Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezing Up after cleaning it up


  • This topic is locked This topic is locked
41 replies to this topic

#1 John_NYR

John_NYR

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 06 November 2013 - 04:30 PM

I first received something on my computer that was causing it to be incredibly slow.  I was unable to run full scans with Malewarebytes and ESET scan.  When I went to download ADW Cleaner I contracted the conduit toolbar.  I believe I removed the toolbar and the computer is now working up until a point where it freezes.  I used ADW Cleaner, Malewarebytes using Chameleon and JRT removal.

 

I cannot complete an EST scan and the computer only gives me a certain amount of time before it freezes.  At this point I need expert help.

 

Here is the dds.txt and I attached the attach.txt file, thank you in advance for the help I am not sure what my next step is.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.45.2
Run by JohnJ at 14:59:29 on 2013-11-06
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2657 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wermgr.exe
C:\windows\system32\wermgr.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpage.com/
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{5167FFE7-2A07-4E31-9E5C-3F19EF9E073D} : DHCPNameServer = 192.168.1.1 68.237.161.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - 
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-11-3 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-11-3 205320]
R1 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2013-11-3 447888]
R1 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-18 28176]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-10-18 167816]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-18 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-10-18 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-18 271872]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-10-18 239616]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-10-18 229456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-18 13336]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-18 242720]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== Created Last 30 ================
.
2013-11-06 19:57:14 -------- d-----w- C:\Users\JohnJ\AppData\Local\{0B4F6969-FD67-46B1-8FF3-DD3E1FEDC39E}
2013-11-06 19:13:07 -------- d-----w- C:\Users\JohnJ\AppData\Local\{A5213D95-E690-495C-A57F-01BB9D7F9C59}
2013-11-06 01:07:16 -------- d-----w- C:\Users\JohnJ\AppData\Local\{BF7D310C-9393-4878-AB09-D30D730B436F}
2013-11-06 00:53:07 -------- d-----w- C:\Users\JohnJ\AppData\Local\{25A79D21-4CEC-4F19-A475-FAD4D9E81514}
2013-11-06 00:31:44 -------- d-----w- C:\windows\ERUNT
2013-11-05 22:40:09 -------- d-----w- C:\Users\JohnJ\AppData\Local\ESET
2013-11-05 21:43:11 -------- d-----w- C:\Program Files\ESET
2013-11-05 20:03:04 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-05 20:02:34 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-11-05 19:56:30 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-11-05 16:47:52 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{989E729B-5BAE-4AED-BB3E-E315040081B7}\mpengine.dll
2013-11-05 00:19:17 -------- d-----w- C:\Users\JohnJ\AppData\Roaming\SUPERAntiSpyware.com
2013-11-05 00:19:10 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-11-04 14:42:22 -------- d-----w- C:\avast! sandbox
2013-11-04 04:04:12 447888 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2013-11-04 03:49:25 -------- d-----w- C:\AdwCleaner
2013-11-04 02:26:53 -------- d-----w- C:\Users\JohnJ\AppData\Roaming\AVAST Software
2013-11-04 02:26:21 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-11-04 02:26:21 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-11-04 02:26:15 43152 ----a-w- C:\windows\avastSS.scr
2013-11-04 02:25:46 -------- d-----w- C:\Program Files\AVAST Software
2013-11-04 02:22:11 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-25 21:09:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 21:07:21 -------- d-----w- C:\Program Files\Bonjour
2013-10-25 21:07:21 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-10-18 02:34:39 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-18 01:58:37 -------- d-----w- C:\ProgramData\Oracle
.
==================== Find3M  ====================
.
2013-09-17 20:17:38 239320 ----a-w- C:\windows\System32\drivers\eamonm.sys
2013-09-17 20:17:38 239296 ----a-w- C:\windows\System32\drivers\edevmon.sys
2013-09-17 20:17:38 168256 ----a-w- C:\windows\System32\drivers\ehdrv.sys
2013-09-17 20:17:38 157432 ----a-w- C:\windows\System32\drivers\epfwwfpr.sys
2013-09-03 18:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-08-13 20:59:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-13 20:59:19 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 15:01:53.82 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 11 November 2013 - 04:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513251 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 John_NYR

John_NYR
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 12 November 2013 - 11:45 AM

Hello - My computer is still extremely slow to startup which was not the case before I had the infections so I believe the computer may still be infected.  I have Windows 7 Home 64-bit.  
 
Here is my DDS and the attach log is attached.  Thank you again for your help.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.45.2
Run by JohnJ at 11:32:43 on 2013-11-12
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.1987 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
C:\windows\system32\RunDll32.exe
C:\windows\system32\wermgr.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wermgr.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpage.com/
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{5167FFE7-2A07-4E31-9E5C-3F19EF9E073D} : DHCPNameServer = 192.168.1.1 68.237.161.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - 
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-11-3 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-11-3 205320]
R1 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2013-11-3 447888]
R1 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-18 13336]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-18 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-18 28176]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-10-18 167816]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-18 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-10-18 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-18 271872]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-10-18 239616]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-10-18 229456]
S?3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-18 242720]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-5 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== Created Last 30 ================
.
2013-11-12 16:18:44 -------- d-----w- C:\Users\JohnJ\AppData\Local\{947FBBEC-D6DA-42FF-BB6F-E5A375450AB0}
2013-11-06 21:22:20 -------- d-----w- C:\Users\JohnJ\AppData\Local\{CB98394C-685C-446F-992D-70C1FEC8E01A}
2013-11-06 19:57:14 -------- d-----w- C:\Users\JohnJ\AppData\Local\{0B4F6969-FD67-46B1-8FF3-DD3E1FEDC39E}
2013-11-06 19:13:07 -------- d-----w- C:\Users\JohnJ\AppData\Local\{A5213D95-E690-495C-A57F-01BB9D7F9C59}
2013-11-06 01:07:16 -------- d-----w- C:\Users\JohnJ\AppData\Local\{BF7D310C-9393-4878-AB09-D30D730B436F}
2013-11-06 00:53:07 -------- d-----w- C:\Users\JohnJ\AppData\Local\{25A79D21-4CEC-4F19-A475-FAD4D9E81514}
2013-11-06 00:31:44 -------- d-----w- C:\windows\ERUNT
2013-11-05 22:40:09 -------- d-----w- C:\Users\JohnJ\AppData\Local\ESET
2013-11-05 21:43:11 -------- d-----w- C:\Program Files\ESET
2013-11-05 20:03:04 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-05 20:02:34 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-11-05 19:56:30 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-11-05 16:47:52 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{989E729B-5BAE-4AED-BB3E-E315040081B7}\mpengine.dll
2013-11-05 00:19:17 -------- d-----w- C:\Users\JohnJ\AppData\Roaming\SUPERAntiSpyware.com
2013-11-05 00:19:10 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-11-04 14:42:22 -------- d-----w- C:\avast! sandbox
2013-11-04 04:04:12 447888 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2013-11-04 03:49:25 -------- d-----w- C:\AdwCleaner
2013-11-04 02:26:53 -------- d-----w- C:\Users\JohnJ\AppData\Roaming\AVAST Software
2013-11-04 02:26:21 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-11-04 02:26:21 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-11-04 02:26:15 43152 ----a-w- C:\windows\avastSS.scr
2013-11-04 02:25:46 -------- d-----w- C:\Program Files\AVAST Software
2013-11-04 02:22:11 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-25 21:09:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 21:07:21 -------- d-----w- C:\Program Files\Bonjour
2013-10-25 21:07:21 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-10-18 02:34:39 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-18 01:58:37 -------- d-----w- C:\ProgramData\Oracle
.
==================== Find3M  ====================
.
2013-09-17 20:17:38 239320 ----a-w- C:\windows\System32\drivers\eamonm.sys
2013-09-17 20:17:38 239296 ----a-w- C:\windows\System32\drivers\edevmon.sys
2013-09-17 20:17:38 168256 ----a-w- C:\windows\System32\drivers\ehdrv.sys
2013-09-17 20:17:38 157432 ----a-w- C:\windows\System32\drivers\epfwwfpr.sys
2013-09-03 18:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 11:33:11.49 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2011 6:11:50 AM
System Uptime: 11/12/2013 11:17:25 AM (0 hours ago)
.
Motherboard: LENOVO | | Base Board Product Name
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 204.914 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 27.773 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet J6400 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
RP387: 11/6/2013 1:52:15 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
6400_Help
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Mobile Device Support
ArcSoft MediaImpression for Kodak
avast! Internet Security
BitPim 1.0.7
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom 802.11 Wireless Driver
BufferChm
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
DocProc
Energy Management
ESET NOD32 Antivirus
ETDWare PS/2-x64 7.0.4.18_WHQL
Fax
Fidelity Active Trader Pro®
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HP Imaging Device Functions 13.0
HP OfficeJet J6400
HP Product Detection
HP Smart Web Printing 4.51
HP Update
HPDiagnosticAlert
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
J6400
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Lenovo DirectShare
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Smile Dock
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Oasis2Service 1.0
OCR Software by I.R.I.S. 13.0
Onekey Theater
ooVoo
Power2Go
ProductContext
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
SmartWebPrinting
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VeriFace
WebReg
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
11/6/2013 5:15:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswNdisFlt aswRvrt aswVmm DfsC discache eamonm ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 5:15:19 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
11/12/2013 11:32:49 AM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.
11/12/2013 11:32:49 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/12/2013 11:31:17 AM, Error: Service Control Manager [7022] - The Windows Time service hung on starting.
11/12/2013 11:29:01 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/12/2013 11:28:56 AM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.
11/12/2013 11:28:56 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/12/2013 11:26:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
11/12/2013 11:20:53 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
11/12/2013 11:20:06 AM, Error: Service Control Manager [7022] - The IKE and AuthIP IPsec Keying Modules service hung on starting.
11/12/2013 11:20:01 AM, Error: Service Control Manager [7022] - The Apple Mobile Device service hung on starting.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 18 November 2013 - 09:34 AM.
Posted Attach.txt


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 16 November 2013 - 04:40 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 17 November 2013 - 03:12 AM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 AM

Posted 18 November 2013 - 09:31 AM

Greetings John_NYR and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I apologize for the extended delay but things are quite busy these days.

