Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system32/svchost.exe virus likely


  • This topic is locked This topic is locked
31 replies to this topic

#1 zoo55

zoo55

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 28 January 2014 - 12:47 PM

New topic with DDS logs posted at request of boopme:

 

svchost.exe over 108MB memory.  Sporadic cpu cycles >30% from this process.

Toshiba Portege R830 W7/64

 

Logs:

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.51.2
Run by Vances at 1:33:44 on 2014-01-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1951.529 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Vances\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Vances\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Users\Vances\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [PCShowServer] "C:\Users\Vances\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Vances\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Vances\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 202.156.1.16 218.186.2.16 218.186.2.6
TCP: Interfaces\{021056C0-93B0-4AEF-8A69-88F71AC9C6F5} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{ACA77195-6C5C-44C8-BBAA-0DCB6A64468C} : DHCPNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
TCP: Interfaces\{ACA77195-6C5C-44C8-BBAA-0DCB6A64468C}\051434C4E474F5548545 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{ACA77195-6C5C-44C8-BBAA-0DCB6A64468C}\346284 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{ACA77195-6C5C-44C8-BBAA-0DCB6A64468C}\346284F5548545 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{ACA77195-6C5C-44C8-BBAA-0DCB6A64468C}\44A5659405 : DHCPNameServer = 203.116.1.94 203.116.254.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-8-20 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-20 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-8-20 422216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-20 78648]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-25 79672]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2010-10-18 42096]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-1 342528]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-2 19456]
.
=============== Created Last 30 ================
.
2014-01-28 04:27:04 -------- d-----w- C:\Windows\ERUNT
2014-01-28 03:55:09 -------- d-----w- C:\Users\Vances\AppData\Roaming\TeamViewer
2014-01-28 03:47:05 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-01-27 08:31:49 -------- d-----w- C:\AdwCleaner
2014-01-27 05:33:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55BEE189-E76E-4C2C-849C-AC00D0D5264F}\offreg.dll
2014-01-27 05:17:44 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55BEE189-E76E-4C2C-849C-AC00D0D5264F}\mpengine.dll
2014-01-27 04:59:57 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-01-27 04:58:36 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-01-27 04:58:35 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-01-27 04:56:22 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-01-27 04:56:19 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-01-27 04:56:16 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-01-27 04:56:16 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2014-01-27 04:56:16 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-01-27 04:56:16 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-01-27 04:56:16 102400 ----a-w- C:\Windows\System32\davclnt.dll
2014-01-27 04:56:14 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-01-27 04:56:14 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-01-27 04:56:13 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-01-27 04:56:12 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-01-27 04:56:11 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-01-27 04:52:00 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-01-27 04:44:36 150016 ----a-w- C:\Windows\System32\wshom.ocx
2014-01-27 04:44:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2014-01-27 04:44:35 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-01-27 04:44:35 168960 ----a-w- C:\Windows\System32\wscript.exe
2014-01-27 04:44:35 156160 ----a-w- C:\Windows\System32\cscript.exe
2014-01-27 04:44:35 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2014-01-27 04:44:34 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2014-01-27 04:44:34 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2014-01-27 04:26:59 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-01-27 04:26:59 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-01-27 04:26:58 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-01-27 04:26:58 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-01-27 04:26:57 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-01-27 04:26:53 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-01-20 02:56:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 07:28:27 -------- d-----w- C:\Windows\System32\appmgmt
2014-01-11 09:24:39 -------- d-----w- C:\Users\Vances\AppData\Local\IsolatedStorage
2014-01-07 06:19:31 -------- d-----w- C:\Users\Vances\AppData\Local\CutePDF Writer
.
==================== Find3M  ====================
.
2014-01-03 03:55:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-03 03:55:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-25 15:06:54 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-25 15:06:34 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-25 15:06:34 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-25 15:06:34 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-25 15:06:33 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-17 22:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH:  1:35:54.60 ===============
 
 
Attach.txt:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2013 4:57:48 AM
System Uptime: 1/28/2014 9:24:33 PM (4 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | Socket BGA1023 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 265 GiB total, 215.788 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP105: 1/28/2014 6:41:29 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
Audacity 2.0.4
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
CopyTrans Suite Remove Only
CutePDF Writer 3.0
DIRECTV Player
Dropbox
EPSON L210 Series Printer Uninstall
FormatFactory 3.1.1
Google Chrome
Google Update Helper
HMA! Pro VPN 2.8.3.1
ImgBurn
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
IrfanView (remove only)
iTunes
Java 7 Update 51
Java Auto Updater
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
mHotspot version 6.4.0.0
Microsoft .NET Framework 4.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
PDF Split And Merge Basic
PL-2303 USB-to-Serial
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Skype Click to Call
Skype™ 6.11
StreamTorrent 1.0
System Requirements Lab for Intel
TeamViewer 9
Tixati
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.1.2
VoiceOver Kit
.
==== Event Viewer Messages From Past Week ========
.
1/28/2014 6:23:02 PM, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/28/2014 1:16:51 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 
Thanks very much in advance for any advice.
 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 02 February 2014 - 12:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/522410 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:52 PM

Posted 05 February 2014 - 07:51 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 zoo55

zoo55
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 05 February 2014 - 10:01 AM

Jeff,  Thanks for your reply.  Although I ran the TDSS and AdwCleaner earlier at boopme's request, i've re-run - logs below.

 

One comment, too.  I offloaded a lot of downloaded movie files and (a) not surprisingly, the PC runs better, and (B) perhaps also not surprisingly, I don't seem to be getting the svchost32.exe CPU load like before.  HOWEVER, I have not checked the task manager on a consistent basis to monitor svchost32 so the bug may still be there.   I will monitor going forward and will let you know what I find in reply to your next post.  

 

Thanks again!

 

