Office - CS Templates (Version: 5.6)
Corel Home Office - CT Templates (Version: 5.6)
Corel Home Office - IPM (Version: 5.6)
Corel Home Office - JP Templates (Version: 5.6)
Corel Home Office - KR Templates (Version: 5.6)
Corel Home Office - Launcher (Version: 5.6)
Corel Home Office - Templates RU (Version: 5.6)
Corel Home Office - Templates1 (Version: 5.6)
Corel Home Office (Version: 5.0.85.588)
Corel Home Office (Version: 5.6)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Energy Star Digital Logo (Version: 1.0.1)
Google Chrome (Version: 30.0.1599.69)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Documentation (Version: 1.5.1.0)
HP ESU for Microsoft Windows 7 (Version: 1.1.1.1)
HP HotKey Support (Version: 3.5.15.1)
HP Setup (Version: 1.2.3557.3169)
HP SoftPaq Download Manager (Version: 3.0.5.0)
HP Software Framework (Version: 4.0.51.1)
HP Software Setup (Version: 7.0.1.6)
HP Support Assistant (Version: 5.2.9.2)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0.25.0)
HP Webcam Driver (Version: 5.8.50014.0)
HP Wireless Assistant (Version: 3.50.10.1)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
IDT Audio (Version: 1.0.6268.0)
Intel® Matrix Storage Manager
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
LightScribe System Software (Version: 1.18.11.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
PDF Complete Special Edition (Version: 3.5.116)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (Version: 3.0.41.262)
Ralink RT3090 802.11b/g/n WiFi Adapter (Version: 1.2.0.27)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 1.12.0011)
Revo Uninstaller 1.95 (Version: 1.95)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3.56.21)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Samsung Kies (Version: 2.3.2.12074_13)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.6 (Version: 6.6.106)
Spotify (Version: 0.8.8.454.gfb120cda)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Windows 7 Default Setting (Version: 1.0.1.6)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinZip 14.5 (Version: 14.5.9095)
WinZip Registry Optimizer (Version: 1.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3036.27 MB
Available physical RAM: 1829.43 MB
Total Pagefile: 6070.82 MB
Available Pagefile: 4649.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.93 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:280.79 GB) (Free:210.63 GB) NTFS
2 Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

========================= Users: ========================================

User accounts for \\JUSTIN-LAPTOP

Administrator            Guest                    Justin                   


**** End of log ****
 


Edited by Danzar1, 12 October 2013 - 10:40 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 12 October 2013 - 11:14 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware
 

Please download Malwarebytes Anti-Malware
and save it to your desktop.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



SUPERAntiSpyware:
 
 

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Now GMER
 
 

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 Danzar1

Danzar1
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 13 October 2013 - 07:47 AM

Hi BMM

 

Here are the logs.

 

1. MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.13.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Justin :: JUSTIN-LAPTOP [administrator]

13/10/2013 5:20:20 PM
mbam-log-2013-10-13 (17-20-20).txt

Scan type: Full scan (C:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364736
Time elapsed: 2 hour(s), 3 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Justin\AppData\Local\Temp\CT3289075 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Justin\AppData\Local\Temp\CT3289075\CT3289075.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Justin\AppData\Local\Temp\CT3289075\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Justin\AppData\Local\Temp\CT3289075\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Justin\AppData\Local\Temp\CT3289075\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 

 

 

2. Superantispyware

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/13/2013 at 10:57 PM

Application Version : 5.6.1040

Core Rules Database Version : 10828
Trace Rules Database Version: 8640

Scan type       : Complete Scan
Total Scan Time : 01:21:17

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 352
Memory threats detected   : 0
Registry items scanned    : 38719
Registry threats detected : 0
File items scanned        : 159891
File threats detected     : 241

Adware.Tracking Cookie
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\GO94MUIK.txt [ /c.atdmt.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\N3VHDNC6.txt [ /lucidmedia.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZYJOE7S.txt [ /doubleclick.net ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PU0VN0YO.txt [ /sftrack.searchforce.net ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\N4VZPW2U.txt [ /apmebf.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJSZ9C28.txt [ /ads.pubmatic.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DC7DAPZP.txt [ /fastclick.net ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\MUU50RGD.txt [ /imrworldwide.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4QGA439.txt [ /backcountryedge.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\AS7PKE5H.txt [ /liveperson.net ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\G8G362XQ.txt [ /adtech.de ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\FRFR14WE.txt [ /mediaplex.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8RO2E10N.txt [ /adtechus.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GPLSI8IC.txt [ /casalemedia.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4R8WR1QJ.txt [ /atdmt.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@ad.kickasstorrents[1].txt [ /ad.kickasstorrents.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\BTHT705R.txt [ /travelcomau.112.2o7.net ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\BLIUJW4Z.txt [ /questionmarket.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNFPALY7.txt [ /serving-sys.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LZXSKE0R.txt [ /ad.yieldmanager.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\H5I4N62Q.txt [ /revsci.net ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\E48A4X6G.txt [ /advertising.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\F4GCX8R5.txt [ /accounts.youtube.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1RP0CBHP.txt [ /statse.webtrendslive.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\X0569LD4.txt [ /ad.360yield.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRG6UL9F.txt [ /accounts.google.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HAU27OGL.txt [ /invitemedia.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TAN3Y03B.txt [ /liveperson.net ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\521TF6R4.txt [ /www.googleadservices.com ]
    C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\6AZL8GOU.txt [ /www.backcountryedge.com ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .allbritton.122.2o7.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.gigcount.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .specificclick.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .oracle.112.2o7.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .winzip.122.2o7.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mtvn.112.2o7.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.mediabistro.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.mediabistro.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .investingmediasolutions.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .investingmediasolutions.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    engine.888media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    engine.888media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    engine.888media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    engine.888media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    engine.888media.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.mediaite.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .overture.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .overture.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adinterax.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adinterax.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    account.samsung.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tradetracker.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .webresint.122.2o7.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    nedstat.hostelbookers.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    nedstat.hostelbookers.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnetwork.vn [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnetwork.vn [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .analytics.adnetwork.vn [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .analytics.adnetwork.vn [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .analytics.adnetwork.vn [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    mediaservices-d.openxenterprise.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    mediaservices-d.openxenterprise.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.reedge.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.reedge.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.reedge.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .account.live.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yieldmanager.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .3634681.fls.doubleclick.net [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.youtube.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\JUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\USERS\JUSTIN\APPDATA\LOCAL\TEMP\LOW\COOKIES\JUSTIN@ATDMT[2].TXT [ /ATDMT ]
    .doubleclick.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    uk.sitestat.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    uk.sitestat.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]
    .flagcounter.com [ C:\USERS\JUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I68ST3T6.DEFAULT\COOKIES.SQLITE ]

PUP.Offerware
    C:\USERS\JUSTIN\DOWNLOADS\DOWNLOADSETUP.EXE
 

 