While I review the information you already posted please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 John_NYR

John_NYR
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 18 November 2013 - 03:55 PM

Hi Gary please call me by my first name, John, and thank you very much for helping me.  Here are the results from the FRST scan:

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by JohnJ (administrator) on JOHNJ-PC on 18-11-2013 15:47:38
Running from C:\Users\JohnJ\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\system32\wermgr.exe
(Microsoft Corporation) C:\windows\system32\wermgr.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-06-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
MountPoints2: F - F:\SETUP.EXE /AUTORUN
MountPoints2: {3b14c842-4bdd-11e2-860a-88ae1ddd22d3} - E:\MI.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-10-18] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-06-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {82DF796F-1AC9-4356-A3E4-F2DFB643F660} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\JohnJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JohnJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JohnJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JohnJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\JohnJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\JohnJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-23] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2013-11-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-03] ()
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-03] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
U3 BcmSqlStartupSvc; 
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
U3 IGRS; 
U2 IviRegMgr; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
U3 SQLWriter; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-18 15:47 - 2013-11-18 15:48 - 00013424 _____ C:\Users\JohnJ\Desktop\FRST.txt
2013-11-18 15:47 - 2013-11-18 15:47 - 00000000 ____D C:\FRST
2013-11-18 15:44 - 2013-11-18 15:44 - 01957964 _____ (Farbar) C:\Users\JohnJ\Desktop\FRST64.exe
2013-11-18 15:32 - 2013-11-18 15:32 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{6D5D8C19-52BE-4381-9B28-3D4978060B78}
2013-11-12 11:31 - 2013-11-12 11:31 - 00688992 ____R (Swearware) C:\Users\JohnJ\Downloads\dds (1).com
2013-11-12 11:18 - 2013-11-12 11:29 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{947FBBEC-D6DA-42FF-BB6F-E5A375450AB0}
2013-11-06 16:22 - 2013-11-06 16:22 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{CB98394C-685C-446F-992D-70C1FEC8E01A}
2013-11-06 15:02 - 2013-11-12 11:33 - 00016623 _____ C:\Users\JohnJ\Desktop\dds.txt
2013-11-06 15:02 - 2013-11-12 11:33 - 00010983 _____ C:\Users\JohnJ\Desktop\attach.txt
2013-11-06 14:58 - 2013-11-06 14:58 - 00688992 ____R (Swearware) C:\Users\JohnJ\Downloads\dds.com
2013-11-06 14:57 - 2013-11-06 14:57 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{0B4F6969-FD67-46B1-8FF3-DD3E1FEDC39E}
2013-11-06 14:13 - 2013-11-06 14:13 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{A5213D95-E690-495C-A57F-01BB9D7F9C59}
2013-11-05 20:07 - 2013-11-05 20:18 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{BF7D310C-9393-4878-AB09-D30D730B436F}
2013-11-05 19:53 - 2013-11-05 19:53 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{25A79D21-4CEC-4F19-A475-FAD4D9E81514}
2013-11-05 19:40 - 2013-11-05 19:40 - 00116896 _____ C:\Users\JohnJ\Desktop\JRT.txt
2013-11-05 19:31 - 2013-11-05 19:31 - 01034531 _____ (Thisisu) C:\Users\JohnJ\Downloads\JRT.exe
2013-11-05 19:31 - 2013-11-05 19:31 - 00000000 ____D C:\windows\ERUNT
2013-11-05 17:40 - 2013-11-05 17:40 - 00000000 ____D C:\Users\JohnJ\AppData\Local\ESET
2013-11-05 17:20 - 2013-11-05 17:21 - 01073262 _____ C:\Users\JohnJ\Downloads\AdwCleaner (1).exe
2013-11-05 17:19 - 2013-11-05 17:19 - 01073262 _____ C:\Users\JohnJ\Downloads\AdwCleaner.exe
2013-11-05 16:43 - 2013-11-05 16:43 - 00000000 ____D C:\ProgramData\ESET
2013-11-05 16:43 - 2013-11-05 16:43 - 00000000 ____D C:\Program Files\ESET
2013-11-05 16:40 - 2013-11-05 16:40 - 01682336 _____ (ESET) C:\Users\JohnJ\Downloads\eset_nod32_antivirus_live_installer.exe
2013-11-05 15:03 - 2013-11-05 16:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-05 15:02 - 2013-11-05 16:28 - 00000000 ____D C:\Users\JohnJ\Desktop\mbar
2013-11-05 15:02 - 2013-11-05 15:02 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-11-05 14:56 - 2013-11-05 18:11 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-11-04 19:32 - 2013-11-04 19:32 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-04 19:19 - 2013-11-05 11:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-04 19:19 - 2013-11-04 19:19 - 00000000 ____D C:\Users\JohnJ\AppData\Roaming\SUPERAntiSpyware.com
2013-11-04 09:42 - 2013-11-04 09:42 - 00000000 ____D C:\avast! sandbox
2013-11-03 23:04 - 2013-11-03 23:04 - 00447888 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2013-11-03 22:49 - 2013-11-05 18:12 - 00000000 ____D C:\AdwCleaner
2013-11-03 21:26 - 2013-11-03 23:05 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2013-11-03 21:26 - 2013-11-03 21:26 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-03 21:26 - 2013-11-03 21:26 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-03 21:26 - 2013-11-03 21:26 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-03 21:26 - 2013-11-03 21:26 - 00000000 ____D C:\Users\JohnJ\AppData\Roaming\AVAST Software
2013-11-03 21:25 - 2013-11-05 16:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-03 21:22 - 2013-11-05 16:37 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-03 18:08 - 2013-11-03 18:08 - 00002477 _____ C:\Users\JohnJ\Downloads\License_14352130.avastlic
2013-10-25 16:09 - 2013-11-03 23:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 16:07 - 2013-10-25 16:07 - 00000000 ____D C:\Program Files\Bonjour
2013-10-25 16:07 - 2013-10-25 16:07 - 00000000 ____D C:\Program Files (x86)\Bonjour
 
==================== One Month Modified Files and Folders =======
 
2013-11-18 15:48 - 2013-11-18 15:47 - 00013424 _____ C:\Users\JohnJ\Desktop\FRST.txt
2013-11-18 15:47 - 2013-11-18 15:47 - 00000000 ____D C:\FRST
2013-11-18 15:44 - 2013-11-18 15:44 - 01957964 _____ (Farbar) C:\Users\JohnJ\Desktop\FRST64.exe
2013-11-18 15:43 - 2009-07-13 23:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 15:43 - 2009-07-13 23:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 15:38 - 2011-01-03 06:11 - 14583477 _____ C:\FaceProv.log
2013-11-18 15:32 - 2013-11-18 15:32 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{6D5D8C19-52BE-4381-9B28-3D4978060B78}
2013-11-18 15:31 - 2011-01-05 04:46 - 00000000 ____D C:\Users\JohnJ\Tracing
2013-11-18 15:31 - 2011-01-03 06:52 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 15:31 - 2010-10-18 19:02 - 00000000 ____D C:\ProgramData\VeriFace
2013-11-18 15:31 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-18 15:31 - 2009-07-13 23:51 - 00132018 _____ C:\windows\setupact.log
2013-11-12 11:47 - 2010-10-18 18:17 - 01754475 _____ C:\windows\WindowsUpdate.log
2013-11-12 11:33 - 2013-11-06 15:02 - 00016623 _____ C:\Users\JohnJ\Desktop\dds.txt
2013-11-12 11:33 - 2013-11-06 15:02 - 00010983 _____ C:\Users\JohnJ\Desktop\attach.txt
2013-11-12 11:31 - 2013-11-12 11:31 - 00688992 ____R (Swearware) C:\Users\JohnJ\Downloads\dds (1).com
2013-11-12 11:29 - 2013-11-12 11:18 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{947FBBEC-D6DA-42FF-BB6F-E5A375450AB0}
2013-11-06 16:22 - 2013-11-06 16:22 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{CB98394C-685C-446F-992D-70C1FEC8E01A}
2013-11-06 15:01 - 2011-01-03 06:52 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-06 14:58 - 2013-11-06 14:58 - 00688992 ____R (Swearware) C:\Users\JohnJ\Downloads\dds.com
2013-11-06 14:57 - 2013-11-06 14:57 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{0B4F6969-FD67-46B1-8FF3-DD3E1FEDC39E}
2013-11-06 14:13 - 2013-11-06 14:13 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{A5213D95-E690-495C-A57F-01BB9D7F9C59}
2013-11-06 13:52 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-05 20:18 - 2013-11-05 20:07 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{BF7D310C-9393-4878-AB09-D30D730B436F}
2013-11-05 20:06 - 2009-07-14 00:08 - 00032538 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-05 19:53 - 2013-11-05 19:53 - 00000000 ____D C:\Users\JohnJ\AppData\Local\{25A79D21-4CEC-4F19-A475-FAD4D9E81514}
2013-11-05 19:40 - 2013-11-05 19:40 - 00116896 _____ C:\Users\JohnJ\Desktop\JRT.txt
2013-11-05 19:31 - 2013-11-05 19:31 - 01034531 _____ (Thisisu) C:\Users\JohnJ\Downloads\JRT.exe
2013-11-05 19:31 - 2013-11-05 19:31 - 00000000 ____D C:\windows\ERUNT
2013-11-05 18:12 - 2013-11-03 22:49 - 00000000 ____D C:\AdwCleaner
2013-11-05 18:11 - 2013-11-05 14:56 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-11-05 17:40 - 2013-11-05 17:40 - 00000000 ____D C:\Users\JohnJ\AppData\Local\ESET
2013-11-05 17:21 - 2013-11-05 17:20 - 01073262 _____ C:\Users\JohnJ\Downloads\AdwCleaner (1).exe
2013-11-05 17:19 - 2013-11-05 17:19 - 01073262 _____ C:\Users\JohnJ\Downloads\AdwCleaner.exe
2013-11-05 16:43 - 2013-11-05 16:43 - 00000000 ____D C:\ProgramData\ESET
2013-11-05 16:43 - 2013-11-05 16:43 - 00000000 ____D C:\Program Files\ESET
2013-11-05 16:40 - 2013-11-05 16:40 - 01682336 _____ (ESET) C:\Users\JohnJ\Downloads\eset_nod32_antivirus_live_installer.exe
2013-11-05 16:37 - 2013-11-03 21:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-05 16:37 - 2013-11-03 21:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-05 16:37 - 2011-01-03 06:37 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-11-05 16:35 - 2011-01-05 03:58 - 00015714 _____ C:\windows\PFRO.log
2013-11-05 16:28 - 2013-11-05 15:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-05 16:28 - 2013-11-05 15:02 - 00000000 ____D C:\Users\JohnJ\Desktop\mbar
2013-11-05 15:02 - 2013-11-05 15:02 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-11-05 14:47 - 2010-10-18 18:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-05 14:46 - 2011-01-03 06:12 - 00000000 ___RD C:\Users\JohnJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-05 14:46 - 2011-01-03 06:12 - 00000000 ___RD C:\Users\JohnJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-05 14:44 - 2009-07-14 00:13 - 00727334 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-05 11:41 - 2013-11-04 19:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-04 19:32 - 2013-11-04 19:32 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-04 19:32 - 2011-01-03 06:52 - 00000000 ____D C:\Users\JohnJ\AppData\Local\Google
2013-11-04 19:32 - 2011-01-03 06:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-04 19:19 - 2013-11-04 19:19 - 00000000 ____D C:\Users\JohnJ\AppData\Roaming\SUPERAntiSpyware.com
2013-11-04 09:42 - 2013-11-04 09:42 - 00000000 ____D C:\avast! sandbox
2013-11-03 23:16 - 2013-10-25 16:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-03 23:05 - 2013-11-03 21:26 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2013-11-03 23:04 - 2013-11-03 23:04 - 00447888 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2013-11-03 23:04 - 2012-07-07 12:37 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-03 21:26 - 2013-11-03 21:26 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-03 21:26 - 2013-11-03 21:26 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-03 21:26 - 2013-11-03 21:26 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-03 21:26 - 2013-11-03 21:26 - 00000000 ____D C:\Users\JohnJ\AppData\Roaming\AVAST Software
2013-11-03 20:58 - 2011-01-03 06:37 - 00000000 ____D C:\ProgramData\Alwil Software
2013-11-03 20:57 - 2011-01-03 06:37 - 00000000 ____D C:\Program Files\Alwil Software
2013-11-03 18:08 - 2013-11-03 18:08 - 00002477 _____ C:\Users\JohnJ\Downloads\License_14352130.avastlic
2013-11-03 17:22 - 2013-08-25 22:25 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-03 17:19 - 2011-01-03 06:11 - 00000000 ____D C:\Users\JohnJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-11-03 17:19 - 2011-01-03 06:11 - 00000000 ____D C:\Users\JohnJ
2013-11-03 17:19 - 2009-07-29 02:23 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-03 17:19 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2013-11-03 17:19 - 2009-07-13 22:20 - 00000000 ____D C:\windows\AppCompat
2013-10-29 18:48 - 2011-01-05 16:58 - 00000000 ____D C:\Users\JohnJ\AppData\Roaming\Apple Computer
2013-10-25 16:09 - 2011-01-05 16:56 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-25 16:08 - 2011-01-05 16:56 - 00000000 ____D C:\ProgramData\Apple
2013-10-25 16:07 - 2013-10-25 16:07 - 00000000 ____D C:\Program Files\Bonjour
2013-10-25 16:07 - 2013-10-25 16:07 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-10-22 13:00 - 2011-06-30 10:08 - 00000000 ____D C:\Users\JohnJ\Documents\AE
 