22:43:46.0196 0x08bc  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
22:43:51.0132 0x08bc  ============================================================
22:43:51.0133 0x08bc  Current date / time: 2014/02/05 22:43:51.0132
22:43:51.0133 0x08bc  SystemInfo:
22:43:51.0133 0x08bc  
22:43:51.0133 0x08bc  OS Version: 6.1.7601 ServicePack: 1.0
22:43:51.0133 0x08bc  Product type: Workstation
22:43:51.0133 0x08bc  ComputerName: VANCES-PC
22:43:51.0133 0x08bc  UserName: Vances
22:43:51.0134 0x08bc  Windows directory: C:\Windows
22:43:51.0134 0x08bc  System windows directory: C:\Windows
22:43:51.0134 0x08bc  Running under WOW64
22:43:51.0134 0x08bc  Processor architecture: Intel x64
22:43:51.0134 0x08bc  Number of processors: 4
22:43:51.0134 0x08bc  Page size: 0x1000
22:43:51.0134 0x08bc  Boot type: Normal boot
22:43:51.0134 0x08bc  ============================================================
22:43:53.0823 0x08bc  KLMD registered as C:\Windows\system32\drivers\49176153.sys
22:43:54.0119 0x08bc  System UUID: {B7E87094-1907-BF32-89FC-FD7CE6233877}
22:43:55.0386 0x08bc  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:43:55.0405 0x08bc  ============================================================
22:43:55.0405 0x08bc  \Device\Harddisk0\DR0:
22:43:55.0411 0x08bc  MBR partitions:
22:43:55.0411 0x08bc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2127E800
22:43:55.0411 0x08bc  ============================================================
22:43:55.0455 0x08bc  C: <-> \Device\Harddisk0\DR0\Partition1
22:43:55.0476 0x08bc  ============================================================
22:43:55.0476 0x08bc  Initialize success
22:43:55.0476 0x08bc  ============================================================
22:44:09.0616 0x12c8  ============================================================
22:44:09.0616 0x12c8  Scan started
22:44:09.0616 0x12c8  Mode: Manual; 
22:44:09.0616 0x12c8  ============================================================
22:44:09.0616 0x12c8  KSN ping started
22:44:12.0646 0x12c8  KSN ping finished: true
22:44:14.0070 0x12c8  ================ Scan system memory ========================
22:44:14.0070 0x12c8  System memory - ok
22:44:14.0071 0x12c8  ================ Scan services =============================
22:44:14.0318 0x12c8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:44:14.0335 0x12c8  1394ohci - ok
22:44:14.0386 0x12c8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:44:14.0397 0x12c8  ACPI - ok
22:44:14.0425 0x12c8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:44:14.0427 0x12c8  AcpiPmi - ok
22:44:14.0530 0x12c8  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:44:14.0536 0x12c8  AdobeARMservice - ok
22:44:14.0603 0x12c8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:44:14.0618 0x12c8  adp94xx - ok
22:44:14.0664 0x12c8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:44:14.0675 0x12c8  adpahci - ok
22:44:14.0697 0x12c8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:44:14.0703 0x12c8  adpu320 - ok
22:44:14.0747 0x12c8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:44:14.0750 0x12c8  AeLookupSvc - ok
22:44:14.0818 0x12c8  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
22:44:14.0834 0x12c8  AFD - ok
22:44:14.0881 0x12c8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:44:14.0887 0x12c8  agp440 - ok
22:44:14.0933 0x12c8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:44:14.0937 0x12c8  ALG - ok
22:44:14.0999 0x12c8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:44:15.0003 0x12c8  aliide - ok
22:44:15.0025 0x12c8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:44:15.0029 0x12c8  amdide - ok
22:44:15.0086 0x12c8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:44:15.0092 0x12c8  AmdK8 - ok
22:44:15.0118 0x12c8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:44:15.0124 0x12c8  AmdPPM - ok
22:44:15.0173 0x12c8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:44:15.0181 0x12c8  amdsata - ok
22:44:15.0212 0x12c8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:44:15.0224 0x12c8  amdsbs - ok
22:44:15.0245 0x12c8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:44:15.0247 0x12c8  amdxata - ok
22:44:15.0290 0x12c8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
22:44:15.0293 0x12c8  AppID - ok
22:44:15.0331 0x12c8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:44:15.0336 0x12c8  AppIDSvc - ok
22:44:15.0384 0x12c8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
22:44:15.0390 0x12c8  Appinfo - ok
22:44:15.0458 0x12c8  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:44:15.0466 0x12c8  Apple Mobile Device - ok
22:44:15.0515 0x12c8  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:44:15.0530 0x12c8  AppMgmt - ok
22:44:15.0582 0x12c8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:44:15.0590 0x12c8  arc - ok
22:44:15.0612 0x12c8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:44:15.0617 0x12c8  arcsas - ok
22:44:15.0745 0x12c8  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:44:15.0787 0x12c8  aspnet_state - ok
22:44:15.0855 0x12c8  [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
22:44:15.0863 0x12c8  aswMonFlt - ok
22:44:15.0911 0x12c8  [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
22:44:15.0936 0x12c8  aswRdr - ok
22:44:16.0019 0x12c8  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
22:44:16.0081 0x12c8  aswRvrt - ok
22:44:16.0176 0x12c8  [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
22:44:16.0206 0x12c8  aswSnx - ok
22:44:16.0299 0x12c8  [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
22:44:16.0321 0x12c8  aswSP - ok
22:44:16.0361 0x12c8  [ FD3EA14ADF6216BDF4030DB2EFD43D96, 2D3009008AAE93285301B5844DC214D6B05ECB05D37AE08895D8E7187A0BB619 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
22:44:16.0365 0x12c8  aswStm - ok
22:44:16.0386 0x12c8  [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
22:44:16.0394 0x12c8  aswVmm - ok
22:44:16.0422 0x12c8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:16.0424 0x12c8  AsyncMac - ok
22:44:16.0454 0x12c8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:44:16.0455 0x12c8  atapi - ok
22:44:16.0615 0x12c8  [ B2931C83CFB12A3223A47B180473AE1A, D9089E0D4AB82F4F5FCD6A82F446504E7968EA6A09B55190F68EB8A09F6CFE78 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:44:16.0688 0x12c8  athr - ok
22:44:16.0773 0x12c8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:44:16.0794 0x12c8  AudioEndpointBuilder - ok
22:44:16.0817 0x12c8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:44:16.0833 0x12c8  AudioSrv - ok
22:44:16.0960 0x12c8  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:44:16.0965 0x12c8  avast! Antivirus - ok
22:44:17.0024 0x12c8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:44:17.0034 0x12c8  AxInstSV - ok
22:44:17.0117 0x12c8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:44:17.0137 0x12c8  b06bdrv - ok
22:44:17.0170 0x12c8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:44:17.0179 0x12c8  b57nd60a - ok
22:44:17.0233 0x12c8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:44:17.0238 0x12c8  BDESVC - ok
22:44:17.0252 0x12c8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:44:17.0253 0x12c8  Beep - ok
22:44:17.0343 0x12c8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:44:17.0364 0x12c8  BFE - ok
22:44:17.0438 0x12c8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:44:17.0502 0x12c8  BITS - ok
22:44:17.0558 0x12c8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:17.0563 0x12c8  blbdrive - ok
22:44:17.0647 0x12c8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:44:17.0674 0x12c8  Bonjour Service - ok
22:44:17.0729 0x12c8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:44:17.0738 0x12c8  bowser - ok
22:44:17.0781 0x12c8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:44:17.0784 0x12c8  BrFiltLo - ok
22:44:17.0799 0x12c8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:44:17.0802 0x12c8  BrFiltUp - ok
22:44:17.0864 0x12c8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:44:17.0875 0x12c8  Browser - ok
22:44:17.0902 0x12c8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:44:17.0915 0x12c8  Brserid - ok
22:44:17.0956 0x12c8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:17.0998 0x12c8  BrSerWdm - ok
22:44:18.0035 0x12c8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:18.0062 0x12c8  BrUsbMdm - ok
22:44:18.0094 0x12c8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:18.0098 0x12c8  BrUsbSer - ok
22:44:18.0161 0x12c8  [ 2347ABBD13BADA65826FDAB4CAAFE357, EA11668ECC7F92287C5B570DBF5629A80269E79AC256F5AF0984D8B270010BAE ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
22:44:18.0165 0x12c8  BtFilter - ok
22:44:18.0187 0x12c8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:44:18.0191 0x12c8  BTHMODEM - ok
22:44:18.0243 0x12c8  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
22:44:18.0263 0x12c8  BTHPORT - ok
22:44:18.0305 0x12c8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:44:18.0313 0x12c8  bthserv - ok
22:44:18.0337 0x12c8  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:44:18.0342 0x12c8  BTHUSB - ok
22:44:18.0359 0x12c8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:44:18.0364 0x12c8  cdfs - ok
22:44:18.0418 0x12c8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:44:18.0424 0x12c8  cdrom - ok
22:44:18.0474 0x12c8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:44:18.0479 0x12c8  CertPropSvc - ok
22:44:18.0525 0x12c8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:44:18.0531 0x12c8  circlass - ok
22:44:18.0587 0x12c8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
22:44:18.0599 0x12c8  CLFS - ok
22:44:18.0685 0x12c8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:18.0695 0x12c8  clr_optimization_v2.0.50727_32 - ok
22:44:18.0754 0x12c8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:44:18.0767 0x12c8  clr_optimization_v2.0.50727_64 - ok
22:44:18.0874 0x12c8  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:19.0083 0x12c8  clr_optimization_v4.0.30319_32 - ok
22:44:19.0108 0x12c8  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:44:19.0235 0x12c8  clr_optimization_v4.0.30319_64 - ok
22:44:19.0289 0x12c8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:19.0293 0x12c8  CmBatt - ok
22:44:19.0334 0x12c8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:44:19.0338 0x12c8  cmdide - ok
22:44:19.0406 0x12c8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:44:19.0422 0x12c8  CNG - ok
22:44:19.0477 0x12c8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:44:19.0480 0x12c8  Compbatt - ok
22:44:19.0509 0x12c8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:44:19.0512 0x12c8  CompositeBus - ok
22:44:19.0528 0x12c8  COMSysApp - ok
22:44:19.0655 0x12c8  [ 61D0FDF2D2269F13D44C23EF951AD36C, 40ED0D8787335AB929D7DB2624D0B3AC1D8DE3494E95987A4DE2ECFD13870D19 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:44:19.0677 0x12c8  cphs - ok
22:44:19.0721 0x12c8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:44:19.0724 0x12c8  crcdisk - ok
22:44:19.0789 0x12c8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:44:19.0803 0x12c8  CryptSvc - ok
22:44:19.0878 0x12c8  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
22:44:19.0898 0x12c8  CSC - ok
22:44:19.0933 0x12c8  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
22:44:19.0953 0x12c8  CscService - ok
22:44:19.0999 0x12c8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:44:20.0016 0x12c8  DcomLaunch - ok
22:44:20.0063 0x12c8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:44:20.0073 0x12c8  defragsvc - ok
22:44:20.0113 0x12c8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:44:20.0117 0x12c8  DfsC - ok
22:44:20.0188 0x12c8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:44:20.0200 0x12c8  Dhcp - ok
22:44:20.0241 0x12c8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:44:20.0244 0x12c8  discache - ok
22:44:20.0275 0x12c8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:44:20.0282 0x12c8  Disk - ok
22:44:20.0349 0x12c8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:44:20.0365 0x12c8  Dnscache - ok
22:44:20.0412 0x12c8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:44:20.0424 0x12c8  dot3svc - ok
22:44:20.0477 0x12c8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:44:20.0489 0x12c8  DPS - ok
22:44:20.0526 0x12c8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:44:20.0529 0x12c8  drmkaud - ok
22:44:20.0613 0x12c8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:44:20.0644 0x12c8  DXGKrnl - ok
22:44:20.0690 0x12c8  [ 3C1C5ABA3CF134C5378E7F1A0704C17C, F8D13025E360BD376A107C1386F6DD5F0C6012622D0A75111C2DF930748243A2 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
22:44:20.0705 0x12c8  e1cexpress - ok
22:44:20.0764 0x12c8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:44:20.0775 0x12c8  EapHost - ok
22:44:20.0943 0x12c8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:44:21.0034 0x12c8  ebdrv - ok
22:44:21.0069 0x12c8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
22:44:21.0073 0x12c8  EFS - ok
22:44:21.0175 0x12c8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:44:21.0206 0x12c8  ehRecvr - ok
22:44:21.0249 0x12c8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:44:21.0254 0x12c8  ehSched - ok
22:44:21.0333 0x12c8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:44:21.0355 0x12c8  elxstor - ok
