Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty sure I'm infected, but not what to do. Please help.


  • This topic is locked This topic is locked
14 replies to this topic

#1 Jacedams

Jacedams

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 October 2013 - 09:24 AM

     My Avast will pop up with notifications 6-10, or even 25 at a time of a few different warnings, like eeff99.com/click/php or arkansas-searcher_com. Also, my computer is now running loud, and in task manager, there are 15-20 dllhost.exe processes running with the description of COM Surrogate. Every once in a while an error message that COM Surrogate has stopped working will appear. Also, the messages seemed to stop when I disconnected my internet, and started again when I re-connected. I am currently in Safe Mode with Networking. I don't know what to do. I scanned with Avast, and it found 19 threats, but I don't know whether to Repair, Move to Chest, or Delete. I tried Chest, but nothing changed anywhere. I am graduating in two weeks and have a tone of work to and this is literally the worst time for this! lol Please let me know what I can do about this!

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 AM

Posted 28 October 2013 - 09:44 AM

Hello, Quarantine (Move to Chest) the threats..
Take moment to read... Clean, Quarantine, or Delete?

next run

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
 
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

Edited by boopme, 28 October 2013 - 09:44 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Jacedams

Jacedams
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 October 2013 - 09:50 AM

Thank you for the reply. In Avast, I Moved to Chest. There were 3 errors, one being C:/ProgramData/rejeq8.bat. Do I close the program after quarantining? Meanwhile, I am following your other instructions.



#4 Jacedams

Jacedams
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 October 2013 - 09:53 AM

MiniToolBox Report

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by James (administrator) on 28-10-2013 at 09:52:18
Running from "C:\Users\James\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# 127.0.0.1 lm.licenses.adobe.com
# 127.0.0.1 lm.licenses.adobe.com

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Optimus
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : BC-5F-F4-3B-66-99
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::81a4:a230:cb64:3b9b%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, October 28, 2013 4:59:31 AM
   Lease Expires . . . . . . . . . . : Thursday, December 04, 2149 4:20:44 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 247226356
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C8-38-7B-BC-5F-F4-3B-66-99
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4000:808::100e
   74.125.21.138
   74.125.21.101
   74.125.21.113
   74.125.21.102
   74.125.21.139
   74.125.21.100

Pinging google.com [74.125.140.100] with 32 bytes of data:
Reply from 74.125.140.100: bytes=32 time=21ms TTL=48
Reply from 74.125.140.100: bytes=32 time=19ms TTL=48

Ping statistics for 74.125.140.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 21ms, Average = 20ms
Server:  UnKnown
Address:  192.168.2.1

DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=149ms TTL=50
Reply from 98.139.183.24: bytes=32 time=56ms TTL=52

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 149ms, Average = 102ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...bc 5f f4 3b 66 99 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    276
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::81a4:a230:cb64:3b9b/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File not found] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 02 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 03 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 04 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 05 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 06 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 07 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 08 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/28/2013 05:00:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2013 04:59:39 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/28/2013 04:44:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2013 04:43:32 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/28/2013 04:35:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x000000000004eab0
Faulting process id: 0x4358
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2013 04:33:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x000000000004eab0
Faulting process id: 0x2dc4
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2013 04:22:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x000000000004eab0
Faulting process id: 0xde0
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2013 04:15:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x000000000004eab0
Faulting process id: 0xc60
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2013 03:42:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/27/2013 08:44:56 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (10/28/2013 09:04:05 AM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/28/2013 05:17:53 AM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (10/28/2013 05:00:18 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (10/28/2013 04:59:55 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/28/2013 04:59:55 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/28/2013 04:59:51 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/28/2013 04:59:44 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/28/2013 04:59:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
discache
spldr
Wanarpv6

Error: (10/28/2013 04:59:31 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (10/28/2013 04:59:31 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (10/28/2013 05:00:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2013 04:59:39 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (10/28/2013 04:44:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2013 04:43:32 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (10/28/2013 04:35:38 AM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000004eab0435801ced3c0d1616ad5C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll4d3d2d97-3fb4-11e3-a8cf-bc5ff43b6699

Error: (10/28/2013 04:33:48 AM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000004eab02dc401ced3c0b8880138C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll0c099db0-3fb4-11e3-a8cf-bc5ff43b6699

Error: (10/28/2013 04:22:49 AM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000004eab0de001ced3bf2bca2bb1C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll82f7ac6b-3fb2-11e3-a8cf-bc5ff43b6699

Error: (10/28/2013 04:15:35 AM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000004eab0c6001ced3bddcab1503C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll80412e26-3fb1-11e3-a8cf-bc5ff43b6699

Error: (10/28/2013 03:42:34 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2012\python\lib\distutils\command\wininst-8_d.exe

Error: (10/27/2013 08:44:56 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

CodeIntegrity Errors:
===================================
  Date: 2012-08-23 11:53:31.035
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\James\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-23 11:53:31.035
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\James\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-23 11:53:29.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\James\AppData\Local\Temp\{082FA~1\{1735A~1\atiicdxx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-23 11:53:29.709
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\James\AppData\Local\Temp\{082FA~1\{1735A~1\atiicdxx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29038)
Acer eDisplay Management (Version: 1.37.007)
Action Replay DSi Code Manager
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.7)
Adobe AIR (Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (Version: 6)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Help Manager (Version: 4.0.244)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Akamai NetSession Interface
AMD Catalyst Install Manager (Version: 8.0.881.0)
Amnesia: The Dark Descent
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM106x SATA Host Controller Driver (Version: 1.3.1.000)
ASRock InstantBoot v1.29
Autodesk 3ds Max 2012 64-bit - English (Version: 14.0)
Autodesk Backburner 2012.0.0 (Version: 2012.0.0)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Medium Resolution Image Library 2012 (Version: 2.5.0.8)
avast! Free Antivirus (Version: 8.0.1488.0)
Bamboo (Version: 5.2.4-6)
Bastion
bl (Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
BurnAware Free 5.1
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Composite 2012 64-bit (Version: 7.0.0)
Dear Esther
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
erLT (Version: 1.20.0137)
Expert PDF 7 Reader (Version: 7.0.1370.0)
FEZ version 1.09 (Version: 1.09)
Free YouTube Downloader 3.5.128
Google Chrome (Version: 30.0.1599.101)
Google Drive (Version: 1.12.5329.1887)
Google Earth (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
Grand Theft Auto V - The Manual (Version: 1.0.0)
Guild Wars 2
iTunes (Version: 10.6.3.25)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Just Cause 2
Logitech SetPoint 5.20 (Version: 5.20)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Player Codec Pack 4.2.2 (Version: 4.2.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenAL
PDF Settings CS6 (Version: 11.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
ph (Version: 1.0.0)
Pivot Pro Plugin (Version: 9.50.110)
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
RealUpgrade 1.1 (Version: 1.1.0)
RIFT (Version: 1.0.0)
SDK (Version: 2.32.010)
Sid Meier's Civilization V SDK
Steam (Version: 1.0.0.0)
SteelSeries Engine (Version: 2.7.3255.29882)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 6.0.7.0)
TERA (Version: 1.41)
The Elder Scrolls V: Skyrim
Torchlight II
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
User's Guides (Version: 1.20.0000)
VLC media player 2.0.3 (Version: 2.0.3)
WebTablet IE Plugin (Version: 1.1.0.7)
WebTablet Netscape Plugin (Version: 1.1.0.5)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices  (04/21/2009 2.40.0.0) (Version: 04/21/2009 2.40.0.0)
Windows Driver Package - Datel Design & Development USBIOControlledDevices  (04/21/2009 2.40.0.0) (Version: 04/21/2009 2.40.0.0)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
World of Warcraft (Version: 5.4.0.17399)
YNAB 4 version 4.1.281 (Version: 4.1.281)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8175.24 MB
Available physical RAM: 5932.4 MB
Total Pagefile: 16348.67 MB
Available Pagefile: 14260.26 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.14 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:157.56 GB) NTFS
3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

========================= Users: ========================================

User accounts for \\OPTIMUS

Administrator            Guest                    James                   
UpdatusUser             

**** End of log ****



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 AM

Posted 28 October 2013 - 09:55 AM

Yes and reboot the machine after you complete all the scans.
You're welcome!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Jacedams

Jacedams
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 October 2013 - 10:32 AM

I closed Avast and it restarted. In task manager, all the dllhost.exe were still running (about 20 of them), and it would not let me open Chrome or IE. I had to reboot in Safe Mode with Networking. TDSSKiller says No Threats Found. Here is that report:

 