3. GMER

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-13 23:41:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.02.0 298.09GB
Running: iy765mxi.exe; Driver: C:\Users\Justin\AppData\Local\Temp\kxdirkow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwAddBootEntry [0x90546610]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwAllocateVirtualMemory [0x912E75FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwAssignProcessToJobObject [0x905470E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateEvent [0x90552F18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateEventPair [0x90552F64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateIoCompletion [0x905530FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateMutant [0x90552E86]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwCreateSection [0x912E7992]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateSemaphore [0x90552ECE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateThread [0x905475E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateThreadEx [0x90547800]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateTimer [0x905530B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwDebugActiveProcess [0x90547E9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwDeleteBootEntry [0x90546676]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwDuplicateObject [0x9054B596]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwFreeVirtualMemory [0x912E76C2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwLoadDriver [0x912E5C12]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwModifyBootEntry [0x905466DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwNotifyChangeKey [0x9054B98C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwNotifyChangeMultipleKeys [0x9054892C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenEvent [0x90552F42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenEventPair [0x90552F86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenIoCompletion [0x90553122]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenMutant [0x90552EAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenProcess [0x9054AE78]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenSection [0x90553036]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenSemaphore [0x90552EF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenThread [0x9054B26E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenTimer [0x905530DC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwProtectVirtualMemory [0x912E7822]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwQueryObject [0x905487F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwQueueApcThreadEx [0x90548506]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetBootEntryOrder [0x90546742]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetBootOptions [0x905467A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetContextThread [0x90547D16]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetSystemInformation [0x905462F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetSystemPowerState [0x905464CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwShutdownSystem [0x9054645C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSuspendProcess [0x90548066]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSuspendThread [0x905481C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSystemDebugControl [0x90546556]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwTerminateProcess [0x912E78EA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwTerminateThread [0x90547CF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwUnloadDriver [0x912E5C42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwVdmControl [0x9054680E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwWriteVirtualMemory [0x912E776E]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwCreateProcessEx [0x91300E00]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                                  82E88A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                    82EC2212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                                       82EC9460 4 Bytes  [10, 66, 54, 90] {ADC [ESI+0x54], AH; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                       82EC9488 4 Bytes  [FA, 75, 2E, 91] {CLI ; JNZ 0x31; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                       82EC94E8 4 Bytes  [E6, 70, 54, 90] {OUT 0x70, AL; PUSH ESP; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                                       82EC953C 8 Bytes  [18, 2F, 55, 90, 64, 2F, 55, ...] {SBB [EDI], CH; PUSH EBP; NOP ; DAS ; PUSH EBP; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                                       82EC9548 4 Bytes  [FE, 30, 55, 90]
.text           ...                                                                                                                                       
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                        83056D4B 5 Bytes  JMP 912FDC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                                          8306F380 5 Bytes  JMP 912FF7CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                                               830844DF 4 Bytes  CALL 90548FEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                                              8309E347 4 Bytes  CALL 90549005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                            8312821C 7 Bytes  JMP 91300E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                                                                  section is writeable [0x91A1A000, 0x2FBFFA, 0xE8000020]
.text           kernel32.dll!GetBinaryTypeW + 70                                                                                                          754C69F4 1 Byte  [62]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\IDT\WDM\sttray.exe[152] ntdll.dll!LdrUnloadDll                                                                           76F5C8DE 5 Bytes  JMP 002E03FC
.text           C:\Program Files\IDT\WDM\sttray.exe[152] ntdll.dll!LdrLoadDll                                                                             76F622AE 5 Bytes  JMP 002E01F8
.text           C:\Program Files\IDT\WDM\sttray.exe[152] KERNEL32.dll!GetBinaryTypeW + 70                                                                 754C69F4 1 Byte  [62]
.text           C:\Program Files\IDT\WDM\sttray.exe[152] USER32.dll!UnhookWindowsHookEx                                                                   76B9ADF9 5 Bytes  JMP 002F0A08
.text           C:\Program Files\IDT\WDM\sttray.exe[152] USER32.dll!UnhookWinEvent                                                                        76B9B750 5 Bytes  JMP 002F03FC
.text           C:\Program Files\IDT\WDM\sttray.exe[152] USER32.dll!SetWindowsHookExW                                                                     76B9E30C 5 Bytes  JMP 002F0804
.text           C:\Program Files\IDT\WDM\sttray.exe[152] USER32.dll!SetWinEventHook                                                                       76BA24DC 5 Bytes  JMP 002F01F8
.text           C:\Program Files\IDT\WDM\sttray.exe[152] USER32.dll!SetWindowsHookExA                                                                     76BC6D0C 5 Bytes  JMP 002F0600
.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[364] kernel32.dll!GetBinaryTypeW + 70                                             754C69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[408] kernel32.dll!GetBinaryTypeW + 70                                                754C69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[420] kernel32.dll!GetBinaryTypeW + 70                              754C69F4 1 Byte  [62]
.text           C:\windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70                                                                       754C69F4 1 Byte  [62]
.text           C:\windows\system32\wininit.exe[548] kernel32.dll!GetBinaryTypeW + 70                                                                     754C69F4 1 Byte  [62]
.text           ...                                                                                                                                       
.text           C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[880] ntdll.dll!LdrUnloadDll                                             76F5C8DE 5 Bytes  JMP 000E03FC
.text           C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[880] ntdll.dll!LdrLoadDll                                               76F622AE 5 Bytes  JMP 000E01F8
.text           C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[880] KERNEL32.dll!GetBinaryTypeW + 70                                   754C69F4 1 Byte  [62]
.text           C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[880] USER32.dll!UnhookWindowsHookEx                                     76B9ADF9 5 Bytes  JMP 000F0A08
.text           C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[880] USER32.dll!UnhookWinEvent                                          76B9B750 5 Bytes  JMP 000F03FC
.text           C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[880] USER32.dll!SetWindowsHookExW                                       76B9E30C 5 Bytes  JMP 000F0804
.text           C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[880] USER32.dll!SetWinEventHook                                         76BA24DC 5 Bytes  JMP 000F01F8
.text           C:\Users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[880] USER32.dll!SetWindowsHookExA                                       76BC6D0C 5 Bytes  JMP 000F0600
.text           C:\windows\system32\atiesrxx.exe[908] kernel32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 70                                                                     754C69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[1016] kernel32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           ...                                                                                                                                       
.text           C:\Program Files\Motorola\Bluetooth\audiosrv.exe[1680] ntdll.dll!LdrUnloadDll                                                             76F5C8DE 5 Bytes  JMP 001D03FC
.text           C:\Program Files\Motorola\Bluetooth\audiosrv.exe[1680] ntdll.dll!LdrLoadDll                                                               76F622AE 5 Bytes  JMP 001D01F8
.text           C:\Program Files\Motorola\Bluetooth\audiosrv.exe[1680] KERNEL32.dll!GetBinaryTypeW + 70                                                   754C69F4 1 Byte  [62]
.text           C:\Program Files\Motorola\Bluetooth\audiosrv.exe[1680] USER32.dll!UnhookWindowsHookEx                                                     76B9ADF9 5 Bytes  JMP 001F0A08
.text           C:\Program Files\Motorola\Bluetooth\audiosrv.exe[1680] USER32.dll!UnhookWinEvent                                                          76B9B750 5 Bytes  JMP 001F03FC
.text           C:\Program Files\Motorola\Bluetooth\audiosrv.exe[1680] USER32.dll!SetWindowsHookExW                                                       76B9E30C 5 Bytes  JMP 001F0804
.text           C:\Program Files\Motorola\Bluetooth\audiosrv.exe[1680] USER32.dll!SetWinEventHook                                                         76BA24DC 5 Bytes  JMP 001F01F8
.text           C:\Program Files\Motorola\Bluetooth\audiosrv.exe[1680] USER32.dll!SetWindowsHookExA                                                       76BC6D0C 5 Bytes  JMP 001F0600
.text           C:\windows\System32\spoolsv.exe[1760] kernel32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1792] kernel32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1848] ntdll.dll!LdrUnloadDll                                                76F5C8DE 5 Bytes  JMP 000E03FC
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1848] ntdll.dll!LdrLoadDll                                                  76F622AE 5 Bytes  JMP 000E01F8
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1848] KERNEL32.dll!GetBinaryTypeW + 70                                      754C69F4 1 Byte  [62]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1848] USER32.dll!UnhookWindowsHookEx                                        76B9ADF9 5 Bytes  JMP 00100A08
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1848] USER32.dll!UnhookWinEvent                                             76B9B750 5 Bytes  JMP 001003FC
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1848] USER32.dll!SetWindowsHookExW                                          76B9E30C 5 Bytes  JMP 00100804
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1848] USER32.dll!SetWinEventHook                                            76BA24DC 5 Bytes  JMP 001001F8
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1848] USER32.dll!SetWindowsHookExA                                          76BC6D0C 5 Bytes  JMP 00100600
.text           C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1956] kernel32.dll!GetBinaryTypeW + 70                                                      754C69F4 1 Byte  [62]
.text           C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe[1984] kernel32.dll!GetBinaryTypeW + 70  754C69F4 1 Byte  [62]
.text           C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe[2016] kernel32.dll!GetBinaryTypeW + 70                                                  754C69F4 1 Byte  [62]
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2044] kernel32.dll!GetBinaryTypeW + 70                            754C69F4 1 Byte  [62]
.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2200] kernel32.dll!GetBinaryTypeW + 70                            754C69F4 1 Byte  [62]
.text           ...                                                                                                                                       
.text           C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[2332] ntdll.dll!LdrUnloadDll                                                         76F5C8DE 5 Bytes  JMP 001E03FC
.text           C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[2332] ntdll.dll!LdrLoadDll                                                           76F622AE 5 Bytes  JMP 001E01F8
.text           C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[2332] KERNEL32.dll!GetBinaryTypeW + 70                                               754C69F4 1 Byte  [62]
.text           C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[2332] USER32.dll!UnhookWindowsHookEx                                                 76B9ADF9 5 Bytes  JMP 00200A08
.text           C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[2332] USER32.dll!UnhookWinEvent                                                      76B9B750 5 Bytes  JMP 002003FC
.text           C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[2332] USER32.dll!SetWindowsHookExW                                                   76B9E30C 5 Bytes  JMP 00200804
.text           C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[2332] USER32.dll!SetWinEventHook                                                     76BA24DC 5 Bytes  JMP 002001F8
.text           C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe[2332] USER32.dll!SetWindowsHookExA                                                   76BC6D0C 5 Bytes  JMP 00200600
.text           C:\Program Files\Motorola\Bluetooth\obexsrv.exe[2360] kernel32.dll!GetBinaryTypeW + 70                                                    754C69F4 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\Kies.exe[2432] ntdll.dll!LdrUnloadDll                                                                       76F5C8DE 5 Bytes  JMP 003D03FC
.text           C:\Program Files\Samsung\Kies\Kies.exe[2432] ntdll.dll!LdrLoadDll                                                                         76F622AE 5 Bytes  JMP 003D01F8
.text           C:\Program Files\Samsung\Kies\Kies.exe[2432] KERNEL32.dll!GetBinaryTypeW + 70                                                             754C69F4 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\Kies.exe[2432] USER32.dll!UnhookWindowsHookEx                                                               76B9ADF9 5 Bytes  JMP 003F0A08
.text           C:\Program Files\Samsung\Kies\Kies.exe[2432] USER32.dll!UnhookWinEvent                                                                    76B9B750 5 Bytes  JMP 003F03FC
.text           C:\Program Files\Samsung\Kies\Kies.exe[2432] USER32.dll!SetWindowsHookExW                                                                 76B9E30C 5 Bytes  JMP 003F0804
.text           C:\Program Files\Samsung\Kies\Kies.exe[2432] USER32.dll!SetWinEventHook                                                                   76BA24DC 5 Bytes  JMP 003F01F8
.text           C:\Program Files\Samsung\Kies\Kies.exe[2432] USER32.dll!SetWindowsHookExA                                                                 76BC6D0C 5 Bytes  JMP 003F0600
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2448] kernel32.dll!GetBinaryTypeW + 70                                   754C69F4 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2456] ntdll.dll!LdrUnloadDll                                                              76F5C8DE 5 Bytes  JMP 001E03FC
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2456] ntdll.dll!LdrLoadDll                                                                76F622AE 5 Bytes  JMP 001E01F8
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2456] KERNEL32.dll!GetBinaryTypeW + 70                                                    754C69F4 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2456] USER32.dll!UnhookWindowsHookEx                                                      76B9ADF9 5 Bytes  JMP 001F0A08
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2456] USER32.dll!UnhookWinEvent                                                           76B9B750 5 Bytes  JMP 001F03FC
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2456] USER32.dll!SetWindowsHookExW                                                        76B9E30C 5 Bytes  JMP 001F0804
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2456] USER32.dll!SetWinEventHook                                                          76BA24DC 5 Bytes  JMP 001F01F8
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2456] USER32.dll!SetWindowsHookExA                                                        76BC6D0C 5 Bytes  JMP 001F0600
.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2480] kernel32.dll!GetBinaryTypeW + 70                           754C69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] kernel32.dll!GetBinaryTypeW + 70                           754C69F4 1 Byte  [62]
.text           C:\windows\system32\wbem\unsecapp.exe[2704] kernel32.dll!GetBinaryTypeW + 70                                                              754C69F4 1 Byte  [62]
.text           C:\windows\system32\wbem\wmiprvse.exe[2856] kernel32.dll!GetBinaryTypeW + 70                                                              754C69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3088] ntdll.dll!LdrUnloadDll                                                       76F5C8DE 5 Bytes  JMP 001E03FC
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3088] ntdll.dll!LdrLoadDll                                                         76F622AE 5 Bytes  JMP 001E01F8
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3088] KERNEL32.dll!GetBinaryTypeW + 70                                             754C69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3088] USER32.dll!UnhookWindowsHookEx                                               76B9ADF9 5 Bytes  JMP 001F0A08
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3088] USER32.dll!UnhookWinEvent                                                    76B9B750 5 Bytes  JMP 001F03FC
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3088] USER32.dll!SetWindowsHookExW                                                 76B9E30C 5 Bytes  JMP 001F0804
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3088] USER32.dll!SetWinEventHook                                                   76BA24DC 5 Bytes  JMP 001F01F8
.text           C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[3088] USER32.dll!SetWindowsHookExA                                                 76BC6D0C 5 Bytes  JMP 001F0600
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3236] kernel32.dll!GetBinaryTypeW + 70                                                  754C69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3252] kernel32.dll!GetBinaryTypeW + 70                   754C69F4 1 Byte  [62]
.text           C:\windows\system32\SearchIndexer.exe[3428] ntdll.dll!LdrUnloadDll                                                                        76F5C8DE 5 Bytes  JMP 000703FC
.text           C:\windows\system32\SearchIndexer.exe[3428] ntdll.dll!LdrLoadDll                                                                          76F622AE 5 Bytes  JMP 000701F8
.text           C:\windows\system32\SearchIndexer.exe[3428] KERNEL32.dll!GetBinaryTypeW + 70                                                              754C69F4 1 Byte  [62]
.text           C:\windows\system32\SearchIndexer.exe[3428] USER32.dll!UnhookWindowsHookEx                                                                76B9ADF9 5 Bytes  JMP 00240A08
.text           C:\windows\system32\SearchIndexer.exe[3428] USER32.dll!UnhookWinEvent                                                                     76B9B750 5 Bytes  JMP 002403FC
.text           C:\windows\system32\SearchIndexer.exe[3428] USER32.dll!SetWindowsHookExW                                                                  76B9E30C 5 Bytes  JMP 00240804
.text           C:\windows\system32\SearchIndexer.exe[3428] USER32.dll!SetWinEventHook                                                                    76BA24DC 5 Bytes  JMP 002401F8
.text           C:\windows\system32\SearchIndexer.exe[3428] USER32.dll!SetWindowsHookExA                                                                  76BC6D0C 5 Bytes  JMP 00240600
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3468] ntdll.dll!LdrUnloadDll                   76F5C8DE 5 Bytes  JMP 001D03FC
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3468] ntdll.dll!LdrLoadDll                     76F622AE 5 Bytes  JMP 001D01F8
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3468] KERNEL32.dll!GetBinaryTypeW + 70         754C69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3468] USER32.dll!UnhookWindowsHookEx           76B9ADF9 5 Bytes  JMP 001F0A08
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3468] USER32.dll!UnhookWinEvent                76B9B750 5 Bytes  JMP 001F03FC
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3468] USER32.dll!SetWindowsHookExW             76B9E30C 5 Bytes  JMP 001F0804
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3468] USER32.dll!SetWinEventHook               76BA24DC 5 Bytes  JMP 001F01F8
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3468] USER32.dll!SetWindowsHookExA             76BC6D0C 5 Bytes  JMP 001F0600