22:44:21.0388 0x12c8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:44:21.0390 0x12c8  ErrDev - ok
22:44:21.0444 0x12c8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:44:21.0457 0x12c8  EventSystem - ok
22:44:21.0477 0x12c8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:44:21.0484 0x12c8  exfat - ok
22:44:21.0505 0x12c8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:44:21.0512 0x12c8  fastfat - ok
22:44:21.0575 0x12c8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:44:21.0596 0x12c8  Fax - ok
22:44:21.0636 0x12c8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:44:21.0639 0x12c8  fdc - ok
22:44:21.0688 0x12c8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:44:21.0694 0x12c8  fdPHost - ok
22:44:21.0712 0x12c8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:44:21.0718 0x12c8  FDResPub - ok
22:44:21.0737 0x12c8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:44:21.0741 0x12c8  FileInfo - ok
22:44:21.0755 0x12c8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:44:21.0758 0x12c8  Filetrace - ok
22:44:21.0776 0x12c8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:21.0779 0x12c8  flpydisk - ok
22:44:21.0827 0x12c8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:44:21.0838 0x12c8  FltMgr - ok
22:44:21.0919 0x12c8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
22:44:21.0961 0x12c8  FontCache - ok
22:44:22.0034 0x12c8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:44:22.0041 0x12c8  FontCache3.0.0.0 - ok
22:44:22.0087 0x12c8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:44:22.0093 0x12c8  FsDepends - ok
22:44:22.0149 0x12c8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:44:22.0153 0x12c8  Fs_Rec - ok
22:44:22.0215 0x12c8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:44:22.0229 0x12c8  fvevol - ok
22:44:22.0272 0x12c8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:44:22.0276 0x12c8  gagp30kx - ok
22:44:22.0342 0x12c8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:44:22.0346 0x12c8  GEARAspiWDM - ok
22:44:22.0439 0x12c8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:44:22.0463 0x12c8  gpsvc - ok
22:44:22.0563 0x12c8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:44:22.0572 0x12c8  gupdate - ok
22:44:22.0586 0x12c8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:44:22.0590 0x12c8  gupdatem - ok
22:44:22.0606 0x12c8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:44:22.0609 0x12c8  hcw85cir - ok
22:44:22.0677 0x12c8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:44:22.0693 0x12c8  HdAudAddService - ok
22:44:22.0721 0x12c8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:44:22.0726 0x12c8  HDAudBus - ok
22:44:22.0758 0x12c8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:44:22.0761 0x12c8  HidBatt - ok
22:44:22.0774 0x12c8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:44:22.0779 0x12c8  HidBth - ok
22:44:22.0797 0x12c8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:44:22.0800 0x12c8  HidIr - ok
22:44:22.0837 0x12c8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:44:22.0840 0x12c8  hidserv - ok
22:44:22.0880 0x12c8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:44:22.0883 0x12c8  HidUsb - ok
22:44:22.0929 0x12c8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:44:22.0935 0x12c8  hkmsvc - ok
22:44:22.0986 0x12c8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:44:23.0007 0x12c8  HomeGroupListener - ok
22:44:23.0042 0x12c8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:44:23.0051 0x12c8  HomeGroupProvider - ok
22:44:23.0090 0x12c8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:44:23.0094 0x12c8  HpSAMD - ok
22:44:23.0168 0x12c8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:44:23.0197 0x12c8  HTTP - ok
22:44:23.0233 0x12c8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:44:23.0236 0x12c8  hwpolicy - ok
22:44:23.0289 0x12c8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:44:23.0298 0x12c8  i8042prt - ok
22:44:23.0373 0x12c8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:44:23.0399 0x12c8  iaStorV - ok
22:44:23.0481 0x12c8  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
22:44:23.0495 0x12c8  ICCS - ok
22:44:23.0590 0x12c8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:44:23.0618 0x12c8  idsvc - ok
22:44:23.0843 0x12c8  [ 690E1FCE66B5F0DB3A00B30E9CC2D617, 157C78A1DD902C2204C6733F5CE502A9240876E8CB3FB2FF44EF2716B65BC4F4 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:44:23.0991 0x12c8  igfx - ok
22:44:24.0069 0x12c8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:44:24.0075 0x12c8  iirsp - ok
22:44:24.0157 0x12c8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:44:24.0186 0x12c8  IKEEXT - ok
22:44:24.0345 0x12c8  [ 75687FA02233621851567BCEC6291238, 0463B8A76B77AE465F0DD72EB711C6F238FB8507E35648195E32ED5DFF8E5134 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:44:24.0418 0x12c8  IntcAzAudAddService - ok
22:44:24.0471 0x12c8  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:44:24.0482 0x12c8  IntcDAud - ok
22:44:24.0517 0x12c8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:44:24.0519 0x12c8  intelide - ok
22:44:24.0562 0x12c8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:44:24.0566 0x12c8  intelppm - ok
22:44:24.0619 0x12c8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:44:24.0632 0x12c8  IPBusEnum - ok
22:44:24.0682 0x12c8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:24.0690 0x12c8  IpFilterDriver - ok
22:44:24.0765 0x12c8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:44:24.0789 0x12c8  iphlpsvc - ok
22:44:24.0825 0x12c8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:44:24.0830 0x12c8  IPMIDRV - ok
22:44:24.0873 0x12c8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:44:24.0884 0x12c8  IPNAT - ok
22:44:25.0047 0x12c8  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:44:25.0068 0x12c8  iPod Service - ok
22:44:25.0094 0x12c8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:44:25.0096 0x12c8  IRENUM - ok
22:44:25.0129 0x12c8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:44:25.0132 0x12c8  isapnp - ok
22:44:25.0166 0x12c8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:44:25.0182 0x12c8  iScsiPrt - ok
22:44:25.0208 0x12c8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:44:25.0212 0x12c8  kbdclass - ok
22:44:25.0235 0x12c8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:44:25.0259 0x12c8  kbdhid - ok
22:44:25.0287 0x12c8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
22:44:25.0295 0x12c8  KeyIso - ok
22:44:25.0329 0x12c8  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:44:25.0335 0x12c8  KSecDD - ok
22:44:25.0356 0x12c8  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:44:25.0364 0x12c8  KSecPkg - ok
22:44:25.0418 0x12c8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:44:25.0421 0x12c8  ksthunk - ok
22:44:25.0468 0x12c8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:44:25.0488 0x12c8  KtmRm - ok
22:44:25.0543 0x12c8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:44:25.0560 0x12c8  LanmanServer - ok
22:44:25.0600 0x12c8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:44:25.0608 0x12c8  LanmanWorkstation - ok
22:44:25.0645 0x12c8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:44:25.0649 0x12c8  lltdio - ok
22:44:25.0695 0x12c8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:44:25.0707 0x12c8  lltdsvc - ok
22:44:25.0725 0x12c8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:44:25.0729 0x12c8  lmhosts - ok
22:44:25.0743 0x12c8  lmimirr - ok
22:44:25.0769 0x12c8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:44:25.0774 0x12c8  LSI_FC - ok
22:44:25.0819 0x12c8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:44:25.0824 0x12c8  LSI_SAS - ok
22:44:25.0838 0x12c8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:44:25.0841 0x12c8  LSI_SAS2 - ok
22:44:25.0860 0x12c8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:44:25.0866 0x12c8  LSI_SCSI - ok
22:44:25.0895 0x12c8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:44:25.0900 0x12c8  luafv - ok
22:44:25.0938 0x12c8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:44:25.0944 0x12c8  Mcx2Svc - ok
22:44:25.0976 0x12c8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:44:25.0979 0x12c8  megasas - ok
22:44:26.0015 0x12c8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:44:26.0026 0x12c8  MegaSR - ok
22:44:26.0075 0x12c8  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:44:26.0082 0x12c8  MEIx64 - ok
22:44:26.0174 0x12c8  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:44:26.0182 0x12c8  Microsoft Office Groove Audit Service - ok
22:44:26.0229 0x12c8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:44:26.0239 0x12c8  MMCSS - ok
22:44:26.0263 0x12c8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:44:26.0266 0x12c8  Modem - ok
22:44:26.0309 0x12c8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:44:26.0314 0x12c8  monitor - ok
22:44:26.0366 0x12c8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:44:26.0372 0x12c8  mouclass - ok
22:44:26.0413 0x12c8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:44:26.0417 0x12c8  mouhid - ok
22:44:26.0478 0x12c8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:44:26.0487 0x12c8  mountmgr - ok
22:44:26.0517 0x12c8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:44:26.0537 0x12c8  mpio - ok
22:44:26.0594 0x12c8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:44:26.0599 0x12c8  mpsdrv - ok
22:44:26.0676 0x12c8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:44:26.0704 0x12c8  MpsSvc - ok
22:44:26.0767 0x12c8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:44:26.0779 0x12c8  MRxDAV - ok
22:44:26.0831 0x12c8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:26.0844 0x12c8  mrxsmb - ok
22:44:26.0871 0x12c8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:26.0883 0x12c8  mrxsmb10 - ok
22:44:26.0921 0x12c8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:26.0929 0x12c8  mrxsmb20 - ok
22:44:26.0955 0x12c8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:44:26.0958 0x12c8  msahci - ok
22:44:26.0974 0x12c8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:44:26.0980 0x12c8  msdsm - ok
22:44:27.0019 0x12c8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:44:27.0028 0x12c8  MSDTC - ok
22:44:27.0074 0x12c8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:44:27.0077 0x12c8  Msfs - ok
22:44:27.0107 0x12c8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:44:27.0110 0x12c8  mshidkmdf - ok
22:44:27.0149 0x12c8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:44:27.0153 0x12c8  msisadrv - ok
22:44:27.0200 0x12c8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:44:27.0216 0x12c8  MSiSCSI - ok
22:44:27.0225 0x12c8  msiserver - ok
22:44:27.0263 0x12c8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:44:27.0265 0x12c8  MSKSSRV - ok
22:44:27.0280 0x12c8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:27.0282 0x12c8  MSPCLOCK - ok
22:44:27.0287 0x12c8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:44:27.0289 0x12c8  MSPQM - ok
22:44:27.0346 0x12c8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:44:27.0364 0x12c8  MsRPC - ok
22:44:27.0408 0x12c8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:44:27.0411 0x12c8  mssmbios - ok
22:44:27.0450 0x12c8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:44:27.0452 0x12c8  MSTEE - ok
22:44:27.0468 0x12c8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:44:27.0471 0x12c8  MTConfig - ok
22:44:27.0491 0x12c8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:44:27.0495 0x12c8  Mup - ok
22:44:27.0561 0x12c8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:44:27.0583 0x12c8  napagent - ok
22:44:27.0669 0x12c8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:44:27.0689 0x12c8  NativeWifiP - ok
22:44:27.0757 0x12c8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:44:27.0786 0x12c8  NDIS - ok
22:44:27.0804 0x12c8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:27.0807 0x12c8  NdisCap - ok
22:44:27.0830 0x12c8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:27.0832 0x12c8  NdisTapi - ok
22:44:27.0864 0x12c8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:27.0867 0x12c8  Ndisuio - ok
22:44:27.0910 0x12c8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:27.0917 0x12c8  NdisWan - ok
22:44:27.0959 0x12c8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:44:27.0966 0x12c8  NDProxy - ok
22:44:28.0007 0x12c8  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
22:44:28.0012 0x12c8  Netaapl - ok
22:44:28.0055 0x12c8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:44:28.0059 0x12c8  NetBIOS - ok
22:44:28.0120 0x12c8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:44:28.0138 0x12c8  NetBT - ok
22:44:28.0170 0x12c8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
22:44:28.0173 0x12c8  Netlogon - ok
22:44:28.0217 0x12c8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:44:28.0231 0x12c8  Netman - ok
22:44:28.0323 0x12c8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:44:28.0376 0x12c8  NetMsmqActivator - ok
22:44:28.0402 0x12c8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:44:28.0410 0x12c8  NetPipeActivator - ok
22:44:28.0468 0x12c8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:44:28.0488 0x12c8  netprofm - ok
22:44:28.0539 0x12c8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:44:28.0550 0x12c8  NetTcpActivator - ok