Some content of TEMP:
====================
C:\Users\JohnJ\AppData\Local\Temp\APNSetup.exe
C:\Users\JohnJ\AppData\Local\Temp\APNStub.exe
C:\Users\JohnJ\AppData\Local\Temp\BackupSetup.exe
C:\Users\JohnJ\AppData\Local\Temp\contentDATs.exe
C:\Users\JohnJ\AppData\Local\Temp\InstHelper.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\mediaimpression_2.0.24.1127.exe
C:\Users\JohnJ\AppData\Local\Temp\msg2B6D.exe
C:\Users\JohnJ\AppData\Local\Temp\msg537.exe
C:\Users\JohnJ\AppData\Local\Temp\MSN4F79.exe
C:\Users\JohnJ\AppData\Local\Temp\mssinstaller.exe
C:\Users\JohnJ\AppData\Local\Temp\msvcr90.dll
C:\Users\JohnJ\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\JohnJ\AppData\Local\Temp\Quarantine.exe
C:\Users\JohnJ\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\JohnJ\AppData\Local\Temp\sqlite3.dll
C:\Users\JohnJ\AppData\Local\Temp\vcredist_x64.exe
C:\Users\JohnJ\AppData\Local\Temp\yaqckxkz.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-23 07:46
 
==================== End Of Log ============================
 
 
 
 
 
Addition
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by JohnJ at 2013-11-18 15:50:03
Running from C:\Users\JohnJ\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 7.2.8)
6400_Help (x32 Version: 1.00.0000)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
ArcSoft MediaImpression for Kodak (x32 Version: 2.0.24.704)
avast! Internet Security (x32 Version: 9.0.2007)
BitPim 1.0.7 (x32 Version: 1.0.7)
Bonjour (Version: 3.0.0.10)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 130.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
Broadcom 802.11 Wireless Driver (x32 Version: 1.0.0.0)
BufferChm (x32 Version: 130.0.331.000)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.111.0.62)
CyberLink YouCam (x32 Version: 3.0.3030)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 130.0.465.000)
DocProc (x32 Version: 13.0.0.0)
Energy Management (x32 Version: 5.4.0.8)
ESET NOD32 Antivirus (Version: 7.0.302.26)
ETDWare PS/2-x64 7.0.4.18_WHQL (Version: 7.0.4.18)
Fax (x32 Version: 130.0.418.000)
Fidelity Active Trader Pro® (x32 Version: 9.9.344.0)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP OfficeJet J6400 (Version: 13.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Update (x32 Version: 5.003.001.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2104)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
J6400 (x32 Version: 130.0.000.000)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo DirectShare (x32 Version: 1.0.1.38)
Lenovo EasyCamera (x32 Version: 6.96.2018.21)
Lenovo OneKey Recovery (Version: 7.0.1230)
Lenovo OneKey Recovery (x32 Version: 7.0.1230)
Lenovo Smile Dock (x32 Version: 2.0.201.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 2.1.121.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 130.0.579.000)
Network64 (Version: 140.0.221.000)
Oasis2Service 1.0 (x32 Version: 1.0.0)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Onekey Theater (x32 Version: 2.0.1.7)
ooVoo (x32 Version: 2.2.4.25)
Power2Go (x32 Version: 5.6.0.4809d4)
ProductContext (x32 Version: 130.0.000.000)
QuickTime (x32 Version: 7.69.80.9)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30116)
Scan (x32 Version: 140.0.80.000)
SmartWebPrinting (x32 Version: 130.0.457.000)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Status (x32 Version: 130.0.469.000)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VeriFace (x32 Version: 3.6.0.1211)
WebReg (x32 Version: 130.0.132.017)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (Version: 10/19/2009 5.4.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
06-11-2013 18:52:15 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0ED570FB-8F39-4809-8099-71B3E7EE8CFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03] (Google Inc.)
Task: {22203320-D4E9-4029-8157-9556191F0CAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03] (Google Inc.)
Task: {6C7F676E-92F9-48AD-BD81-A55AE44883D7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {EFA4A704-E86A-4C1A-8B1F-E87F4430A247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FB2F582B-7C87-4174-A90F-1409C49396DB} - \BackgroundContainer Startup Task No Task File
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-18 19:00 - 2009-12-18 21:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-10-18 19:00 - 2009-12-18 21:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-10-18 19:02 - 2010-10-18 19:02 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-10-18 19:02 - 2010-10-18 19:02 - 00622592 _____ () C:\windows\system32\SimpleExt.dll
2010-10-18 19:10 - 2009-07-15 10:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-10-18 19:10 - 2009-07-15 10:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-23 05:39 - 2010-06-23 05:39 - 00049152 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\DdniCore.dll
2010-06-23 05:39 - 2010-06-23 05:39 - 00033280 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\AspUpdate.dll
2010-10-18 19:00 - 2009-12-18 21:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-10-18 19:00 - 2009-12-18 21:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2010-10-18 19:02 - 2010-10-18 19:02 - 00492896 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-01-10 17:34 - 2013-01-10 17:34 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-10-18 18:27 - 2010-03-03 15:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-11-04 19:31 - 2013-10-08 19:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-11-04 19:31 - 2013-10-08 19:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-11-04 19:31 - 2013-10-08 19:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-11-04 19:31 - 2013-10-08 19:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-11-04 19:31 - 2013-10-08 19:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/18/2013 03:47:00 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15c4
 
Start Time: 01cee49f202bd2bf
 
Termination Time: 16
 
Application Path: C:\Users\JohnJ\Desktop\FRST64.exe
 
Report Id: 8544195d-5092-11e3-8cc2-88ae1ddd22d3
 
 
System errors:
=============
Error: (11/18/2013 03:44:51 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1070
 
Error: (11/18/2013 03:44:51 PM) (Source: Service Control Manager) (User: )
Description: The Windows Time service hung on starting.
 
Error: (11/18/2013 03:44:50 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service hung on starting.
 
Error: (11/18/2013 03:42:42 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1070
 
Error: (11/18/2013 03:42:42 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service hung on starting.
 
Error: (11/18/2013 03:41:22 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1070
 
Error: (11/18/2013 03:41:22 PM) (Source: Service Control Manager) (User: )
Description: The SSDP Discovery service hung on starting.
 
Error: (11/18/2013 03:39:50 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1070
 
Error: (11/18/2013 03:39:50 PM) (Source: Service Control Manager) (User: )
Description: The SSDP Discovery service hung on starting.
 
Error: (11/18/2013 03:39:50 PM) (Source: DCOM) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
 
Microsoft Office Sessions:
=========================
Error: (11/18/2013 03:47:00 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.115c401cee49f202bd2bf16C:\Users\JohnJ\Desktop\FRST64.exe8544195d-5092-11e3-8cc2-88ae1ddd22d3
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 41%
Total physical RAM: 3894.85 MB
Available physical RAM: 2295.71 MB
Total Pagefile: 7787.84 MB
Available Pagefile: 5995.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:204.78 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6900E781)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================
 
 
 
 
 
 
 

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 AM

Posted 18 November 2013 - 04:18 PM

Hi John,

Nice to meet you. Hopefully we can figure out what is going on.

Please run these for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
MountPoints2: F - F:\SETUP.EXE /AUTORUN
MountPoints2: {3b14c842-4bdd-11e2-860a-88ae1ddd22d3} - E:\MI.exe
SearchScopes: HKCU - DefaultScope {82DF796F-1AC9-4356-A3E4-F2DFB643F660} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
C:\Users\JohnJ\AppData\Local\Temp\APNSetup.exe
C:\Users\JohnJ\AppData\Local\Temp\APNStub.exe
C:\Users\JohnJ\AppData\Local\Temp\BackupSetup.exe
C:\Users\JohnJ\AppData\Local\Temp\contentDATs.exe
C:\Users\JohnJ\AppData\Local\Temp\InstHelper.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\mediaimpression_2.0.24.1127.exe
C:\Users\JohnJ\AppData\Local\Temp\msg2B6D.exe
C:\Users\JohnJ\AppData\Local\Temp\msg537.exe
C:\Users\JohnJ\AppData\Local\Temp\MSN4F79.exe
C:\Users\JohnJ\AppData\Local\Temp\mssinstaller.exe
C:\Users\JohnJ\AppData\Local\Temp\msvcr90.dll
C:\Users\JohnJ\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\JohnJ\AppData\Local\Temp\Quarantine.exe
C:\Users\JohnJ\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\JohnJ\AppData\Local\Temp\sqlite3.dll
C:\Users\JohnJ\AppData\Local\Temp\vcredist_x64.exe
C:\Users\JohnJ\AppData\Local\Temp\yaqckxkz.dll
Task: {FB2F582B-7C87-4174-A90F-1409C49396DB} - \BackgroundContainer Startup Task No Task File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • BSOD log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 John_NYR

John_NYR
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 18 November 2013 - 05:42 PM

I am having trouble with BluescreenView as I have saved it to my desktop, followed the instructions and when I click install I end up with the BlueScreenView box with Dump File on top and Filename on the bottom, however, there is nothing to select.  I believe it is not installing correctly.  I'm not sure if there is an issue or if I am doing something incorrectly.  Before I click the install button it shows a list of startup folders that I would like to install in.

 

Also, I have had the computer freeze up on me after a period of time, which is one of the original symptoms.

 

Here is the fixlog:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by JohnJ at 2013-11-18 16:40:02 Run:1
Running from C:\Users\JohnJ\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
MountPoints2: F - F:\SETUP.EXE /AUTORUN
MountPoints2: {3b14c842-4bdd-11e2-860a-88ae1ddd22d3} - E:\MI.exe
SearchScopes: HKCU - DefaultScope {82DF796F-1AC9-4356-A3E4-F2DFB643F660} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
C:\Users\JohnJ\AppData\Local\Temp\APNSetup.exe
C:\Users\JohnJ\AppData\Local\Temp\APNStub.exe
C:\Users\JohnJ\AppData\Local\Temp\BackupSetup.exe
C:\Users\JohnJ\AppData\Local\Temp\contentDATs.exe
C:\Users\JohnJ\AppData\Local\Temp\InstHelper.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\JohnJ\AppData\Local\Temp\mediaimpression_2.0.24.1127.exe
C:\Users\JohnJ\AppData\Local\Temp\msg2B6D.exe
C:\Users\JohnJ\AppData\Local\Temp\msg537.exe
C:\Users\JohnJ\AppData\Local\Temp\MSN4F79.exe
C:\Users\JohnJ\AppData\Local\Temp\mssinstaller.exe
C:\Users\JohnJ\AppData\Local\Temp\msvcr90.dll
C:\Users\JohnJ\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\JohnJ\AppData\Local\Temp\Quarantine.exe
C:\Users\JohnJ\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\JohnJ\AppData\Local\Temp\sqlite3.dll
C:\Users\JohnJ\AppData\Local\Temp\vcredist_x64.exe
C:\Users\JohnJ\AppData\Local\Temp\yaqckxkz.dll
Task: {FB2F582B-7C87-4174-A90F-1409C49396DB} - \BackgroundContainer Startup Task No Task File
*****************
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b14c842-4bdd-11e2-860a-88ae1ddd22d3} => Key deleted successfully.
HKCR\CLSID\{3b14c842-4bdd-11e2-860a-88ae1ddd22d3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
C:\Users\JohnJ\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\InstHelper.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\mediaimpression_2.0.24.1127.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\msg2B6D.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\msg537.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\MSN4F79.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\msvcr90.dll => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\pc-decrapifier.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\JohnJ\AppData\Local\Temp\yaqckxkz.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB2F582B-7C87-4174-A90F-1409C49396DB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB2F582B-7C87-4174-A90F-1409C49396DB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
 
==== End of Fixlog ====

 

 

 

 

 

 

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 AM

Posted 18 November 2013 - 05:55 PM

Thanks for you efforts. We will sideline BlueScreenView for now. Are you experiencing any internet related difficulties?