.text           C:\Windows\System32\rundll32.exe[3756] ntdll.dll!LdrUnloadDll                                                                             76F5C8DE 5 Bytes  JMP 000F03FC
.text           C:\Windows\System32\rundll32.exe[3756] ntdll.dll!LdrLoadDll                                                                               76F622AE 5 Bytes  JMP 000F01F8
.text           C:\Windows\System32\rundll32.exe[3756] KERNEL32.dll!GetBinaryTypeW + 70                                                                   754C69F4 1 Byte  [62]
.text           C:\Windows\System32\rundll32.exe[3756] USER32.dll!UnhookWindowsHookEx                                                                     76B9ADF9 5 Bytes  JMP 00110A08
.text           C:\Windows\System32\rundll32.exe[3756] USER32.dll!UnhookWinEvent                                                                          76B9B750 5 Bytes  JMP 001103FC
.text           C:\Windows\System32\rundll32.exe[3756] USER32.dll!SetWindowsHookExW                                                                       76B9E30C 5 Bytes  JMP 00110804
.text           C:\Windows\System32\rundll32.exe[3756] USER32.dll!SetWinEventHook                                                                         76BA24DC 5 Bytes  JMP 001101F8
.text           C:\Windows\System32\rundll32.exe[3756] USER32.dll!SetWindowsHookExA                                                                       76BC6D0C 5 Bytes  JMP 00110600
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[3908] ntdll.dll!LdrUnloadDll                                               76F5C8DE 5 Bytes  JMP 000F03FC
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[3908] ntdll.dll!LdrLoadDll                                                 76F622AE 5 Bytes  JMP 000F01F8
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[3908] KERNEL32.dll!GetBinaryTypeW + 70                                     754C69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[3908] USER32.dll!UnhookWindowsHookEx                                       76B9ADF9 5 Bytes  JMP 00120A08
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[3908] USER32.dll!UnhookWinEvent                                            76B9B750 5 Bytes  JMP 001203FC
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[3908] USER32.dll!SetWindowsHookExW                                         76B9E30C 5 Bytes  JMP 00120804
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[3908] USER32.dll!SetWinEventHook                                           76BA24DC 5 Bytes  JMP 001201F8
.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[3908] USER32.dll!SetWindowsHookExA                                         76BC6D0C 5 Bytes  JMP 00120600
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3960] ntdll.dll!LdrUnloadDll                                                         76F5C8DE 5 Bytes  JMP 001E03FC
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3960] ntdll.dll!LdrLoadDll                                                           76F622AE 5 Bytes  JMP 001E01F8
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3960] KERNEL32.dll!GetBinaryTypeW + 70                                               754C69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3960] USER32.dll!UnhookWindowsHookEx                                                 76B9ADF9 5 Bytes  JMP 00200A08
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3960] USER32.dll!UnhookWinEvent                                                      76B9B750 5 Bytes  JMP 002003FC
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3960] USER32.dll!SetWindowsHookExW                                                   76B9E30C 5 Bytes  JMP 00200804
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3960] USER32.dll!SetWinEventHook                                                     76BA24DC 5 Bytes  JMP 002001F8
.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3960] USER32.dll!SetWindowsHookExA                                                   76BC6D0C 5 Bytes  JMP 00200600
.text           C:\windows\system32\svchost.exe[4108] ntdll.dll!LdrUnloadDll                                                                              76F5C8DE 5 Bytes  JMP 000E03FC
.text           C:\windows\system32\svchost.exe[4108] ntdll.dll!LdrLoadDll                                                                                76F622AE 5 Bytes  JMP 000E01F8
.text           C:\windows\system32\svchost.exe[4108] KERNEL32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[4108] USER32.dll!UnhookWindowsHookEx                                                                      76B9ADF9 5 Bytes  JMP 00100A08
.text           C:\windows\system32\svchost.exe[4108] USER32.dll!UnhookWinEvent                                                                           76B9B750 5 Bytes  JMP 001003FC
.text           C:\windows\system32\svchost.exe[4108] USER32.dll!SetWindowsHookExW                                                                        76B9E30C 5 Bytes  JMP 00100804
.text           C:\windows\system32\svchost.exe[4108] USER32.dll!SetWinEventHook                                                                          76BA24DC 5 Bytes  JMP 001001F8
.text           C:\windows\system32\svchost.exe[4108] USER32.dll!SetWindowsHookExA                                                                        76BC6D0C 5 Bytes  JMP 00100600
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4264] ntdll.dll!LdrUnloadDll                                                                76F5C8DE 5 Bytes  JMP 001E03FC
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4264] ntdll.dll!LdrLoadDll                                                                  76F622AE 5 Bytes  JMP 001E01F8
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4264] KERNEL32.dll!GetBinaryTypeW + 70                                                      754C69F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4264] USER32.dll!UnhookWindowsHookEx                                                        76B9ADF9 5 Bytes  JMP 001F0A08
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4264] USER32.dll!UnhookWinEvent                                                             76B9B750 5 Bytes  JMP 001F03FC
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4264] USER32.dll!SetWindowsHookExW                                                          76B9E30C 5 Bytes  JMP 001F0804
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4264] USER32.dll!SetWinEventHook                                                            76BA24DC 5 Bytes  JMP 001F01F8
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4264] USER32.dll!SetWindowsHookExA                                                          76BC6D0C 5 Bytes  JMP 001F0600
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4276] ntdll.dll!LdrUnloadDll                                          76F5C8DE 5 Bytes  JMP 000E03FC
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4276] ntdll.dll!LdrLoadDll                                            76F622AE 5 Bytes  JMP 000E01F8
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4276] KERNEL32.dll!GetBinaryTypeW + 70                                754C69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4276] USER32.dll!UnhookWindowsHookEx                                  76B9ADF9 5 Bytes  JMP 00100A08
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4276] USER32.dll!UnhookWinEvent                                       76B9B750 5 Bytes  JMP 001003FC
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4276] USER32.dll!SetWindowsHookExW                                    76B9E30C 5 Bytes  JMP 00100804
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4276] USER32.dll!SetWinEventHook                                      76BA24DC 5 Bytes  JMP 001001F8
.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[4276] USER32.dll!SetWindowsHookExA                                    76BC6D0C 5 Bytes  JMP 00100600
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4504] ntdll.dll!LdrUnloadDll                                                             76F5C8DE 5 Bytes  JMP 001E03FC
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4504] ntdll.dll!LdrLoadDll                                                               76F622AE 5 Bytes  JMP 001E01F8
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4504] KERNEL32.dll!GetBinaryTypeW + 70                                                   754C69F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4504] USER32.dll!UnhookWindowsHookEx                                                     76B9ADF9 5 Bytes  JMP 001F0A08
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4504] USER32.dll!UnhookWinEvent                                                          76B9B750 5 Bytes  JMP 001F03FC
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4504] USER32.dll!SetWindowsHookExW                                                       76B9E30C 5 Bytes  JMP 001F0804
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4504] USER32.dll!SetWinEventHook                                                         76BA24DC 5 Bytes  JMP 001F01F8
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4504] USER32.dll!SetWindowsHookExA                                                       76BC6D0C 5 Bytes  JMP 001F0600
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4804] ntdll.dll!LdrUnloadDll                                                76F5C8DE 5 Bytes  JMP 002E03FC
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4804] ntdll.dll!LdrLoadDll                                                  76F622AE 5 Bytes  JMP 002E01F8
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4804] KERNEL32.dll!GetBinaryTypeW + 70                                      754C69F4 1 Byte  [62]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4804] USER32.dll!UnhookWindowsHookEx                                        76B9ADF9 5 Bytes  JMP 00300A08
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4804] USER32.dll!UnhookWinEvent                                             76B9B750 5 Bytes  JMP 003003FC
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4804] USER32.dll!SetWindowsHookExW                                          76B9E30C 5 Bytes  JMP 00300804
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4804] USER32.dll!SetWinEventHook                                            76BA24DC 5 Bytes  JMP 003001F8
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4804] USER32.dll!SetWindowsHookExA                                          76BC6D0C 5 Bytes  JMP 00300600
.text           C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[4824] ntdll.dll!LdrUnloadDll                                             76F5C8DE 5 Bytes  JMP 000803FC
.text           C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[4824] ntdll.dll!LdrLoadDll                                               76F622AE 5 Bytes  JMP 000801F8
.text           C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[4824] KERNEL32.dll!GetBinaryTypeW + 70                                   754C69F4 1 Byte  [62]
.text           C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[4824] USER32.dll!UnhookWindowsHookEx                                     76B9ADF9 5 Bytes  JMP 00220A08
.text           C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[4824] USER32.dll!UnhookWinEvent                                          76B9B750 5 Bytes  JMP 002203FC
.text           C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[4824] USER32.dll!SetWindowsHookExW                                       76B9E30C 5 Bytes  JMP 00220804
.text           C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[4824] USER32.dll!SetWinEventHook                                         76BA24DC 5 Bytes  JMP 002201F8
.text           C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[4824] USER32.dll!SetWindowsHookExA                                       76BC6D0C 5 Bytes  JMP 00220600
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4832] ntdll.dll!LdrUnloadDll                                            76F5C8DE 5 Bytes  JMP 001703FC
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4832] ntdll.dll!LdrLoadDll                                              76F622AE 5 Bytes  JMP 001701F8
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4832] KERNEL32.dll!GetBinaryTypeW + 70                                  754C69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4832] USER32.dll!UnhookWindowsHookEx                                    76B9ADF9 5 Bytes  JMP 00300A08
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4832] USER32.dll!UnhookWinEvent                                         76B9B750 5 Bytes  JMP 003003FC
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4832] USER32.dll!SetWindowsHookExW                                      76B9E30C 5 Bytes  JMP 00300804
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4832] USER32.dll!SetWinEventHook                                        76BA24DC 5 Bytes  JMP 003001F8
.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4832] USER32.dll!SetWindowsHookExA                                      76BC6D0C 5 Bytes  JMP 00300600
.text           C:\windows\System32\svchost.exe[4944] ntdll.dll!LdrUnloadDll                                                                              76F5C8DE 5 Bytes  JMP 000E03FC
.text           C:\windows\System32\svchost.exe[4944] ntdll.dll!LdrLoadDll                                                                                76F622AE 5 Bytes  JMP 000E01F8
.text           C:\windows\System32\svchost.exe[4944] KERNEL32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[4944] USER32.dll!UnhookWindowsHookEx                                                                      76B9ADF9 5 Bytes  JMP 00100A08
.text           C:\windows\System32\svchost.exe[4944] USER32.dll!UnhookWinEvent                                                                           76B9B750 5 Bytes  JMP 001003FC
.text           C:\windows\System32\svchost.exe[4944] USER32.dll!SetWindowsHookExW                                                                        76B9E30C 5 Bytes  JMP 00100804
.text           C:\windows\System32\svchost.exe[4944] USER32.dll!SetWinEventHook                                                                          76BA24DC 5 Bytes  JMP 001001F8
.text           C:\windows\System32\svchost.exe[4944] USER32.dll!SetWindowsHookExA                                                                        76BC6D0C 5 Bytes  JMP 00100600
.text           C:\Users\Justin\Desktop\iy765mxi.exe[4984] kernel32.dll!GetBinaryTypeW + 70                                                               754C69F4 1 Byte  [62]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[4988] ntdll.dll!LdrUnloadDll                                                           76F5C8DE 5 Bytes  JMP 000E03FC
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[4988] ntdll.dll!LdrLoadDll                                                             76F622AE 5 Bytes  JMP 000E01F8
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[4988] KERNEL32.dll!GetBinaryTypeW + 70                                                 754C69F4 1 Byte  [62]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[4988] USER32.dll!UnhookWindowsHookEx                                                   76B9ADF9 5 Bytes  JMP 00100A08
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[4988] USER32.dll!UnhookWinEvent                                                        76B9B750 5 Bytes  JMP 001003FC
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[4988] USER32.dll!SetWindowsHookExW                                                     76B9E30C 5 Bytes  JMP 00100804
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[4988] USER32.dll!SetWinEventHook                                                       76BA24DC 5 Bytes  JMP 001001F8
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[4988] USER32.dll!SetWindowsHookExA                                                     76BC6D0C 5 Bytes  JMP 00100600
.text           C:\windows\system32\AUDIODG.EXE[5360] kernel32.dll!GetBinaryTypeW + 70                                                                    754C69F4 1 Byte  [62]
.text           C:\windows\system32\taskhost.exe[5524] ntdll.dll!LdrUnloadDll                                                                             76F5C8DE 5 Bytes  JMP 000603FC
.text           C:\windows\system32\taskhost.exe[5524] ntdll.dll!LdrLoadDll                                                                               76F622AE 5 Bytes  JMP 000601F8
.text           C:\windows\system32\taskhost.exe[5524] KERNEL32.dll!GetBinaryTypeW + 70                                                                   754C69F4 1 Byte  [62]
.text           C:\windows\system32\taskhost.exe[5524] USER32.dll!UnhookWindowsHookEx                                                                     76B9ADF9 5 Bytes  JMP 00070A08
.text           C:\windows\system32\taskhost.exe[5524] USER32.dll!UnhookWinEvent                                                                          76B9B750 5 Bytes  JMP 000703FC
.text           C:\windows\system32\taskhost.exe[5524] USER32.dll!SetWindowsHookExW                                                                       76B9E30C 5 Bytes  JMP 00070804
.text           C:\windows\system32\taskhost.exe[5524] USER32.dll!SetWinEventHook                                                                         76BA24DC 5 Bytes  JMP 000701F8
.text           C:\windows\system32\taskhost.exe[5524] USER32.dll!SetWindowsHookExA                                                                       76BC6D0C 5 Bytes  JMP 00070600
.text           C:\windows\system32\Dwm.exe[5676] ntdll.dll!LdrUnloadDll                                                                                  76F5C8DE 5 Bytes  JMP 000E03FC
.text           C:\windows\system32\Dwm.exe[5676] ntdll.dll!LdrLoadDll                                                                                    76F622AE 5 Bytes  JMP 000E01F8
.text           C:\windows\system32\Dwm.exe[5676] KERNEL32.dll!GetBinaryTypeW + 70                                                                        754C69F4 1 Byte  [62]
.text           C:\windows\system32\Dwm.exe[5676] USER32.dll!UnhookWindowsHookEx                                                                          76B9ADF9 5 Bytes  JMP 000F0A08
.text           C:\windows\system32\Dwm.exe[5676] USER32.dll!UnhookWinEvent                                                                               76B9B750 5 Bytes  JMP 000F03FC
.text           C:\windows\system32\Dwm.exe[5676] USER32.dll!SetWindowsHookExW                                                                            76B9E30C 5 Bytes  JMP 000F0804
.text           C:\windows\system32\Dwm.exe[5676] USER32.dll!SetWinEventHook                                                                              76BA24DC 5 Bytes  JMP 000F01F8
.text           C:\windows\system32\Dwm.exe[5676] USER32.dll!SetWindowsHookExA                                                                            76BC6D0C 5 Bytes  JMP 000F0600
.text           C:\windows\Explorer.EXE[5704] ntdll.dll!LdrUnloadDll                                                                                      76F5C8DE 5 Bytes  JMP 000703FC
.text           C:\windows\Explorer.EXE[5704] ntdll.dll!LdrLoadDll                                                                                        76F622AE 5 Bytes  JMP 000701F8
.text           C:\windows\Explorer.EXE[5704] KERNEL32.dll!GetBinaryTypeW + 70                                                                            754C69F4 1 Byte  [62]
.text           C:\windows\Explorer.EXE[5704] USER32.dll!UnhookWindowsHookEx                                                                              76B9ADF9 5 Bytes  JMP 00090A08
.text           C:\windows\Explorer.EXE[5704] USER32.dll!UnhookWinEvent                                                                                   76B9B750 5 Bytes  JMP 000903FC
.text           C:\windows\Explorer.EXE[5704] USER32.dll!SetWindowsHookExW                                                                                76B9E30C 5 Bytes  JMP 00090804
.text           C:\windows\Explorer.EXE[5704] USER32.dll!SetWinEventHook                                                                                  76BA24DC 5 Bytes  JMP 000901F8
.text           C:\windows\Explorer.EXE[5704] USER32.dll!SetWindowsHookExA                                                                                76BC6D0C 5 Bytes  JMP 00090600
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[5868] ntdll.dll!LdrUnloadDll                                         76F5C8DE 5 Bytes  JMP 000E03FC
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[5868] ntdll.dll!LdrLoadDll                                           76F622AE 5 Bytes  JMP 000E01F8
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[5868] KERNEL32.dll!GetBinaryTypeW + 70                               754C69F4 1 Byte  [62]
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[5868] USER32.dll!UnhookWindowsHookEx                                 76B9ADF9 5 Bytes  JMP 00110A08
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[5868] USER32.dll!UnhookWinEvent                                      76B9B750 5 Bytes  JMP 001103FC
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[5868] USER32.dll!SetWindowsHookExW                                   76B9E30C 5 Bytes  JMP 00110804
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[5868] USER32.dll!SetWinEventHook                                     76BA24DC 5 Bytes  JMP 001101F8
.text           C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[5868] USER32.dll!SetWindowsHookExA                                   76BC6D0C 5 Bytes  JMP 00110600
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5876] ntdll.dll!LdrUnloadDll                                             76F5C8DE 5 Bytes  JMP 001E03FC
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5876] ntdll.dll!LdrLoadDll                                               76F622AE 5 Bytes  JMP 001E01F8
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5876] KERNEL32.dll!GetBinaryTypeW + 70                                   754C69F4 1 Byte  [62]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5876] USER32.dll!UnhookWindowsHookEx                                     76B9ADF9 5 Bytes  JMP 002F0A08
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5876] USER32.dll!UnhookWinEvent                                          76B9B750 5 Bytes  JMP 002F03FC
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5876] USER32.dll!SetWindowsHookExW                                       76B9E30C 5 Bytes  JMP 002F0804
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5876] USER32.dll!SetWinEventHook                                         76BA24DC 5 Bytes  JMP 002F01F8
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5876] USER32.dll!SetWindowsHookExA                                       76BC6D0C 5 Bytes  JMP 002F0600