10:28:05.0048 0x1174  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
10:28:10.0602 0x1174  ============================================================
10:28:10.0602 0x1174  Current date / time: 2013/10/28 10:28:10.0602
10:28:10.0602 0x1174  SystemInfo:
10:28:10.0602 0x1174 
10:28:10.0602 0x1174  OS Version: 6.1.7601 ServicePack: 1.0
10:28:10.0602 0x1174  Product type: Workstation
10:28:10.0602 0x1174  ComputerName: OPTIMUS
10:28:10.0602 0x1174  UserName: James
10:28:10.0602 0x1174  Windows directory: C:\Windows
10:28:10.0602 0x1174  System windows directory: C:\Windows
10:28:10.0602 0x1174  Running under WOW64
10:28:10.0602 0x1174  Processor architecture: Intel x64
10:28:10.0602 0x1174  Number of processors: 8
10:28:10.0602 0x1174  Page size: 0x1000
10:28:10.0602 0x1174  Boot type: Safe boot with network
10:28:10.0602 0x1174  ============================================================
10:28:16.0472 0x1174  System UUID: {CD2EB5B5-5EA5-CDAB-0D7C-1A7077449F1A}
10:28:17.0284 0x1174  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:28:17.0284 0x1174  ============================================================
10:28:17.0284 0x1174  \Device\Harddisk0\DR0:
10:28:17.0284 0x1174  MBR partitions:
10:28:17.0284 0x1174  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:28:17.0284 0x1174  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
10:28:17.0284 0x1174  ============================================================
10:28:17.0299 0x1174  C: <-> \Device\Harddisk0\DR0\Partition2
10:28:17.0315 0x1174  E: <-> \Device\Harddisk0\DR0\Partition1
10:28:17.0315 0x1174  ============================================================
10:28:17.0315 0x1174  Initialize success
10:28:17.0315 0x1174  ============================================================
10:29:06.0124 0x1528  ============================================================
10:29:06.0124 0x1528  Scan started
10:29:06.0124 0x1528  Mode: Manual;
10:29:06.0124 0x1528  ============================================================
10:29:06.0124 0x1528  KSN ping started
10:29:19.0945 0x1528  KSN ping finished: true
10:29:23.0159 0x1528  ================ Scan system memory ========================
10:29:23.0159 0x1528  System memory - ok
10:29:23.0159 0x1528  ================ Scan services =============================
10:29:23.0408 0x1528  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:29:23.0408 0x1528  1394ohci - ok
10:29:23.0471 0x1528  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:29:23.0486 0x1528  ACPI - ok
10:29:23.0486 0x1528  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:29:23.0486 0x1528  AcpiPmi - ok
10:29:23.0720 0x1528  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:29:23.0720 0x1528  AdobeARMservice - ok
10:29:23.0923 0x1528  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:29:23.0939 0x1528  AdobeFlashPlayerUpdateSvc - ok
10:29:24.0017 0x1528  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:29:24.0048 0x1528  adp94xx - ok
10:29:24.0079 0x1528  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:29:24.0126 0x1528  adpahci - ok
10:29:24.0173 0x1528  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:29:24.0220 0x1528  adpu320 - ok
10:29:24.0266 0x1528  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:29:24.0266 0x1528  AeLookupSvc - ok
10:29:24.0360 0x1528  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
10:29:24.0376 0x1528  AFD - ok
10:29:24.0438 0x1528  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:29:24.0438 0x1528  agp440 - ok
10:29:24.0485 0x1528  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:29:24.0485 0x1528  ALG - ok
10:29:24.0547 0x1528  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:29:24.0563 0x1528  aliide - ok
10:29:24.0625 0x1528  [ B3B263B419FC9E7B1D41E61FDAE45BD9, AB4BA2472BB56B4BEB8B18D95B9F44BBF0B7FBF3C3914F5549CD24C5E4428664 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:29:24.0625 0x1528  AMD External Events Utility - ok
10:29:24.0641 0x1528  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:29:24.0641 0x1528  amdide - ok
10:29:24.0703 0x1528  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
10:29:24.0703 0x1528  amdiox64 - ok
10:29:24.0719 0x1528  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:29:24.0750 0x1528  AmdK8 - ok
10:29:25.0093 0x1528  [ 9A6E9363F7A5E5A06629D9DDC76EE6B5, F97553FF6D79CDA5A1B445E4A8F8799D9F5EE8BF31B11869DE0294C562845F7E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:29:25.0405 0x1528  amdkmdag - ok
10:29:25.0468 0x1528  [ 957A4C13E1981B1701E600EF1E823C68, F8760C09F09F347D607FBE8A4F67E8B35CB82B5168954B04E8EB10B73412A609 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:29:25.0499 0x1528  amdkmdap - ok
10:29:25.0561 0x1528  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:29:25.0561 0x1528  AmdPPM - ok
10:29:25.0624 0x1528  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:29:25.0639 0x1528  amdsata - ok
10:29:25.0702 0x1528  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:29:25.0733 0x1528  amdsbs - ok
10:29:25.0764 0x1528  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:29:25.0764 0x1528  amdxata - ok
10:29:25.0811 0x1528  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
10:29:25.0842 0x1528  AppID - ok
10:29:25.0873 0x1528  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:29:25.0873 0x1528  AppIDSvc - ok
10:29:25.0936 0x1528  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
10:29:25.0936 0x1528  Appinfo - ok
10:29:26.0014 0x1528  [ F401929EE0CC92BFE7F15161CA535383, 61E1C0630B8BBC65C51121D5DC7F095C59B475F39BB7B0DC68133EF7D9D0A29D ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:29:26.0076 0x1528  Apple Mobile Device - ok
10:29:26.0123 0x1528  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
10:29:26.0138 0x1528  arc - ok
10:29:26.0170 0x1528  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:29:26.0170 0x1528  arcsas - ok
10:29:26.0263 0x1528  [ 4DFF4312661F54EE87DC9A13CAEE60E0, 8821D2CA4036E764EFF71108735148FF54D3275DDCE1860EC7D67B2355E8DF82 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
10:29:26.0263 0x1528  asahci64 - ok
10:29:26.0326 0x1528  [ 0D721BEDC99072972A1C09C9FE549B07, 1FAECF6BE04A8AA9B31AD155CECAE097E3FBF3AD90D3895CC8AAA12410966CF0 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
10:29:26.0341 0x1528  asmthub3 - ok
10:29:26.0404 0x1528  [ C401B8F26490DC3E5E47D3A91F87CD00, 6B0EF7097C0644CD0D7BD254729E3C43027F8A02FE6A368382E44077AE5D2085 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
10:29:26.0419 0x1528  asmtxhci - ok
10:29:26.0466 0x1528  [ F3F5F2FDE0DEABA4F2CE336E9454FAE2, C159EC7A4F94E143E0470F1CD68E62F4327D9A83B892E20D0EA653CA0332A224 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
10:29:26.0497 0x1528  aswFsBlk - ok
10:29:26.0560 0x1528  [ 90980D5291F8E725700272E4B64EDA10, 92F327BD519E3F3C2B613D842286B5FF4209C862CB41E1C765F359E69261DC3A ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
10:29:26.0575 0x1528  aswMonFlt - ok
10:29:26.0638 0x1528  [ A4C94945B8A1FFE449A500C2CF0B5882, C2C9580FAA584465DE0E8CAEB694263E12B945C2CCEF265AE8CC8793E0468910 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
10:29:26.0638 0x1528  aswRdr - ok
10:29:26.0731 0x1528  [ A06E330475C1957C50C13B483D41F2BD, 5898A602CD7E5DF33B1C9A2BAC49A9056D3E1150002A57ED8EF2DD2E39F86875 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
10:29:26.0731 0x1528  aswRvrt - ok
10:29:26.0825 0x1528  [ 8C0800CDB501CFC1164B286A0478DC10, 5B68140A7B5B6F4D02A15353996188A443B6FAE2A038E89E299F0E90979796F2 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
10:29:26.0872 0x1528  aswSnx - ok
10:29:26.0934 0x1528  [ 3815DB16CDA62190F5C0A65118F3D714, 40FA13AC64A8B27B5D83D38F950075F34BA950C05BD0D864C72A99C615AB477D ] aswSP           C:\Windows\system32\drivers\aswSP.sys
10:29:26.0934 0x1528  aswSP - ok
10:29:26.0950 0x1528  [ 3D9BA0EF6C5847E4482FC01ABCD26683, 546BCF01D656EF6628E8F9FD2307C98701075158BD0148A829F9BFC60609CB21 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
10:29:26.0950 0x1528  aswTdi - ok
10:29:27.0012 0x1528  [ 22F521108881DC59837F6FC614E0568F, 99EC002CC9D6C09AAF0D8200E6B157CC703FEBBF38C1B2D11F2464BAC46F53CF ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
10:29:27.0012 0x1528  aswVmm - ok
10:29:27.0074 0x1528  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:29:27.0074 0x1528  AsyncMac - ok
10:29:27.0090 0x1528  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:29:27.0090 0x1528  atapi - ok
10:29:27.0277 0x1528  ATICDSDr - ok
10:29:27.0340 0x1528  [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:29:27.0355 0x1528  AtiHDAudioService - ok
10:29:27.0402 0x1528  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:29:27.0418 0x1528  AudioEndpointBuilder - ok
10:29:27.0449 0x1528  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:29:27.0464 0x1528  AudioSrv - ok
10:29:27.0652 0x1528  [ 6F702A7EA2D5F2B55CC90C333FBE9978, 56BDF7E07B8317ED72D610720CE2BDA84111B88C3A125B949B57C8F8B541D462 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:29:27.0667 0x1528  avast! Antivirus - ok
10:29:27.0745 0x1528  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:29:27.0776 0x1528  AxInstSV - ok
10:29:27.0823 0x1528  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:29:27.0839 0x1528  b06bdrv - ok
10:29:27.0886 0x1528  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:29:27.0901 0x1528  b57nd60a - ok
10:29:27.0964 0x1528  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:29:27.0964 0x1528  BDESVC - ok
10:29:27.0964 0x1528  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:29:27.0979 0x1528  Beep - ok
10:29:28.0026 0x1528  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:29:28.0026 0x1528  blbdrive - ok
10:29:28.0088 0x1528  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:29:28.0088 0x1528  Bonjour Service - ok
10:29:28.0166 0x1528  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:29:28.0182 0x1528  bowser - ok
10:29:28.0182 0x1528  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:29:28.0213 0x1528  BrFiltLo - ok
10:29:28.0244 0x1528  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:29:28.0260 0x1528  BrFiltUp - ok
10:29:28.0307 0x1528  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
10:29:28.0307 0x1528  Browser - ok
10:29:28.0322 0x1528  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:29:28.0354 0x1528  Brserid - ok
10:29:28.0385 0x1528  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:29:28.0385 0x1528  BrSerWdm - ok
10:29:28.0400 0x1528  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:29:28.0432 0x1528  BrUsbMdm - ok
10:29:28.0463 0x1528  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:29:28.0463 0x1528  BrUsbSer - ok
10:29:28.0463 0x1528  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:29:28.0463 0x1528  BTHMODEM - ok
10:29:28.0525 0x1528  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:29:28.0541 0x1528  bthserv - ok
10:29:28.0588 0x1528  [ 08203CE9A92379E2AE650FB0E6B3DE31, 1D7BD0F772F508683C70591EE1A8F415B4F8A9451385E2BB5BDA81234836479A ] busenum         C:\Windows\system32\DRIVERS\SteelBus64.sys