Please run this now.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 John_NYR

John_NYR
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 18 November 2013 - 06:19 PM

Hi Gary the internet seems to be working ok, it sometimes takes a little longer than normal to connect on startup but I'm not sure if that's just random as it doesn't happen every time.

 

Here is the RogueKiller Log:

 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : JohnJ [Admin rights]
Mode : Remove -- Date : 11/18/2013 18:14:36
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-24A23T0 +++++
--- User ---
[MBR] e5b280bfa0a804d220f05414f81673d0
[BSP] 3104c3ba66ef66890a8446396494100a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 260243 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_11182013_181436.txt >>
RKreport[0]_S_11182013_181349.txt
 
 
 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 AM

Posted 18 November 2013 - 06:29 PM

Thanks John,

We are going to run one more malware tool then if things aren't better I am going to have you run a report for me.

Please do this.

===================================================

Run TDSSKiller by Kaspersky on Windows 8/7/Vista

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 John_NYR

John_NYR
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 18 November 2013 - 07:41 PM

It doesn't look like it found any threats, here is the log:

 

19:18:44.0324 0x07a0  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
19:18:53.0387 0x07a0  ============================================================
19:18:53.0387 0x07a0  Current date / time: 2013/11/18 19:18:53.0387
19:18:53.0387 0x07a0  SystemInfo:
19:18:53.0387 0x07a0  
19:18:53.0387 0x07a0  OS Version: 6.1.7600 ServicePack: 0.0
19:18:53.0387 0x07a0  Product type: Workstation
19:18:53.0387 0x07a0  ComputerName: JOHNJ-PC
19:18:53.0387 0x07a0  UserName: JohnJ
19:18:53.0387 0x07a0  Windows directory: C:\windows
19:18:53.0387 0x07a0  System windows directory: C:\windows
19:18:53.0387 0x07a0  Running under WOW64
19:18:53.0387 0x07a0  Processor architecture: Intel x64
19:18:53.0387 0x07a0  Number of processors: 2
19:18:53.0387 0x07a0  Page size: 0x1000
19:18:53.0387 0x07a0  Boot type: Normal boot
19:18:53.0387 0x07a0  ============================================================
19:18:55.0774 0x07a0  KLMD registered as C:\windows\system32\drivers\58144932.sys
19:18:56.0383 0x07a0  System UUID: {3379277E-D54C-322C-7E18-F02C5F604D47}
19:18:57.0459 0x07a0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:18:57.0490 0x07a0  ============================================================
19:18:57.0490 0x07a0  \Device\Harddisk0\DR0:
19:18:57.0490 0x07a0  MBR partitions:
19:18:57.0490 0x07a0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
19:18:57.0490 0x07a0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
19:18:57.0521 0x07a0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
19:18:57.0521 0x07a0  ============================================================
19:18:57.0568 0x07a0  C: <-> \Device\Harddisk0\DR0\Partition2
19:18:57.0615 0x07a0  D: <-> \Device\Harddisk0\DR0\Partition3
19:18:57.0615 0x07a0  ============================================================
19:18:57.0615 0x07a0  Initialize success
19:18:57.0615 0x07a0  ============================================================
19:19:04.0042 0x05d0  ============================================================
19:19:04.0042 0x05d0  Scan started
19:19:04.0042 0x05d0  Mode: Manual; 
19:19:04.0042 0x05d0  ============================================================
19:19:04.0042 0x05d0  KSN ping started
19:25:23.0826 0x05d0  KSN ping finished: true
19:25:24.0372 0x05d0  ================ Scan system memory ========================
19:25:24.0372 0x05d0  System memory - ok
19:25:24.0372 0x05d0  ================ Scan services =============================
19:25:24.0996 0x05d0  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
19:25:25.0245 0x05d0  1394ohci - ok
19:25:25.0620 0x05d0  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:25:25.0620 0x05d0  ACDaemon - ok
19:25:26.0072 0x05d0  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
19:25:26.0103 0x05d0  ACPI - ok
19:25:26.0150 0x05d0  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\windows\system32\DRIVERS\acpipmi.sys
19:25:26.0181 0x05d0  AcpiPmi - ok
19:25:26.0291 0x05d0  [ DC201246A14CB3B274DF59FAF539AB07, D4DAED256E9EDD5ADD7384E9FD9F8DC2B1029543BC894367B582BA7119FABD94 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
19:25:26.0291 0x05d0  ACPIVPC - ok
19:25:26.0509 0x05d0  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:25:26.0509 0x05d0  AdobeARMservice - ok
19:25:26.0665 0x05d0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
19:25:26.0712 0x05d0  adp94xx - ok
19:25:26.0883 0x05d0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
19:25:26.0930 0x05d0  adpahci - ok
19:25:27.0055 0x05d0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
19:25:27.0071 0x05d0  adpu320 - ok
19:25:27.0117 0x05d0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:25:27.0117 0x05d0  AeLookupSvc - ok
19:25:30.0066 0x05d0  [ 6CCD1135320109D6B219F1A6E04AD9F6, B97D4DF46DF0EFC106BD3E248C70809F3F47DF3FD1CA039A0A3923E1FA05A969 ] Afc             C:\windows\syswow64\drivers\Afc.sys
19:25:30.0081 0x05d0  Afc - ok
19:25:30.0331 0x05d0  [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD             C:\windows\system32\drivers\afd.sys
19:25:30.0347 0x05d0  AFD - ok
19:25:30.0409 0x05d0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\DRIVERS\agp440.sys
19:25:30.0409 0x05d0  agp440 - ok
19:25:30.0440 0x05d0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
19:25:30.0456 0x05d0  ALG - ok
19:25:30.0471 0x05d0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\DRIVERS\aliide.sys
19:25:30.0471 0x05d0  aliide - ok
19:25:30.0503 0x05d0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\DRIVERS\amdide.sys
19:25:30.0503 0x05d0  amdide - ok
19:25:30.0534 0x05d0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
19:25:30.0534 0x05d0  AmdK8 - ok
19:25:30.0565 0x05d0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
19:25:30.0565 0x05d0  AmdPPM - ok
19:25:30.0612 0x05d0  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:25:30.0612 0x05d0  amdsata - ok
19:25:30.0659 0x05d0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
19:25:30.0674 0x05d0  amdsbs - ok
19:25:30.0721 0x05d0  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:25:30.0721 0x05d0  amdxata - ok
19:25:30.0783 0x05d0  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\windows\system32\drivers\appid.sys
19:25:30.0783 0x05d0  AppID - ok
19:25:30.0815 0x05d0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:25:30.0830 0x05d0  AppIDSvc - ok
19:25:30.0861 0x05d0  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\windows\System32\appinfo.dll
19:25:30.0877 0x05d0  Appinfo - ok
19:25:30.0955 0x05d0  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:25:30.0971 0x05d0  Apple Mobile Device - ok
19:25:31.0002 0x05d0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
19:25:31.0002 0x05d0  arc - ok
19:25:31.0033 0x05d0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
19:25:31.0033 0x05d0  arcsas - ok
19:25:31.0111 0x05d0  [ F342BA969535A992208ABC670CA89171, 51AF58D9964347258408FC706B4013B81D52B3874F1D57EB157429FAB68D90DC ] aswNdisFlt      C:\windows\system32\DRIVERS\aswNdisFlt.sys
19:25:31.0142 0x05d0  aswNdisFlt - ok
19:25:31.0189 0x05d0  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
19:25:31.0205 0x05d0  aswRvrt - ok
19:25:31.0251 0x05d0  [ 59787B95DD9CA44CB139D96863438587, C36E1A812931BBEACE38BF1E621C950439144979E31961C016AD1AE323579058 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
19:25:31.0267 0x05d0  aswVmm - ok
19:25:31.0314 0x05d0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:25:31.0314 0x05d0  AsyncMac - ok
19:25:31.0361 0x05d0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\DRIVERS\atapi.sys
19:25:31.0361 0x05d0  atapi - ok
19:25:31.0439 0x05d0  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:25:31.0501 0x05d0  AudioEndpointBuilder - ok
19:25:31.0548 0x05d0  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\windows\System32\Audiosrv.dll
19:25:31.0563 0x05d0  AudioSrv - ok
19:25:31.0626 0x05d0  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:25:31.0641 0x05d0  AxInstSV - ok
19:25:31.0719 0x05d0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
19:25:31.0751 0x05d0  b06bdrv - ok
19:25:31.0829 0x05d0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
19:25:31.0844 0x05d0  b57nd60a - ok
19:25:32.0063 0x05d0  [ 47B210F18D8A7762C508960C4E475FB0, 382240BE9D6935C9AE6C16FBC0CEAA026B363DF37B0C69D136044691479AC167 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl664.sys
19:25:32.0156 0x05d0  BCM43XX - ok
19:25:32.0297 0x05d0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
19:25:32.0297 0x05d0  BDESVC - ok
19:25:32.0359 0x05d0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
19:25:32.0359 0x05d0  Beep - ok
19:25:32.0453 0x05d0  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\windows\System32\bfe.dll
19:25:32.0499 0x05d0  BFE - ok
19:25:32.0562 0x05d0  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\windows\System32\qmgr.dll
19:25:32.0593 0x05d0  BITS - ok
19:25:32.0624 0x05d0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:25:32.0640 0x05d0  blbdrive - ok
19:25:32.0733 0x05d0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:25:32.0765 0x05d0  Bonjour Service - ok
19:25:32.0811 0x05d0  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:25:32.0811 0x05d0  bowser - ok
19:25:32.0843 0x05d0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
19:25:32.0858 0x05d0  BrFiltLo - ok
19:25:32.0874 0x05d0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
19:25:32.0874 0x05d0  BrFiltUp - ok
19:25:32.0921 0x05d0  [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser         C:\windows\System32\browser.dll
19:25:32.0921 0x05d0  Browser - ok
19:25:32.0952 0x05d0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:25:32.0983 0x05d0  Brserid - ok
19:25:32.0999 0x05d0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:25:32.0999 0x05d0  BrSerWdm - ok
19:25:33.0030 0x05d0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:25:33.0030 0x05d0  BrUsbMdm - ok
19:25:33.0045 0x05d0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:25:33.0045 0x05d0  BrUsbSer - ok
19:25:33.0092 0x05d0  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
19:25:33.0092 0x05d0  BthEnum - ok
19:25:33.0123 0x05d0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
19:25:33.0123 0x05d0  BTHMODEM - ok
19:25:33.0155 0x05d0  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
19:25:33.0155 0x05d0  BthPan - ok
19:25:33.0233 0x05d0  [ D59773C7FDD3D795D6FE402EEEA8D71E, 9A26A1A3254D7BCDFADFFC9FD5D1A53A3DF12AC874FB2525AD33B87E42EFC5B1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
19:25:33.0279 0x05d0  BTHPORT - ok
19:25:33.0311 0x05d0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
19:25:33.0326 0x05d0  bthserv - ok
19:25:33.0373 0x05d0  [ 8504842634DD144C075B6B0C982CCEC4, BFBB8D67F146FBD4813BB8B29A3865C222966DA2B043732A5BCD759A40F4E5CE ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
19:25:33.0373 0x05d0  BTHUSB - ok
19:25:33.0451 0x05d0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:25:33.0451 0x05d0  cdfs - ok
19:25:33.0498 0x05d0  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:25:33.0513 0x05d0  cdrom - ok
19:25:33.0560 0x05d0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\windows\System32\certprop.dll
19:25:33.0560 0x05d0  CertPropSvc - ok
19:25:33.0576 0x05d0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
19:25:33.0591 0x05d0  circlass - ok
19:25:33.0638 0x05d0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
19:25:33.0669 0x05d0  CLFS - ok
19:25:33.0732 0x05d0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:25:33.0732 0x05d0  clr_optimization_v2.0.50727_32 - ok