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1624] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [71120790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Program Files\AVAST Software\Avast\AvastUI.exe[3236] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                    [71120790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Windows\System32\rundll32.exe[3756] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                     [74E4FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3756] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                      [74E4FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3756] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                   [74E4FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3756] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                    [74E4FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                    aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                   Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                   aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                   aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395f7982f                                                               
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395f7982f (not active ControlSet)                                           

---- EOF - GMER 2.1 ----
 



#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 13 October 2013 - 03:41 PM

Please download TDSSKiller exe version to your desktop.
Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.

Click on Change Parameters and click Detect TDLFS File System.
    Click the Start Scan button.
    Do not use the computer during the scan
    If the scan completes with nothing found, click Close to exit.
    If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    A TDSSKiller text file would be saved in Local Disk C.
    Copy and paste the contents of that file in your next reply.


ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#5 Danzar1

Danzar1
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 14 October 2013 - 06:25 AM

An update on how things are going.  There has been this "Winzip Registry Optimizer"hanging around since I first looked at the machine which I neglected to mention. It's clearly not Winzip as we know it. Since applying MBAM and Superantispyware, it's gotten more active. Starts up every time I boot.

 

No other major changes.

 

Here is the TDSkiller log. No infections found.

 

22:14:31.0661 0x1664  TDSS rootkit removing tool 3.0.0.12 Oct  9 2013 14:59:22
22:14:32.0445 0x1664  ============================================================
22:14:32.0445 0x1664  Current date / time: 2013/10/14 22:14:32.0445
22:14:32.0445 0x1664  SystemInfo:
22:14:32.0445 0x1664  
22:14:32.0445 0x1664  OS Version: 6.1.7601 ServicePack: 1.0
22:14:32.0445 0x1664  Product type: Workstation
22:14:32.0445 0x1664  ComputerName: JUSTIN-LAPTOP
22:14:32.0446 0x1664  UserName: Justin
22:14:32.0446 0x1664  Windows directory: C:\windows
22:14:32.0446 0x1664  System windows directory: C:\windows
22:14:32.0446 0x1664  Processor architecture: Intel x86
22:14:32.0446 0x1664  Number of processors: 2
22:14:32.0446 0x1664  Page size: 0x1000
22:14:32.0446 0x1664  Boot type: Normal boot
22:14:32.0446 0x1664  ============================================================
22:14:32.0877 0x1664  System UUID: {5A090FC2-23A8-A519-B561-B5B13380F0A5}
22:14:33.0372 0x1664  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:14:33.0374 0x1664  ============================================================
22:14:33.0374 0x1664  \Device\Harddisk0\DR0:
22:14:33.0374 0x1664  MBR partitions:
22:14:33.0374 0x1664  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
22:14:33.0374 0x1664  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197000
22:14:33.0374 0x1664  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322D800, BlocksNum 0x1E00000
22:14:33.0374 0x1664  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D800, BlocksNum 0x3FD800
22:14:33.0374 0x1664  ============================================================
22:14:33.0420 0x1664  C: <-> \Device\Harddisk0\DR0\Partition2
22:14:33.0451 0x1664  F: <-> \Device\Harddisk0\DR0\Partition4
22:14:33.0451 0x1664  ============================================================
22:14:33.0451 0x1664  Initialize success
22:14:33.0451 0x1664  ============================================================
22:14:58.0732 0x1090  ============================================================
22:14:58.0732 0x1090  Scan started
22:14:58.0732 0x1090  Mode: Manual; TDLFS;
22:14:58.0732 0x1090  ============================================================
22:14:58.0732 0x1090  KSN ping started
22:15:12.0306 0x1090  KSN ping finished: true
22:15:12.0503 0x1090  ================ Scan system memory ========================
22:15:12.0503 0x1090  System memory - ok
22:15:12.0503 0x1090  ================ Scan services =============================
22:15:12.0648 0x1090  [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:15:12.0652 0x1090  !SASCORE - ok
22:15:12.0952 0x1090  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
22:15:12.0957 0x1090  1394ohci - ok
22:15:12.0993 0x1090  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
22:15:13.0000 0x1090  ACPI - ok
22:15:13.0031 0x1090  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
22:15:13.0033 0x1090  AcpiPmi - ok
22:15:13.0146 0x1090  [ 24A0876D07EF356DCBC1D7A7929354AB, 765653E856EC5841DB851363E7C7CFC332D3605789ECD0998762F60ADD56A0D8 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:15:13.0152 0x1090  AdobeFlashPlayerUpdateSvc - ok
22:15:13.0228 0x1090  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
22:15:13.0240 0x1090  adp94xx - ok
22:15:13.0280 0x1090  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
22:15:13.0288 0x1090  adpahci - ok
22:15:13.0314 0x1090  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
22:15:13.0318 0x1090  adpu320 - ok
22:15:13.0356 0x1090  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
22:15:13.0359 0x1090  AeLookupSvc - ok
22:15:13.0484 0x1090  [ 827DBC22C96EECF6D36A13162FABAFD3, EBBC04A6AD3BC83E3791569C1120BBBB59AF70512FA2CEB6A8BA2A257F3F6C32 ] AESTFilters     C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe
22:15:13.0486 0x1090  AESTFilters - ok
22:15:13.0550 0x1090  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\windows\system32\drivers\afd.sys
22:15:13.0559 0x1090  AFD - ok
22:15:13.0624 0x1090  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
22:15:13.0698 0x1090  AgereSoftModem - ok
22:15:13.0746 0x1090  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
22:15:13.0748 0x1090  agp440 - ok
22:15:13.0821 0x1090  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
22:15:13.0824 0x1090  aic78xx - ok
22:15:13.0858 0x1090  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
22:15:13.0861 0x1090  ALG - ok
22:15:13.0905 0x1090  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
22:15:13.0907 0x1090  aliide - ok
22:15:13.0961 0x1090  [ 44734C60B67AEE197446376F057EC6ED, C2C16712CCC3FC6AD2CBC7485F2D4E906254F7B60E304CBEAE8FE1FA1FBB7FD9 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
22:15:13.0965 0x1090  AMD External Events Utility - ok
22:15:14.0003 0x1090  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
22:15:14.0005 0x1090  amdagp - ok
22:15:14.0035 0x1090  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
22:15:14.0037 0x1090  amdide - ok
22:15:14.0075 0x1090  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
22:15:14.0077 0x1090  AmdK8 - ok
22:15:14.0292 0x1090  [ 6D61CB78B6F8C3E8E7B01AB8D0B41467, 84FF1EF7A562B76D4B2ACCE10F08FF825D2089287676051B83D8D122D75AB14B ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
22:15:14.0486 0x1090  amdkmdag - ok
22:15:14.0551 0x1090  [ D5D51C4623A67BCF10B42DADE0C4D7B0, 775E0146026329BE701A5F4C1A83E46B7FBE235B50FA5EB9FA36E85274847769 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
22:15:14.0556 0x1090  amdkmdap - ok
22:15:14.0608 0x1090  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
22:15:14.0610 0x1090  AmdPPM - ok
22:15:14.0659 0x1090  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\windows\system32\drivers\amdsata.sys
22:15:14.0662 0x1090  amdsata - ok
22:15:14.0695 0x1090  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
22:15:14.0700 0x1090  amdsbs - ok
22:15:14.0712 0x1090  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
22:15:14.0713 0x1090  amdxata - ok
22:15:14.0763 0x1090  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\windows\system32\drivers\appid.sys
22:15:14.0765 0x1090  AppID - ok
22:15:14.0823 0x1090  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\windows\System32\appidsvc.dll
22:15:14.0825 0x1090  AppIDSvc - ok
22:15:14.0864 0x1090  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\windows\System32\appinfo.dll
22:15:14.0866 0x1090  Appinfo - ok
22:15:14.0935 0x1090  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\DRIVERS\arc.sys
22:15:14.0938 0x1090  arc - ok
22:15:14.0957 0x1090  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
22:15:14.0960 0x1090  arcsas - ok
22:15:15.0015 0x1090  [ B9FE438B3CAD82B2014710349A2022F7, F9A3045590DAC38D7389957377BDD78E608D3078686EFD046FADDC2381ABB599 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
22:15:15.0016 0x1090  aswFsBlk - ok
22:15:15.0078 0x1090  [ AE5549DD21F6DE06406031EF1D51ACC3, 7E4AA6B03864C3E09DB869174BC5660F825D43FC27ABBE54E84F89650FD7679F ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
22:15:15.0080 0x1090  aswMonFlt - ok
22:15:15.0131 0x1090  [ A29EF1A46E110F392588F7395BB55F32, 378011CBF019AD43B0D5D1FB1CA6173B7FAA6510FCCFAAED09F9405D8DC4D694 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
22:15:15.0133 0x1090  aswRdr - ok
22:15:15.0197 0x1090  [ FA72FA503F580C3C628DD8C7D7622E37, 434FC6A3CB120299C80D99201D5FBA48E4E8C5DDB76F7F0EF4FE95EE522AEE6C ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
22:15:15.0199 0x1090  aswRvrt - ok
22:15:15.0259 0x1090  [ 4D53349D848C6BADB3D4ACBE98C27676, AC9EAE6F0611F8876CA45FA499A9C4D4DD8EC5DB77F5C52E1BAFD64598F4437A ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
22:15:15.0274 0x1090  aswSnx - ok
22:15:15.0340 0x1090  [ 813024DFD54A41B3AFAE2B1E2796CB80, A8C5FB0510E86B0BE567A67A412530312B36FB5BB777EEEE7E17C1D8D4D9699D ] aswSP           C:\windows\system32\drivers\aswSP.sys
22:15:15.0348 0x1090  aswSP - ok
22:15:15.0390 0x1090  [ 5E18413310134130D7772F0668698CB7, 18CBA5356341640085575D77ABD24358ACD818603FCA2BD49475239E5B50FDD1 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
22:15:15.0393 0x1090  aswTdi - ok
22:15:15.0454 0x1090  [ A5F637D61719D37A5B4868C385E363C0, 36505921AF5A09175395EBAEA29C72B2A69A3A9204384A767A5BE8A721F31B10 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
22:15:15.0458 0x1090  aswVmm - ok
22:15:15.0529 0x1090  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
22:15:15.0530 0x1090  AsyncMac - ok
22:15:15.0587 0x1090  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
22:15:15.0589 0x1090  atapi - ok
22:15:15.0659 0x1090  [ C7C4A32657EA691895DC5A270EB1DE77, 6D4FB5B7C0C9AEFEDDA8446903EECE04BD9A5A5037E0A58E5A4F6B2EFDE9CA9D ] AtiHDAudioService C:\windows\system32\drivers\AtihdW73.sys
22:15:15.0662 0x1090  AtiHDAudioService - ok
22:15:15.0696 0x1090  [ 8DF873D0587596C1D35A9CECECC61DA1, 41974FCA452CE48C5A6040BF99D1AC9A1C13FF38DF341443CCE2D2ABBC4C9453 ] AtiHdmiService  C:\windows\system32\drivers\AtiHdmi.sys
22:15:15.0700 0x1090  AtiHdmiService - ok
22:15:15.0753 0x1090  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:15:15.0773 0x1090  AudioEndpointBuilder - ok
22:15:15.0818 0x1090  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\windows\System32\Audiosrv.dll
22:15:15.0828 0x1090  Audiosrv - ok
22:15:15.0945 0x1090  [ 9330941C8F6DF417F6DBBE998DB6687E, 28BC051D7C74721BAF85BE2AAB97EAE44152779106C5BDA1FDA07B9C049E2FDC ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:15:15.0947 0x1090  avast! Antivirus - ok
22:15:16.0004 0x1090  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
22:15:16.0008 0x1090  AxInstSV - ok
22:15:16.0060 0x1090  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
22:15:16.0071 0x1090  b06bdrv - ok
22:15:16.0123 0x1090  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
22:15:16.0129 0x1090  b57nd60x - ok
22:15:16.0165 0x1090  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
22:15:16.0168 0x1090  BDESVC - ok
22:15:16.0203 0x1090  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
22:15:16.0205 0x1090  Beep - ok
22:15:16.0268 0x1090  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
22:15:16.0281 0x1090  BFE - ok
22:15:16.0344 0x1090  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\System32\qmgr.dll
22:15:16.0379 0x1090  BITS - ok
22:15:16.0427 0x1090  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
22:15:16.0429 0x1090  blbdrive - ok
22:15:16.0629 0x1090  [ FAF2AAAC84D952B3077D13220A0606A5, 3F34A3BA97ECAC22E573DB3624F78511DC8C13809881A422EEDE3A7C66CA271C ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
22:15:16.0746 0x1090  Bluetooth Device Manager - ok
22:15:16.0826 0x1090  [ 1733DD1E2B722AB476571DE53C6A6367, 8421E527340D52BB26CD46A367E4FE3570C88086006EE43A698E101EF22B9FFE ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
22:15:16.0842 0x1090  Bluetooth Media Service - ok
22:15:16.0864 0x1090  [ 55FBB6E578BFB2327BA41B3E526CCE1A, 70DAE675FC0F7F3BBF13DF27311944902C248B081095A473409852F61E72587E ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
22:15:16.0874 0x1090  Bluetooth OBEX Service - ok
22:15:16.0909 0x1090  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
22:15:16.0912 0x1090  bowser - ok
22:15:16.0953 0x1090  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
22:15:16.0954 0x1090  BrFiltLo - ok
22:15:16.0966 0x1090  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
22:15:16.0967 0x1090  BrFiltUp - ok
22:15:17.0013 0x1090  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
22:15:17.0017 0x1090  Browser - ok
22:15:17.0037 0x1090  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
22:15:17.0045 0x1090  Brserid - ok
22:15:17.0064 0x1090  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
22:15:17.0066 0x1090  BrSerWdm - ok
22:15:17.0122 0x1090  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
22:15:17.0123 0x1090  BrUsbMdm - ok
22:15:17.0134 0x1090  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
22:15:17.0136 0x1090  BrUsbSer - ok
22:15:17.0204 0x1090  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
22:15:17.0205 0x1090  BthEnum - ok
22:15:17.0233 0x1090  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
22:15:17.0236 0x1090  BTHMODEM - ok
22:15:17.0261 0x1090  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
22:15:17.0265 0x1090  BthPan - ok
22:15:17.0311 0x1090  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
22:15:17.0322 0x1090  BTHPORT - ok
22:15:17.0362 0x1090  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
22:15:17.0365 0x1090  bthserv - ok
22:15:17.0386 0x1090  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
22:15:17.0388 0x1090  BTHUSB - ok
22:15:17.0428 0x1090  [ 44FFFF590169E88441FB2BC86277457A, 57F251376365DEF3EC0E7686BD62267D96498B93CEC60FB9431E8170869F3A72 ] BTMCOM          C:\windows\system32\Drivers\btmcom.sys
22:15:17.0430 0x1090  BTMCOM - ok
22:15:17.0463 0x1090  [ 68FB465327CE3A980911B197F19E1614, 7270F829AB3752F444FDEACE831D907A84FAAE396B7FFC9A6B22A1A1A16BC5AA ] BTMUSB          C:\windows\system32\Drivers\btmusb.sys
22:15:17.0473 0x1090  BTMUSB - ok
22:15:17.0551 0x1090  [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5        C:\windows\system32\drivers\BVRPMPR5.SYS
22:15:17.0553 0x1090  BVRPMPR5 - ok
22:15:17.0599 0x1090  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
22:15:17.0602 0x1090  cdfs - ok
22:15:17.0643 0x1090  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
22:15:17.0647 0x1090  cdrom - ok
22:15:17.0692 0x1090  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