10:29:28.0603 0x1528  busenum - ok
10:29:28.0603 0x1528  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:29:28.0619 0x1528  cdfs - ok
10:29:28.0650 0x1528  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:29:28.0697 0x1528  cdrom - ok
10:29:28.0744 0x1528  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:29:28.0744 0x1528  CertPropSvc - ok
10:29:28.0806 0x1528  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:29:28.0806 0x1528  circlass - ok
10:29:28.0822 0x1528  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
10:29:28.0837 0x1528  CLFS - ok
10:29:28.0978 0x1528  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:29:29.0102 0x1528  clr_optimization_v2.0.50727_32 - ok
10:29:29.0212 0x1528  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:29:29.0243 0x1528  clr_optimization_v2.0.50727_64 - ok
10:29:29.0368 0x1528  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:29:29.0477 0x1528  clr_optimization_v4.0.30319_32 - ok
10:29:29.0570 0x1528  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:29:29.0602 0x1528  clr_optimization_v4.0.30319_64 - ok
10:29:29.0633 0x1528  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:29:29.0633 0x1528  CmBatt - ok
10:29:29.0648 0x1528  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:29:29.0680 0x1528  cmdide - ok
10:29:29.0726 0x1528  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
10:29:29.0726 0x1528  CNG - ok
10:29:29.0758 0x1528  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:29:29.0758 0x1528  Compbatt - ok
10:29:29.0804 0x1528  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:29:29.0804 0x1528  CompositeBus - ok
10:29:29.0804 0x1528  COMSysApp - ok
10:29:29.0836 0x1528  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:29:29.0836 0x1528  crcdisk - ok
10:29:29.0914 0x1528  [ 4F5414602E2544A4554D95517948B705, 50121AD32ACF73F541DF3B655020F7B610B3E7B5E8C7B39D37D5958F28CB376E ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:29:29.0914 0x1528  CryptSvc - ok
10:29:29.0992 0x1528  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:29:30.0226 0x1528  DcomLaunch - ok
10:29:30.0288 0x1528  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:29:30.0288 0x1528  defragsvc - ok
10:29:30.0350 0x1528  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:29:30.0350 0x1528  DfsC - ok
10:29:30.0413 0x1528  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:29:30.0413 0x1528  Dhcp - ok
10:29:30.0444 0x1528  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:29:30.0444 0x1528  discache - ok
10:29:30.0507 0x1528  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
10:29:30.0507 0x1528  Disk - ok
10:29:30.0585 0x1528  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:29:30.0600 0x1528  Dnscache - ok
10:29:30.0663 0x1528  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:29:30.0678 0x1528  dot3svc - ok
10:29:30.0741 0x1528  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
10:29:30.0741 0x1528  DPS - ok
10:29:30.0803 0x1528  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:29:30.0803 0x1528  drmkaud - ok
10:29:30.0881 0x1528  [ 716FCDFED2640B480B747CCFD2684C47, A020D6931A7DF062E2D09AE947345625621CB25A69C632D1861789C4B2CFC0A2 ] DTSRVC          C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
10:29:30.0881 0x1528  DTSRVC - ok
10:29:30.0943 0x1528  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:29:30.0990 0x1528  DXGKrnl - ok
10:29:31.0053 0x1528  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:29:31.0053 0x1528  EapHost - ok
10:29:31.0162 0x1528  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:29:31.0302 0x1528  ebdrv - ok
10:29:31.0365 0x1528  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
10:29:31.0365 0x1528  EFS - ok
10:29:31.0505 0x1528  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:29:31.0521 0x1528  ehRecvr - ok
10:29:31.0583 0x1528  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
10:29:31.0583 0x1528  ehSched - ok
10:29:31.0661 0x1528  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:29:31.0677 0x1528  elxstor - ok
10:29:31.0677 0x1528  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:29:31.0677 0x1528  ErrDev - ok
10:29:31.0770 0x1528  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:29:31.0770 0x1528  EventSystem - ok
10:29:31.0801 0x1528  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:29:31.0801 0x1528  exfat - ok
10:29:31.0817 0x1528  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:29:31.0833 0x1528  fastfat - ok
10:29:31.0895 0x1528  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
10:29:31.0911 0x1528  Fax - ok
10:29:31.0911 0x1528  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
10:29:31.0911 0x1528  fdc - ok
10:29:31.0957 0x1528  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:29:31.0973 0x1528  fdPHost - ok
10:29:31.0989 0x1528  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:29:31.0989 0x1528  FDResPub - ok
10:29:32.0004 0x1528  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:29:32.0004 0x1528  FileInfo - ok
10:29:32.0020 0x1528  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:29:32.0020 0x1528  Filetrace - ok
10:29:32.0176 0x1528  [ 5CEE6CD43AE5844C49300EA0B1E557EE, FBDBF3CA4EF632613E6046EEB506C5050454F8857348E28EB43E60C332EE0262 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:29:32.0223 0x1528  FLEXnet Licensing Service 64 - ok
10:29:32.0238 0x1528  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:29:32.0238 0x1528  flpydisk - ok
10:29:32.0269 0x1528  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:29:32.0285 0x1528  FltMgr - ok
10:29:32.0363 0x1528  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\Windows\system32\FntCache.dll
10:29:32.0410 0x1528  FontCache - ok
10:29:32.0519 0x1528  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:29:32.0613 0x1528  FontCache3.0.0.0 - ok
10:29:32.0628 0x1528  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:29:32.0644 0x1528  FsDepends - ok
10:29:32.0691 0x1528  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:29:32.0706 0x1528  Fs_Rec - ok
10:29:32.0769 0x1528  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:29:32.0784 0x1528  fvevol - ok
10:29:32.0831 0x1528  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:29:32.0862 0x1528  gagp30kx - ok
10:29:32.0909 0x1528  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:29:32.0909 0x1528  GEARAspiWDM - ok
10:29:32.0987 0x1528  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:29:33.0018 0x1528  gpsvc - ok
10:29:33.0159 0x1528  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:33.0190 0x1528  gupdate - ok
10:29:33.0252 0x1528  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:33.0252 0x1528  gupdatem - ok
10:29:33.0346 0x1528  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:29:33.0346 0x1528  gusvc - ok
10:29:33.0377 0x1528  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:29:33.0377 0x1528  hcw85cir - ok
10:29:33.0439 0x1528  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:29:33.0455 0x1528  HdAudAddService - ok
10:29:33.0471 0x1528  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:29:33.0471 0x1528  HDAudBus - ok
10:29:33.0471 0x1528  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:29:33.0486 0x1528  HidBatt - ok
10:29:33.0502 0x1528  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:29:33.0502 0x1528  HidBth - ok
10:29:33.0517 0x1528  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:29:33.0517 0x1528  HidIr - ok
10:29:33.0549 0x1528  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
10:29:33.0549 0x1528  hidserv - ok
10:29:33.0580 0x1528  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:29:33.0611 0x1528  HidUsb - ok
10:29:33.0673 0x1528  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:29:33.0673 0x1528  hkmsvc - ok
10:29:33.0689 0x1528  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:29:33.0705 0x1528  HomeGroupListener - ok
10:29:33.0751 0x1528  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:29:33.0767 0x1528  HomeGroupProvider - ok
10:29:33.0814 0x1528  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:29:33.0814 0x1528  HpSAMD - ok
10:29:33.0892 0x1528  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:29:33.0907 0x1528  HTTP - ok
10:29:33.0923 0x1528  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:29:33.0923 0x1528  hwpolicy - ok
10:29:33.0985 0x1528  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:29:34.0001 0x1528  i8042prt - ok
10:29:34.0063 0x1528  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:29:34.0063 0x1528  iaStorV - ok
10:29:34.0157 0x1528  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:29:34.0188 0x1528  idsvc - ok
10:29:34.0204 0x1528  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:29:34.0235 0x1528  iirsp - ok
10:29:34.0297 0x1528  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:29:34.0329 0x1528  IKEEXT - ok
10:29:34.0344 0x1528  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:29:34.0344 0x1528  intelide - ok
10:29:34.0391 0x1528  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
10:29:34.0422 0x1528  intelppm - ok
10:29:34.0453 0x1528  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:29:34.0453 0x1528  IPBusEnum - ok
10:29:34.0469 0x1528  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:29:34.0469 0x1528  IpFilterDriver - ok
10:29:34.0485 0x1528  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:29:34.0485 0x1528  IPMIDRV - ok
10:29:34.0547 0x1528  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:29:34.0547 0x1528  IPNAT - ok
10:29:34.0641 0x1528  [ A9AB99EE7D39725EAFEC82732D2B3271, 962F231608C36BA0B2EAE5981BB9BAC85B6CAA3A5F656D786B97D9B421A831A6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:29:34.0672 0x1528  iPod Service - ok
10:29:34.0765 0x1528  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:29:34.0765 0x1528  IRENUM - ok
10:29:34.0765 0x1528  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:29:34.0765 0x1528  isapnp - ok
10:29:34.0828 0x1528  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:29:34.0843 0x1528  iScsiPrt - ok
10:29:34.0890 0x1528  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:29:34.0890 0x1528  kbdclass - ok
10:29:34.0890 0x1528  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:29:34.0890 0x1528  kbdhid - ok
10:29:34.0906 0x1528  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
10:29:34.0906 0x1528  KeyIso - ok
10:29:34.0968 0x1528  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:29:34.0968 0x1528  KSecDD - ok
10:29:34.0984 0x1528  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:29:34.0984 0x1528  KSecPkg - ok
10:29:34.0999 0x1528  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:29:35.0015 0x1528  ksthunk - ok
10:29:35.0093 0x1528  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:29:35.0093 0x1528  KtmRm - ok
10:29:35.0171 0x1528  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:29:35.0171 0x1528  LanmanServer - ok
10:29:35.0249 0x1528  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:29:35.0265 0x1528  LanmanWorkstation - ok