19:25:33.0825 0x05d0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:25:33.0825 0x05d0  clr_optimization_v2.0.50727_64 - ok
19:25:33.0903 0x05d0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:25:33.0903 0x05d0  clr_optimization_v4.0.30319_32 - ok
19:25:33.0966 0x05d0  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:25:33.0981 0x05d0  clr_optimization_v4.0.30319_64 - ok
19:25:34.0028 0x05d0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:25:34.0028 0x05d0  CmBatt - ok
19:25:34.0044 0x05d0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\DRIVERS\cmdide.sys
19:25:34.0044 0x05d0  cmdide - ok
19:25:34.0106 0x05d0  [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG             C:\windows\system32\Drivers\cng.sys
19:25:34.0153 0x05d0  CNG - ok
19:25:34.0231 0x05d0  [ 7247A4D0875F5F28919E0787E11B7B57, 9F79077619E626A8DAE74D9EF819BF1D061455CBCAD23C491EC595A2F6C21DED ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
19:25:34.0262 0x05d0  CnxtHdAudService - ok
19:25:34.0309 0x05d0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
19:25:34.0309 0x05d0  Compbatt - ok
19:25:34.0325 0x05d0  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:25:34.0340 0x05d0  CompositeBus - ok
19:25:34.0356 0x05d0  COMSysApp - ok
19:25:34.0371 0x05d0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
19:25:34.0371 0x05d0  crcdisk - ok
19:25:34.0434 0x05d0  [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:25:34.0449 0x05d0  CryptSvc - ok
19:25:34.0574 0x05d0  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:25:34.0605 0x05d0  cvhsvc - ok
19:25:34.0668 0x05d0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\windows\system32\rpcss.dll
19:25:34.0715 0x05d0  DcomLaunch - ok
19:25:34.0777 0x05d0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
19:25:34.0808 0x05d0  defragsvc - ok
19:25:34.0839 0x05d0  [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:25:34.0855 0x05d0  DfsC - ok
19:25:34.0886 0x05d0  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\windows\system32\dhcpcore.dll
19:25:34.0917 0x05d0  Dhcp - ok
19:25:34.0949 0x05d0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
19:25:34.0949 0x05d0  discache - ok
19:25:34.0980 0x05d0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
19:25:34.0995 0x05d0  Disk - ok
19:25:35.0058 0x05d0  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:25:35.0058 0x05d0  Dnscache - ok
19:25:35.0120 0x05d0  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\windows\System32\dot3svc.dll
19:25:35.0151 0x05d0  dot3svc - ok
19:25:35.0229 0x05d0  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
19:25:35.0229 0x05d0  Dot4 - ok
19:25:35.0276 0x05d0  [ 85135AD27E79B689335C08167D917CDE, B023ABF4CC71862AE107B27D3CD698517074A97FA76A8AE18058ACF39AC1E786 ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
19:25:35.0276 0x05d0  Dot4Print - ok
19:25:35.0307 0x05d0  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
19:25:35.0307 0x05d0  dot4usb - ok
19:25:35.0354 0x05d0  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\windows\system32\dps.dll
19:25:35.0370 0x05d0  DPS - ok
19:25:35.0401 0x05d0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:25:35.0417 0x05d0  drmkaud - ok
19:25:35.0495 0x05d0  [ 24CE1ECF9D0AE0301775B07F5FEA175B, 9FECFD05A950A978D7BCF6E044FE9E48E4405EEE6D037EFCE24962FCD0CC9040 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:25:35.0526 0x05d0  DXGKrnl - ok
19:25:35.0619 0x05d0  [ FE96AA1A36E76588C80DF1040286DDE1, 86EED8A0B59CD1930E6282997537ED94333FC7D45E3FE5A4D82057E1C8E5C2CD ] eamonm          C:\windows\system32\DRIVERS\eamonm.sys
19:25:35.0635 0x05d0  eamonm - ok
19:25:35.0697 0x05d0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
19:25:35.0697 0x05d0  EapHost - ok
19:25:35.0869 0x05d0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
19:25:36.0025 0x05d0  ebdrv - ok
19:25:36.0087 0x05d0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS             C:\windows\System32\lsass.exe
19:25:36.0103 0x05d0  EFS - ok
19:25:36.0181 0x05d0  [ 807BA90D47F8885C09E1D6AFBB706E18, A803FE639C9C87733CA73D8F6C04A8CEB28DC45EEEA6CEC01ED3D4124C8E48EA ] ehdrv           C:\windows\system32\DRIVERS\ehdrv.sys
19:25:36.0197 0x05d0  ehdrv - ok
19:25:36.0306 0x05d0  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
19:25:36.0368 0x05d0  ehRecvr - ok
19:25:36.0415 0x05d0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
19:25:36.0431 0x05d0  ehSched - ok
19:25:36.0633 0x05d0  [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
19:25:36.0680 0x05d0  ekrn - ok
19:25:36.0743 0x05d0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
19:25:36.0774 0x05d0  elxstor - ok
19:25:36.0836 0x05d0  [ FEE856E92AFCC61DA146F186E291FFD7, 37F703320EFBA75B9AEF1969CAFFBF32463E1D3B1C4BD05DC9E4C6CA60AA81AB ] epfwwfpr        C:\windows\system32\DRIVERS\epfwwfpr.sys
19:25:36.0836 0x05d0  epfwwfpr - ok
19:25:36.0867 0x05d0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\DRIVERS\errdev.sys
19:25:36.0867 0x05d0  ErrDev - ok
19:25:36.0945 0x05d0  [ FB558CEBEA17A6B63205985DFF39E662, D62375B81E76A48B4BCF747384B650D17773CF03C4FA2EF7D5FA88A763C655C0 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
19:25:36.0961 0x05d0  ETD - ok
19:25:37.0008 0x05d0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
19:25:37.0055 0x05d0  EventSystem - ok
19:25:37.0086 0x05d0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
19:25:37.0101 0x05d0  exfat - ok
19:25:37.0117 0x05d0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:25:37.0133 0x05d0  fastfat - ok
19:25:37.0226 0x05d0  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\windows\system32\fxssvc.exe
19:25:37.0273 0x05d0  Fax - ok
19:25:37.0304 0x05d0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
19:25:37.0304 0x05d0  fdc - ok
19:25:37.0320 0x05d0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
19:25:37.0335 0x05d0  fdPHost - ok
19:25:37.0335 0x05d0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
19:25:37.0351 0x05d0  FDResPub - ok
19:25:37.0367 0x05d0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:25:37.0367 0x05d0  FileInfo - ok
19:25:37.0398 0x05d0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:25:37.0398 0x05d0  Filetrace - ok
19:25:37.0445 0x05d0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
19:25:37.0445 0x05d0  flpydisk - ok
19:25:37.0507 0x05d0  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:25:37.0523 0x05d0  FltMgr - ok
19:25:37.0616 0x05d0  [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache       C:\windows\system32\FntCache.dll
19:25:37.0663 0x05d0  FontCache - ok
19:25:37.0725 0x05d0  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:25:37.0741 0x05d0  FontCache3.0.0.0 - ok
19:25:37.0772 0x05d0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:25:37.0772 0x05d0  FsDepends - ok
19:25:37.0803 0x05d0  [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:25:37.0819 0x05d0  Fs_Rec - ok
19:25:37.0866 0x05d0  [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:25:37.0881 0x05d0  fvevol - ok
19:25:37.0913 0x05d0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
19:25:37.0913 0x05d0  gagp30kx - ok
19:25:37.0991 0x05d0  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\windows\System32\gpsvc.dll
19:25:38.0037 0x05d0  gpsvc - ok
19:25:38.0100 0x05d0  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:38.0115 0x05d0  gupdate - ok
19:25:38.0147 0x05d0  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:38.0147 0x05d0  gupdatem - ok
19:25:38.0178 0x05d0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:25:38.0193 0x05d0  hcw85cir - ok
19:25:38.0240 0x05d0  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:25:38.0271 0x05d0  HdAudAddService - ok
19:25:38.0318 0x05d0  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:25:38.0318 0x05d0  HDAudBus - ok
19:25:38.0381 0x05d0  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
19:25:38.0381 0x05d0  HECIx64 - ok
19:25:38.0412 0x05d0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
19:25:38.0412 0x05d0  HidBatt - ok
19:25:38.0427 0x05d0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
19:25:38.0443 0x05d0  HidBth - ok
19:25:38.0459 0x05d0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
19:25:38.0474 0x05d0  HidIr - ok
19:25:38.0505 0x05d0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
19:25:38.0505 0x05d0  hidserv - ok
19:25:38.0552 0x05d0  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:25:38.0552 0x05d0  HidUsb - ok
19:25:38.0583 0x05d0  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\windows\system32\kmsvc.dll
19:25:38.0599 0x05d0  hkmsvc - ok
19:25:38.0630 0x05d0  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:25:38.0661 0x05d0  HomeGroupListener - ok
19:25:38.0677 0x05d0  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:25:38.0693 0x05d0  HomeGroupProvider - ok
19:25:38.0817 0x05d0  [ 08457D8F8149757C70CEA59C71EC5D27, DC89AB78F423950E1C1A6B64CE46E6395AA8F43456A70BE1D3A517F568068BA5 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:25:38.0833 0x05d0  hpqcxs08 - ok
19:25:38.0849 0x05d0  [ 75CC8C5146A3FB76221A7606628778D5, 2FDD943E22E38083639DF61335DEFE9C38685158D8BF0528834C1B657DC1DE6F ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:25:38.0864 0x05d0  hpqddsvc - ok
19:25:38.0895 0x05d0  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\windows\system32\DRIVERS\HpSAMD.sys
19:25:38.0895 0x05d0  HpSAMD - ok
19:25:39.0020 0x05d0  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:25:39.0083 0x05d0  HPSLPSVC - ok
19:25:39.0145 0x05d0  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:25:39.0207 0x05d0  HTTP - ok
19:25:39.0223 0x05d0  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:25:39.0223 0x05d0  hwpolicy - ok
19:25:39.0254 0x05d0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:25:39.0270 0x05d0  i8042prt - ok
19:25:39.0348 0x05d0  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
19:25:39.0363 0x05d0  iaStor - ok
19:25:39.0473 0x05d0  [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:25:39.0473 0x05d0  IAStorDataMgrSvc - ok
19:25:39.0535 0x05d0  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:25:39.0566 0x05d0  iaStorV - ok
19:25:39.0675 0x05d0  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:25:39.0753 0x05d0  idsvc - ok
19:25:40.0143 0x05d0  [ 09CE164AFA8483E41808784D7FCA154E, 43557E44C8339469BD34B54D2080AF041356F0201A7ECA3A6EEEA9C9C7D78F87 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
19:25:40.0533 0x05d0  igfx - ok
19:25:40.0611 0x05d0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
19:25:40.0611 0x05d0  iirsp - ok
19:25:40.0705 0x05d0  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\windows\System32\ikeext.dll
19:25:40.0752 0x05d0  IKEEXT - ok
19:25:40.0799 0x05d0  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
19:25:40.0814 0x05d0  Impcd - ok
19:25:40.0845 0x05d0  [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
19:25:40.0877 0x05d0  IntcDAud - ok
19:25:40.0892 0x05d0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\DRIVERS\intelide.sys
19:25:40.0908 0x05d0  intelide - ok
19:25:40.0939 0x05d0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:25:40.0939 0x05d0  intelppm - ok
19:25:40.0986 0x05d0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:25:41.0001 0x05d0  IPBusEnum - ok
19:25:41.0033 0x05d0  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:25:41.0033 0x05d0  IpFilterDriver - ok
19:25:41.0079 0x05d0  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:25:41.0126 0x05d0  iphlpsvc - ok
19:25:41.0142 0x05d0  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\windows\system32\DRIVERS\IPMIDrv.sys
19:25:41.0157 0x05d0  IPMIDRV - ok
19:25:41.0173 0x05d0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:25:41.0173 0x05d0  IPNAT - ok
19:25:41.0220 0x05d0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:25:41.0235 0x05d0  IRENUM - ok
19:25:41.0251 0x05d0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
19:25:41.0251 0x05d0  isapnp - ok
19:25:41.0282 0x05d0  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