22:15:17.0695 0x1090  CertPropSvc - ok
22:15:17.0729 0x1090  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
22:15:17.0731 0x1090  circlass - ok
22:15:17.0786 0x1090  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\windows\system32\CLFS.sys
22:15:17.0793 0x1090  CLFS - ok
22:15:17.0873 0x1090  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:15:17.0876 0x1090  clr_optimization_v2.0.50727_32 - ok
22:15:17.0966 0x1090  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:15:17.0970 0x1090  clr_optimization_v4.0.30319_32 - ok
22:15:17.0998 0x1090  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
22:15:18.0000 0x1090  CmBatt - ok
22:15:18.0031 0x1090  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
22:15:18.0033 0x1090  cmdide - ok
22:15:18.0073 0x1090  [ 42F158036BD4C2FF3122BF142E60E6FD, BE7671C6FCE488A625DBA4F4F507664A12A31CF5CA564CC38E4C05FD8A86FB5D ] CNG             C:\windows\system32\Drivers\cng.sys
22:15:18.0083 0x1090  CNG - ok
22:15:18.0125 0x1090  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
22:15:18.0127 0x1090  Compbatt - ok
22:15:18.0169 0x1090  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
22:15:18.0172 0x1090  CompositeBus - ok
22:15:18.0188 0x1090  COMSysApp - ok
22:15:18.0208 0x1090  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
22:15:18.0210 0x1090  crcdisk - ok
22:15:18.0259 0x1090  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\windows\system32\cryptsvc.dll
22:15:18.0264 0x1090  CryptSvc - ok
22:15:18.0410 0x1090  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:15:18.0426 0x1090  cvhsvc - ok
22:15:18.0488 0x1090  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
22:15:18.0501 0x1090  DcomLaunch - ok
22:15:18.0543 0x1090  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
22:15:18.0550 0x1090  defragsvc - ok
22:15:18.0593 0x1090  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
22:15:18.0595 0x1090  DfsC - ok
22:15:18.0631 0x1090  [ 649705E3DAE598BC0F957BACBF9A2BD5, DC3FF2D703AA8AF5CCDF996E2130E71AD0666C5C7E8AD8C41775820A8FAD9413 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
22:15:18.0635 0x1090  dg_ssudbus - ok
22:15:18.0688 0x1090  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
22:15:18.0696 0x1090  Dhcp - ok
22:15:18.0729 0x1090  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
22:15:18.0730 0x1090  discache - ok
22:15:18.0782 0x1090  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\DRIVERS\disk.sys
22:15:18.0784 0x1090  Disk - ok
22:15:18.0817 0x1090  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
22:15:18.0822 0x1090  Dnscache - ok
22:15:18.0864 0x1090  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
22:15:18.0871 0x1090  dot3svc - ok
22:15:18.0922 0x1090  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
22:15:18.0928 0x1090  DPS - ok
22:15:18.0959 0x1090  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
22:15:18.0960 0x1090  drmkaud - ok
22:15:19.0019 0x1090  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
22:15:19.0034 0x1090  DXGKrnl - ok
22:15:19.0069 0x1090  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
22:15:19.0074 0x1090  EapHost - ok
22:15:19.0214 0x1090  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
22:15:19.0323 0x1090  ebdrv - ok
22:15:19.0362 0x1090  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\windows\System32\lsass.exe
22:15:19.0366 0x1090  EFS - ok
22:15:19.0452 0x1090  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\windows\ehome\ehRecvr.exe
22:15:19.0472 0x1090  ehRecvr - ok
22:15:19.0509 0x1090  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\windows\ehome\ehsched.exe
22:15:19.0513 0x1090  ehSched - ok
22:15:19.0566 0x1090  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
22:15:19.0577 0x1090  elxstor - ok
22:15:19.0630 0x1090  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
22:15:19.0632 0x1090  ErrDev - ok
22:15:19.0683 0x1090  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
22:15:19.0692 0x1090  EventSystem - ok
22:15:19.0744 0x1090  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
22:15:19.0748 0x1090  exfat - ok
22:15:19.0768 0x1090  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
22:15:19.0773 0x1090  fastfat - ok
22:15:19.0838 0x1090  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
22:15:19.0858 0x1090  Fax - ok
22:15:19.0903 0x1090  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
22:15:19.0905 0x1090  fdc - ok
22:15:19.0931 0x1090  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
22:15:19.0933 0x1090  fdPHost - ok
22:15:19.0952 0x1090  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
22:15:19.0955 0x1090  FDResPub - ok
22:15:19.0996 0x1090  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
22:15:19.0997 0x1090  FileInfo - ok
22:15:20.0011 0x1090  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
22:15:20.0012 0x1090  Filetrace - ok
22:15:20.0071 0x1090  [ 3D9B36631032FDE0FFEA0DC0260E4E35, 48B574A67D3FA015EBD078715CEC3E2B63B939D379CD4B40BFBB80397A2C58B3 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:15:20.0084 0x1090  FLEXnet Licensing Service - ok
22:15:20.0138 0x1090  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
22:15:20.0140 0x1090  flpydisk - ok
22:15:20.0190 0x1090  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
22:15:20.0195 0x1090  FltMgr - ok
22:15:20.0275 0x1090  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\windows\system32\FntCache.dll
22:15:20.0320 0x1090  FontCache - ok
22:15:20.0372 0x1090  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:15:20.0375 0x1090  FontCache3.0.0.0 - ok
22:15:20.0417 0x1090  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
22:15:20.0419 0x1090  FsDepends - ok
22:15:20.0459 0x1090  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
22:15:20.0461 0x1090  Fs_Rec - ok
22:15:20.0516 0x1090  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
22:15:20.0521 0x1090  fvevol - ok
22:15:20.0573 0x1090  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
22:15:20.0576 0x1090  gagp30kx - ok
22:15:20.0633 0x1090  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
22:15:20.0666 0x1090  gpsvc - ok
22:15:20.0788 0x1090  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:15:20.0792 0x1090  gupdate - ok
22:15:20.0825 0x1090  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:15:20.0829 0x1090  gupdatem - ok
22:15:20.0851 0x1090  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
22:15:20.0852 0x1090  hcw85cir - ok
22:15:20.0915 0x1090  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:15:20.0924 0x1090  HdAudAddService - ok
22:15:20.0960 0x1090  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
22:15:20.0964 0x1090  HDAudBus - ok
22:15:20.0985 0x1090  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
22:15:20.0987 0x1090  HidBatt - ok
22:15:21.0007 0x1090  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
22:15:21.0011 0x1090  HidBth - ok
22:15:21.0022 0x1090  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
22:15:21.0024 0x1090  HidIr - ok
22:15:21.0061 0x1090  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\system32\hidserv.dll
22:15:21.0065 0x1090  hidserv - ok
22:15:21.0127 0x1090  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
22:15:21.0129 0x1090  HidUsb - ok
22:15:21.0164 0x1090  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
22:15:21.0168 0x1090  hkmsvc - ok
22:15:21.0205 0x1090  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:15:21.0213 0x1090  HomeGroupListener - ok
22:15:21.0253 0x1090  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:15:21.0261 0x1090  HomeGroupProvider - ok
22:15:21.0391 0x1090  [ 45A12CACB97B4F15858FCFD59355A1E9, E4D671F1E413D1C45CC797C93FC042FEC9B0AE9F7039C82E516A410AD49100AA ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
22:15:21.0396 0x1090  HP Health Check Service - ok
22:15:21.0490 0x1090  [ F55442690A70A0278A7EED4FAAEBF576, 9BE7A30A08DB05D38994B14F53C9178552DE5898DB016B171E20E3046046B296 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:15:21.0493 0x1090  HPDrvMntSvc.exe - ok
22:15:21.0544 0x1090  [ 4D94F4D7782657E79EB1352570B563DB, 5563BF93070EEA43BB15E2FE05C80374129B04B6F773502C21AA3D51BF61ECF5 ] hpHotkeyMonitor C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
22:15:21.0550 0x1090  hpHotkeyMonitor - ok
22:15:21.0566 0x1090  [ EE9F88368739554DCCA142AE0214BCB1, 1D48FE1A0D633E998F382C3FC3455FCF7E6CF73EE1B624BEEEC8F82EF45003D6 ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
22:15:21.0567 0x1090  HpqKbFiltr - ok
22:15:21.0647 0x1090  [ 640E51DB253265C3EAC075866B3D2B33, 3408C908AADCA784BA7C0C044CC50B3759E2B142013D4B12B05E97A141036E15 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:15:21.0669 0x1090  hpqwmiex - ok
22:15:21.0730 0x1090  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
22:15:21.0733 0x1090  HpSAMD - ok
22:15:21.0786 0x1090  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\windows\system32\drivers\HTTP.sys
22:15:21.0805 0x1090  HTTP - ok
22:15:21.0873 0x1090  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
22:15:21.0874 0x1090  hwpolicy - ok
22:15:21.0933 0x1090  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
22:15:21.0936 0x1090  i8042prt - ok
22:15:21.0999 0x1090  [ D782F0C741EE2D50AC8D38774597FB2B, 298CC6D317F87DF6F1D1E779FABA28C3471BE4DCCC93304AE9B673AD4760EF32 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:15:22.0007 0x1090  IAANTMON - ok
22:15:22.0041 0x1090  [ D9D3F168A2FD4C2380D98821A3FF3357, 9473479B62CE90CEA91DB3FB6E056280EAB04A6A1AF4D561CCC3E0BC76B413E8 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
22:15:22.0048 0x1090  iaStor - ok
22:15:22.0093 0x1090  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
22:15:22.0101 0x1090  iaStorV - ok
22:15:22.0187 0x1090  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:15:22.0227 0x1090  idsvc - ok
22:15:22.0415 0x1090  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
22:15:22.0585 0x1090  igfx - ok
22:15:22.0647 0x1090  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
22:15:22.0649 0x1090  iirsp - ok
22:15:22.0720 0x1090  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\windows\System32\ikeext.dll
22:15:22.0765 0x1090  IKEEXT - ok
22:15:22.0797 0x1090  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
22:15:22.0799 0x1090  intelide - ok
22:15:22.0827 0x1090  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
22:15:22.0829 0x1090  intelppm - ok
22:15:22.0873 0x1090  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
22:15:22.0878 0x1090  IPBusEnum - ok
22:15:22.0910 0x1090  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
22:15:22.0913 0x1090  IpFilterDriver - ok
22:15:22.0967 0x1090  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
22:15:22.0987 0x1090  iphlpsvc - ok
22:15:23.0016 0x1090  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
22:15:23.0018 0x1090  IPMIDRV - ok
22:15:23.0039 0x1090  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
22:15:23.0042 0x1090  IPNAT - ok
22:15:23.0071 0x1090  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
22:15:23.0072 0x1090  IRENUM - ok
22:15:23.0106 0x1090  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
22:15:23.0108 0x1090  isapnp - ok
22:15:23.0143 0x1090  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
22:15:23.0150 0x1090  iScsiPrt - ok
22:15:23.0190 0x1090  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
22:15:23.0192 0x1090  kbdclass - ok
22:15:23.0239 0x1090  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
22:15:23.0241 0x1090  kbdhid - ok
22:15:23.0273 0x1090  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\windows\system32\lsass.exe
22:15:23.0276 0x1090  KeyIso - ok
22:15:23.0307 0x1090  [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
22:15:23.0309 0x1090  KSecDD - ok
22:15:23.0352 0x1090  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35, CD50885B37F66EFEAE82158EC78AE1D0B58D1F6901E16A1B27D061DE266A09EF ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
22:15:23.0356 0x1090  KSecPkg - ok
22:15:23.0388 0x1090  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
22:15:23.0399 0x1090  KtmRm - ok
22:15:23.0425 0x1090  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
22:15:23.0434 0x1090  LanmanServer - ok
22:15:23.0491 0x1090  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:15:23.0498 0x1090  LanmanWorkstation - ok
22:15:23.0568 0x1090  [ 3503F257B3203F824B1567238EBE17E2, A6F7B0D3C213DC17B266199FAC7F242529A1C030244A819BDBDB892BF2969FD3 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:15:23.0570 0x1090  LightScribeService - ok
22:15:23.0634 0x1090  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
22:15:23.0636 0x1090  lltdio - ok
22:15:23.0678 0x1090  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
22:15:23.0686 0x1090  lltdsvc - ok
22:15:23.0707 0x1090  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
22:15:23.0711 0x1090  lmhosts - ok
22:15:23.0747 0x1090  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
22:15:23.0751 0x1090  LSI_FC - ok
22:15:23.0768 0x1090  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
22:15:23.0771 0x1090  LSI_SAS - ok
22:15:23.0802 0x1090  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
22:15:23.0805 0x1090  LSI_SAS2 - ok
22:15:23.0821 0x1090  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
22:15:23.0825 0x1090  LSI_SCSI - ok
22:15:23.0863 0x1090  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
22:15:23.0866 0x1090  luafv - ok
22:15:23.0915 0x1090  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
22:15:23.0920 0x1090  Mcx2Svc - ok
22:15:23.0954 0x1090  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
22:15:23.0956 0x1090  megasas - ok
22:15:23.0991 0x1090  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
22:15:23.0998 0x1090  MegaSR - ok
22:15:24.0123 0x1090  Microsoft SharePoint Workspace Audit Service - ok
22:15:24.0148 0x1090  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
22:15:24.0153 0x1090  MMCSS - ok
22:15:24.0180 0x1090  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
22:15:24.0183 0x1090  Modem - ok
22:15:24.0216 0x1090  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
22:15:24.0218 0x1090  monitor - ok
22:15:24.0256 0x1090  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
22:15:24.0258 0x1090  mouclass - ok
22:15:24.0296 0x1090  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
22:15:24.0297 0x1090  mouhid - ok
22:15:24.0351 0x1090  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
22:15:24.0354 0x1090  mountmgr - ok
22:15:24.0433 0x1090  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:15:24.0437 0x1090  MozillaMaintenance - ok
22:15:24.0458 0x1090  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
22:15:24.0462 0x1090  mpio - ok
22:15:24.0498 0x1090  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
22:15:24.0501 0x1090  mpsdrv - ok
22:15:24.0547 0x1090  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
22:15:24.0569 0x1090  MpsSvc - ok
22:15:24.0621 0x1090  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
22:15:24.0625 0x1090  MRxDAV - ok
22:15:24.0666 0x1090  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
22:15:24.0670 0x1090  mrxsmb - ok
22:15:24.0710 0x1090  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
22:15:24.0717 0x1090  mrxsmb10 - ok
22:15:24.0739 0x1090  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
22:15:24.0742 0x1090  mrxsmb20 - ok
22:15:24.0765 0x1090  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
22:15:24.0767 0x1090  msahci - ok
22:15:24.0811 0x1090  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\windows\system32\drivers\msdsm.sys
22:15:24.0815 0x1090  msdsm - ok
22:15:24.0833 0x1090  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\windows\System32\msdtc.exe
22:15:24.0840 0x1090  MSDTC - ok
22:15:24.0886 0x1090  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
22:15:24.0887 0x1090  Msfs - ok
22:15:24.0904 0x1090  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
22:15:24.0905 0x1090  mshidkmdf - ok
22:15:24.0935 0x1090  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