22:44:28.0561 0x12c8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:44:28.0566 0x12c8  NetTcpPortSharing - ok
22:44:28.0615 0x12c8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:44:28.0620 0x12c8  nfrd960 - ok
22:44:28.0677 0x12c8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:44:28.0704 0x12c8  NlaSvc - ok
22:44:28.0746 0x12c8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:44:28.0749 0x12c8  Npfs - ok
22:44:28.0784 0x12c8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:44:28.0788 0x12c8  nsi - ok
22:44:28.0824 0x12c8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:44:28.0828 0x12c8  nsiproxy - ok
22:44:28.0952 0x12c8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:44:29.0000 0x12c8  Ntfs - ok
22:44:29.0026 0x12c8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:44:29.0027 0x12c8  Null - ok
22:44:29.0087 0x12c8  [ 0EBC9D13CD96C15B1B18D8678A609E4B, B10896DE16B0C102DFB3E73A6C11A1982C5B428015DAE1F8776BCEF94A0F75C6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
22:44:29.0096 0x12c8  nusb3hub - ok
22:44:29.0149 0x12c8  [ 7BDEC000D56D485021D9C1E63C2F81CA, 7F1303FD0371AF8715BFC38433B730C797170AEF10C7DB845B7B547DA8DBB5D5 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:44:29.0164 0x12c8  nusb3xhc - ok
22:44:29.0195 0x12c8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:44:29.0208 0x12c8  nvraid - ok
22:44:29.0263 0x12c8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:44:29.0277 0x12c8  nvstor - ok
22:44:29.0298 0x12c8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:44:29.0304 0x12c8  nv_agp - ok
22:44:29.0449 0x12c8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:44:29.0467 0x12c8  odserv - ok
22:44:29.0502 0x12c8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:44:29.0506 0x12c8  ohci1394 - ok
22:44:29.0614 0x12c8  [ 6F722C84CCCEF77A871D0F7E50AB25EB, F81F33DC8C20A6C331B1F7006B124F2FB9B7297E0C37CB7272A4074C2D19856C ] OpenVPNService  C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
22:44:29.0619 0x12c8  OpenVPNService - ok
22:44:29.0696 0x12c8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:44:29.0704 0x12c8  ose - ok
22:44:29.0758 0x12c8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:44:29.0777 0x12c8  p2pimsvc - ok
22:44:29.0807 0x12c8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:44:29.0824 0x12c8  p2psvc - ok
22:44:29.0860 0x12c8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:44:29.0864 0x12c8  Parport - ok
22:44:29.0900 0x12c8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:44:29.0903 0x12c8  partmgr - ok
22:44:29.0946 0x12c8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:44:29.0955 0x12c8  PcaSvc - ok
22:44:29.0975 0x12c8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:44:29.0982 0x12c8  pci - ok
22:44:30.0014 0x12c8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:44:30.0017 0x12c8  pciide - ok
22:44:30.0064 0x12c8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:44:30.0082 0x12c8  pcmcia - ok
22:44:30.0102 0x12c8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:44:30.0106 0x12c8  pcw - ok
22:44:30.0143 0x12c8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:44:30.0163 0x12c8  PEAUTH - ok
22:44:30.0281 0x12c8  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:44:30.0321 0x12c8  PeerDistSvc - ok
22:44:30.0418 0x12c8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:44:30.0427 0x12c8  PerfHost - ok
22:44:30.0527 0x12c8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:44:30.0569 0x12c8  pla - ok
22:44:30.0624 0x12c8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:44:30.0640 0x12c8  PlugPlay - ok
22:44:30.0678 0x12c8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:44:30.0683 0x12c8  PNRPAutoReg - ok
22:44:30.0705 0x12c8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:44:30.0716 0x12c8  PNRPsvc - ok
22:44:30.0826 0x12c8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:44:30.0850 0x12c8  PolicyAgent - ok
22:44:30.0895 0x12c8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:44:30.0904 0x12c8  Power - ok
22:44:30.0952 0x12c8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:44:30.0957 0x12c8  PptpMiniport - ok
22:44:30.0991 0x12c8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:44:30.0995 0x12c8  Processor - ok
22:44:31.0036 0x12c8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:44:31.0046 0x12c8  ProfSvc - ok
22:44:31.0061 0x12c8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:44:31.0065 0x12c8  ProtectedStorage - ok
22:44:31.0116 0x12c8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:44:31.0128 0x12c8  Psched - ok
22:44:31.0220 0x12c8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:44:31.0263 0x12c8  ql2300 - ok
22:44:31.0301 0x12c8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:44:31.0306 0x12c8  ql40xx - ok
22:44:31.0361 0x12c8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:44:31.0382 0x12c8  QWAVE - ok
22:44:31.0402 0x12c8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:44:31.0406 0x12c8  QWAVEdrv - ok
22:44:31.0423 0x12c8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:44:31.0425 0x12c8  RasAcd - ok
22:44:31.0478 0x12c8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:31.0484 0x12c8  RasAgileVpn - ok
22:44:31.0533 0x12c8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:44:31.0544 0x12c8  RasAuto - ok
22:44:31.0595 0x12c8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:31.0606 0x12c8  Rasl2tp - ok
22:44:31.0680 0x12c8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:44:31.0709 0x12c8  RasMan - ok
22:44:31.0753 0x12c8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:31.0759 0x12c8  RasPppoe - ok
22:44:31.0787 0x12c8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:44:31.0793 0x12c8  RasSstp - ok
22:44:31.0850 0x12c8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:44:31.0865 0x12c8  rdbss - ok
22:44:31.0885 0x12c8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:44:31.0888 0x12c8  rdpbus - ok
22:44:31.0899 0x12c8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:31.0901 0x12c8  RDPCDD - ok
22:44:31.0950 0x12c8  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:44:31.0963 0x12c8  RDPDR - ok
22:44:32.0024 0x12c8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:44:32.0028 0x12c8  RDPENCDD - ok
22:44:32.0050 0x12c8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:44:32.0053 0x12c8  RDPREFMP - ok
22:44:32.0111 0x12c8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:44:32.0117 0x12c8  RdpVideoMiniport - ok
22:44:32.0174 0x12c8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:44:32.0190 0x12c8  RDPWD - ok
22:44:32.0256 0x12c8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:44:32.0274 0x12c8  rdyboost - ok
22:44:32.0345 0x12c8  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
22:44:32.0350 0x12c8  RealNetworks Downloader Resolver Service - ok
22:44:32.0397 0x12c8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:44:32.0406 0x12c8  RemoteAccess - ok
22:44:32.0448 0x12c8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:44:32.0461 0x12c8  RemoteRegistry - ok
22:44:32.0517 0x12c8  [ A14DF7C3BC519328ACCB8FA741BAD78A, F15D05A601782F10B8CA8C2FF81777A99D993ED3063DC42E2799CC0C74722DDC ] risdxc          C:\Windows\system32\DRIVERS\risdxc64.sys
22:44:32.0524 0x12c8  risdxc - ok
22:44:32.0546 0x12c8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:44:32.0552 0x12c8  RpcEptMapper - ok
22:44:32.0589 0x12c8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:44:32.0593 0x12c8  RpcLocator - ok
22:44:32.0643 0x12c8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:44:32.0660 0x12c8  RpcSs - ok
22:44:32.0704 0x12c8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:44:32.0712 0x12c8  rspndr - ok
22:44:32.0758 0x12c8  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:44:32.0762 0x12c8  s3cap - ok
22:44:32.0788 0x12c8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
22:44:32.0792 0x12c8  SamSs - ok
22:44:32.0815 0x12c8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:44:32.0820 0x12c8  sbp2port - ok
22:44:32.0871 0x12c8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:44:32.0881 0x12c8  SCardSvr - ok
22:44:32.0914 0x12c8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:44:32.0919 0x12c8  scfilter - ok
22:44:33.0021 0x12c8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:44:33.0063 0x12c8  Schedule - ok
22:44:33.0099 0x12c8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:44:33.0102 0x12c8  SCPolicySvc - ok
22:44:33.0122 0x12c8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:44:33.0131 0x12c8  SDRSVC - ok
22:44:33.0173 0x12c8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:44:33.0176 0x12c8  secdrv - ok
22:44:33.0193 0x12c8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:44:33.0204 0x12c8  seclogon - ok
22:44:33.0245 0x12c8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:44:33.0251 0x12c8  SENS - ok
22:44:33.0267 0x12c8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:44:33.0273 0x12c8  SensrSvc - ok
22:44:33.0294 0x12c8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:44:33.0315 0x12c8  Serenum - ok
22:44:33.0356 0x12c8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:44:33.0362 0x12c8  Serial - ok
22:44:33.0394 0x12c8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:44:33.0398 0x12c8  sermouse - ok
22:44:33.0440 0x12c8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:44:33.0447 0x12c8  SessionEnv - ok
22:44:33.0476 0x12c8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:44:33.0480 0x12c8  sffdisk - ok
22:44:33.0491 0x12c8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:44:33.0495 0x12c8  sffp_mmc - ok
22:44:33.0504 0x12c8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:44:33.0507 0x12c8  sffp_sd - ok
22:44:33.0532 0x12c8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:44:33.0535 0x12c8  sfloppy - ok
22:44:33.0604 0x12c8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:44:33.0631 0x12c8  SharedAccess - ok
22:44:33.0685 0x12c8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:44:33.0705 0x12c8  ShellHWDetection - ok
22:44:33.0737 0x12c8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:44:33.0740 0x12c8  SiSRaid2 - ok
22:44:33.0779 0x12c8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:44:33.0790 0x12c8  SiSRaid4 - ok
22:44:34.0017 0x12c8  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:44:34.0109 0x12c8  Skype C2C Service - ok
22:44:34.0199 0x12c8  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:44:34.0207 0x12c8  SkypeUpdate - ok
22:44:34.0232 0x12c8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:44:34.0238 0x12c8  Smb - ok
22:44:34.0296 0x12c8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:44:34.0302 0x12c8  SNMPTRAP - ok
22:44:34.0340 0x12c8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:44:34.0343 0x12c8  spldr - ok
22:44:34.0411 0x12c8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:44:34.0432 0x12c8  Spooler - ok
22:44:34.0607 0x12c8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:44:34.0706 0x12c8  sppsvc - ok
22:44:34.0766 0x12c8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:44:34.0776 0x12c8  sppuinotify - ok
22:44:34.0840 0x12c8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:44:34.0859 0x12c8  srv - ok
22:44:34.0885 0x12c8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:44:34.0898 0x12c8  srv2 - ok
22:44:34.0919 0x12c8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:44:34.0926 0x12c8  srvnet - ok
22:44:34.0965 0x12c8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:44:34.0973 0x12c8  SSDPSRV - ok
22:44:34.0990 0x12c8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:44:34.0996 0x12c8  SstpSvc - ok
22:44:35.0028 0x12c8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:44:35.0031 0x12c8  stexstor - ok
22:44:35.0118 0x12c8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:44:35.0148 0x12c8  stisvc - ok
22:44:35.0196 0x12c8  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:44:35.0203 0x12c8  storflt - ok
22:44:35.0231 0x12c8  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:44:35.0236 0x12c8  storvsc - ok
22:44:35.0255 0x12c8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:44:35.0258 0x12c8  swenum - ok
22:44:35.0327 0x12c8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:44:35.0349 0x12c8  swprv - ok
22:44:35.0365 0x12c8  Synth3dVsc - ok
22:44:35.0490 0x12c8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:44:35.0541 0x12c8  SysMain - ok
22:44:35.0590 0x12c8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:44:35.0606 0x12c8  TabletInputService - ok
22:44:35.0643 0x12c8  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
22:44:35.0647 0x12c8  tap0901 - ok
22:44:35.0676 0x12c8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:44:35.0694 0x12c8  TapiSrv - ok
22:44:35.0745 0x12c8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:44:35.0758 0x12c8  TBS - ok
22:44:35.0876 0x12c8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:44:35.0930 0x12c8  Tcpip - ok
22:44:35.0997 0x12c8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:44:36.0046 0x12c8  TCPIP6 - ok
22:44:36.0090 0x12c8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:44:36.0096 0x12c8  tcpipreg - ok
22:44:36.0150 0x12c8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:44:36.0154 0x12c8  TDPIPE - ok
22:44:36.0194 0x12c8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:44:36.0199 0x12c8  TDTCP - ok
22:44:36.0247 0x12c8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:44:36.0257 0x12c8  tdx - ok