10:29:35.0311 0x1528  [ B6552D382FF070B4ED34CBD6737277C0, 7C2C24454037170311B0267DEFB797E8DF8D157D62157D271BF7F5F74B2A12F3 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:29:35.0311 0x1528  LHidFilt - ok
10:29:35.0311 0x1528  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:29:35.0311 0x1528  lltdio - ok
10:29:35.0343 0x1528  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:29:35.0358 0x1528  lltdsvc - ok
10:29:35.0358 0x1528  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:29:35.0358 0x1528  lmhosts - ok
10:29:35.0374 0x1528  [ 73C1F563AB73D459DFFE682D66476558, 9B8BEE384C968DC6C37DD54B9128D9C2BA92EDBF7BDF49D753AA7DB165F18D00 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:29:35.0374 0x1528  LMouFilt - ok
10:29:35.0421 0x1528  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:29:35.0421 0x1528  LSI_FC - ok
10:29:35.0436 0x1528  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:29:35.0467 0x1528  LSI_SAS - ok
10:29:35.0499 0x1528  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:29:35.0499 0x1528  LSI_SAS2 - ok
10:29:35.0514 0x1528  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:29:35.0514 0x1528  LSI_SCSI - ok
10:29:35.0577 0x1528  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:29:35.0577 0x1528  luafv - ok
10:29:35.0639 0x1528  [ 9D9714E78EAC9E5368208649489C920E, 56DF5DBDF4963758A1E6BAD6210F8682A846DA9E5924CFA5879AC89CA7223C93 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
10:29:35.0639 0x1528  LUsbFilt - ok
10:29:35.0733 0x1528  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:29:35.0733 0x1528  MBAMProtector - ok
10:29:35.0857 0x1528  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:29:35.0873 0x1528  MBAMScheduler - ok
10:29:35.0998 0x1528  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:29:36.0013 0x1528  MBAMService - ok
10:29:36.0060 0x1528  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:29:36.0076 0x1528  Mcx2Svc - ok
10:29:36.0076 0x1528  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:29:36.0107 0x1528  megasas - ok
10:29:36.0138 0x1528  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:29:36.0185 0x1528  MegaSR - ok
10:29:36.0325 0x1528  [ 0AF89452A8CE3928168F4E5B2208C68B, 571F1A9F1F0B31DB5FFAE7FB7F98C16958439D6666A9F2131B0F2E496BF3D2AC ] mi-raysat_3dsmax2012_64 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
10:29:36.0388 0x1528  mi-raysat_3dsmax2012_64 - ok
10:29:36.0497 0x1528  Microsoft SharePoint Workspace Audit Service - ok
10:29:36.0544 0x1528  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:29:36.0544 0x1528  MMCSS - ok
10:29:36.0559 0x1528  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:29:36.0559 0x1528  Modem - ok
10:29:36.0622 0x1528  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:29:36.0622 0x1528  monitor - ok
10:29:36.0684 0x1528  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:29:36.0684 0x1528  mouclass - ok
10:29:36.0731 0x1528  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:29:36.0731 0x1528  mouhid - ok
10:29:36.0747 0x1528  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:29:36.0747 0x1528  mountmgr - ok
10:29:36.0871 0x1528  [ 528A5C2570F468155A1B3CF0A2FF5EBD, 473EEE97A4690A919DE05C525F0858DA9A5BD30072383D81F096F82DDFC93BAB ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:29:36.0903 0x1528  MozillaMaintenance - ok
10:29:36.0903 0x1528  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:29:36.0996 0x1528  mpio - ok
10:29:37.0043 0x1528  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:29:37.0074 0x1528  mpsdrv - ok
10:29:37.0089 0x1528  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:29:37.0105 0x1528  MRxDAV - ok
10:29:37.0152 0x1528  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:29:37.0167 0x1528  mrxsmb - ok
10:29:37.0183 0x1528  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:29:37.0183 0x1528  mrxsmb10 - ok
10:29:37.0261 0x1528  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:29:37.0261 0x1528  mrxsmb20 - ok
10:29:37.0323 0x1528  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:29:37.0323 0x1528  msahci - ok
10:29:37.0323 0x1528  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:29:37.0354 0x1528  msdsm - ok
10:29:37.0370 0x1528  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:29:37.0370 0x1528  MSDTC - ok
10:29:37.0401 0x1528  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:29:37.0401 0x1528  Msfs - ok
10:29:37.0401 0x1528  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:29:37.0401 0x1528  mshidkmdf - ok
10:29:37.0417 0x1528  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:29:37.0417 0x1528  msisadrv - ok
10:29:37.0479 0x1528  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:29:37.0479 0x1528  MSiSCSI - ok
10:29:37.0479 0x1528  msiserver - ok
10:29:37.0542 0x1528  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:29:37.0542 0x1528  MSKSSRV - ok
10:29:37.0588 0x1528  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:29:37.0588 0x1528  MSPCLOCK - ok
10:29:37.0604 0x1528  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:29:37.0604 0x1528  MSPQM - ok
10:29:37.0635 0x1528  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:29:37.0651 0x1528  MsRPC - ok
10:29:37.0666 0x1528  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:29:37.0666 0x1528  mssmbios - ok
10:29:37.0666 0x1528  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:29:37.0682 0x1528  MSTEE - ok
10:29:37.0682 0x1528  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:29:37.0682 0x1528  MTConfig - ok
10:29:37.0713 0x1528  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:29:37.0713 0x1528  Mup - ok
10:29:37.0776 0x1528  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:29:37.0791 0x1528  napagent - ok
10:29:37.0838 0x1528  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:29:37.0854 0x1528  NativeWifiP - ok
10:29:37.0947 0x1528  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:29:37.0978 0x1528  NDIS - ok
10:29:38.0025 0x1528  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:29:38.0025 0x1528  NdisCap - ok
10:29:38.0088 0x1528  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:29:38.0088 0x1528  NdisTapi - ok
10:29:38.0150 0x1528  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:29:38.0150 0x1528  Ndisuio - ok
10:29:38.0181 0x1528  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:29:38.0181 0x1528  NdisWan - ok
10:29:38.0197 0x1528  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:29:38.0197 0x1528  NDProxy - ok
10:29:38.0197 0x1528  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:29:38.0197 0x1528  NetBIOS - ok
10:29:38.0212 0x1528  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:29:38.0228 0x1528  NetBT - ok
10:29:38.0244 0x1528  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
10:29:38.0244 0x1528  Netlogon - ok
10:29:38.0322 0x1528  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:29:38.0322 0x1528  Netman - ok
10:29:38.0353 0x1528  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:29:38.0368 0x1528  netprofm - ok
10:29:38.0415 0x1528  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:29:38.0431 0x1528  NetTcpPortSharing - ok
10:29:38.0478 0x1528  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:29:38.0478 0x1528  nfrd960 - ok
10:29:38.0493 0x1528  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:29:38.0493 0x1528  NlaSvc - ok
10:29:38.0509 0x1528  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:29:38.0509 0x1528  Npfs - ok
10:29:38.0571 0x1528  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:29:38.0571 0x1528  nsi - ok
10:29:38.0587 0x1528  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:29:38.0587 0x1528  nsiproxy - ok
10:29:38.0680 0x1528  [ A2F74975097F52A00745F9637451FDD8, C681DDBD3382C477C2A030E828B5CFB529CB57C7847BD9AFF25E2A5E58B2DAF3 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:29:38.0774 0x1528  Ntfs - ok
10:29:38.0805 0x1528  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:29:38.0805 0x1528  Null - ok
10:29:38.0883 0x1528  [ 1F07B814C0BB5AABA703ABFF1F31F2E8, 07F578686CAE0FAB5462B472A03DD1BC5DFE0D5DA6307895534CECC330C3D220 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:29:38.0883 0x1528  NVHDA - ok
10:29:39.0320 0x1528  [ 5104BAC2DA2A5BDD86AC6B0708B00F06, A02501514F8517CB5A6CFE4352A3D0F864153470015589428A6B14477E791514 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:29:39.0694 0x1528  nvlddmkm - ok
10:29:39.0772 0x1528  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:29:39.0788 0x1528  nvraid - ok
10:29:39.0819 0x1528  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:29:39.0819 0x1528  nvstor - ok
10:29:39.0913 0x1528  [ DDFAFCE89A5C93D04712B86F94E9FCBA, 377303D4CAC9E3AD5B58894CF7AECDA4FCD3D721568BE8BACC0A897A0956919A ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:29:39.0944 0x1528  nvsvc - ok
10:29:40.0053 0x1528  [ 84E035225474E48CD3A6A3CE52332095, C90E1BC112EDED3035F2D440DDA6FC838D5D9B5F0D7CBE5E4672FEB1CC49F449 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:29:40.0162 0x1528  nvUpdatusService - ok
10:29:40.0178 0x1528  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:29:40.0178 0x1528  nv_agp - ok
10:29:40.0194 0x1528  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:29:40.0194 0x1528  ohci1394 - ok
10:29:40.0303 0x1528  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:29:40.0318 0x1528  ose - ok
10:29:40.0506 0x1528  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:29:40.0724 0x1528  osppsvc - ok
10:29:40.0771 0x1528  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:29:40.0786 0x1528  p2pimsvc - ok
10:29:40.0864 0x1528  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:29:40.0864 0x1528  p2psvc - ok
10:29:40.0927 0x1528  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
10:29:40.0927 0x1528  Parport - ok
10:29:40.0989 0x1528  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:29:40.0989 0x1528  partmgr - ok
10:29:41.0098 0x1528  [ 7C0582921913D00180EC2B8518BA135C, E44FA5FF498CC5C7E7CE120A6C5E1AAE206A450963335379FBE67C6B9E6F64B2 ] pbfilter        C:\Program Files\PeerBlock\pbfilter.sys
10:29:41.0114 0x1528  pbfilter - ok
10:29:41.0145 0x1528  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:29:41.0145 0x1528  PcaSvc - ok
10:29:41.0161 0x1528  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
10:29:41.0192 0x1528  pci - ok
10:29:41.0223 0x1528  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:29:41.0223 0x1528  pciide - ok
10:29:41.0254 0x1528  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:29:41.0286 0x1528  pcmcia - ok
10:29:41.0317 0x1528  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:29:41.0348 0x1528  pcw - ok
10:29:41.0410 0x1528  [ E70DA663558CFABE378A412C7748347D, F98D13AD7C889A4273A88B02A296B33503C52EB44A7338EE022FF580F1D15393 ] PdiPorts        C:\Windows\system32\DRIVERS\PdiPorts.sys
10:29:41.0410 0x1528  PdiPorts - ok
10:29:41.0551 0x1528  [ CD7C3234BBE062AB5A9127D831298491, 918FA09972694DF31357D28B24C2FAA8E5A56C1F319F386B484981C386CD63E2 ] PdiService      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
10:29:41.0551 0x1528  PdiService - ok