22:15:24.0937 0x1090  msisadrv - ok
22:15:24.0983 0x1090  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
22:15:24.0988 0x1090  MSiSCSI - ok
22:15:24.0994 0x1090  msiserver - ok
22:15:25.0036 0x1090  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
22:15:25.0038 0x1090  MSKSSRV - ok
22:15:25.0075 0x1090  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
22:15:25.0077 0x1090  MSPCLOCK - ok
22:15:25.0094 0x1090  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
22:15:25.0095 0x1090  MSPQM - ok
22:15:25.0112 0x1090  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
22:15:25.0117 0x1090  MsRPC - ok
22:15:25.0159 0x1090  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
22:15:25.0161 0x1090  mssmbios - ok
22:15:25.0211 0x1090  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
22:15:25.0213 0x1090  MSTEE - ok
22:15:25.0223 0x1090  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
22:15:25.0225 0x1090  MTConfig - ok
22:15:25.0251 0x1090  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\windows\system32\Drivers\mup.sys
22:15:25.0253 0x1090  Mup - ok
22:15:25.0301 0x1090  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
22:15:25.0313 0x1090  napagent - ok
22:15:25.0363 0x1090  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
22:15:25.0371 0x1090  NativeWifiP - ok
22:15:25.0448 0x1090  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\windows\system32\drivers\ndis.sys
22:15:25.0492 0x1090  NDIS - ok
22:15:25.0536 0x1090  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
22:15:25.0538 0x1090  NdisCap - ok
22:15:25.0563 0x1090  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
22:15:25.0565 0x1090  NdisTapi - ok
22:15:25.0605 0x1090  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
22:15:25.0608 0x1090  Ndisuio - ok
22:15:25.0648 0x1090  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
22:15:25.0652 0x1090  NdisWan - ok
22:15:25.0681 0x1090  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
22:15:25.0683 0x1090  NDProxy - ok
22:15:25.0725 0x1090  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
22:15:25.0727 0x1090  NetBIOS - ok
22:15:25.0778 0x1090  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
22:15:25.0784 0x1090  NetBT - ok
22:15:25.0796 0x1090  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\windows\system32\lsass.exe
22:15:25.0799 0x1090  Netlogon - ok
22:15:25.0836 0x1090  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
22:15:25.0847 0x1090  Netman - ok
22:15:25.0874 0x1090  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
22:15:25.0886 0x1090  netprofm - ok
22:15:25.0957 0x1090  [ 091D731C04E7A1543B391A5B883B4598, 5D009409A886AE667711980ACFC2B69690125D82BC4BA64B2E11DBEC1E22387A ] netr28          C:\windows\system32\DRIVERS\netr28.sys
22:15:25.0973 0x1090  netr28 - ok
22:15:26.0010 0x1090  [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:15:26.0015 0x1090  NetTcpPortSharing - ok
22:15:26.0034 0x1090  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
22:15:26.0036 0x1090  nfrd960 - ok
22:15:26.0080 0x1090  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\windows\System32\nlasvc.dll
22:15:26.0089 0x1090  NlaSvc - ok
22:15:26.0119 0x1090  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
22:15:26.0121 0x1090  Npfs - ok
22:15:26.0147 0x1090  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\windows\system32\nsisvc.dll
22:15:26.0152 0x1090  nsi - ok
22:15:26.0159 0x1090  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
22:15:26.0160 0x1090  nsiproxy - ok
22:15:26.0245 0x1090  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
22:15:26.0312 0x1090  Ntfs - ok
22:15:26.0342 0x1090  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
22:15:26.0343 0x1090  Null - ok
22:15:26.0393 0x1090  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\windows\system32\drivers\nvraid.sys
22:15:26.0397 0x1090  nvraid - ok
22:15:26.0437 0x1090  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
22:15:26.0441 0x1090  nvstor - ok
22:15:26.0472 0x1090  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
22:15:26.0476 0x1090  nv_agp - ok
22:15:26.0506 0x1090  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
22:15:26.0509 0x1090  ohci1394 - ok
22:15:26.0578 0x1090  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:15:26.0583 0x1090  ose - ok
22:15:26.0811 0x1090  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:15:26.0977 0x1090  osppsvc - ok
22:15:27.0047 0x1090  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
22:15:27.0057 0x1090  p2pimsvc - ok
22:15:27.0100 0x1090  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
22:15:27.0112 0x1090  p2psvc - ok
22:15:27.0140 0x1090  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\windows\system32\DRIVERS\parport.sys
22:15:27.0143 0x1090  Parport - ok
22:15:27.0173 0x1090  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\windows\system32\drivers\partmgr.sys
22:15:27.0176 0x1090  partmgr - ok
22:15:27.0198 0x1090  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
22:15:27.0199 0x1090  Parvdm - ok
22:15:27.0243 0x1090  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\windows\System32\pcasvc.dll
22:15:27.0251 0x1090  PcaSvc - ok
22:15:27.0271 0x1090  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\windows\system32\drivers\pci.sys
22:15:27.0275 0x1090  pci - ok
22:15:27.0322 0x1090  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
22:15:27.0324 0x1090  pciide - ok
22:15:27.0379 0x1090  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
22:15:27.0385 0x1090  pcmcia - ok
22:15:27.0418 0x1090  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\windows\system32\drivers\pcw.sys
22:15:27.0420 0x1090  pcw - ok
22:15:27.0464 0x1090  pdfcDispatcher - ok
22:15:27.0516 0x1090  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
22:15:27.0537 0x1090  PEAUTH - ok
22:15:27.0636 0x1090  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\windows\system32\pla.dll
22:15:27.0705 0x1090  pla - ok
22:15:27.0777 0x1090  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
22:15:27.0789 0x1090  PlugPlay - ok
22:15:27.0823 0x1090  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
22:15:27.0828 0x1090  PNRPAutoReg - ok
22:15:27.0869 0x1090  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
22:15:27.0878 0x1090  PNRPsvc - ok
22:15:27.0936 0x1090  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
22:15:27.0948 0x1090  PolicyAgent - ok
22:15:27.0994 0x1090  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\windows\system32\umpo.dll
22:15:28.0002 0x1090  Power - ok
22:15:28.0053 0x1090  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
22:15:28.0056 0x1090  PptpMiniport - ok
22:15:28.0096 0x1090  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\windows\system32\DRIVERS\processr.sys
22:15:28.0099 0x1090  Processor - ok
22:15:28.0145 0x1090  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\windows\system32\profsvc.dll
22:15:28.0153 0x1090  ProfSvc - ok
22:15:28.0173 0x1090  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\windows\system32\lsass.exe
22:15:28.0177 0x1090  ProtectedStorage - ok
22:15:28.0234 0x1090  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
22:15:28.0237 0x1090  Psched - ok
22:15:28.0264 0x1090  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
22:15:28.0269 0x1090  PSI_SVC_2 - ok
22:15:28.0327 0x1090  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
22:15:28.0330 0x1090  PxHelp20 - ok
22:15:28.0410 0x1090  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
22:15:28.0469 0x1090  ql2300 - ok
22:15:28.0496 0x1090  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
22:15:28.0499 0x1090  ql40xx - ok
22:15:28.0529 0x1090  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\windows\system32\qwave.dll
22:15:28.0539 0x1090  QWAVE - ok
22:15:28.0570 0x1090  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
22:15:28.0572 0x1090  QWAVEdrv - ok
22:15:28.0592 0x1090  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
22:15:28.0594 0x1090  RasAcd - ok
22:15:28.0631 0x1090  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
22:15:28.0633 0x1090  RasAgileVpn - ok
22:15:28.0674 0x1090  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\windows\System32\rasauto.dll
22:15:28.0680 0x1090  RasAuto - ok
22:15:28.0694 0x1090  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
22:15:28.0697 0x1090  Rasl2tp - ok
22:15:28.0751 0x1090  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
22:15:28.0762 0x1090  RasMan - ok
22:15:28.0782 0x1090  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
22:15:28.0785 0x1090  RasPppoe - ok
22:15:28.0826 0x1090  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
22:15:28.0829 0x1090  RasSstp - ok
22:15:28.0865 0x1090  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
22:15:28.0872 0x1090  rdbss - ok
22:15:28.0894 0x1090  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
22:15:28.0896 0x1090  rdpbus - ok
22:15:28.0924 0x1090  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
22:15:28.0925 0x1090  RDPCDD - ok
22:15:28.0983 0x1090  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
22:15:28.0984 0x1090  RDPENCDD - ok
22:15:28.0995 0x1090  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
22:15:28.0996 0x1090  RDPREFMP - ok
22:15:29.0076 0x1090  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
22:15:29.0078 0x1090  RdpVideoMiniport - ok
22:15:29.0117 0x1090  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
22:15:29.0123 0x1090  RDPWD - ok
22:15:29.0165 0x1090  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
22:15:29.0171 0x1090  rdyboost - ok
22:15:29.0203 0x1090  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
22:15:29.0208 0x1090  RemoteAccess - ok
22:15:29.0264 0x1090  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
22:15:29.0271 0x1090  RemoteRegistry - ok
22:15:29.0301 0x1090  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
22:15:29.0305 0x1090  RFCOMM - ok
22:15:29.0321 0x1090  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
22:15:29.0327 0x1090  RpcEptMapper - ok
22:15:29.0357 0x1090  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
22:15:29.0361 0x1090  RpcLocator - ok
22:15:29.0399 0x1090  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\windows\system32\rpcss.dll
22:15:29.0411 0x1090  RpcSs - ok
22:15:29.0472 0x1090  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
22:15:29.0474 0x1090  rspndr - ok
22:15:29.0535 0x1090  [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
22:15:29.0546 0x1090  RTL8167 - ok
22:15:29.0584 0x1090  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\windows\system32\lsass.exe
22:15:29.0587 0x1090  SamSs - ok
22:15:29.0691 0x1090  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:15:29.0692 0x1090  SASDIFSV - ok
22:15:29.0723 0x1090  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:15:29.0726 0x1090  SASKUTIL - ok
22:15:29.0761 0x1090  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
22:15:29.0764 0x1090  sbp2port - ok
22:15:29.0793 0x1090  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
22:15:29.0801 0x1090  SCardSvr - ok
22:15:29.0812 0x1090  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
22:15:29.0814 0x1090  scfilter - ok
22:15:29.0883 0x1090  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\windows\system32\schedsvc.dll
22:15:29.0928 0x1090  Schedule - ok
22:15:29.0970 0x1090  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\windows\System32\certprop.dll
22:15:29.0972 0x1090  SCPolicySvc - ok
22:15:30.0004 0x1090  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
22:15:30.0011 0x1090  SDRSVC - ok
22:15:30.0062 0x1090  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
22:15:30.0064 0x1090  secdrv - ok
22:15:30.0095 0x1090  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\windows\system32\seclogon.dll
22:15:30.0101 0x1090  seclogon - ok
22:15:30.0112 0x1090  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\System32\sens.dll
22:15:30.0117 0x1090  SENS - ok
22:15:30.0151 0x1090  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\windows\system32\sensrsvc.dll
22:15:30.0156 0x1090  SensrSvc - ok
22:15:30.0213 0x1090  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
22:15:30.0215 0x1090  Serenum - ok
22:15:30.0242 0x1090  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\DRIVERS\serial.sys
22:15:30.0245 0x1090  Serial - ok
22:15:30.0271 0x1090  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
22:15:30.0272 0x1090  sermouse - ok
22:15:30.0328 0x1090  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
22:15:30.0336 0x1090  SessionEnv - ok
22:15:30.0367 0x1090  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
22:15:30.0369 0x1090  sffdisk - ok
22:15:30.0374 0x1090  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
22:15:30.0376 0x1090  sffp_mmc - ok
22:15:30.0390 0x1090  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
22:15:30.0392 0x1090  sffp_sd - ok
22:15:30.0427 0x1090  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
22:15:30.0428 0x1090  sfloppy - ok
22:15:30.0478 0x1090  [ EC5C79BD81F0C55DF53F4818D4F1C2C8, B9650F484CF918781CA3B02278F19E73FA3B619133F75C0C42FEB788A183E0CB ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
22:15:30.0497 0x1090  Sftfs - ok
22:15:30.0579 0x1090  [ 1AEBDC693C74EA55FE05D51FA6573EBC, 92E3A6C8D3B5193BD2831DD47C4C58419F72ABC2C21C71A9A690CCFC2D05CBB0 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
22:15:30.0591 0x1090  sftlist - ok
22:15:30.0613 0x1090  [ A224670FB892A205E4D99E06C0B85C7C, 3E2E401FF5E0E9EE4C2BE9F5C3144086F5AB015789C36D7263BBAB59FEEB74C7 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
22:15:30.0619 0x1090  Sftplay - ok
22:15:30.0633 0x1090  [ 9D354D425FB55CDF0EDC7F67FBC5B04E, C3B68F8B5F34B73EF6588DCBB67BE7CB3E59918E7A58D90A83E3D8EBB6ECA291 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
22:15:30.0635 0x1090  Sftredir - ok
22:15:30.0655 0x1090  [ F369D6B89AA610174A4E90C8513B7C7A, 2AEFA10F57C0ED0466611957DED5425363608E88414DD7DCF74E182117B12F5A ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
22:15:30.0657 0x1090  Sftvol - ok
22:15:30.0674 0x1090  [ 19D34534176E62F35DDB7DC7B7FF2A87, DBBB9155B62482E4782E5302193586514880734BD3617FDCB51798EB404758D6 ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
22:15:30.0680 0x1090  sftvsa - ok
22:15:30.0723 0x1090  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
22:15:30.0734 0x1090  SharedAccess - ok
22:15:30.0777 0x1090  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:15:30.0789 0x1090  ShellHWDetection - ok
22:15:30.0829 0x1090  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
22:15:30.0831 0x1090  sisagp - ok
22:15:30.0846 0x1090  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
22:15:30.0849 0x1090  SiSRaid2 - ok
22:15:30.0863 0x1090  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
22:15:30.0866 0x1090  SiSRaid4 - ok
22:15:30.0955 0x1090  [ 3E587DBBDFF938DDE5D4CE4047BE9041, CA13B2C50FB09365362077AEC4B25120CF09F8C35702F645922D618FE57B5E05 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:15:30.0960 0x1090  SkypeUpdate - ok
22:15:31.0009 0x1090  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\windows\system32\DRIVERS\smb.sys
22:15:31.0012 0x1090  Smb - ok
22:15:31.0058 0x1090  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
22:15:31.0063 0x1090  SNMPTRAP - ok
22:15:31.0160 0x1090  [ CC04244AD00F3ECC9ED67B973D224DDE, FE864A649CEA00743ABDC5D3CC078B06C7695E27BF749A1567241FFF860EE391 ] SNP2UVC         C:\windows\system32\DRIVERS\snp2uvc.sys
22:15:31.0228 0x1090  SNP2UVC - ok
22:15:31.0245 0x1090  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\windows\system32\drivers\spldr.sys
22:15:31.0247 0x1090  spldr - ok
22:15:31.0280 0x1090  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\windows\System32\spoolsv.exe
22:15:31.0291 0x1090  Spooler - ok
22:15:31.0417 0x1090  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
22:15:31.0545 0x1090  sppsvc - ok
22:15:31.0595 0x1090  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\windows\system32\sppuinotify.dll