22:44:36.0547 0x12c8  [ 8EA86BC14E5AE25E4DA5C742587FB1A4, F95A56D5C651596AFDF0B794F4F2920CE5193333CE96D26D9A6645E6417ABA47 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
22:44:36.0681 0x12c8  TeamViewer9 - ok
22:44:36.0728 0x12c8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:44:36.0732 0x12c8  TermDD - ok
22:44:36.0820 0x12c8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
22:44:36.0845 0x12c8  TermService - ok
22:44:36.0886 0x12c8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:44:36.0891 0x12c8  Themes - ok
22:44:36.0917 0x12c8  [ D6704940A79831B4FA271D7A73D291D8, 9F6088AE2E4F4058D4414C32ACC2E3D9707BA90587B8611F4416DDDCD1717762 ] Thpevm          C:\Windows\system32\DRIVERS\Thpevm.SYS
22:44:36.0920 0x12c8  Thpevm - ok
22:44:36.0980 0x12c8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:44:36.0990 0x12c8  THREADORDER - ok
22:44:37.0185 0x12c8  [ CDC97FA5C42B07FB0D4600E17C32F582, 1801964D228E03FF72D01E714ECE76D3040DD89B8FE828821CF999E6CB455F53 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:44:37.0205 0x12c8  TosCoSrv - ok
22:44:37.0273 0x12c8  [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46, 3D3F68DC994C99436E31B72AEE15F4F46437AC3F2C2CD1D477C738E16397CB50 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
22:44:37.0288 0x12c8  TOSHIBA Bluetooth Service - ok
22:44:37.0330 0x12c8  [ 755E5CA34D6186FC0E1430CD47E6E97C, 08CE7842D58B36D31253602E505841E604748EED845134E7AF158EADFC4927E9 ] toshidpt        C:\Windows\system32\drivers\Toshidpt.sys
22:44:37.0333 0x12c8  toshidpt - ok
22:44:37.0378 0x12c8  [ 8021F63311797085949FA387F7C83583, 7781994B9F06784807D32FD5A93C5406A441908870B1328BBDA9D15C5DD98C1B ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
22:44:37.0385 0x12c8  tosporte - ok
22:44:37.0438 0x12c8  [ 58E3F35AECD7BD5FCC1BD198B4AD354F, 2822DA60CF4967804ECC9D02A3DA5771AD75BCB76B2721EA500B27193BC20B26 ] Tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
22:44:37.0452 0x12c8  Tosrfbd - ok
22:44:37.0493 0x12c8  [ 90F0B1745ABF13F44C2A6ED79F7CE9FB, B705B0ADD6965CF63D3FCD039DBC80EEB8B3860608367D248C7350BB16D83337 ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
22:44:37.0498 0x12c8  tosrfbnp - ok
22:44:37.0539 0x12c8  [ 9E4E65EA51E34647340BD6007467AC54, D4FD658250298AE52959009C7DB031A7D82E48088DB5D94E6D3F990058B9D75E ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
22:44:37.0545 0x12c8  Tosrfcom - ok
22:44:37.0580 0x12c8  [ A4DDAD3BF13F370EC392BE243E334EBA, DB4F33DB2B9692AB4087E408AAEC2AB4046278BBD696213089E2D931C04E966B ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
22:44:37.0583 0x12c8  tosrfec - ok
22:44:37.0637 0x12c8  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A, 38D2C64559EF4598025474643EC0D506F0107822AC6205E8C4D26B76EB28177D ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
22:44:37.0643 0x12c8  Tosrfhid - ok
22:44:37.0678 0x12c8  [ B6FDC3C76FFE9C5171EEA9C37EA367C2, 4F8D4E2E37164DB91F396B836BD888CF221010103CF3FBECE00B747155819374 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
22:44:37.0681 0x12c8  tosrfnds - ok
22:44:37.0752 0x12c8  [ 7A0048693F98460FF537BE31C741B927, 6CD73974D8A9215A5B538C7F32E1C85F6912D38A0B70DB10015621C4E1670980 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
22:44:37.0760 0x12c8  Tosrfusb - ok
22:44:37.0807 0x12c8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:44:37.0825 0x12c8  TrkWks - ok
22:44:37.0908 0x12c8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:44:37.0920 0x12c8  TrustedInstaller - ok
22:44:37.0941 0x12c8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:44:37.0946 0x12c8  tssecsrv - ok
22:44:37.0990 0x12c8  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:44:37.0995 0x12c8  TsUsbFlt - ok
22:44:38.0011 0x12c8  tsusbhub - ok
22:44:38.0075 0x12c8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:44:38.0086 0x12c8  tunnel - ok
22:44:38.0126 0x12c8  [ EFFCE6E033EBDD0F3C0F14A413558F65, 576E7C8F1FBE874A0F8F7AA97FC19F472474CFD4A6F663034341E98FF5A28BB5 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ.SYS
22:44:38.0131 0x12c8  TVALZ - ok
22:44:38.0175 0x12c8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:44:38.0183 0x12c8  uagp35 - ok
22:44:38.0238 0x12c8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:44:38.0250 0x12c8  udfs - ok
22:44:38.0285 0x12c8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:44:38.0290 0x12c8  UI0Detect - ok
22:44:38.0320 0x12c8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:44:38.0324 0x12c8  uliagpkx - ok
22:44:38.0346 0x12c8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:44:38.0349 0x12c8  umbus - ok
22:44:38.0388 0x12c8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:44:38.0391 0x12c8  UmPass - ok
22:44:38.0444 0x12c8  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:44:38.0462 0x12c8  UmRdpService - ok
22:44:38.0512 0x12c8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:44:38.0531 0x12c8  upnphost - ok
22:44:38.0558 0x12c8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:44:38.0562 0x12c8  USBAAPL64 - ok
22:44:38.0602 0x12c8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:44:38.0609 0x12c8  usbccgp - ok
22:44:38.0624 0x12c8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:44:38.0630 0x12c8  usbcir - ok
22:44:38.0648 0x12c8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:44:38.0652 0x12c8  usbehci - ok
22:44:38.0686 0x12c8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:44:38.0708 0x12c8  usbhub - ok
22:44:38.0748 0x12c8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:44:38.0751 0x12c8  usbohci - ok
22:44:38.0790 0x12c8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:44:38.0795 0x12c8  usbprint - ok
22:44:38.0847 0x12c8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:44:38.0854 0x12c8  USBSTOR - ok
22:44:38.0880 0x12c8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:44:38.0884 0x12c8  usbuhci - ok
22:44:38.0942 0x12c8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:44:38.0953 0x12c8  usbvideo - ok
22:44:38.0996 0x12c8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:44:39.0007 0x12c8  UxSms - ok
22:44:39.0022 0x12c8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
22:44:39.0029 0x12c8  VaultSvc - ok
22:44:39.0078 0x12c8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:44:39.0081 0x12c8  vdrvroot - ok
22:44:39.0151 0x12c8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:44:39.0174 0x12c8  vds - ok
22:44:39.0216 0x12c8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:44:39.0220 0x12c8  vga - ok
22:44:39.0235 0x12c8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:44:39.0238 0x12c8  VgaSave - ok
22:44:39.0252 0x12c8  VGPU - ok
22:44:39.0294 0x12c8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:44:39.0303 0x12c8  vhdmp - ok
22:44:39.0329 0x12c8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:44:39.0332 0x12c8  viaide - ok
22:44:39.0353 0x12c8  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:44:39.0360 0x12c8  vmbus - ok
22:44:39.0377 0x12c8  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:44:39.0380 0x12c8  VMBusHID - ok
22:44:39.0403 0x12c8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:44:39.0407 0x12c8  volmgr - ok
22:44:39.0462 0x12c8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:44:39.0484 0x12c8  volmgrx - ok
22:44:39.0536 0x12c8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:44:39.0550 0x12c8  volsnap - ok
22:44:39.0610 0x12c8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:44:39.0624 0x12c8  vsmraid - ok
22:44:39.0724 0x12c8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:44:39.0772 0x12c8  VSS - ok
22:44:39.0786 0x12c8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:44:39.0788 0x12c8  vwifibus - ok
22:44:39.0812 0x12c8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:44:39.0815 0x12c8  vwififlt - ok
22:44:39.0838 0x12c8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:44:39.0840 0x12c8  vwifimp - ok
22:44:39.0895 0x12c8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:44:39.0910 0x12c8  W32Time - ok
22:44:39.0945 0x12c8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:44:39.0948 0x12c8  WacomPen - ok
22:44:40.0003 0x12c8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:44:40.0013 0x12c8  WANARP - ok
22:44:40.0021 0x12c8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:44:40.0025 0x12c8  Wanarpv6 - ok
22:44:40.0122 0x12c8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:44:40.0163 0x12c8  WatAdminSvc - ok
22:44:40.0257 0x12c8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:44:40.0303 0x12c8  wbengine - ok
22:44:40.0349 0x12c8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:44:40.0359 0x12c8  WbioSrvc - ok
22:44:40.0405 0x12c8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:44:40.0420 0x12c8  wcncsvc - ok
22:44:40.0436 0x12c8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:44:40.0442 0x12c8  WcsPlugInService - ok
22:44:40.0484 0x12c8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:44:40.0487 0x12c8  Wd - ok
22:44:40.0537 0x12c8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:44:40.0563 0x12c8  Wdf01000 - ok
22:44:40.0614 0x12c8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:44:40.0627 0x12c8  WdiServiceHost - ok
22:44:40.0639 0x12c8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:44:40.0650 0x12c8  WdiSystemHost - ok
22:44:40.0679 0x12c8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
22:44:40.0692 0x12c8  WebClient - ok
22:44:40.0719 0x12c8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:44:40.0731 0x12c8  Wecsvc - ok
22:44:40.0746 0x12c8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:44:40.0753 0x12c8  wercplsupport - ok
22:44:40.0802 0x12c8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:44:40.0809 0x12c8  WerSvc - ok
22:44:40.0845 0x12c8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:44:40.0848 0x12c8  WfpLwf - ok
22:44:40.0869 0x12c8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:44:40.0872 0x12c8  WIMMount - ok
22:44:40.0906 0x12c8  WinDefend - ok
22:44:40.0922 0x12c8  WinHttpAutoProxySvc - ok
22:44:41.0034 0x12c8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:44:41.0051 0x12c8  Winmgmt - ok
22:44:41.0165 0x12c8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:44:41.0224 0x12c8  WinRM - ok
22:44:41.0281 0x12c8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:44:41.0287 0x12c8  WinUsb - ok
22:44:41.0368 0x12c8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:44:41.0397 0x12c8  Wlansvc - ok
22:44:41.0432 0x12c8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:44:41.0434 0x12c8  WmiAcpi - ok
22:44:41.0479 0x12c8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:44:41.0487 0x12c8  wmiApSrv - ok
22:44:41.0536 0x12c8  WMPNetworkSvc - ok
22:44:41.0573 0x12c8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:44:41.0582 0x12c8  WPCSvc - ok
22:44:41.0624 0x12c8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:44:41.0634 0x12c8  WPDBusEnum - ok
22:44:41.0672 0x12c8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:44:41.0677 0x12c8  ws2ifsl - ok
22:44:41.0723 0x12c8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:44:41.0739 0x12c8  wscsvc - ok
22:44:41.0748 0x12c8  WSearch - ok
22:44:41.0873 0x12c8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:44:41.0943 0x12c8  wuauserv - ok
22:44:41.0977 0x12c8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:44:41.0981 0x12c8  WudfPf - ok
22:44:42.0026 0x12c8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:44:42.0034 0x12c8  WUDFRd - ok
22:44:42.0050 0x12c8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:44:42.0058 0x12c8  wudfsvc - ok
22:44:42.0098 0x12c8  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:44:42.0110 0x12c8  WwanSvc - ok
22:44:42.0142 0x12c8  ================ Scan global ===============================
22:44:42.0183 0x12c8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:44:42.0238 0x12c8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:44:42.0265 0x12c8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:44:42.0313 0x12c8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:44:42.0341 0x12c8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
22:44:42.0354 0x12c8  [ Global ] - ok
22:44:42.0355 0x12c8  ================ Scan MBR ==================================
22:44:42.0365 0x12c8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:44:42.0662 0x12c8  \Device\Harddisk0\DR0 - ok
22:44:42.0663 0x12c8  ================ Scan VBR ==================================
22:44:42.0679 0x12c8  [ 43A526DEBA8EDD7676BCC4179DF4FD11 ] \Device\Harddisk0\DR0\Partition1
22:44:42.0682 0x12c8  \Device\Harddisk0\DR0\Partition1 - ok
22:44:42.0684 0x12c8  Waiting for KSN requests completion. In queue: 69
22:44:43.0684 0x12c8  Waiting for KSN requests completion. In queue: 69
22:44:44.0684 0x12c8  Waiting for KSN requests completion. In queue: 69
22:44:45.0684 0x12c8  Waiting for KSN requests completion. In queue: 69
22:44:46.0992 0x12c8  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )
22:44:47.0039 0x12c8  Win FW state via NFP2: enabled
22:44:50.0067 0x12c8  ============================================================
22:44:50.0067 0x12c8  Scan finished
22:44:50.0067 0x12c8  ============================================================
22:44:50.0085 0x122c  Detected object count: 0
22:44:50.0085 0x122c  Actual detected object count: 0
22:44:56.0664 0x1588  Deinitialize success
 