10:29:41.0582 0x1528  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:29:41.0598 0x1528  PEAUTH - ok
10:29:41.0738 0x1528  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:29:41.0863 0x1528  PerfHost - ok
10:29:41.0956 0x1528  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
10:29:42.0019 0x1528  pla - ok
10:29:42.0097 0x1528  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:29:42.0112 0x1528  PlugPlay - ok
10:29:42.0128 0x1528  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:29:42.0128 0x1528  PNRPAutoReg - ok
10:29:42.0144 0x1528  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:29:42.0144 0x1528  PNRPsvc - ok
10:29:42.0206 0x1528  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:29:42.0222 0x1528  PolicyAgent - ok
10:29:42.0284 0x1528  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
10:29:42.0284 0x1528  Power - ok
10:29:42.0315 0x1528  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:29:42.0362 0x1528  PptpMiniport - ok
10:29:42.0409 0x1528  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
10:29:42.0409 0x1528  Processor - ok
10:29:42.0487 0x1528  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:29:42.0487 0x1528  ProfSvc - ok
10:29:42.0487 0x1528  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
10:29:42.0487 0x1528  ProtectedStorage - ok
10:29:42.0549 0x1528  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:29:42.0549 0x1528  Psched - ok
10:29:42.0643 0x1528  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:29:42.0643 0x1528  PxHlpa64 - ok
10:29:42.0690 0x1528  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:29:42.0768 0x1528  ql2300 - ok
10:29:42.0799 0x1528  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:29:42.0799 0x1528  ql40xx - ok
10:29:42.0861 0x1528  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:29:42.0877 0x1528  QWAVE - ok
10:29:42.0877 0x1528  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:29:42.0877 0x1528  QWAVEdrv - ok
10:29:42.0892 0x1528  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:29:42.0892 0x1528  RasAcd - ok
10:29:42.0970 0x1528  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:29:42.0970 0x1528  RasAgileVpn - ok
10:29:42.0970 0x1528  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:29:42.0986 0x1528  RasAuto - ok
10:29:43.0002 0x1528  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:29:43.0002 0x1528  Rasl2tp - ok
10:29:43.0048 0x1528  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:29:43.0064 0x1528  RasMan - ok
10:29:43.0080 0x1528  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:29:43.0080 0x1528  RasPppoe - ok
10:29:43.0111 0x1528  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:29:43.0142 0x1528  RasSstp - ok
10:29:43.0158 0x1528  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:29:43.0158 0x1528  rdbss - ok
10:29:43.0173 0x1528  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:29:43.0189 0x1528  rdpbus - ok
10:29:43.0204 0x1528  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:29:43.0204 0x1528  RDPCDD - ok
10:29:43.0204 0x1528  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:29:43.0204 0x1528  RDPENCDD - ok
10:29:43.0220 0x1528  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:29:43.0220 0x1528  RDPREFMP - ok
10:29:43.0236 0x1528  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:29:43.0236 0x1528  RDPWD - ok
10:29:43.0251 0x1528  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:29:43.0282 0x1528  rdyboost - ok
10:29:43.0345 0x1528  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:29:43.0345 0x1528  RemoteAccess - ok
10:29:43.0360 0x1528  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:29:43.0360 0x1528  RemoteRegistry - ok
10:29:43.0376 0x1528  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:29:43.0376 0x1528  RpcEptMapper - ok
10:29:43.0438 0x1528  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:29:43.0438 0x1528  RpcLocator - ok
10:29:43.0501 0x1528  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
10:29:43.0516 0x1528  RpcSs - ok
10:29:43.0548 0x1528  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:29:43.0594 0x1528  rspndr - ok
10:29:43.0657 0x1528  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:29:43.0672 0x1528  RTL8167 - ok
10:29:43.0735 0x1528  [ 289CB80DDF870E60F74359A76EA23752, 8FE86D9F0A71F96CFD051961E68825E4C78398B096C4D8BBC2B27F67CE013604 ] RTLE8023x64     C:\Windows\system32\DRIVERS\Rtenic64.sys
10:29:43.0750 0x1528  RTLE8023x64 - ok
10:29:43.0813 0x1528  [ 1B4143F42998E57D064321C63A454788, 32744BE4F0DE3C7D6CA4AFCDF0A967447B26F2F175E0F22FA9D59D22150F10AD ] SAlphamHid      C:\Windows\system32\DRIVERS\SAlpham64.sys
10:29:43.0813 0x1528  SAlphamHid - ok
10:29:43.0828 0x1528  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
10:29:43.0828 0x1528  SamSs - ok
10:29:43.0844 0x1528  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:29:43.0844 0x1528  sbp2port - ok
10:29:43.0906 0x1528  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:29:43.0906 0x1528  SCardSvr - ok
10:29:43.0922 0x1528  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:29:43.0922 0x1528  scfilter - ok
10:29:43.0953 0x1528  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
10:29:44.0000 0x1528  Schedule - ok
10:29:44.0062 0x1528  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:29:44.0078 0x1528  SCPolicySvc - ok
10:29:44.0094 0x1528  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:29:44.0094 0x1528  SDRSVC - ok
10:29:44.0109 0x1528  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:29:44.0140 0x1528  secdrv - ok
10:29:44.0156 0x1528  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
10:29:44.0156 0x1528  seclogon - ok
10:29:44.0172 0x1528  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
10:29:44.0187 0x1528  SENS - ok
10:29:44.0250 0x1528  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:29:44.0250 0x1528  SensrSvc - ok
10:29:44.0250 0x1528  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:29:44.0250 0x1528  Serenum - ok
10:29:44.0265 0x1528  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:29:44.0296 0x1528  Serial - ok
10:29:44.0312 0x1528  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:29:44.0328 0x1528  sermouse - ok
10:29:44.0359 0x1528  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:29:44.0359 0x1528  SessionEnv - ok
10:29:44.0374 0x1528  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:29:44.0406 0x1528  sffdisk - ok
10:29:44.0437 0x1528  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:29:44.0437 0x1528  sffp_mmc - ok
10:29:44.0452 0x1528  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:29:44.0452 0x1528  sffp_sd - ok
10:29:44.0468 0x1528  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:29:44.0468 0x1528  sfloppy - ok
10:29:44.0515 0x1528  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:29:44.0515 0x1528  ShellHWDetection - ok
10:29:44.0593 0x1528  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:29:44.0593 0x1528  SiSRaid2 - ok
10:29:44.0608 0x1528  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:29:44.0608 0x1528  SiSRaid4 - ok
10:29:44.0671 0x1528  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:29:44.0671 0x1528  Smb - ok
10:29:44.0733 0x1528  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:29:44.0733 0x1528  SNMPTRAP - ok
10:29:44.0780 0x1528  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:29:44.0780 0x1528  spldr - ok
10:29:44.0858 0x1528  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
10:29:44.0874 0x1528  Spooler - ok
10:29:44.0983 0x1528  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:29:45.0092 0x1528  sppsvc - ok
10:29:45.0123 0x1528  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:29:45.0123 0x1528  sppuinotify - ok
10:29:45.0217 0x1528  [ 4C33F139236FD9BD14A920F60C1CB072, 806650B2AE7DC299DEC49C519E2452427B819213F863BFCC4188EDF075EAAD2D ] sptd            C:\Windows\system32\Drivers\sptd.sys
10:29:45.0217 0x1528  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 4C33F139236FD9BD14A920F60C1CB072, sha256: 806650B2AE7DC299DEC49C519E2452427B819213F863BFCC4188EDF075EAAD2D
10:29:45.0217 0x1528  sptd - detected LockedFile.Multi.Generic ( 1 )
10:29:47.0775 0x1528  Detect skipped due to KSN trusted
10:29:47.0775 0x1528  sptd - ok
10:29:47.0853 0x1528  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:29:47.0869 0x1528  srv - ok
10:29:47.0869 0x1528  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:29:47.0900 0x1528  srv2 - ok
10:29:47.0978 0x1528  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:29:47.0978 0x1528  srvnet - ok
10:29:48.0040 0x1528  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:29:48.0040 0x1528  SSDPSRV - ok
10:29:48.0056 0x1528  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:29:48.0056 0x1528  SstpSvc - ok
10:29:48.0072 0x1528  [ B1691AF4A072CB674D600DB16DD7308E, 214E35001E7BA10E8C329CE8904E900AA54F9B35C5329F2FF20E3156D6F21A8E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
10:29:48.0118 0x1528  StarWindServiceAE - ok
10:29:48.0150 0x1528  Steam Client Service - ok
10:29:48.0181 0x1528  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:29:48.0196 0x1528  stexstor - ok
10:29:48.0259 0x1528  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:29:48.0274 0x1528  stisvc - ok
10:29:48.0290 0x1528  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:29:48.0290 0x1528  swenum - ok
10:29:48.0446 0x1528  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:29:48.0586 0x1528  SwitchBoard - ok
10:29:48.0680 0x1528  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:29:48.0696 0x1528  swprv - ok
10:29:48.0742 0x1528  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
10:29:48.0820 0x1528  SysMain - ok
10:29:48.0867 0x1528  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:29:48.0867 0x1528  TabletInputService - ok
10:29:49.0070 0x1528  [ 5F5AC85DE73FD25AD36BF591185EC009, 03D2DC5CC642989ABDFC8839DAB44273B06E9F0A07FD04E36ED0017DBEE770EE ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
10:29:49.0288 0x1528  TabletServicePen - ok
10:29:49.0320 0x1528  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:29:49.0320 0x1528  TapiSrv - ok
10:29:49.0335 0x1528  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
10:29:49.0335 0x1528  TBS - ok
10:29:49.0444 0x1528  [ ACB82BDA8F46C84F465C1AFA517DC4B9, DE785AC33A0D63699E5E3E85E4C33694A15FBC9B93D432E8865C88E44CDF3E17 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:29:49.0522 0x1528  Tcpip - ok
10:29:49.0632 0x1528  [ ACB82BDA8F46C84F465C1AFA517DC4B9, DE785AC33A0D63699E5E3E85E4C33694A15FBC9B93D432E8865C88E44CDF3E17 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:29:49.0663 0x1528  TCPIP6 - ok
10:29:49.0678 0x1528  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:29:49.0678 0x1528  tcpipreg - ok
10:29:49.0694 0x1528  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:29:49.0710 0x1528  TDPIPE - ok
10:29:49.0756 0x1528  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:29:49.0756 0x1528  TDTCP - ok
10:29:49.0772 0x1528  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:29:49.0772 0x1528  tdx - ok