22:15:31.0601 0x1090  sppuinotify - ok
22:15:31.0635 0x1090  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\windows\system32\DRIVERS\srv.sys
22:15:31.0642 0x1090  srv - ok
22:15:31.0662 0x1090  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
22:15:31.0670 0x1090  srv2 - ok
22:15:31.0686 0x1090  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
22:15:31.0690 0x1090  srvnet - ok
22:15:31.0719 0x1090  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
22:15:31.0728 0x1090  SSDPSRV - ok
22:15:31.0745 0x1090  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\windows\system32\sstpsvc.dll
22:15:31.0752 0x1090  SstpSvc - ok
22:15:31.0810 0x1090  [ BCB4E273147AFCAFDFC0DA59AF9E6E25, 27143BD55995AFF9819A34F726EDC3F32422B2251EABBE1E022DD4979503F668 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
22:15:31.0815 0x1090  ssudmdm - ok
22:15:31.0935 0x1090  [ 9C1EA4217DC30E085F8418474DCC3616, E0EE15A79B50894D407B6EFEF3E14A4552AF0C95F2F61F51F2DBA790D1F8B66C ] STacSV          C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
22:15:31.0941 0x1090  STacSV - ok
22:15:31.0981 0x1090  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
22:15:31.0983 0x1090  stexstor - ok
22:15:32.0028 0x1090  [ C502802475B7A2CB843F9F815D7DDC36, 198E33D19D8B90646D134644DAF0567597CC83C3172E9C16097C98EE3588DA52 ] STHDA           C:\windows\system32\DRIVERS\stwrt.sys
22:15:32.0039 0x1090  STHDA - ok
22:15:32.0088 0x1090  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
22:15:32.0111 0x1090  StiSvc - ok
22:15:32.0149 0x1090  [ AD989072596AB313D7FA13BCF69573F7, 99EC6744DF8571F52C931C743A48E0275EF155AA825CA083A84BE369CBF00622 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:15:32.0152 0x1090  stllssvr - ok
22:15:32.0188 0x1090  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\drivers\swenum.sys
22:15:32.0190 0x1090  swenum - ok
22:15:32.0220 0x1090  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\windows\System32\swprv.dll
22:15:32.0232 0x1090  swprv - ok
22:15:32.0321 0x1090  [ 0E8676FB3BB95AA40FDF7A4A31018C8B, C14931CB26830E2A720C4DA5C16E2CBF1BDDDBD253257491F0D84EF5C94437E4 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
22:15:32.0367 0x1090  SynTP - ok
22:15:32.0432 0x1090  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\windows\system32\sysmain.dll
22:15:32.0494 0x1090  SysMain - ok
22:15:32.0543 0x1090  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
22:15:32.0550 0x1090  TabletInputService - ok
22:15:32.0598 0x1090  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\windows\System32\tapisrv.dll
22:15:32.0608 0x1090  TapiSrv - ok
22:15:32.0651 0x1090  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\windows\System32\tbssvc.dll
22:15:32.0657 0x1090  TBS - ok
22:15:32.0748 0x1090  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\windows\system32\drivers\tcpip.sys
22:15:32.0810 0x1090  Tcpip - ok
22:15:32.0855 0x1090  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
22:15:32.0881 0x1090  TCPIP6 - ok
22:15:32.0930 0x1090  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
22:15:32.0932 0x1090  tcpipreg - ok
22:15:32.0963 0x1090  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
22:15:32.0965 0x1090  TDPIPE - ok
22:15:32.0978 0x1090  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
22:15:32.0980 0x1090  TDTCP - ok
22:15:33.0019 0x1090  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
22:15:33.0022 0x1090  tdx - ok
22:15:33.0047 0x1090  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\drivers\termdd.sys
22:15:33.0049 0x1090  TermDD - ok
22:15:33.0110 0x1090  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\windows\System32\termsrv.dll
22:15:33.0143 0x1090  TermService - ok
22:15:33.0175 0x1090  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
22:15:33.0181 0x1090  Themes - ok
22:15:33.0193 0x1090  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\windows\system32\mmcss.dll
22:15:33.0197 0x1090  THREADORDER - ok
22:15:33.0252 0x1090  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\windows\system32\drivers\tpm.sys
22:15:33.0254 0x1090  TPM - ok
22:15:33.0299 0x1090  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
22:15:33.0306 0x1090  TrkWks - ok
22:15:33.0372 0x1090  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:15:33.0378 0x1090  TrustedInstaller - ok
22:15:33.0421 0x1090  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
22:15:33.0423 0x1090  tssecsrv - ok
22:15:33.0482 0x1090  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
22:15:33.0484 0x1090  TsUsbFlt - ok
22:15:33.0548 0x1090  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
22:15:33.0552 0x1090  tunnel - ok
22:15:33.0570 0x1090  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
22:15:33.0573 0x1090  uagp35 - ok
22:15:33.0597 0x1090  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
22:15:33.0605 0x1090  udfs - ok
22:15:33.0657 0x1090  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\windows\system32\UI0Detect.exe
22:15:33.0663 0x1090  UI0Detect - ok
22:15:33.0692 0x1090  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
22:15:33.0695 0x1090  uliagpkx - ok
22:15:33.0736 0x1090  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\windows\system32\drivers\umbus.sys
22:15:33.0739 0x1090  umbus - ok
22:15:33.0775 0x1090  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
22:15:33.0777 0x1090  UmPass - ok
22:15:33.0815 0x1090  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
22:15:33.0826 0x1090  upnphost - ok
22:15:33.0858 0x1090  [ 71D97F1A3CC47A56728F7A400A3F8295, ED3FDB73D8A98D9BAF702C0F5C7AD79D525D19DCE1487D442536913BEA5C7F15 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
22:15:33.0861 0x1090  usbccgp - ok
22:15:33.0906 0x1090  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
22:15:33.0909 0x1090  usbcir - ok
22:15:33.0942 0x1090  [ C4FB8E7ADEA9B5CEEA885A1B504B7E40, 3E0AE5D236890452F2EA33504309A7E5FE49C567FF6F68A83A5987F05ED01BF0 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
22:15:33.0944 0x1090  usbehci - ok
22:15:33.0970 0x1090  [ 86AA95ACB611001E26CD2C0145F2225A, 584D26E8C9407A4E717DCBF2D3819DB441C2D455B5FDA6654FBA3794E19B4D51 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
22:15:33.0978 0x1090  usbhub - ok
22:15:34.0004 0x1090  [ DCDF9855145A14DFCA0AB32308871961, 9A21013AD032195D54CE655DE5363E78BB74CC55C40B889520B478892F4BA40A ] usbohci         C:\windows\system32\drivers\usbohci.sys
22:15:34.0006 0x1090  usbohci - ok
22:15:34.0044 0x1090  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
22:15:34.0046 0x1090  usbprint - ok
22:15:34.0091 0x1090  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\windows\system32\drivers\usbscan.sys
22:15:34.0093 0x1090  usbscan - ok
22:15:34.0108 0x1090  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
22:15:34.0111 0x1090  USBSTOR - ok
22:15:34.0141 0x1090  [ 8E51D04175BAA14C4F79AA5F6D248770, 6CE2E45E272734A5D1D0C4CE2BD7B61C61C7538903E87203E376495D198EFBD0 ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
22:15:34.0143 0x1090  usbuhci - ok
22:15:34.0193 0x1090  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
22:15:34.0198 0x1090  usbvideo - ok
22:15:34.0239 0x1090  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\windows\System32\uxsms.dll
22:15:34.0245 0x1090  UxSms - ok
22:15:34.0262 0x1090  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\windows\system32\lsass.exe
22:15:34.0265 0x1090  VaultSvc - ok
22:15:34.0298 0x1090  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
22:15:34.0300 0x1090  vdrvroot - ok
22:15:34.0359 0x1090  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\windows\System32\vds.exe
22:15:34.0393 0x1090  vds - ok
22:15:34.0422 0x1090  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
22:15:34.0424 0x1090  vga - ok
22:15:34.0444 0x1090  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\windows\System32\drivers\vga.sys
22:15:34.0446 0x1090  VgaSave - ok
22:15:34.0475 0x1090  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
22:15:34.0480 0x1090  vhdmp - ok
22:15:34.0520 0x1090  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
22:15:34.0522 0x1090  viaagp - ok
22:15:34.0544 0x1090  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
22:15:34.0546 0x1090  ViaC7 - ok
22:15:34.0587 0x1090  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
22:15:34.0589 0x1090  viaide - ok
22:15:34.0606 0x1090  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
22:15:34.0608 0x1090  volmgr - ok
22:15:34.0649 0x1090  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
22:15:34.0658 0x1090  volmgrx - ok
22:15:34.0686 0x1090  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\windows\system32\drivers\volsnap.sys
22:15:34.0694 0x1090  volsnap - ok
22:15:34.0749 0x1090  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
22:15:34.0753 0x1090  vsmraid - ok
22:15:34.0815 0x1090  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\windows\system32\vssvc.exe
22:15:34.0872 0x1090  VSS - ok
22:15:34.0902 0x1090  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
22:15:34.0904 0x1090  vwifibus - ok
22:15:34.0913 0x1090  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
22:15:34.0915 0x1090  vwififlt - ok
22:15:34.0972 0x1090  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\windows\system32\w32time.dll
22:15:34.0984 0x1090  W32Time - ok
22:15:35.0034 0x1090  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
22:15:35.0036 0x1090  WacomPen - ok
22:15:35.0084 0x1090  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
22:15:35.0087 0x1090  WANARP - ok
22:15:35.0092 0x1090  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
22:15:35.0095 0x1090  Wanarpv6 - ok
22:15:35.0179 0x1090  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
22:15:35.0236 0x1090  WatAdminSvc - ok
22:15:35.0315 0x1090  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
22:15:35.0373 0x1090  wbengine - ok
22:15:35.0406 0x1090  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
22:15:35.0415 0x1090  WbioSrvc - ok
22:15:35.0461 0x1090  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\windows\System32\wcncsvc.dll
22:15:35.0474 0x1090  wcncsvc - ok
22:15:35.0503 0x1090  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:15:35.0510 0x1090  WcsPlugInService - ok
22:15:35.0528 0x1090  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\DRIVERS\wd.sys
22:15:35.0530 0x1090  Wd - ok
22:15:35.0584 0x1090  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
22:15:35.0604 0x1090  Wdf01000 - ok
22:15:35.0620 0x1090  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\windows\system32\wdi.dll
22:15:35.0627 0x1090  WdiServiceHost - ok
22:15:35.0633 0x1090  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\windows\system32\wdi.dll
22:15:35.0640 0x1090  WdiSystemHost - ok
22:15:35.0676 0x1090  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\windows\System32\webclnt.dll
22:15:35.0687 0x1090  WebClient - ok
22:15:35.0726 0x1090  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
22:15:35.0735 0x1090  Wecsvc - ok
22:15:35.0749 0x1090  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\windows\System32\wercplsupport.dll
22:15:35.0756 0x1090  wercplsupport - ok
22:15:35.0787 0x1090  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
22:15:35.0794 0x1090  WerSvc - ok
22:15:35.0840 0x1090  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
22:15:35.0842 0x1090  WfpLwf - ok
22:15:35.0868 0x1090  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
22:15:35.0870 0x1090  WIMMount - ok
22:15:35.0964 0x1090  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:15:35.0998 0x1090  WinDefend - ok
22:15:36.0024 0x1090  WinHttpAutoProxySvc - ok
22:15:36.0092 0x1090  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
22:15:36.0097 0x1090  Winmgmt - ok
22:15:36.0171 0x1090  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\windows\system32\WsmSvc.dll
22:15:36.0232 0x1090  WinRM - ok
22:15:36.0299 0x1090  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
22:15:36.0301 0x1090  WinUsb - ok
22:15:36.0355 0x1090  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\windows\System32\wlansvc.dll
22:15:36.0401 0x1090  Wlansvc - ok
22:15:36.0500 0x1090  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:15:36.0576 0x1090  wlidsvc - ok
22:15:36.0603 0x1090  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
22:15:36.0604 0x1090  WmiAcpi - ok
22:15:36.0644 0x1090  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
22:15:36.0649 0x1090  wmiApSrv - ok
22:15:36.0754 0x1090  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:15:36.0776 0x1090  WMPNetworkSvc - ok
22:15:36.0812 0x1090  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
22:15:36.0819 0x1090  WPCSvc - ok
22:15:36.0853 0x1090  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
22:15:36.0861 0x1090  WPDBusEnum - ok
22:15:36.0918 0x1090  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
22:15:36.0920 0x1090  ws2ifsl - ok
22:15:36.0937 0x1090  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\System32\wscsvc.dll
22:15:36.0944 0x1090  wscsvc - ok
22:15:36.0949 0x1090  WSearch - ok
22:15:37.0042 0x1090  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\windows\system32\wuaueng.dll
22:15:37.0097 0x1090  wuauserv - ok
22:15:37.0144 0x1090  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
22:15:37.0147 0x1090  WudfPf - ok
22:15:37.0191 0x1090  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
22:15:37.0196 0x1090  WUDFRd - ok
22:15:37.0234 0x1090  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\windows\System32\WUDFSvc.dll
22:15:37.0242 0x1090  wudfsvc - ok
22:15:37.0286 0x1090  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\windows\System32\wwansvc.dll
22:15:37.0296 0x1090  WwanSvc - ok
22:15:37.0329 0x1090  ================ Scan global ===============================
22:15:37.0366 0x1090  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
22:15:37.0403 0x1090  [ 1F5F07091D50244F17DD8D5147A628CC, 2F2B84BD1C052F44662960953C0EC91F9233D4D8DD06512E3E3BE43CE216BCB6 ] C:\windows\system32\winsrv.dll
22:15:37.0425 0x1090  [ 1F5F07091D50244F17DD8D5147A628CC, 2F2B84BD1C052F44662960953C0EC91F9233D4D8DD06512E3E3BE43CE216BCB6 ] C:\windows\system32\winsrv.dll
22:15:37.0478 0x1090  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
22:15:37.0521 0x1090  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe
22:15:37.0531 0x1090  [ Global ] - ok
22:15:37.0532 0x1090  ================ Scan MBR ==================================
22:15:37.0545 0x1090  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:15:37.0830 0x1090  \Device\Harddisk0\DR0 - ok
22:15:37.0830 0x1090  ================ Scan VBR ==================================
22:15:37.0834 0x1090  [ 0141CD60BB2198D9079560A50A4EE862 ] \Device\Harddisk0\DR0\Partition1
22:15:37.0835 0x1090  \Device\Harddisk0\DR0\Partition1 - ok
22:15:37.0872 0x1090  [ CA0E081FDD96FAD6B2B8F2EDE64FE949 ] \Device\Harddisk0\DR0\Partition2
22:15:37.0874 0x1090  \Device\Harddisk0\DR0\Partition2 - ok
22:15:37.0906 0x1090  [ 445FFDD3F4FBB4792B9561986586BF38 ] \Device\Harddisk0\DR0\Partition3
22:15:37.0907 0x1090  \Device\Harddisk0\DR0\Partition3 - ok
22:15:37.0924 0x1090  [ 2A0DF8B8AC1C660BDEC00930020B1BB7 ] \Device\Harddisk0\DR0\Partition4
22:15:37.0925 0x1090  \Device\Harddisk0\DR0\Partition4 - ok
22:15:37.0926 0x1090  Waiting for KSN requests completion. In queue: 75
22:15:38.0926 0x1090  Waiting for KSN requests completion. In queue: 75
22:15:39.0926 0x1090  Waiting for KSN requests completion. In queue: 75
22:15:40.0969 0x1090  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 8.0.1497.376 ), 0x41000 ( enabled : updated )
22:15:40.0974 0x1090  Win FW state via NFP2: enabled
22:15:43.0645 0x1090  ============================================================
22:15:43.0645 0x1090  Scan finished
22:15:43.0645 0x1090  ============================================================
22:15:43.0655 0x0c10  Detected object count: 0
22:15:43.0655 0x0c10  Actual detected object count: 0
22:17:37.0669 0x0e58  Deinitialize success
 