 
# AdwCleaner v3.018 - Report created 05/02/2014 at 22:49:05
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Vances - VANCES-PC
# Running from : C:\Users\Vances\Desktop\Latest AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
*************************
 
AdwCleaner[R0].txt - [1906 octets] - [27/01/2014 16:32:43]
AdwCleaner[R1].txt - [759 octets] - [28/01/2014 12:20:09]
AdwCleaner[R2].txt - [1152 octets] - [05/02/2014 22:47:31]
AdwCleaner[S0].txt - [1797 octets] - [27/01/2014 16:35:42]
AdwCleaner[S1].txt - [819 octets] - [28/01/2014 12:21:31]
AdwCleaner[S2].txt - [1076 octets] - [05/02/2014 22:49:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1136 octets] ##########
 


#5 zoo55

zoo55
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 05 February 2014 - 10:03 AM

Smiley was an accident.  Typed open parenthesis - b - close parenthesis, as in, second item in the list.



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:52 PM

Posted 05 February 2014 - 10:46 AM

Hi,
 
Good job!!
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:52 PM

Posted 07 February 2014 - 07:59 AM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:52 PM

Posted 08 February 2014 - 10:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:52 PM

Posted 10 February 2014 - 07:23 AM

Per the OP's request, this topic has been unlocked.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 zoo55

zoo55
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 11 February 2014 - 01:00 AM

Jeff, Thanks.  Got a bit busy but back with you.

ComboFix log below.  Still have the problem - 80 to 120 MB of memory usage with svchost.exe.

 

ComboFix 14-02-05.02 - Vances 02/10/2014  12:34:08.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1951.882 [GMT 8:00]
Running from: c:\users\Vances\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-10 to 2014-02-10  )))))))))))))))))))))))))))))))
.
.
2014-02-10 04:41 . 2014-02-10 04:41 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2014-02-10 04:41 . 2014-02-10 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-07 10:05 . 2014-02-07 10:05 -------- d-----w- c:\program files\gs
2014-02-04 23:30 . 2014-02-10 04:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F659801-75B2-40D7-A076-D1BE609CAAF8}\offreg.dll
2014-02-04 12:17 . 2014-02-04 12:17 -------- d-----w- c:\programdata\McAfee
2014-02-01 21:43 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F659801-75B2-40D7-A076-D1BE609CAAF8}\mpengine.dll
2014-01-28 04:27 . 2014-01-28 04:27 -------- d-----w- c:\windows\ERUNT
2014-01-28 03:55 . 2014-01-29 07:05 -------- d-----w- c:\users\Vances\AppData\Roaming\TeamViewer
2014-01-28 03:47 . 2014-01-28 03:47 -------- d-----w- c:\program files (x86)\TeamViewer
2014-01-27 08:31 . 2014-02-05 14:49 -------- d-----w- C:\AdwCleaner
2014-01-27 05:00 . 2013-09-25 02:26 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-01-27 04:59 . 2013-08-29 02:16 243712 ----a-w- c:\windows\system32\wow64.dll
2014-01-27 04:58 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-01-27 04:58 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-01-27 04:56 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-01-27 04:56 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-01-27 04:56 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2014-01-27 04:56 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2014-01-27 04:56 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2014-01-27 04:56 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-01-27 04:56 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-01-27 04:56 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-01-27 04:56 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-27 04:56 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-27 04:56 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-01-27 04:56 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-01-27 04:52 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-27 04:44 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-01-27 04:44 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-01-27 04:44 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-01-27 04:44 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-01-27 04:44 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-01-27 04:44 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-01-27 04:44 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-01-27 04:44 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-01-27 04:26 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-27 04:26 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-01-27 04:26 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-01-27 04:26 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-01-27 04:26 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-01-27 04:26 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-01-20 02:56 . 2013-12-18 13:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 07:28 . 2014-01-15 07:28 -------- d-----w- c:\windows\system32\appmgmt
2014-01-11 09:24 . 2014-01-11 09:24 -------- d-----w- c:\users\Vances\AppData\Local\IsolatedStorage
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-09 13:19 . 2013-11-15 03:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-09 13:19 . 2013-11-15 03:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-01 11:49 . 2013-12-25 15:06 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-01 11:49 . 2013-08-20 09:36 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-02-01 11:49 . 2013-08-20 09:36 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-01 11:49 . 2013-08-20 09:36 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-01 11:49 . 2013-08-20 09:36 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-01 11:49 . 2013-08-20 09:35 43152 ----a-w- c:\windows\avastSS.scr
2014-01-06 08:20 . 2013-08-02 09:59 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-25 15:06 . 2013-08-20 09:36 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-17 22:13 . 2013-08-02 07:11 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-15 03:57 . 2013-11-15 03:57 63824 ----a-r- c:\users\Vances\AppData\Roaming\Microsoft\Installer\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Vances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Vances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Vances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Vances\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2013-06-25 1765744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-01 3767096]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-10-23 295512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
c:\users\Vances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vances\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-9 2750376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 09:42 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-20 09:25]
.
2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-20 09:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-01 11:49 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Vances\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Vances\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Vances\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Vances\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-09 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-09 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-09 442352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-21 11723368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-892678901-2589689131-1633928775-1000_Classes\Wow6432Node\CLSID\{31dda2a9-8126-41e3-8d5f-378547133ab8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,8b,80,b6,ef,93,d0,e3,69,01,13,94,63,b1,f8,85,94,30,63,d8,33,8f,f7,\
.
[HKEY_USERS\S-1-5-21-892678901-2589689131-1633928775-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):85,f8,94,52,f2,40,d3,ea,b9,d3,9e,40,0c,8e,39,52,01,2f,84,8b,d8,
   3d,03,f8,51,67,6c,08,70,b7,a9,e3,ca,92,00,83,6d,b3,0d,33,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-10  12:45:32
ComboFix-quarantined-files.txt  2014-02-10 04:45
.
Pre-Run: 216,177,913,856 bytes free
Post-Run: 216,196,120,576 bytes free
.
- - End Of File - - D13A78F3B43E8DD4D435F90BED4AD72B
A36C5E4F47E84449FF07ED3517B43A31


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:52 PM

Posted 11 February 2014 - 07:39 AM

LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 zoo55

zoo55
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 12 February 2014 - 01:03 PM

No Malware.  Still 110 MB memory hog pc sslloooww.  Help!

 

Thanks.