10:29:49.0788 0x1528  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:29:49.0788 0x1528  TermDD - ok
10:29:49.0819 0x1528  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
10:29:49.0834 0x1528  TermService - ok
10:29:49.0850 0x1528  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:29:49.0850 0x1528  Themes - ok
10:29:49.0912 0x1528  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:29:49.0912 0x1528  THREADORDER - ok
10:29:49.0990 0x1528  [ 7446E9D669A3B747BC4D11A82F69A5ED, 9562E3BABE24E4A50D7F0D9D566B5159814F7EB92DCCF1769DA1E8CCD750857B ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
10:29:50.0022 0x1528  TouchServicePen - ok
10:29:50.0068 0x1528  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:29:50.0068 0x1528  TrkWks - ok
10:29:50.0162 0x1528  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:29:50.0178 0x1528  TrustedInstaller - ok
10:29:50.0193 0x1528  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:29:50.0193 0x1528  tssecsrv - ok
10:29:50.0240 0x1528  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:29:50.0256 0x1528  TsUsbFlt - ok
10:29:50.0256 0x1528  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:29:50.0256 0x1528  TsUsbGD - ok
10:29:50.0318 0x1528  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:29:50.0318 0x1528  tunnel - ok
10:29:50.0334 0x1528  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:29:50.0334 0x1528  uagp35 - ok
10:29:50.0365 0x1528  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:29:50.0365 0x1528  udfs - ok
10:29:50.0427 0x1528  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:29:50.0427 0x1528  UI0Detect - ok
10:29:50.0443 0x1528  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:29:50.0443 0x1528  uliagpkx - ok
10:29:50.0505 0x1528  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:29:50.0505 0x1528  umbus - ok
10:29:50.0521 0x1528  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:29:50.0521 0x1528  UmPass - ok
10:29:50.0536 0x1528  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:29:50.0552 0x1528  upnphost - ok
10:29:50.0630 0x1528  [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:29:50.0630 0x1528  USBAAPL64 - ok
10:29:50.0708 0x1528  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:29:50.0708 0x1528  usbccgp - ok
10:29:50.0770 0x1528  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:29:50.0770 0x1528  usbcir - ok
10:29:50.0817 0x1528  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:29:50.0817 0x1528  usbehci - ok
10:29:50.0848 0x1528  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:29:50.0848 0x1528  usbhub - ok
10:29:50.0942 0x1528  [ FB8139DBDFE32979BDB64AA5D0D93504, 7E36F9844AE36A5756C889B97D83A0861221D930D8720C0463510C6DB152FD15 ] usbio           C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
10:29:50.0942 0x1528  usbio - ok
10:29:50.0958 0x1528  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:29:50.0973 0x1528  usbohci - ok
10:29:50.0989 0x1528  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:29:50.0989 0x1528  usbprint - ok
10:29:51.0051 0x1528  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:29:51.0051 0x1528  USBSTOR - ok
10:29:51.0098 0x1528  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:29:51.0098 0x1528  usbuhci - ok
10:29:51.0160 0x1528  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:29:51.0160 0x1528  UxSms - ok
10:29:51.0176 0x1528  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
10:29:51.0176 0x1528  VaultSvc - ok
10:29:51.0192 0x1528  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:29:51.0192 0x1528  vdrvroot - ok
10:29:51.0254 0x1528  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
10:29:51.0270 0x1528  vds - ok
10:29:51.0316 0x1528  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:29:51.0316 0x1528  vga - ok
10:29:51.0348 0x1528  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:29:51.0348 0x1528  VgaSave - ok
10:29:51.0363 0x1528  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:29:51.0363 0x1528  vhdmp - ok
10:29:51.0394 0x1528  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:29:51.0394 0x1528  viaide - ok
10:29:51.0410 0x1528  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:29:51.0410 0x1528  volmgr - ok
10:29:51.0441 0x1528  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:29:51.0441 0x1528  volmgrx - ok
10:29:51.0457 0x1528  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:29:51.0472 0x1528  volsnap - ok
10:29:51.0519 0x1528  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:29:51.0535 0x1528  vsmraid - ok
10:29:51.0582 0x1528  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
10:29:51.0628 0x1528  VSS - ok
10:29:51.0644 0x1528  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:29:51.0644 0x1528  vwifibus - ok
10:29:51.0660 0x1528  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:29:51.0675 0x1528  W32Time - ok
10:29:51.0722 0x1528  [ 43CE14E1E17DA81EA71DFE686805ED07, 5AAB31DC1AA628BC709CF66DF3FB5DFCC447F763804C50509D99544F4665E6E6 ] wacmoumonitor   C:\Windows\system32\DRIVERS\wacmoumonitor.sys
10:29:51.0722 0x1528  wacmoumonitor - ok
10:29:51.0784 0x1528  [ E04D43C7D1641E95D35CAE6086C7E350, BF08ED680EC835D70C522B91560B8987F206793E8E2987117C1D7B77DEFF8556 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:29:51.0784 0x1528  wacommousefilter - ok
10:29:51.0800 0x1528  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:29:51.0800 0x1528  WacomPen - ok
10:29:51.0862 0x1528  [ EC1CEB237E365330C1FCFC4876AA0AC0, 9BFF9062AC5E4B9D0C6502D8DE7E59B887903ED29F26157A5F82966932F1EBD0 ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
10:29:51.0862 0x1528  wacomvhid - ok
10:29:51.0925 0x1528  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:29:51.0925 0x1528  WANARP - ok
10:29:51.0940 0x1528  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:29:51.0940 0x1528  Wanarpv6 - ok
10:29:52.0034 0x1528  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:29:52.0081 0x1528  WatAdminSvc - ok
10:29:52.0174 0x1528  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:29:52.0237 0x1528  wbengine - ok
10:29:52.0252 0x1528  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:29:52.0268 0x1528  WbioSrvc - ok
10:29:52.0284 0x1528  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:29:52.0284 0x1528  wcncsvc - ok
10:29:52.0299 0x1528  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:29:52.0299 0x1528  WcsPlugInService - ok
10:29:52.0315 0x1528  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
10:29:52.0315 0x1528  Wd - ok
10:29:52.0346 0x1528  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:29:52.0362 0x1528  Wdf01000 - ok
10:29:52.0408 0x1528  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:29:52.0424 0x1528  WdiServiceHost - ok
10:29:52.0440 0x1528  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:29:52.0440 0x1528  WdiSystemHost - ok
10:29:52.0455 0x1528  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
10:29:52.0455 0x1528  WebClient - ok
10:29:52.0471 0x1528  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:29:52.0486 0x1528  Wecsvc - ok
10:29:52.0486 0x1528  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:29:52.0502 0x1528  wercplsupport - ok
10:29:52.0502 0x1528  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:29:52.0518 0x1528  WerSvc - ok
10:29:52.0518 0x1528  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:29:52.0518 0x1528  WfpLwf - ok
10:29:52.0533 0x1528  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:29:52.0533 0x1528  WIMMount - ok
10:29:52.0533 0x1528  WinHttpAutoProxySvc - ok
10:29:52.0627 0x1528  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:29:52.0674 0x1528  Winmgmt - ok
10:29:52.0783 0x1528  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:29:52.0861 0x1528  WinRM - ok
10:29:52.0939 0x1528  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:29:52.0954 0x1528  WinUsb - ok
10:29:52.0986 0x1528  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:29:53.0017 0x1528  Wlansvc - ok
10:29:53.0017 0x1528  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:29:53.0032 0x1528  WmiAcpi - ok
10:29:53.0079 0x1528  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:29:53.0079 0x1528  wmiApSrv - ok
10:29:53.0142 0x1528  WMPNetworkSvc - ok
10:29:53.0173 0x1528  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:29:53.0188 0x1528  WPCSvc - ok
10:29:53.0188 0x1528  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:29:53.0188 0x1528  WPDBusEnum - ok
10:29:53.0204 0x1528  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:29:53.0204 0x1528  ws2ifsl - ok
10:29:53.0204 0x1528  WSearch - ok
10:29:53.0235 0x1528  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:29:53.0235 0x1528  WudfPf - ok
10:29:53.0298 0x1528  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:29:53.0298 0x1528  WUDFRd - ok
10:29:53.0313 0x1528  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:29:53.0313 0x1528  wudfsvc - ok
10:29:53.0344 0x1528  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:29:53.0438 0x1528  WwanSvc - ok
10:29:53.0485 0x1528  ================ Scan global ===============================
10:29:53.0532 0x1528  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:29:53.0578 0x1528  [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\Windows\system32\winsrv.dll
10:29:53.0594 0x1528  [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\Windows\system32\winsrv.dll
10:29:53.0656 0x1528  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:29:53.0719 0x1528  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:29:53.0719 0x1528  [ Global ] - ok
10:29:53.0719 0x1528  ================ Scan MBR ==================================
10:29:53.0734 0x1528  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:29:53.0906 0x1528  \Device\Harddisk0\DR0 - ok
10:29:53.0906 0x1528  ================ Scan VBR ==================================
10:29:53.0906 0x1528  [ 9A206AD082728FB3736872668A077B76 ] \Device\Harddisk0\DR0\Partition1
10:29:53.0906 0x1528  \Device\Harddisk0\DR0\Partition1 - ok
10:29:53.0922 0x1528  [ 7FC4E3278BD8F2B7643A02754BCF1BE9 ] \Device\Harddisk0\DR0\Partition2
10:29:53.0922 0x1528  \Device\Harddisk0\DR0\Partition2 - ok
10:29:53.0922 0x1528  Waiting for KSN requests completion. In queue: 97
10:29:54.0936 0x1528  Waiting for KSN requests completion. In queue: 97
10:29:55.0950 0x1528  Waiting for KSN requests completion. In queue: 97
10:29:57.0010 0x1528  AV detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\WSCStub.exe (  ), 0x50000 ( disabled : updated )
10:29:57.0010 0x1528  FW detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\WSCStub.exe (  ), 0x50010 ( disabled )
10:29:57.0057 0x1528  Win FW state via NFP2: enabled
10:29:59.0631 0x1528  ============================================================
10:29:59.0631 0x1528  Scan finished
10:29:59.0631 0x1528  ============================================================
10:29:59.0631 0x0100  Detected object count: 0
10:29:59.0631 0x0100  Actual detected object count: 0
10:30:34.0639 0x12fc  Deinitialize success
 