19:25:41.0313 0x05d0  iScsiPrt - ok
19:25:41.0360 0x05d0  [ 7DBAFE10C1B777305C80BEA42FBDA710, 768638FAD1FF94F2C15E2F1558F9A03730195B041CCBBC82241EC1F92CD7D46F ] k57nd60a        C:\windows\system32\DRIVERS\k57nd60a.sys
19:25:41.0376 0x05d0  k57nd60a - ok
19:25:41.0407 0x05d0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:25:41.0407 0x05d0  kbdclass - ok
19:25:41.0438 0x05d0  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
19:25:41.0438 0x05d0  kbdhid - ok
19:25:41.0454 0x05d0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso          C:\windows\system32\lsass.exe
19:25:41.0469 0x05d0  KeyIso - ok
19:25:41.0516 0x05d0  [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:25:41.0516 0x05d0  KSecDD - ok
19:25:41.0563 0x05d0  [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:25:41.0579 0x05d0  KSecPkg - ok
19:25:41.0594 0x05d0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
19:25:41.0594 0x05d0  ksthunk - ok
19:25:41.0657 0x05d0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
19:25:41.0703 0x05d0  KtmRm - ok
19:25:41.0781 0x05d0  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\windows\system32\srvsvc.dll
19:25:41.0797 0x05d0  LanmanServer - ok
19:25:41.0844 0x05d0  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:25:41.0859 0x05d0  LanmanWorkstation - ok
19:25:41.0891 0x05d0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:25:41.0906 0x05d0  lltdio - ok
19:25:41.0953 0x05d0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:25:41.0969 0x05d0  lltdsvc - ok
19:25:42.0015 0x05d0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
19:25:42.0015 0x05d0  lmhosts - ok
19:25:42.0093 0x05d0  [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:25:42.0109 0x05d0  LMS - ok
19:25:42.0156 0x05d0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
19:25:42.0171 0x05d0  LSI_FC - ok
19:25:42.0203 0x05d0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
19:25:42.0203 0x05d0  LSI_SAS - ok
19:25:42.0218 0x05d0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
19:25:42.0218 0x05d0  LSI_SAS2 - ok
19:25:42.0249 0x05d0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
19:25:42.0265 0x05d0  LSI_SCSI - ok
19:25:42.0281 0x05d0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
19:25:42.0281 0x05d0  luafv - ok
19:25:42.0374 0x05d0  [ FD3AD5E1ECDAA94A89D6697F5C5465D6, 63DA8E601B90DA558F0B089E89DD559C3C930430270D85CACAC0C0C8D08E5BB2 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
19:25:42.0374 0x05d0  McComponentHostService - ok
19:25:42.0437 0x05d0  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:25:42.0437 0x05d0  Mcx2Svc - ok
19:25:42.0468 0x05d0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
19:25:42.0468 0x05d0  megasas - ok
19:25:42.0499 0x05d0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
19:25:42.0530 0x05d0  MegaSR - ok
19:25:42.0561 0x05d0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
19:25:42.0561 0x05d0  MMCSS - ok
19:25:42.0593 0x05d0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
19:25:42.0593 0x05d0  Modem - ok
19:25:42.0639 0x05d0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:25:42.0639 0x05d0  monitor - ok
19:25:42.0686 0x05d0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:25:42.0686 0x05d0  mouclass - ok
19:25:42.0717 0x05d0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:25:42.0717 0x05d0  mouhid - ok
19:25:42.0733 0x05d0  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:25:42.0733 0x05d0  mountmgr - ok
19:25:42.0764 0x05d0  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\windows\system32\DRIVERS\mpio.sys
19:25:42.0764 0x05d0  mpio - ok
19:25:42.0811 0x05d0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:25:42.0811 0x05d0  mpsdrv - ok
19:25:42.0905 0x05d0  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\windows\system32\mpssvc.dll
19:25:42.0936 0x05d0  MpsSvc - ok
19:25:42.0967 0x05d0  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:25:42.0983 0x05d0  MRxDAV - ok
19:25:43.0014 0x05d0  [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:25:43.0029 0x05d0  mrxsmb - ok
19:25:43.0076 0x05d0  [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:25:43.0092 0x05d0  mrxsmb10 - ok
19:25:43.0123 0x05d0  [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:25:43.0139 0x05d0  mrxsmb20 - ok
19:25:43.0170 0x05d0  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
19:25:43.0170 0x05d0  msahci - ok
19:25:43.0201 0x05d0  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\windows\system32\DRIVERS\msdsm.sys
19:25:43.0217 0x05d0  msdsm - ok
19:25:43.0232 0x05d0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
19:25:43.0248 0x05d0  MSDTC - ok
19:25:43.0279 0x05d0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:25:43.0279 0x05d0  Msfs - ok
19:25:43.0295 0x05d0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:25:43.0295 0x05d0  mshidkmdf - ok
19:25:43.0310 0x05d0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\DRIVERS\msisadrv.sys
19:25:43.0310 0x05d0  msisadrv - ok
19:25:43.0357 0x05d0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:25:43.0357 0x05d0  MSiSCSI - ok
19:25:43.0373 0x05d0  msiserver - ok
19:25:43.0404 0x05d0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:25:43.0404 0x05d0  MSKSSRV - ok
19:25:43.0451 0x05d0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:25:43.0451 0x05d0  MSPCLOCK - ok
19:25:43.0466 0x05d0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:25:43.0466 0x05d0  MSPQM - ok
19:25:43.0513 0x05d0  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:25:43.0560 0x05d0  MsRPC - ok
19:25:43.0575 0x05d0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:25:43.0591 0x05d0  mssmbios - ok
19:25:43.0622 0x05d0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:25:43.0622 0x05d0  MSTEE - ok
19:25:43.0638 0x05d0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
19:25:43.0638 0x05d0  MTConfig - ok
19:25:43.0669 0x05d0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
19:25:43.0669 0x05d0  Mup - ok
19:25:43.0716 0x05d0  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\windows\system32\qagentRT.dll
19:25:43.0794 0x05d0  napagent - ok
19:25:43.0872 0x05d0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:25:43.0887 0x05d0  NativeWifiP - ok
19:25:43.0965 0x05d0  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\windows\system32\drivers\ndis.sys
19:25:44.0028 0x05d0  NDIS - ok
19:25:44.0059 0x05d0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:25:44.0059 0x05d0  NdisCap - ok
19:25:44.0106 0x05d0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:25:44.0106 0x05d0  NdisTapi - ok
19:25:44.0153 0x05d0  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:25:44.0153 0x05d0  Ndisuio - ok
19:25:44.0184 0x05d0  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:25:44.0184 0x05d0  NdisWan - ok
19:25:44.0215 0x05d0  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:25:44.0215 0x05d0  NDProxy - ok
19:25:44.0277 0x05d0  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:25:44.0277 0x05d0  Net Driver HPZ12 - ok
19:25:44.0309 0x05d0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:25:44.0309 0x05d0  NetBIOS - ok
19:25:44.0340 0x05d0  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:25:44.0371 0x05d0  NetBT - ok
19:25:44.0387 0x05d0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon        C:\windows\system32\lsass.exe
19:25:44.0387 0x05d0  Netlogon - ok
19:25:44.0433 0x05d0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
19:25:44.0465 0x05d0  Netman - ok
19:25:44.0496 0x05d0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
19:25:44.0511 0x05d0  netprofm - ok
19:25:44.0543 0x05d0  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:25:44.0543 0x05d0  NetTcpPortSharing - ok
19:25:44.0792 0x05d0  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\windows\system32\DRIVERS\netw5v64.sys
19:25:45.0026 0x05d0  netw5v64 - ok
19:25:45.0042 0x05d0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
19:25:45.0042 0x05d0  nfrd960 - ok
19:25:45.0089 0x05d0  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\windows\System32\nlasvc.dll
19:25:45.0120 0x05d0  NlaSvc - ok
19:25:45.0151 0x05d0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:25:45.0151 0x05d0  Npfs - ok
19:25:45.0182 0x05d0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
19:25:45.0182 0x05d0  nsi - ok
19:25:45.0229 0x05d0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:25:45.0229 0x05d0  nsiproxy - ok
19:25:45.0354 0x05d0  [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:25:45.0416 0x05d0  Ntfs - ok
19:25:45.0432 0x05d0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
19:25:45.0432 0x05d0  Null - ok
19:25:45.0479 0x05d0  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:25:45.0494 0x05d0  nvraid - ok
19:25:45.0541 0x05d0  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:25:45.0557 0x05d0  nvstor - ok
19:25:45.0572 0x05d0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\DRIVERS\nv_agp.sys
19:25:45.0572 0x05d0  nv_agp - ok
19:25:45.0650 0x05d0  [ F5A3015DAFC7AE80FC43F36558A19BA5, 2A8BFBE290DDBE379B1C9271C5B6112CAF41BE083D796ADB41F7BDA59921A54B ] Oasis2Service   C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
19:25:45.0650 0x05d0  Oasis2Service - ok
19:25:45.0681 0x05d0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
19:25:45.0681 0x05d0  ohci1394 - ok
19:25:45.0759 0x05d0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:45.0759 0x05d0  ose - ok
19:25:46.0118 0x05d0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:25:46.0337 0x05d0  osppsvc - ok
19:25:46.0493 0x05d0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:25:46.0524 0x05d0  p2pimsvc - ok
19:25:46.0571 0x05d0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
19:25:46.0602 0x05d0  p2psvc - ok
19:25:46.0633 0x05d0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
19:25:46.0649 0x05d0  Parport - ok
19:25:46.0711 0x05d0  [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:25:46.0711 0x05d0  partmgr - ok
19:25:46.0742 0x05d0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
19:25:46.0742 0x05d0  PcaSvc - ok
19:25:46.0773 0x05d0  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\windows\system32\DRIVERS\pci.sys
19:25:46.0773 0x05d0  pci - ok
19:25:46.0789 0x05d0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\DRIVERS\pciide.sys
19:25:46.0789 0x05d0  pciide - ok
19:25:46.0820 0x05d0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
19:25:46.0836 0x05d0  pcmcia - ok
19:25:46.0851 0x05d0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
19:25:46.0851 0x05d0  pcw - ok
19:25:46.0914 0x05d0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:25:46.0961 0x05d0  PEAUTH - ok
19:25:47.0054 0x05d0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:25:47.0054 0x05d0  PerfHost - ok
19:25:47.0163 0x05d0  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\windows\system32\pla.dll
19:25:47.0226 0x05d0  pla - ok
19:25:47.0304 0x05d0  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:25:47.0335 0x05d0  PlugPlay - ok
19:25:47.0382 0x05d0  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:25:47.0382 0x05d0  Pml Driver HPZ12 - ok
19:25:47.0429 0x05d0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:25:47.0429 0x05d0  PNRPAutoReg - ok
19:25:47.0460 0x05d0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:25:47.0475 0x05d0  PNRPsvc - ok
19:25:47.0538 0x05d0  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:25:47.0569 0x05d0  PolicyAgent - ok
19:25:47.0600 0x05d0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
19:25:47.0616 0x05d0  Power - ok
19:25:47.0647 0x05d0  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:25:47.0663 0x05d0  PptpMiniport - ok
19:25:47.0694 0x05d0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
19:25:47.0694 0x05d0  Processor - ok
19:25:47.0756 0x05d0  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\windows\system32\profsvc.dll
19:25:47.0772 0x05d0  ProfSvc - ok
19:25:47.0787 0x05d0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\windows\system32\lsass.exe