#6 Danzar1

Danzar1
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 14 October 2013 - 06:51 AM

And here is the ADWCleaner log.

 

# AdwCleaner v3.007 - Report created 14/10/2013 at 22:45:57
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Justin - JUSTIN-LAPTOP
# Running from : C:\Users\Justin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
Folder Deleted : C:\Users\Justin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Justin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\Users\Justin\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\i68st3t6.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6874 octets] - [14/10/2013 22:26:43]
AdwCleaner[S0].txt - [6834 octets] - [14/10/2013 22:45:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6894 octets] ##########
 



#7 Danzar1

Danzar1
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 17 October 2013 - 03:15 AM

Bump?



#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 17 October 2013 - 05:30 AM

You have no rootkits which is good, and you had some nasty spyware it was removed.

Lets check your applications that are allowed to run.

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

No installation required.

Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.

Go File>Save, and save it as AutoRuns.txt file to know location.

You must select Text from drop-down menu as a file type:

p4436801.gif

Copy the Contents of the file in your next reply.

Compliments of Broni

#9 Danzar1

Danzar1
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 17 October 2013 - 08:18 AM

Thank you and sorry to hassle :)

 

Here is the log:

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "12/06/2013 9:01 AM"
+ "avast"    "avast! Antivirus"    "AVAST Software"    "c:\program files\avast software\avast\avastui.exe"    "30/08/2013 6:41 PM"
+ "BCSSync"    "Microsoft Office 2010 component"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\bcssync.exe"    "6/11/2012 2:25 AM"
+ "BTMTrayAgent"    "Bluetooth Shell Extension"    "Motorola, Inc."    "c:\program files\motorola\bluetooth\btmshell.dll"    "10/06/2010 10:25 PM"
+ "IAAnotif"    "Event Monitor User Notification Tool"    "Intel Corporation"    "c:\program files\intel\intel matrix storage manager\iaanotif.exe"    "9/01/2010 8:56 AM"
+ "KiesTrayAgent"    "Kies TrayAgent Application"    "Samsung Electronics Co., Ltd."    "c:\program files\samsung\kies\kiestrayagent.exe"    "16/07/2012 4:16 PM"
+ "Logitech Download Assistant"    "Logitech Download Assistant"    "Logitech, Inc."    "c:\windows\system32\logilda.dll"    "14/09/2012 9:57 AM"
+ "PDF Complete"    "Sentry for PDF"    "PDF Complete Inc"    "c:\program files\pdf complete\pdfsty.exe"    "20/06/1992 9:22 AM"
+ "QLBController"    "QLBController"    "Hewlett-Packard Company"    "c:\program files\hewlett-packard\hp hotkey support\qlbcontroller.exe"    "2/03/2010 3:24 AM"
+ "StartCCC"    "Catalyst® Control Center Launcher"    "Advanced Micro Devices, Inc."    "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"    "5/08/2010 6:50 PM"
+ "SynTPEnh"    "Synaptics TouchPad Enhancements"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenh.exe"    "4/06/2010 12:53 PM"
+ "SysTrayApp"    "IDT PC Audio"    "IDT, Inc."    "c:\program files\idt\wdm\sttray.exe"    "29/01/2010 1:30 PM"
+ "WirelessAssistant"    "HP Wireless Assistant Main Program"    "Hewlett-Packard"    "c:\program files\hewlett-packard\hp wireless assistant\hpwamain.exe"    "2/09/2009 2:25 AM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "25/04/2010 7:41 PM"
+ "Google Chrome"    "Google Chrome"    "Google Inc."    "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe"    "3/10/2013 2:05 PM"
+ "LightScribe Control Panel"    ""    "Hewlett-Packard Company"    "c:\program files\common files\lightscribe\lsrunonce.exe"    "23/01/2010 6:06 AM"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "14/07/2009 10:42 AM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "13/10/2013 12:17 AM"
+ "KiesAirMessage"    ""    ""    "File not found: C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"    ""
+ "KiesPDLR"    "KiesPDLR"    ""    "c:\program files\samsung\kies\external\firmwareupdate\kiespdlr.exe"    "1/08/2012 9:23 PM"
+ "KiesPreload"    "Kies"    "Samsung"    "c:\program files\samsung\kies\kies.exe"    "3/08/2012 5:55 PM"
+ "Spotify Web Helper"    "SpotifyWebHelper"    "Spotify Ltd"    "c:\users\justin\appdata\roaming\spotify\data\spotifywebhelper.exe"    "29/03/2013 2:34 AM"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"    "31/10/2012 3:32 PM"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "linkscanner"    ""    ""    "File not found: C:\Program Files\AVG\AVG2012\avgpp.dll"    ""
+ "ms-help"    "Microsoft® Help Data Services Module"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\help\hxds.dll"    "23/05/2009 7:43 PM"
+ "skype-ie-addon-data"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"    "15/05/2013 12:25 AM"
+ "skype4com"    "Skype for COM API"    "Skype Technologies"    "c:\program files\common files\skype\skype4com.dll"    "26/02/2013 9:25 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""    "13/10/2013 12:00 AM"
+ "Groove GFS Stub Execution Hook"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
+ "SABShellExecuteHook Class"    "ShellExecuteHook"    "SuperAdBlocker.com"    "c:\program files\superantispyware\sasseh.dll"    "19/07/2011 10:22 AM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"    "19/11/2010 3:08 AM"
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"    "30/08/2013 6:37 PM"
+ "BTMSentToExt"    "Bluetooth Shell Extension"    "Motorola, Inc."    "c:\program files\motorola\bluetooth\btmshell.dll"    "10/06/2010 10:25 PM"
+ "SASContextMenu Class"    "SUPERAntiSpyware Context Menu Extension"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasctxmn.dll"    "24/05/2013 6:59 AM"
+ "ScanNow"    ""    ""    "File not found: C:\Program Files\McAfee\Managed VirusScan\VScan\mvsshext5.1.0.325.dll"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "6/04/2010 1:47 AM"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"    "30/08/2013 6:37 PM"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"    "1/03/2013 7:39 AM"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "12/02/2011 9:18 AM"
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"    "19/11/2010 3:08 AM"
+ "SASContextMenu Class"    "SUPERAntiSpyware Context Menu Extension"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasctxmn.dll"    "24/05/2013 6:59 AM"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "6/04/2010 1:47 AM"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""    "12/02/2011 9:18 AM"
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"    "19/11/2010 3:08 AM"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "6/04/2010 1:47 AM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "ACE"    "AMD Desktop Control Panel"    "Advanced Micro Devices, Inc."    "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"    "5/08/2010 6:51 PM"
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"    "14/07/2009 12:09 PM"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"    "30/08/2013 6:37 PM"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"    "1/03/2013 7:39 AM"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "6/04/2010 1:47 AM"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "6/04/2010 1:47 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "13/10/2013 12:00 AM"
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"    "30/08/2013 6:37 PM"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "13/10/2013 12:00 AM"
+ "avast! WebRep"    "IE Webrep plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie.dll"    "30/08/2013 6:44 PM"
+ "Groove GFS Browser Helper"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"    "9/03/2013 11:09 AM"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\jp2ssv.dll"    "16/02/2013 9:46 AM"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\ssv.dll"    "16/02/2013 9:46 AM"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\urlredir.dll"    "6/03/2013 6:38 PM"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"    "19/08/2009 5:28 AM"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""    "13/10/2013 12:11 AM"
+ "avast! WebRep"    "IE Webrep plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie.dll"    "30/08/2013 6:44 PM"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "13/10/2013 12:11 AM"
+ "My Bluetooth"    ""    ""    "c:\program files\motorola\bluetooth\btmiesend.htm"    "21/05/2010 6:41 AM"
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"    "6/03/2013 8:25 PM"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnie.dll"    "22/04/2013 10:26 PM"
"Task Scheduler"    ""    ""    ""    ""
+ "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner.exe"    "19/09/2013 3:31 AM"
+ "\Microsoft\Windows Defender\MP Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"    "14/07/2009 10:37 AM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "11/06/2009 8:19 AM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "14/07/2009 11:09 AM"
+ "\Registry Optimizer"    ""    ""    "File not found: C:\Program Files\WinZip Registry Optimizer\Winzipro.exe"    ""
+ "\Registry Optimizer_DEFAULT"    ""    ""    "File not found: C:\Program Files\WinZip Registry Optimizer\Winzipro.exe"    ""
+ "\Registry Optimizer_UPDATES"    ""    ""    "File not found: C:\Program Files\WinZip Registry Optimizer\Winzipro.exe"    ""
+ "\SidebarExecute"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"    "20/11/2010 8:40 PM"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "22/02/2013 10:22 AM"
+ "!SASCORE"    "SUPERAntiSpyware Core Service"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sascore.exe"    "24/05/2013 7:11 AM"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"    "27/09/2013 11:46 AM"
+ "AESTFilters"    "Andrea filters APO access service (32-bit)"    "Andrea Electronics Corporation"    "c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe"    "3/03/2009 6:43 AM"
+ "AMD External Events Utility"    "AMD External Events Service Module"    "AMD"    "c:\windows\system32\atiesrxx.exe"    "5/08/2010 7:22 PM"
+ "avast! Antivirus"    "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler."    "AVAST Software"    "c:\program files\avast software\avast\avastsvc.exe"    "30/08/2013 6:37 PM"
+ "Bluetooth Device Manager"    "Bluetooth Device Manager"    "Motorola, Inc."    "c:\program files\motorola\bluetooth\devmgrsrv.exe"    "29/06/2010 6:46 PM"
+ "Bluetooth Media Service"    "Bluetooth Media Service"    "Motorola, Inc."    "c:\program files\motorola\bluetooth\audiosrv.exe"    "20/05/2010 7:36 PM"
+ "Bluetooth OBEX Service"    "Bluetooth OBEX Service"    "Motorola, Inc."    "c:\program files\motorola\bluetooth\obexsrv.exe"    "20/05/2010 7:38 PM"
+ "cvhsvc"    "Client Virtualization Handler Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\virtualization handler\cvhsvc.exe"    "22/04/2013 8:57 PM"
+ "FLEXnet Licensing Service"    "This service performs licensing functions on behalf of FLEXnet enabled products."    "Macrovision Europe Ltd."    "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"    "10/05/2007 6:44 PM"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files\google\update\googleupdate.exe"    "9/03/2010 5:10 PM"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files\google\update\googleupdate.exe"    "9/03/2010 5:10 PM"
+ "HP Health Check Service"    "HP Health Check Service"    "Hewlett-Packard Company"    "c:\program files\hewlett-packard\hp health check\hphc_service.exe"    "23/02/2011 8:55 PM"
+ "HPDrvMntSvc.exe"    "HP Quick Synchronization Service"    "Hewlett-Packard Company"    "c:\program files\hewlett-packard\shared\hpdrvmntsvc.exe"    "26/01/2011 10:32 AM"
+ "hpHotkeyMonitor"    "HP Hotkey Monitor"    "Hewlett-Packard Company"    "c:\program files\hewlett-packard\hp hotkey support\hphotkeymonitor.exe"    "2/03/2010 3:25 AM"
+ "hpqwmiex"    "hpqwmiex Module"    "Hewlett-Packard Company"    "c:\program files\hewlett-packard\shared\hpqwmiex.exe"    "26/01/2011 10:29 AM"
+ "IAANTMON"    "RAID Monitor"    "Intel Corporation"    "c:\program files\intel\intel matrix storage manager\iaantmon.exe"    "9/01/2010 8:55 AM"
+ "LightScribeService"    "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work."    "Hewlett-Packard Company"    "c:\program files\common files\lightscribe\lssrvc.exe"    "23/01/2010 6:05 AM"
+ "Microsoft SharePoint Workspace Audit Service"    "Microsoft SharePoint Workspace"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\groove.exe"    "9/03/2013 11:05 AM"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files\mozilla maintenance service\maintenanceservice.exe"    "11/09/2013 11:12 AM"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\source engine\ose.exe"    "10/01/2010 3:16 PM"
+ "osppsvc"    "Office Software Protection Platform Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"    "12/08/2009 12:49 PM"
+ "pdfcDispatcher"    "Manages the PDF document production process.  A primary task is to enable the routing of documents from the print spooler to the user.  If this service is stopped, PDF documents will be unavailable."    "PDF Complete Inc"    "c:\program files\pdf complete\pdfsvc.exe"    "20/06/1992 9:22 AM"
+ "PSI_SVC_2"    "This service provides Protexis licensing functionalty."    "Protexis Inc."    "c:\program files\common files\protexis\license service\psiservice_2.exe"    "25/07/2007 5:15 AM"
+ "sftlist"    "Streams and manages applications."    "Microsoft Corporation"    "c:\program files\microsoft application virtualization client\sftlist.exe"    "26/06/2013 6:04 AM"
+ "sftvsa"    "Monitors global service events and launches virtual services."    "Microsoft Corporation"    "c:\program files\microsoft application virtualization client\sftvsa.exe"    "26/06/2013 6:02 AM"
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files\skype\updater\updater.exe"    "21/06/2013 7:53 PM"
+ "STacSV"    "Manages audio jack configurations."    "IDT, Inc."    "c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe"    "29/01/2010 1:30 PM"
+ "stllssvr"    "SureThing Labelflash Disc Printer Service Module"    "MicroVision Development, Inc."    "c:\program files\common files\surething shared\stllssvr.exe"    "14/03/2009 4:19 PM"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"    "27/05/2013 3:57 PM"
+ "wlidsvc"    "Enables Windows Live ID authentication."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"    "19/08/2009 5:28 AM"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "20/11/2010 9:36 PM"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "22/02/2013 10:22 AM"
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"    "6/12/2008 10:59 AM"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"    "2/05/2007 4:29 AM"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"    "28/02/2007 11:03 AM"
+ "AgereSoftModem"    "SoftModem Device Driver"    "LSI Corp"    "c:\windows\system32\drivers\agrsm.sys"    "11/11/2008 1:56 AM"
+ "aic78xx"    "Adaptec Ultra SCSI miniport"    "Adaptec, Inc."    "c:\windows\system32\drivers\djsvs.sys"    "12/04/2006 11:20 AM"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"    "14/07/2009 10:11 AM"
+ "amdkmdag"    "ATI Radeon Kernel Mode Driver"    "ATI Technologies Inc."    "c:\windows\system32\drivers\atikmdag.sys"    "5/08/2010 7:07 PM"
+ "amdkmdap"    "AMD multi-vendor Miniport Driver"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\atikmpag.sys"    "5/08/2010 6:47 PM"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "19/03/2010 12:08 PM"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows family"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "21/03/2009 5:35 AM"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "20/03/2010 3:19 AM"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"    "25/05/2007 8:31 AM"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "15/01/2009 6:26 AM"
+ "aswFsBlk"    "avast! mini-filter driver (aswFsBlk)"    "AVAST Software"    "c:\windows\system32\drivers\aswfsblk.sys"    "30/08/2013 6:36 PM"
+ "aswMonFlt"    "avast! mini-filter driver (aswMonFlt)"    "AVAST Software"    "c:\windows\system32\drivers\aswmonflt.sys"    "30/08/2013 6:37 PM"
+ "aswRdr"    "avast! WFP Redirect driver"    "AVAST Software"    "c:\windows\system32\drivers\aswrdr2.sys"    "30/08/2013 6:37 PM"
+ "aswRvrt"    "avast! Revert"    ""    "c:\windows\system32\drivers\aswrvrt.sys"    "30/08/2013 6:36 PM"
+ "aswSnx"    "avast! virtualization driver (aswSnx)"    "AVAST Software"    "c:\windows\system32\drivers\aswsnx.sys"    "30/08/2013 6:38 PM"
+ "aswSP"    "avast! Self Protection"    "AVAST Software"    "c:\windows\system32\drivers\aswsp.sys"    "30/08/2013 6:37 PM"
+ "aswTdi"    "avast! Network Shield TDI driver"    "AVAST Software"    "c:\windows\system32\drivers\aswtdi.sys"    "30/08/2013 6:37 PM"
+ "aswVmm"    "avast! VM Monitor"    ""    "c:\windows\system32\drivers\aswvmm.sys"    "30/08/2013 6:36 PM"
+ "AtiHDAudioService"    "AMD High Definition Audio Function Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\atihdw73.sys"    "7/11/2012 8:41 AM"
+ "AtiHdmiService"    "ATI High Definition Audio Function Driver"    "ATI Technologies, Inc."    "c:\windows\system32\drivers\atihdmi.sys"    "6/05/2010 8:19 PM"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbdx.sys"    "14/02/2009 9:10 AM"
+ "b57nd60x"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60x.sys"    "26/04/2009 10:15 PM"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"    "7/08/2006 8:33 AM"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"    "7/08/2006 8:33 AM"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"    "7/08/2006 8:33 AM"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"    "7/08/2006 8:33 AM"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"    "7/08/2006 8:33 AM"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"    "9/08/2006 11:02 PM"
+ "BTMCOM"    "Bluetooth Serial Port Driver"    "Motorola, Inc."    "c:\windows\system32\drivers\btmcom.sys"    "9/04/2010 11:34 PM"
+ "BTMUSB"    "Bluetooth Radio Driver"    "Motorola, Inc."    "c:\windows\system32\drivers\btmusb.sys"    "8/07/2010 10:44 PM"
+ "BVRPMPR5"    "BVRP NDIS 5.0 MPR Protocol Driver"    "Avanquest Software"    "c:\windows\system32\drivers\bvrpmpr5.sys"    "21/06/2007 4:10 AM"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"    "14/07/2009 10:11 AM"
+ "dg_ssudbus"    "SAMSUNG USB Composite Device Driver (MSS Ver.3)"    "DEVGURU Co., LTD.(www.devguru.co.kr)"    "c:\windows\system32\drivers\ssudbus.sys"    "23/01/2013 3:48 PM"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbdx.sys"    "1/01/2009 3:06 AM"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"    "4/02/2009 9:09 AM"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"    "11/05/2009 6:22 PM"
+ "HpqKbFiltr"    "Keyboard Filter Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpqkbfiltr.sys"    "17/02/2010 5:22 AM"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"    "19/05/2009 10:42 AM"
+ "iaStor"    "Intel Matrix Storage Manager driver - ia32"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"    "9/01/2010 8:33 AM"
+ "iaStorV"    "Intel Matrix Storage Manager driver - ia32"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"    "11/06/2010 11:45 AM"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd32.sys"    "7/05/2009 5:13 AM"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"    "14/12/2005 8:48 AM"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"    "10/12/2008 9:28 AM"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"    "19/05/2009 11:19 AM"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"    "19/05/2009 11:31 AM"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"    "17/04/2009 9:14 AM"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7 for x86"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"    "19/05/2009 12:09 PM"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"    "19/05/2009 12:25 PM"
+ "netr28"    "Ralink 802.11 Wireless Adapter Driver"    "Ralink Technology, Corp."    "c:\windows\system32\drivers\netr28.sys"    "29/06/2010 11:59 AM"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"    "7/06/2006 8:12 AM"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"    "20/03/2010 8:00 AM"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"    "20/03/2010 7:51 AM"
+ "PxHelp20"    "Px Engine Device Driver for Windows 2000/XP"    "Sonic Solutions"    "c:\windows\system32\drivers\pxhelp20.sys"    "21/10/2009 4:57 AM"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"    "23/01/2009 10:28 AM"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"    "19/05/2009 12:17 PM"
+ "RTL8167"    "Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver                "    "Realtek                                            "    "c:\windows\system32\drivers\rt86win7.sys"    "10/06/2011 5:31 PM"
+ "SASDIFSV"    "SASDIFSV.SYS"    "SUPERAdBlocker.com and SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasdifsv.sys"    "22/07/2011 10:03 AM"
+ "SASKUTIL"    "SASKUTIL.SYS"    "SUPERAdBlocker.com and SUPERAntiSpyware.com"    "c:\program files\superantispyware\saskutil.sys"    "13/07/2011 7:24 AM"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"    "14/09/2006 12:18 AM"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"    "25/09/2008 5:19 AM"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"    "2/10/2008 8:52 AM"
+ "SNP2UVC"    "UVC Camera Streaming Driver"    ""    "c:\windows\system32\drivers\snp2uvc.sys"    "27/04/2010 1:07 PM"
+ "ssudmdm"    "SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)"    "DEVGURU Co., LTD.(www.devguru.co.kr)"    "c:\windows\system32\drivers\ssudmdm.sys"    "27/07/2012 12:15 PM"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"    "18/02/2009 10:03 AM"
+ "STHDA"    "IDT PC Audio"    "IDT, Inc."    "c:\windows\system32\drivers\stwrt.sys"    "29/01/2010 1:20 PM"
+ "SynTP"    "Synaptics Touchpad Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"    "4/06/2010 12:25 PM"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"    "14/07/2009 10:11 AM"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"    "31/01/2009 12:13 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "13/10/2013 12:13 AM"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "14/07/2009 12:06 PM"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"    "20/11/2010 10:59 PM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "Audio Destination"    "WAVDest Filter (Sample)"    "Microsoft Corporation"    "c:\program files\google\google earth\client\wavdest.ax"    "12/07/2013 9:34 PM"
+ "MACSReaderMP3 Filter"    "MACSReaderMP3 Filter"    ""    "c:\program files\samsung\kies\external\mediamodules\macsreaderavi.ax"    "9/10/2007 4:42 PM"
+ "MusicCity MPEG Splitter"    "PCube MPEG Splitter Filter"    "© MusicCity"    "c:\windows\system32\muzmpgsp.ax"    "11/09/2007 12:15 PM"
+ "MusicCity OGG Splitter"    "OGG Splitter"    "© PeeringPortal"    "c:\windows\system32\muzoggsp.ax"    "10/02/2006 11:10 PM"
+ "NEDFilter4Samsung Filter"    "MACSReaderMP3 Filter"    "L544™ Technology"    "c:\program files\samsung\kies\external\mediamodules\nedfilter4samsung.ax"    "15/12/2009 5:25 PM"
+ "P3Audio"    "PCube Audio Decoder Filter"    "© MusicCity"    "c:\windows\system32\muzdecode.ax"    "10/02/2006 11:02 PM"
+ "P3AudioEffect"    "P3AudioEffect Filter"    "© MUSICCITY"    "c:\windows\system32\muzeffect.ax"    "10/02/2006 11:38 PM"
+ "P3MP4Splitter"    "P3MP4Splitter Filter"    "© MusicCity"    "c:\windows\system32\muzmp4sp.ax"    "11/02/2006 2:25 AM"
+ "P3Sourcer"    "AOD Sourcer Filter"    "Musiccity Co.Ltd."    "c:\windows\system32\muzaf1.dll"    "10/04/2006 10:26 PM"
+ "P3WMTSplitter"    "P3WMTSplitter Filter"    " © MusicCity"    "c:\windows\system32\muzwmts.dll"    "10/02/2006 11:14 PM"
+ "SelfMusicVideo Dump Filter"    "SelfMusicVideo Dump Filter (DShow)"    "ENJsoft Corporation"    "c:\program files\samsung\kies\external\transmodules\tg_dump0708.dll"    "24/07/2008 5:45 AM"
+ "SpatialStereo Filter"    ""    ""    "c:\windows\system32\3daudio.ax"    "14/04/2008 10:58 PM"
+ "Text Mixer Filter"    "Text Mixer Filter"    "Sonic Solutions"    "c:\program files\hewlett-packard\hp webcam app\textmixer.ax"    "20/01/2011 8:52 PM"
+ "WAV Dest"    "SONICWavDest"    "Sonic Solutions"    "c:\program files\hewlett-packard\hp webcam app\sonicwavdest.ax"    "20/01/2011 8:52 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""    "14/07/2009 3:41 PM"
+ "WLIDCredentialProvider"    "Microsoft® Windows Live ID Credential Provider"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"    "19/08/2009 5:28 AM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""    "22/02/2013 10:40 AM"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"    "19/08/2009 5:28 AM"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"    "19/08/2009 5:28 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""    "17/10/2013 11:48 PM"
+ "Canon BJ Language Monitor MX320 series"    "IJ Language Monitor"    "CANON INC."    "c:\windows\system32\cnmlm9o.dll"    "24/04/2009 11:44 AM"
+ "Canon MP FAX Language Monitor MX320 series"    "MP FAX Language Monitor DLL"    "Canon Inc."    "c:\windows\system32\cncf2lh.dll"    "3/09/2008 1:09 PM"
+ "PDFC"    "PDF Complete Print Monitor"    "PDF Complete, Inc."    "c:\windows\system32\pdfc_port.dll"    "13/01/2010 5:26 AM"
"C:\Users\Justin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"    ""    ""    ""    "22/02/2013 11:39 AM"
+ "Avast! antivirus monitor"    "Avast! antivirus sidebar gadget."    "AVAST Software"    "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\Gadget.xml"    "21/09/2012 6:29 PM"
 



#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 17 October 2013 - 02:08 PM

I see that you once had AVG installed, so lets run the AVG Removal Tool so we can make sure that all its files are gone.

#11 Danzar1

Danzar1
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 18 October 2013 - 07:13 PM

Done!  I've also updated Java and removed earlier versions.



#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 18 October 2013 - 07:17 PM

How is the PC performing?

#13 Danzar1

Danzar1
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 18 October 2013 - 07:30 PM

Much better.  I checked IE10, Chrome and Firefox and all run well.  The notebook is a little slow but I'm yet to start removing some of the bloatware I know is contributing to the problem.  I've installed revo uninstaller but wouldn't mind knowing whether there's a program that can find and eliminate old registry files from previous uninstalled software?



#14 Danzar1

Danzar1
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 18 October 2013 - 07:34 PM

I noticed that Winzip Registry Optimizer is still showing as an installed program (via Revo).  Revo uses the program's own installer first then applies its own registry clean up afterwards.  If I follow that approach, do you think it will trigger a reinstall of sorts?



#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:10 PM

Posted 18 October 2013 - 07:35 PM

Registry cleaners are not recommended here, as old stale registry entries do not cause performance issues in computing.

My best recommendation is to buy a standard Windows 7 Installation Disk and re-install using that, and then use your recovery CD's which you should make just in case to re-install software you want from HP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users