#7 Jacedams

Jacedams
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 October 2013 - 10:36 AM

This problem I have keeps changing my internet security options from default to custom, because I have to change it every time I go to download each of these programs.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 AM

Posted 28 October 2013 - 10:36 AM

That
s good to see...

You will also need o reset your Winsock.

Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.
Reboot your system to complete the process
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 AM

Posted 28 October 2013 - 10:40 AM

Run Rkill first

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Jacedams

Jacedams
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 October 2013 - 11:07 AM

I ran ADW and rebooted. Should I "reset my winsock" and run rkill before continuing the first instructions you posted?

 

Here is the ADW report:

 

# AdwCleaner v3.010 - Report created 28/10/2013 at 10:49:33
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : James - OPTIMUS
# Running from : C:\Users\James\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Users\James\AppData\Local\Conduit
Folder Deleted : C:\Users\James\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\James\AppData\Local\unitlayers
Folder Deleted : C:\Users\James\AppData\Local\Wajam
Folder Deleted : C:\Users\James\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\James\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ijgvxko7.default\Smartbar
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ijgvxko7.default\CT3289847
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ijgvxko7.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ijgvxko7.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ijgvxko7.default\searchplugins\whitesmoke-new-customized-web-search.xml
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ijgvxko7.default\user.js
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16448

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ijgvxko7.default\prefs.js ]