19:25:47.0803 0x05d0  ProtectedStorage - ok
19:25:47.0835 0x05d0  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:25:47.0851 0x05d0  Psched - ok
19:25:47.0944 0x05d0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
19:25:48.0022 0x05d0  ql2300 - ok
19:25:48.0038 0x05d0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
19:25:48.0038 0x05d0  ql40xx - ok
19:25:48.0085 0x05d0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
19:25:48.0100 0x05d0  QWAVE - ok
19:25:48.0100 0x05d0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:25:48.0116 0x05d0  QWAVEdrv - ok
19:25:48.0132 0x05d0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:25:48.0132 0x05d0  RasAcd - ok
19:25:48.0163 0x05d0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:25:48.0178 0x05d0  RasAgileVpn - ok
19:25:48.0210 0x05d0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
19:25:48.0225 0x05d0  RasAuto - ok
19:25:48.0241 0x05d0  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:25:48.0256 0x05d0  Rasl2tp - ok
19:25:48.0303 0x05d0  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\windows\System32\rasmans.dll
19:25:48.0319 0x05d0  RasMan - ok
19:25:48.0334 0x05d0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:25:48.0334 0x05d0  RasPppoe - ok
19:25:48.0366 0x05d0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:25:48.0381 0x05d0  RasSstp - ok
19:25:48.0412 0x05d0  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:25:48.0412 0x05d0  rdbss - ok
19:25:48.0428 0x05d0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
19:25:48.0444 0x05d0  rdpbus - ok
19:25:48.0459 0x05d0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:25:48.0475 0x05d0  RDPCDD - ok
19:25:48.0475 0x05d0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:25:48.0475 0x05d0  RDPENCDD - ok
19:25:48.0490 0x05d0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:25:48.0490 0x05d0  RDPREFMP - ok
19:25:48.0537 0x05d0  [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:25:48.0553 0x05d0  RDPWD - ok
19:25:48.0600 0x05d0  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:25:48.0615 0x05d0  rdyboost - ok
19:25:48.0662 0x05d0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:25:48.0662 0x05d0  RemoteAccess - ok
19:25:48.0693 0x05d0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:25:48.0709 0x05d0  RemoteRegistry - ok
19:25:48.0756 0x05d0  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
19:25:48.0756 0x05d0  RFCOMM - ok
19:25:48.0787 0x05d0  RimUsb - ok
19:25:48.0818 0x05d0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:25:48.0834 0x05d0  RpcEptMapper - ok
19:25:48.0865 0x05d0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
19:25:48.0865 0x05d0  RpcLocator - ok
19:25:48.0912 0x05d0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\windows\system32\rpcss.dll
19:25:48.0927 0x05d0  RpcSs - ok
19:25:48.0958 0x05d0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:25:48.0958 0x05d0  rspndr - ok
19:25:49.0021 0x05d0  [ 5AAB4808E8CCAE8C2ECDA5B791260616, EFA49ADD657D209AFE73CE0E9184E319D5F7A8A0C6B60BEFA0AAB172B2D397BA ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
19:25:49.0052 0x05d0  RSUSBSTOR - ok
19:25:49.0099 0x05d0  [ 3B01789EE4EAEE97F5EB46B711387D5E, 154D6D409E02AAEA8CC34FA70F71630D67A31F033F65EE854448112C45F164B4 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
19:25:49.0114 0x05d0  RTL8167 - ok
19:25:49.0130 0x05d0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs           C:\windows\system32\lsass.exe
19:25:49.0130 0x05d0  SamSs - ok
19:25:49.0146 0x05d0  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\windows\system32\DRIVERS\sbp2port.sys
19:25:49.0161 0x05d0  sbp2port - ok
19:25:49.0192 0x05d0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:25:49.0208 0x05d0  SCardSvr - ok
19:25:49.0239 0x05d0  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:25:49.0239 0x05d0  scfilter - ok
19:25:49.0317 0x05d0  [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule        C:\windows\system32\schedsvc.dll
19:25:49.0380 0x05d0  Schedule - ok
19:25:49.0411 0x05d0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\windows\System32\certprop.dll
19:25:49.0411 0x05d0  SCPolicySvc - ok
19:25:49.0458 0x05d0  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:25:49.0458 0x05d0  SDRSVC - ok
19:25:49.0536 0x05d0  [ 16A252022535B680046F6E34E136D378, 31BCDAA742FDEC9E062C61E78D9E72A7ACBF77D5FEEE76933D0D378787F88E53 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:25:49.0551 0x05d0  SeaPort - ok
19:25:49.0598 0x05d0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:25:49.0598 0x05d0  secdrv - ok
19:25:49.0629 0x05d0  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\windows\system32\seclogon.dll
19:25:49.0629 0x05d0  seclogon - ok
19:25:49.0645 0x05d0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
19:25:49.0660 0x05d0  SENS - ok
19:25:49.0676 0x05d0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:25:49.0692 0x05d0  SensrSvc - ok
19:25:49.0723 0x05d0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
19:25:49.0723 0x05d0  Serenum - ok
19:25:49.0754 0x05d0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
19:25:49.0770 0x05d0  Serial - ok
19:25:49.0801 0x05d0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
19:25:49.0801 0x05d0  sermouse - ok
19:25:49.0879 0x05d0  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\windows\system32\sessenv.dll
19:25:49.0894 0x05d0  SessionEnv - ok
19:25:49.0941 0x05d0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\DRIVERS\sffdisk.sys
19:25:49.0941 0x05d0  sffdisk - ok
19:25:49.0988 0x05d0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\DRIVERS\sffp_mmc.sys
19:25:49.0988 0x05d0  sffp_mmc - ok
19:25:50.0004 0x05d0  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\windows\system32\DRIVERS\sffp_sd.sys
19:25:50.0004 0x05d0  sffp_sd - ok
19:25:50.0035 0x05d0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
19:25:50.0035 0x05d0  sfloppy - ok
19:25:50.0128 0x05d0  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
19:25:50.0175 0x05d0  Sftfs - ok
19:25:50.0269 0x05d0  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:25:50.0284 0x05d0  sftlist - ok
19:25:50.0316 0x05d0  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
19:25:50.0316 0x05d0  Sftplay - ok
19:25:50.0347 0x05d0  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
19:25:50.0347 0x05d0  Sftredir - ok
19:25:50.0378 0x05d0  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
19:25:50.0394 0x05d0  Sftvol - ok
19:25:50.0440 0x05d0  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:25:50.0440 0x05d0  sftvsa - ok
19:25:50.0487 0x05d0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:25:50.0518 0x05d0  SharedAccess - ok
19:25:50.0581 0x05d0  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:25:50.0612 0x05d0  ShellHWDetection - ok
19:25:50.0643 0x05d0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
19:25:50.0643 0x05d0  SiSRaid2 - ok
19:25:50.0674 0x05d0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
19:25:50.0674 0x05d0  SiSRaid4 - ok
19:25:50.0706 0x05d0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:25:50.0721 0x05d0  Smb - ok
19:25:50.0768 0x05d0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:25:50.0784 0x05d0  SNMPTRAP - ok
19:25:50.0799 0x05d0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
19:25:50.0799 0x05d0  spldr - ok
19:25:50.0862 0x05d0  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\windows\System32\spoolsv.exe
19:25:50.0908 0x05d0  Spooler - ok
19:25:51.0064 0x05d0  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\windows\system32\sppsvc.exe
19:25:51.0220 0x05d0  sppsvc - ok
19:25:51.0252 0x05d0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:25:51.0252 0x05d0  sppuinotify - ok
19:25:51.0330 0x05d0  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\windows\system32\DRIVERS\srv.sys
19:25:51.0361 0x05d0  srv - ok
19:25:51.0392 0x05d0  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:25:51.0408 0x05d0  srv2 - ok
19:25:51.0454 0x05d0  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:25:51.0470 0x05d0  srvnet - ok
19:25:51.0517 0x05d0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:25:51.0532 0x05d0  SSDPSRV - ok
19:25:51.0548 0x05d0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:25:51.0548 0x05d0  SstpSvc - ok
19:25:51.0579 0x05d0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
19:25:51.0579 0x05d0  stexstor - ok
19:25:51.0610 0x05d0  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
19:25:51.0626 0x05d0  StillCam - ok
19:25:51.0688 0x05d0  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\windows\System32\wiaservc.dll
19:25:51.0751 0x05d0  stisvc - ok
19:25:51.0798 0x05d0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:25:51.0798 0x05d0  swenum - ok
19:25:51.0876 0x05d0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
19:25:51.0922 0x05d0  swprv - ok
19:25:52.0047 0x05d0  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\windows\system32\sysmain.dll
19:25:52.0156 0x05d0  SysMain - ok
19:25:52.0188 0x05d0  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\windows\System32\TabSvc.dll
19:25:52.0188 0x05d0  TabletInputService - ok
19:25:52.0219 0x05d0  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\windows\System32\tapisrv.dll
19:25:52.0219 0x05d0  TapiSrv - ok
19:25:52.0234 0x05d0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
19:25:52.0234 0x05d0  TBS - ok
19:25:52.0390 0x05d0  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:25:52.0484 0x05d0  Tcpip - ok
19:25:52.0609 0x05d0  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:25:52.0656 0x05d0  TCPIP6 - ok
19:25:52.0702 0x05d0  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:25:52.0702 0x05d0  tcpipreg - ok
19:25:52.0718 0x05d0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:25:52.0718 0x05d0  TDPIPE - ok
19:25:52.0765 0x05d0  [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:25:52.0765 0x05d0  TDTCP - ok
19:25:52.0796 0x05d0  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:25:52.0796 0x05d0  tdx - ok
19:25:52.0827 0x05d0  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:25:52.0827 0x05d0  TermDD - ok
19:25:52.0905 0x05d0  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\windows\System32\termsrv.dll
19:25:52.0968 0x05d0  TermService - ok
19:25:52.0983 0x05d0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
19:25:52.0983 0x05d0  Themes - ok
19:25:52.0999 0x05d0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
19:25:53.0014 0x05d0  THREADORDER - ok
19:25:53.0061 0x05d0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
19:25:53.0061 0x05d0  TrkWks - ok
19:25:53.0139 0x05d0  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:25:53.0139 0x05d0  TrustedInstaller - ok
19:25:53.0155 0x05d0  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:25:53.0170 0x05d0  tssecsrv - ok
19:25:53.0202 0x05d0  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:25:53.0202 0x05d0  tunnel - ok
19:25:53.0233 0x05d0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
19:25:53.0248 0x05d0  uagp35 - ok
19:25:53.0280 0x05d0  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:25:53.0311 0x05d0  udfs - ok
19:25:53.0342 0x05d0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:25:53.0358 0x05d0  UI0Detect - ok
19:25:53.0373 0x05d0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\DRIVERS\uliagpkx.sys
19:25:53.0373 0x05d0  uliagpkx - ok
19:25:53.0404 0x05d0  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:25:53.0420 0x05d0  umbus - ok
19:25:53.0436 0x05d0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
19:25:53.0436 0x05d0  UmPass - ok
19:25:53.0607 0x05d0  [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:25:53.0732 0x05d0  UNS - ok
19:25:53.0779 0x05d0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
19:25:53.0794 0x05d0  upnphost - ok
19:25:53.0841 0x05d0  [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:25:53.0841 0x05d0  usbccgp - ok