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:52 PM

Posted 12 February 2014 - 01:35 PM

N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 zoo55

zoo55
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 14 February 2014 - 12:15 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01

Ran by Vances (administrator) on VANCES-PC on 15-02-2014 00:57:00
Running from C:\Users\Vances\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NDS Technologies) C:\Users\Vances\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Users\Vances\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Dropbox, Inc.) C:\Users\Vances\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Privax) C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11723368 2010-12-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-01] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-10-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-892678901-2589689131-1633928775-1000\...\Run: [PCShowServer] - C:\Users\Vances\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-06-25] (NDS Technologies)
Startup: C:\Users\Vances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Vances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 202.156.1.16 218.186.2.16 218.186.2.6
Tcpip\..\Interfaces\{23FCB4C1-827C-410A-AF5F-AEF288E1370C}: [NameServer]208.67.222.222 208.67.220.220
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-01] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2013-11-21] (The OpenVPN Project)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-25] ()
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-15 00:57 - 2014-02-15 00:57 - 00010591 _____ () C:\Users\Vances\Downloads\FRST.txt
2014-02-15 00:55 - 2014-02-15 00:57 - 00000000 ____D () C:\FRST
2014-02-15 00:54 - 2014-02-15 00:54 - 02152960 _____ (Farbar) C:\Users\Vances\Downloads\FRST64.exe
2014-02-14 15:58 - 2014-02-14 16:08 - 00000000 ____D () C:\Users\Vances\Documents\Articles of Interest
2014-02-14 01:33 - 2014-02-14 11:00 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-892678901-2589689131-1633928775-1000
2014-02-14 01:33 - 2014-02-14 11:00 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-892678901-2589689131-1633928775-1000
2014-02-13 18:35 - 2014-02-13 18:36 - 05173688 _____ () C:\Users\Vances\Downloads\LS-MagaZine.Issue.13.Movie01-10_Downloader.exe
2014-02-13 18:35 - 2014-02-13 18:35 - 00027566 _____ () C:\Users\Vances\Downloads\72BA502E31D719A220FCF577DFA23B733173A1F0.torrent
2014-02-13 18:32 - 2014-02-13 18:34 - 08075072 _____ (http://yourfiledownloader.com) C:\Users\Vances\Downloads\YourFile_downloader.exe
2014-02-12 18:12 - 2013-12-21 17:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 18:12 - 2013-12-21 15:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 18:10 - 2014-02-01 17:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 18:10 - 2014-02-01 17:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:10 - 2014-02-01 17:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:10 - 2014-02-01 17:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 18:10 - 2014-02-01 15:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 18:10 - 2014-02-01 15:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 18:10 - 2014-02-01 15:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 18:10 - 2014-02-01 15:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:10 - 2014-02-01 15:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 18:10 - 2014-02-01 14:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-12 18:10 - 2014-02-01 14:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-12 18:09 - 2014-02-01 17:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:09 - 2014-02-01 15:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 17:21 - 2013-12-06 10:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 17:20 - 2013-12-06 10:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 17:20 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 17:20 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 17:10 - 2014-02-12 17:10 - 00280204 _____ () C:\Users\Vances\Downloads\WindowsUpdateDiagnostic.diagcab
2014-02-12 17:10 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 17:10 - 2013-12-25 06:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 17:10 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 17:10 - 2013-11-23 06:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 16:39 - 2014-02-12 16:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 16:39 - 2014-02-12 16:39 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-12 16:39 - 2014-02-12 16:39 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-12 16:38 - 2014-02-12 16:57 - 00000000 ____D () C:\Users\Vances\Desktop\mbar
2014-02-12 16:38 - 2014-02-12 16:38 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Vances\Downloads\mbar-1.07.0.1009.exe
2014-02-10 20:24 - 2014-02-10 20:24 - 00001173 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-10 20:18 - 2014-02-10 20:18 - 07033240 _____ (TeamViewer GmbH) C:\Users\Vances\Downloads\TeamViewer_Setup.exe
2014-02-10 13:16 - 2014-02-10 13:16 - 00021197 _____ () C:\Users\Vances\Desktop\combofixreport.txt
2014-02-10 12:45 - 2014-02-10 12:45 - 00021197 _____ () C:\ComboFix.txt
2014-02-10 12:31 - 2014-02-10 12:45 - 00000000 ____D () C:\Qoobox
2014-02-10 12:31 - 2014-02-10 12:43 - 00000000 ____D () C:\Windows\erdnt
2014-02-10 12:31 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-10 12:31 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-10 12:31 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-10 12:31 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-10 12:31 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-10 12:31 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-10 12:31 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-10 12:31 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-10 12:29 - 2014-02-10 12:29 - 05180173 ____R (Swearware) C:\Users\Vances\Desktop\ComboFix.exe
2014-02-07 18:05 - 2014-02-07 18:05 - 13245963 _____ () C:\Users\Vances\Downloads\gs910w64.exe
2014-02-07 18:05 - 2014-02-07 18:05 - 00000000 ____D () C:\Program Files\gs
2014-02-05 22:46 - 2014-02-05 22:46 - 01166132 _____ () C:\Users\Vances\Desktop\Latest AdwCleaner.exe
2014-02-04 20:34 - 2014-02-04 20:34 - 00003170 _____ () C:\Windows\System32\Tasks\{A569F956-CB69-45DB-800A-ADFC1E62BB71}
2014-02-04 20:33 - 2014-02-04 20:33 - 10689696 _____ (Irfan Skiljan) C:\Users\Vances\Downloads\irfanview_plugins_437_setup.exe
2014-02-04 20:32 - 2014-02-04 20:32 - 00003144 _____ () C:\Windows\System32\Tasks\{AF3E80CE-6C89-470F-BC57-FEF359073A5C}
2014-02-04 20:26 - 2014-02-04 20:32 - 00001901 _____ () C:\Users\Vances\Desktop\IrfanView Thumbnails.lnk
2014-02-04 20:26 - 2014-02-04 20:32 - 00001009 _____ () C:\Users\Vances\Desktop\IrfanView.lnk
2014-02-04 20:26 - 2014-02-04 20:26 - 00000000 ____D () C:\Users\Vances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-02-04 20:24 - 2014-02-04 20:24 - 01883792 _____ (Irfan Skiljan) C:\Users\Vances\Downloads\iview437_setup.exe
2014-02-04 20:17 - 2014-02-04 20:17 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-04 07:59 - 2014-02-04 08:00 - 00688992 _____ (Swearware) C:\Users\Vances\Downloads\dds (1).com
2014-01-29 01:36 - 2014-01-29 01:36 - 00007235 _____ () C:\Users\Vances\Desktop\attach.txt
2014-01-29 01:36 - 2014-01-29 01:35 - 00015433 _____ () C:\Users\Vances\Desktop\dds.txt
2014-01-28 15:20 - 2014-01-28 15:20 - 00000000 ___SD () C:\Users\Vances\Documents\My Data Sources
2014-01-28 15:06 - 2014-01-28 15:06 - 00001271 _____ () C:\Users\Vances\Desktop\StikyNot.exe - Shortcut.lnk
2014-01-28 12:41 - 2014-01-28 12:41 - 02347384 _____ (ESET) C:\Users\Vances\Desktop\esetsmartinstaller_enu.exe
2014-01-28 12:35 - 2014-01-28 12:35 - 00000630 _____ () C:\Users\Vances\Desktop\JRT.txt
2014-01-28 12:27 - 2014-01-28 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-01-28 12:19 - 2014-01-28 12:19 - 00100127 _____ () C:\Users\Vances\Desktop\TDSS Report.txt
2014-01-28 12:16 - 2014-01-28 12:16 - 00000000 ____D () C:\Users\Vances\Desktop\tdsskiller
2014-01-28 12:12 - 2014-01-28 12:13 - 00031027 _____ () C:\Users\Vances\Desktop\Result.txt
2014-01-28 12:11 - 2014-01-28 12:11 - 01037068 _____ (Thisisu) C:\Users\Vances\Desktop\JRT.exe
2014-01-28 12:07 - 2014-01-28 12:07 - 00982016 _____ (Farbar) C:\Users\Vances\Desktop\MiniToolBox.exe
2014-01-28 11:55 - 2014-02-11 13:33 - 00000000 ____D () C:\Users\Vances\AppData\Roaming\TeamViewer
2014-01-28 11:47 - 2014-01-28 11:47 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-01-28 11:30 - 2014-02-14 11:02 - 00000000 ____D () C:\Users\Vances\Documents\Bluetooth
2014-01-27 16:31 - 2014-02-05 22:49 - 00000000 ____D () C:\AdwCleaner
2014-01-27 14:00 - 2014-02-12 18:18 - 00007838 _____ () C:\Windows\IE11_main.log
2014-01-27 13:00 - 2013-09-25 10:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-01-27 13:00 - 2013-09-25 10:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-01-27 13:00 - 2013-09-25 10:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-01-27 13:00 - 2013-09-25 10:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-01-27 13:00 - 2013-09-25 10:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-01-27 13:00 - 2013-09-25 10:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-01-27 13:00 - 2013-09-25 10:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-27 13:00 - 2013-09-25 10:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-01-27 13:00 - 2013-09-25 09:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-01-27 13:00 - 2013-09-25 09:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-01-27 13:00 - 2013-09-25 09:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-01-27 13:00 - 2013-09-25 09:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-01-27 13:00 - 2013-09-25 09:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-01-27 13:00 - 2013-08-29 10:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-27 13:00 - 2013-08-29 10:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-27 13:00 - 2013-08-29 10:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-01-27 13:00 - 2013-08-29 10:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-01-27 13:00 - 2013-08-29 09:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-01-27 13:00 - 2013-08-29 09:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-01-27 13:00 - 2013-08-29 09:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-27 13:00 - 2013-08-29 09:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-01-27 13:00 - 2013-08-29 09:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-01-27 13:00 - 2013-07-04 20:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-01-27 12:59 - 2013-11-12 10:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-27 12:59 - 2013-11-12 10:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-27 12:59 - 2013-10-04 10:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-01-27 12:59 - 2013-10-04 10:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-01-27 12:59 - 2013-10-04 10:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-01-27 12:59 - 2013-10-04 09:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-01-27 12:59 - 2013-10-04 09:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-01-27 12:59 - 2013-10-04 09:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-01-27 12:59 - 2013-08-29 10:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-27 12:59 - 2013-08-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-27 12:59 - 2013-08-29 08:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-27 12:59 - 2013-08-29 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-27 12:59 - 2013-08-29 08:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-27 12:59 - 2013-08-29 08:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-27 12:59 - 2013-06-26 06:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-27 12:58 - 2013-10-06 04:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-27 12:58 - 2013-10-06 03:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-27 12:57 - 2013-11-27 09:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-27 12:57 - 2013-11-27 09:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-27 12:57 - 2013-11-27 09:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-27 12:57 - 2013-11-27 09:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-27 12:57 - 2013-11-27 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-27 12:57 - 2013-11-27 09:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-27 12:57 - 2013-11-27 09:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-27 12:57 - 2013-11-26 19:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-27 12:57 - 2013-11-26 18:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-27 12:57 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-27 12:57 - 2013-11-24 01:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-27 12:57 - 2013-10-04 10:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-27 12:57 - 2013-10-04 09:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-27 12:57 - 2013-10-03 10:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-27 12:57 - 2013-10-03 10:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-27 12:57 - 2013-09-08 10:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-27 12:57 - 2013-09-08 10:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-01-27 12:57 - 2013-09-08 10:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-01-27 12:57 - 2013-07-12 18:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-01-27 12:57 - 2013-07-12 18:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-01-27 12:57 - 2013-07-04 20:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-27 12:57 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-27 12:57 - 2013-06-06 13:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-01-27 12:57 - 2013-06-06 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-01-27 12:57 - 2013-06-06 13:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-01-27 12:57 - 2013-06-06 13:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-27 12:57 - 2013-06-06 12:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-01-27 12:57 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-01-27 12:57 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-01-27 12:57 - 2013-06-06 11:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-27 12:57 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-27 12:57 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-27 12:56 - 2013-10-19 10:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-27 12:56 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-27 12:56 - 2013-09-28 09:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-27 12:56 - 2013-07-20 18:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-27 12:56 - 2013-07-20 18:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-27 12:56 - 2013-07-04 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-27 12:56 - 2013-07-04 20:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-27 12:56 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-27 12:56 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-27 12:56 - 2013-07-04 18:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-01-27 12:56 - 2013-07-03 12:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-01-27 12:56 - 2013-07-03 12:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-01-27 12:52 - 2013-08-01 20:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-27 12:44 - 2013-10-12 10:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-27 12:44 - 2013-10-12 10:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-27 12:44 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-27 12:44 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-27 12:44 - 2013-10-12 09:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-27 12:44 - 2013-10-12 09:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-27 12:44 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-27 12:44 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-27 12:26 - 2013-10-12 10:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-01-27 12:26 - 2013-10-12 10:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-27 12:26 - 2013-10-12 10:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-27 12:26 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-01-27 12:26 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-27 12:26 - 2013-08-28 09:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-01-20 10:57 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-20 10:56 - 2014-01-20 10:56 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-20 10:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-20 10:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-20 10:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
 