Line Deleted : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.FirstTime", "true");
Line Deleted : user_pref("CT3289847.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289847.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NDEzMTMwNQ==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MjI4MDUyMw==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Ng==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "Mg==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MjI4MDk3MQ==");
Line Deleted : user_pref("CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM4MjI4MDcyNA==");
Line Deleted : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289847.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3289847.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3289847.SF_USER_ID.enc", "Y2lkXzE4NzIwMTMyODEzOTk5Mzc3Nw==");
Line Deleted : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN14940843323697163&UM=2&sspv=TB_CT3&q=");
Line Deleted : user_pref("CT3289847.UserID", "UN14940843323697163");
Line Deleted : user_pref("CT3289847.User_UniqueID.enc", "ZjQxMzMwNDktYzMwYS02MjZiLTY0MzgtMzNiMmRjYjQ4MGEy");
Line Deleted : user_pref("CT3289847.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3289847.cbfirsttime.enc", "VGh1IEp1bCAxOCAyMDEzIDAyOjA4OjI1IEdNVC0wNTAwIChDZW50cmFsIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3289847.countryCode", "US");
Line Deleted : user_pref("CT3289847.defaultSearch", "true");
Line Deleted : user_pref("CT3289847.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AzIiwidmVyc2lvbiI6MTB9");
Line Deleted : user_pref("CT3289847.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgyMjgwOTYxMDg1LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3289847.discover-user-id.enc", "IjAzNjc3NjA2LWNhYTMtNDQwMS1hZWMyLTJjY2M3MmZjMzlkNSI=");
Line Deleted : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3289847.enableAlerts", "true");
Line Deleted : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3289847.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3289847.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3289847.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3289847.fixUrls", true);
Line Deleted : user_pref("CT3289847.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3289847.hover_counter.enc", "MQ==");
Line Deleted : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "MmQ4YzkzYzEtODJiYi0yNTk2LTBlZGUtMWRkYTViMzcyMzVm");
Line Deleted : user_pref("CT3289847.hxxp___api30_starwebnet_com.pid2.enc", "NTAxNjYzMDQtOWU2ZS1iYjFhLWY2MDgtNWQ5NTNkYTNhNzU4");
Line Deleted : user_pref("CT3289847.hxxp___api31_starwebnet_com.pid2.enc", "NzQ2ZDY0OGEtYWQ3Yy1hOTNmLWIzNTktZDE3NjVhZmE2YjY2");
Line Deleted : user_pref("CT3289847.hxxp___api32_starwebnet_com.pid2.enc", "MTk0N2M3ZDMtNjA5NS1jYzZlLWM5NWUtMWI4NTgxM2UwMzVm");
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=");
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "OGM4MTFjMDMtYzFlZi1mZDIxLWNiZWItMDU5MTEyYWI2YzU4");
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Deleted : user_pref("CT3289847.impression_counter.enc", "MQ==");
Line Deleted : user_pref("CT3289847.impression_session_counter.enc", "MA==");
Line Deleted : user_pref("CT3289847.impression_session_id.enc", "ImQ2NjdmNjIzLTllM2ItNDQ4ZC04NzU5LWZmNDhmNTgzOTNmNSI=");
Line Deleted : user_pref("CT3289847.impression_session_last_active.enc", "MTM4MjI4MDk2MTQxOQ==");
Line Deleted : user_pref("CT3289847.installId", "9818");
Line Deleted : user_pref("CT3289847.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3289847.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289847.key_user_agree_ia12.enc", "MQ==");
Line Deleted : user_pref("CT3289847.keyword", true);
Line Deleted : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN14940843323697163&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3289847.lastVersion", "10.21.1.507");
Line Deleted : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM4MjI4MDAwMTM2Mg==");
Line Deleted : user_pref("CT3289847.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3289847.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI3ZjRlNDE4Zi01NmEzLTQ3ZWUtYmM4Ni1kZDYyZDAyM2FhYWEiLCJ[...]
Line Deleted : user_pref("CT3289847.mam_gk_currentBadgeValue.enc", "MQ==");
Line Deleted : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyI5MTg2ZjM4MS04Y2VkLTRhMTYtYTQ2Ny05NTI4MmQwYTBkNTMiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3289847.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM4MjI3OTk5ODQ4OA==");
Line Deleted : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3289847.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289847.mam_gk_newApps.enc", "W3siaWQiOiJFYXN5dG9ib29rY2FycyIsIm5hbWUiOiJlYXN5dG9ib29rIENhcnMiLCJkZXNjcmlwdGlvbiI6IlNtYXJ0IGNhciByZW50YWwgcHJpY2luZyBhcHAgdGhhdCB3aWxsIG9ubHkgZ2l2ZSB5b3UgY[...]
Line Deleted : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289847.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3289847.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3289847.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289847.mam_gk_userId.enc", "YzNjYjkyZTAtZjBmNi00ZTFkLWJjODQtNzBiMWIzOTI5M2Jj");
Line Deleted : user_pref("CT3289847.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3289847.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3289847.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://WhiteSmokeNew.OurToolbar.[...]
Line Deleted : user_pref("CT3289847.openThankYouPage", "false");
Line Deleted : user_pref("CT3289847.openUninstallPage", "true");
Line Deleted : user_pref("CT3289847.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3289847.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3289847.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3289847.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Line Deleted : user_pref("CT3289847.search.searchCount", "0");
Line Deleted : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3289847.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3289847.searchUserMode", "2");
Line Deleted : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New \"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_services_Configuration_lastUpdate", "1380144505355");
Line Deleted : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1379950512902");
Line Deleted : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1380144507207");
Line Deleted : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1379950512905");
Line Deleted : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1373129043963");
Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.2.600_lastUpdate", "1373129044889");
Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375931815608");
Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380144527644");
Line Deleted : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1379950512907");
Line Deleted : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1380144505016");
Line Deleted : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1380144527644");
Line Deleted : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1379950512904");
Line Deleted : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1380144507109");
Line Deleted : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1380144512673");
Line Deleted : user_pref("CT3289847.settingsINI", true);
Line Deleted : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3289847.showToolbarPermission", "false");
Line Deleted : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Line Deleted : user_pref("CT3289847.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289847.smartbar.homepage", true);
Line Deleted : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Line Deleted : user_pref("CT3289847.startPage", "true");
Line Deleted : user_pref("CT3289847.toolbarBornServerTime", "6-7-2013");
Line Deleted : user_pref("CT3289847.toolbarCurrentServerTime", "8-8-2013");
Line Deleted : user_pref("CT3289847.toolbarLoginClientTime", "Sat Jul 06 2013 11:44:04 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3289847.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzODIyODA5NTc4ODYsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM4MjI4MDk1Nzg4NywsLGh0dHBz[...]
Line Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382924889559,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN14940843323697163&UM=2&SearchSource=13&sspv=TB_CT3");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN14940843323697163&UM=2&sspv=TB_CT3&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Line Deleted : user_pref("browser.search.defaultenginename", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN14940843323697163&UM=2&SearchSource=13&sspv=TB_CT3");
Line Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Line Deleted : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';win[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.walmart.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1373129036561 - processBrowserLoad - Bad mappingListJsonString: null\n1373129038034 - onFlagInfoReceived - JSON Received: {\"unique_id\":\"843F0A984D87C5E30936[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "843F0A984D87C5E30936C33FE2B020BB");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.25");
Line Deleted : user_pref("extensions.wajam.website_version", "1.00277.0");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=&ctid=CT3289847&SearchSource=2&CUI=UN14940843323697163&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN14940843323697163&UM=2&SearchSource=13&sspv=TB_CT3");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN14940843323697163&UM=2&sspv=TB_CT3&q=,hxxp://search.conduit.com/Results[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.machineId", "PTI/UMEG7UUP5K6KQXW3FXQW+C4KONDRSS7AAC+W1/4KDTCMLOAOQCQBTMO+TLIBWWG/WXHSZHFHHRFJ9RIJUA");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [24071 octets] - [28/10/2013 10:38:43]
AdwCleaner[S0].txt - [24362 octets] - [28/10/2013 10:49:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24423 octets] ##########



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 AM

Posted 28 October 2013 - 11:28 AM

Yes reset it next if you can,but it can be done later. It may ease up some of your issues.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Jacedams

Jacedams
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 October 2013 - 11:30 AM

The Rkill report:

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/28/2013 11:28:53 AM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\$RECYCLE.BIN\S-1-5-18\$6a6dcdf9588a518e34c1a07681b746a9\ [ZA Dir]
     * C:\$RECYCLE.BIN\S-1-5-18\$6a6dcdf9588a518e34c1a07681b746a9\@ [ZA File]
     * C:\$RECYCLE.BIN\S-1-5-18\$6a6dcdf9588a518e34c1a07681b746a9\L\ [ZA Dir]
     * C:\$RECYCLE.BIN\S-1-5-18\$6a6dcdf9588a518e34c1a07681b746a9\L\00000004.@ [ZA File]
     * C:\$RECYCLE.BIN\S-1-5-18\$6a6dcdf9588a518e34c1a07681b746a9\L\201d3dde [ZA File]
     * C:\$RECYCLE.BIN\S-1-5-18\$6a6dcdf9588a518e34c1a07681b746a9\U\ [ZA Dir]

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * BITS [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * C:\Windows\System32\user32.dll : 1,008,640 : 08/23/2012 02:02 PM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
 +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 08/23/2012 02:02 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/20/2010 10:24 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/20/2010 10:24 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File:

 * No issues found.

Program finished at: 10/28/2013 11:29:22 AM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 AM

Posted 28 October 2013 - 11:35 AM

There it is ... Rootkit Zeroaccess
This will require you to start a new topic to properly remove it. We need specific tools..

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.

EDIT you can stop the other tools.

Edited by boopme, 28 October 2013 - 11:35 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Jacedams

Jacedams
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 October 2013 - 11:38 AM

Okay, thank you for your help! Are you confident this can be resolved?

 

New Topic posted in Virus, Trojan, Spyware, and Malware Removal Logs,

 

Infected with Rootkit Zeroaccess (I think this is the name)


Edited by Jacedams, 28 October 2013 - 12:07 PM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:54 AM

Posted 28 October 2013 - 12:23 PM

Absolutely.. we just need to see where it is all hidden

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users