19:25:53.0888 0x05d0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\windows\system32\DRIVERS\usbcir.sys
19:25:53.0888 0x05d0  usbcir - ok
19:25:53.0935 0x05d0  [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci         C:\windows\system32\drivers\usbehci.sys
19:25:53.0935 0x05d0  usbehci - ok
19:25:53.0982 0x05d0  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:25:54.0013 0x05d0  usbhub - ok
19:25:54.0028 0x05d0  [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci         C:\windows\system32\drivers\usbohci.sys
19:25:54.0028 0x05d0  usbohci - ok
19:25:54.0075 0x05d0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
19:25:54.0091 0x05d0  usbprint - ok
19:25:54.0122 0x05d0  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
19:25:54.0122 0x05d0  usbscan - ok
19:25:54.0153 0x05d0  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:25:54.0169 0x05d0  USBSTOR - ok
19:25:54.0184 0x05d0  [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:25:54.0200 0x05d0  usbuhci - ok
19:25:54.0247 0x05d0  [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
19:25:54.0262 0x05d0  usbvideo - ok
19:25:54.0294 0x05d0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
19:25:54.0294 0x05d0  UxSms - ok
19:25:54.0309 0x05d0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc        C:\windows\system32\lsass.exe
19:25:54.0325 0x05d0  VaultSvc - ok
19:25:54.0356 0x05d0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\DRIVERS\vdrvroot.sys
19:25:54.0356 0x05d0  vdrvroot - ok
19:25:54.0418 0x05d0  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\windows\System32\vds.exe
19:25:54.0450 0x05d0  vds - ok
19:25:54.0465 0x05d0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:25:54.0465 0x05d0  vga - ok
19:25:54.0481 0x05d0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
19:25:54.0481 0x05d0  VgaSave - ok
19:25:54.0512 0x05d0  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\windows\system32\DRIVERS\vhdmp.sys
19:25:54.0528 0x05d0  vhdmp - ok
19:25:54.0543 0x05d0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\DRIVERS\viaide.sys
19:25:54.0543 0x05d0  viaide - ok
19:25:54.0606 0x05d0  [ F15C8975072A04E4D83B1EF6504DD7E5, FDCAC310E8559FD98D6EBD26107BD52E4EB32DF39DF6A0E9A95BD54583C41C1F ] vm332avs        C:\windows\system32\Drivers\vm332avs.sys
19:25:54.0621 0x05d0  vm332avs - ok
19:25:54.0637 0x05d0  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\windows\system32\DRIVERS\volmgr.sys
19:25:54.0652 0x05d0  volmgr - ok
19:25:54.0684 0x05d0  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:25:54.0699 0x05d0  volmgrx - ok
19:25:54.0746 0x05d0  [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:25:54.0777 0x05d0  volsnap - ok
19:25:54.0824 0x05d0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
19:25:54.0824 0x05d0  vsmraid - ok
19:25:54.0949 0x05d0  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\windows\system32\vssvc.exe
19:25:55.0011 0x05d0  VSS - ok
19:25:55.0042 0x05d0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:25:55.0042 0x05d0  vwifibus - ok
19:25:55.0089 0x05d0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:25:55.0089 0x05d0  vwififlt - ok
19:25:55.0136 0x05d0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
19:25:55.0198 0x05d0  W32Time - ok
19:25:55.0230 0x05d0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
19:25:55.0230 0x05d0  WacomPen - ok
19:25:55.0276 0x05d0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:25:55.0292 0x05d0  WANARP - ok
19:25:55.0292 0x05d0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:25:55.0308 0x05d0  Wanarpv6 - ok
19:25:55.0417 0x05d0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
19:25:55.0479 0x05d0  WatAdminSvc - ok
19:25:55.0588 0x05d0  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\windows\system32\wbengine.exe
19:25:55.0651 0x05d0  wbengine - ok
19:25:55.0698 0x05d0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:25:55.0713 0x05d0  WbioSrvc - ok
19:25:55.0760 0x05d0  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:25:55.0791 0x05d0  wcncsvc - ok
19:25:55.0822 0x05d0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:25:55.0838 0x05d0  WcsPlugInService - ok
19:25:55.0854 0x05d0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
19:25:55.0854 0x05d0  Wd - ok
19:25:55.0933 0x05d0  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:25:55.0995 0x05d0  Wdf01000 - ok
19:25:56.0042 0x05d0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:25:56.0042 0x05d0  WdiServiceHost - ok
19:25:56.0057 0x05d0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:25:56.0057 0x05d0  WdiSystemHost - ok
19:25:56.0104 0x05d0  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\windows\System32\webclnt.dll
19:25:56.0120 0x05d0  WebClient - ok
19:25:56.0167 0x05d0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:25:56.0182 0x05d0  Wecsvc - ok
19:25:56.0213 0x05d0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:25:56.0213 0x05d0  wercplsupport - ok
19:25:56.0245 0x05d0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
19:25:56.0260 0x05d0  WerSvc - ok
19:25:56.0291 0x05d0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:25:56.0291 0x05d0  WfpLwf - ok
19:25:56.0338 0x05d0  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
19:25:56.0354 0x05d0  WimFltr - ok
19:25:56.0369 0x05d0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:25:56.0369 0x05d0  WIMMount - ok
19:25:56.0385 0x05d0  WinDefend - ok
19:25:56.0401 0x05d0  WinHttpAutoProxySvc - ok
19:25:56.0479 0x05d0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:25:56.0494 0x05d0  Winmgmt - ok
19:25:56.0619 0x05d0  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\windows\system32\WsmSvc.dll
19:25:56.0697 0x05d0  WinRM - ok
19:25:56.0759 0x05d0  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
19:25:56.0759 0x05d0  WinUsb - ok
19:25:56.0853 0x05d0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
19:25:56.0900 0x05d0  Wlansvc - ok
19:25:57.0056 0x05d0  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:25:57.0181 0x05d0  wlidsvc - ok
19:25:57.0212 0x05d0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
19:25:57.0212 0x05d0  WmiAcpi - ok
19:25:57.0243 0x05d0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:25:57.0259 0x05d0  wmiApSrv - ok
19:25:57.0274 0x05d0  WMPNetworkSvc - ok
19:25:57.0305 0x05d0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:25:57.0305 0x05d0  WPCSvc - ok
19:25:57.0321 0x05d0  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:25:57.0337 0x05d0  WPDBusEnum - ok
19:25:57.0352 0x05d0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:25:57.0352 0x05d0  ws2ifsl - ok
19:25:57.0399 0x05d0  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\windows\System32\wscsvc.dll
19:25:57.0399 0x05d0  wscsvc - ok
19:25:57.0415 0x05d0  WSearch - ok
19:25:57.0461 0x05d0  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
19:25:57.0461 0x05d0  wsvd - ok
19:25:57.0633 0x05d0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
19:25:57.0758 0x05d0  wuauserv - ok
19:25:57.0820 0x05d0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:25:57.0820 0x05d0  WudfPf - ok
19:25:57.0867 0x05d0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:25:57.0883 0x05d0  WUDFRd - ok
19:25:57.0914 0x05d0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:25:57.0929 0x05d0  wudfsvc - ok
19:25:57.0976 0x05d0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\windows\System32\wwansvc.dll
19:25:57.0992 0x05d0  WwanSvc - ok
19:25:58.0023 0x05d0  ================ Scan global ===============================
19:25:58.0039 0x05d0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
19:25:58.0085 0x05d0  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\windows\system32\winsrv.dll
19:25:58.0117 0x05d0  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\windows\system32\winsrv.dll
19:25:58.0163 0x05d0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
19:25:58.0210 0x05d0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
19:25:58.0241 0x05d0  [ Global ] - ok
19:25:58.0257 0x05d0  ================ Scan MBR ==================================
19:25:58.0257 0x05d0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:25:58.0569 0x05d0  \Device\Harddisk0\DR0 - ok
19:25:58.0569 0x05d0  ================ Scan VBR ==================================
19:25:58.0569 0x05d0  [ EF010B6A745C717E1F87C98AC9F45495 ] \Device\Harddisk0\DR0\Partition1
19:25:58.0569 0x05d0  \Device\Harddisk0\DR0\Partition1 - ok
19:25:58.0585 0x05d0  [ 3D41FC606977BA7E1E2EE45CB6B528E2 ] \Device\Harddisk0\DR0\Partition2
19:25:58.0585 0x05d0  \Device\Harddisk0\DR0\Partition2 - ok
19:25:58.0616 0x05d0  [ 63A158263AD635DA2F7B0BFBD3AE024C ] \Device\Harddisk0\DR0\Partition3
19:25:58.0616 0x05d0  \Device\Harddisk0\DR0\Partition3 - ok
19:25:58.0616 0x05d0  Waiting for KSN requests completion. In queue: 332
19:25:59.0630 0x05d0  Waiting for KSN requests completion. In queue: 300
19:26:00.0644 0x05d0  Waiting for KSN requests completion. In queue: 300
19:26:01.0658 0x05d0  Waiting for KSN requests completion. In queue: 272
19:26:02.0672 0x05d0  Waiting for KSN requests completion. In queue: 272
19:26:03.0686 0x05d0  Waiting for KSN requests completion. In queue: 217
19:26:04.0731 0x05d0  Waiting for KSN requests completion. In queue: 217
19:26:05.0745 0x05d0  Waiting for KSN requests completion. In queue: 190
19:26:06.0759 0x05d0  Waiting for KSN requests completion. In queue: 190
19:26:07.0773 0x05d0  Waiting for KSN requests completion. In queue: 190
19:26:08.0787 0x05d0  Waiting for KSN requests completion. In queue: 190
19:26:09.0801 0x05d0  Waiting for KSN requests completion. In queue: 135
19:26:10.0815 0x05d0  Waiting for KSN requests completion. In queue: 135
19:26:11.0829 0x05d0  Waiting for KSN requests completion. In queue: 108
19:26:12.0843 0x05d0  Waiting for KSN requests completion. In queue: 108
19:26:13.0857 0x05d0  Waiting for KSN requests completion. In queue: 80
19:26:14.0871 0x05d0  Waiting for KSN requests completion. In queue: 80
19:26:15.0885 0x05d0  Waiting for KSN requests completion. In queue: 53
19:26:16.0899 0x05d0  Waiting for KSN requests completion. In queue: 53
19:26:17.0913 0x05d0  Waiting for KSN requests completion. In queue: 24
19:26:18.0927 0x05d0  Waiting for KSN requests completion. In queue: 24
19:26:20.0004 0x05d0  AV detected via SS2: ESET NOD32 Antivirus 7.0, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 7.0.302.0 ), 0x41000 ( enabled : updated )
19:26:20.0035 0x05d0  Win FW state via NFP2: enabled
19:26:40.0050 0x05d0  ============================================================
19:26:40.0050 0x05d0  Scan finished
19:26:40.0050 0x05d0  ============================================================
19:26:40.0065 0x0428  Detected object count: 0
19:26:40.0065 0x0428  Actual detected object count: 0
 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 AM

Posted 18 November 2013 - 08:46 PM

OK, now we are going to check some error information. Please do this.

===================================================

Event Viewer Critical/Warning Information Windows 8/7/Vista

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • Click on the arrow to the left of Windows Logs to expand the category
  • Left click on System
  • On the right hand side of the screen click Filter Current Log...
  • Select Critical and Warning, then click OK
  • Select Save Filtered Log File As...
  • Under File Name: please type System then save it to your desktop
  • Left click on Application and repeat the above steps saving the file as Application
  • Zip the files and notify me when you have successfully uploaded them here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Please post when you have uploaded the files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 John_NYR

John_NYR
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 18 November 2013 - 10:26 PM

Hello Gary I have uploaded both Zip files to the link, let me know if I need to do anything else.  Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users