==================== One Month Modified Files and Folders =======
 
2014-02-15 00:57 - 2014-02-15 00:57 - 00010591 _____ () C:\Users\Vances\Downloads\FRST.txt
2014-02-15 00:57 - 2014-02-15 00:55 - 00000000 ____D () C:\FRST
2014-02-15 00:54 - 2014-02-15 00:54 - 02152960 _____ (Farbar) C:\Users\Vances\Downloads\FRST64.exe
2014-02-15 00:41 - 2013-08-20 17:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 23:31 - 2013-10-08 14:27 - 00000000 ____D () C:\Users\Vances\AppData\Roaming\vlc
2014-02-14 22:18 - 2009-07-14 12:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 22:18 - 2009-07-14 12:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 22:16 - 2013-08-20 17:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-14 22:14 - 2013-08-03 04:57 - 01521933 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 22:12 - 2013-09-23 20:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-14 22:12 - 2013-09-23 20:11 - 00000000 ____D () C:\ProgramData\Skype
2014-02-14 22:12 - 2013-09-13 17:51 - 00000000 ___RD () C:\Users\Vances\Dropbox
2014-02-14 22:12 - 2013-09-13 17:47 - 00000000 ____D () C:\Users\Vances\AppData\Roaming\Dropbox
2014-02-14 22:10 - 2013-10-13 11:17 - 00135667 _____ () C:\Windows\setupact.log
2014-02-14 22:10 - 2013-08-20 17:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 22:10 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 16:08 - 2014-02-14 15:58 - 00000000 ____D () C:\Users\Vances\Documents\Articles of Interest
2014-02-14 11:19 - 2013-10-21 10:22 - 00069324 _____ () C:\Users\Vances\Desktop\PacLNG Telephone Directory (Oct 16th '13).xlsx
2014-02-14 11:02 - 2014-01-28 11:30 - 00000000 ____D () C:\Users\Vances\Documents\Bluetooth
2014-02-14 11:00 - 2014-02-14 01:33 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-892678901-2589689131-1633928775-1000
2014-02-14 11:00 - 2014-02-14 01:33 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-892678901-2589689131-1633928775-1000
2014-02-13 22:14 - 2013-09-16 11:23 - 00000000 ____D () C:\Users\Vances\AppData\Roaming\tixati
2014-02-13 20:08 - 2013-09-16 11:25 - 00000000 ____D () C:\Tixati
2014-02-13 18:36 - 2014-02-13 18:35 - 05173688 _____ () C:\Users\Vances\Downloads\LS-MagaZine.Issue.13.Movie01-10_Downloader.exe
2014-02-13 18:35 - 2014-02-13 18:35 - 00027566 _____ () C:\Users\Vances\Downloads\72BA502E31D719A220FCF577DFA23B733173A1F0.torrent
2014-02-13 18:34 - 2014-02-13 18:32 - 08075072 _____ (http://yourfiledownloader.com) C:\Users\Vances\Downloads\YourFile_downloader.exe
2014-02-13 16:54 - 2013-10-23 14:53 - 00007592 _____ () C:\Users\Vances\AppData\Local\Resmon.ResmonCfg
2014-02-12 18:23 - 2013-10-15 22:29 - 02874844 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 18:23 - 2013-08-02 18:13 - 00431302 _____ () C:\Windows\system32\perfh012.dat
2014-02-12 18:23 - 2013-08-02 18:13 - 00403900 _____ () C:\Windows\system32\prfh0404.dat
2014-02-12 18:23 - 2013-08-02 18:13 - 00121230 _____ () C:\Windows\system32\perfc012.dat
2014-02-12 18:23 - 2013-08-02 18:13 - 00115936 _____ () C:\Windows\system32\prfc0404.dat
2014-02-12 18:23 - 2013-08-02 17:44 - 00386828 _____ () C:\Windows\system32\prfh0804.dat
2014-02-12 18:23 - 2013-08-02 17:44 - 00120438 _____ () C:\Windows\system32\prfc0804.dat
2014-02-12 18:23 - 2013-08-02 17:37 - 00419656 _____ () C:\Windows\system32\perfh011.dat
2014-02-12 18:23 - 2013-08-02 17:37 - 00122946 _____ () C:\Windows\system32\perfc011.dat
2014-02-12 18:23 - 2009-07-14 13:13 - 02874844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 18:22 - 2013-08-02 20:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 18:18 - 2014-01-27 14:00 - 00007838 _____ () C:\Windows\IE11_main.log
2014-02-12 18:18 - 2013-08-02 17:59 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:10 - 2014-02-12 17:10 - 00280204 _____ () C:\Users\Vances\Downloads\WindowsUpdateDiagnostic.diagcab
2014-02-12 16:59 - 2013-09-20 14:31 - 00000000 ____D () C:\Users\Vances\New folder
2014-02-12 16:57 - 2014-02-12 16:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 16:57 - 2014-02-12 16:38 - 00000000 ____D () C:\Users\Vances\Desktop\mbar
2014-02-12 16:39 - 2014-02-12 16:39 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-12 16:39 - 2014-02-12 16:39 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-12 16:38 - 2014-02-12 16:38 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Vances\Downloads\mbar-1.07.0.1009.exe
2014-02-11 13:33 - 2014-01-28 11:55 - 00000000 ____D () C:\Users\Vances\AppData\Roaming\TeamViewer
2014-02-10 23:52 - 2013-09-23 20:11 - 00000000 ____D () C:\Users\Vances\AppData\Roaming\Skype
2014-02-10 20:24 - 2014-02-10 20:24 - 00001173 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-10 20:18 - 2014-02-10 20:18 - 07033240 _____ (TeamViewer GmbH) C:\Users\Vances\Downloads\TeamViewer_Setup.exe
2014-02-10 20:13 - 2013-10-15 22:40 - 00220536 _____ () C:\Windows\PFRO.log
2014-02-10 13:16 - 2014-02-10 13:16 - 00021197 _____ () C:\Users\Vances\Desktop\combofixreport.txt
2014-02-10 12:45 - 2014-02-10 12:45 - 00021197 _____ () C:\ComboFix.txt
2014-02-10 12:45 - 2014-02-10 12:31 - 00000000 ____D () C:\Qoobox
2014-02-10 12:45 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2014-02-10 12:43 - 2014-02-10 12:31 - 00000000 ____D () C:\Windows\erdnt
2014-02-10 12:41 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-10 12:29 - 2014-02-10 12:29 - 05180173 ____R (Swearware) C:\Users\Vances\Desktop\ComboFix.exe
2014-02-09 21:19 - 2013-11-15 11:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-09 21:19 - 2013-11-15 11:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-09 21:18 - 2013-08-20 17:28 - 00000000 ____D () C:\Users\Vances\AppData\Local\Adobe
2014-02-07 21:52 - 2014-01-07 14:19 - 00000000 ____D () C:\Users\Vances\AppData\Local\CutePDF Writer
2014-02-07 18:05 - 2014-02-07 18:05 - 13245963 _____ () C:\Users\Vances\Downloads\gs910w64.exe
2014-02-07 18:05 - 2014-02-07 18:05 - 00000000 ____D () C:\Program Files\gs
2014-02-05 22:49 - 2014-01-27 16:31 - 00000000 ____D () C:\AdwCleaner
2014-02-05 22:46 - 2014-02-05 22:46 - 01166132 _____ () C:\Users\Vances\Desktop\Latest AdwCleaner.exe
2014-02-04 20:34 - 2014-02-04 20:34 - 00003170 _____ () C:\Windows\System32\Tasks\{A569F956-CB69-45DB-800A-ADFC1E62BB71}
2014-02-04 20:33 - 2014-02-04 20:33 - 10689696 _____ (Irfan Skiljan) C:\Users\Vances\Downloads\irfanview_plugins_437_setup.exe
2014-02-04 20:32 - 2014-02-04 20:32 - 00003144 _____ () C:\Windows\System32\Tasks\{AF3E80CE-6C89-470F-BC57-FEF359073A5C}
2014-02-04 20:32 - 2014-02-04 20:26 - 00001901 _____ () C:\Users\Vances\Desktop\IrfanView Thumbnails.lnk
2014-02-04 20:32 - 2014-02-04 20:26 - 00001009 _____ () C:\Users\Vances\Desktop\IrfanView.lnk
2014-02-04 20:26 - 2014-02-04 20:26 - 00000000 ____D () C:\Users\Vances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-02-04 20:24 - 2014-02-04 20:24 - 01883792 _____ (Irfan Skiljan) C:\Users\Vances\Downloads\iview437_setup.exe
2014-02-04 20:17 - 2014-02-04 20:17 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-04 17:45 - 2013-08-20 17:26 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 08:00 - 2014-02-04 07:59 - 00688992 _____ (Swearware) C:\Users\Vances\Downloads\dds (1).com
2014-02-03 19:48 - 2013-10-15 21:57 - 00000584 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-01 19:49 - 2013-12-25 23:06 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-01 19:49 - 2013-08-20 17:37 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-01 19:49 - 2013-08-20 17:36 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-01 19:49 - 2013-08-20 17:36 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-02-01 19:49 - 2013-08-20 17:36 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-01 19:49 - 2013-08-20 17:36 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-01 19:49 - 2013-08-20 17:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-01 17:20 - 2014-02-12 18:10 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 17:19 - 2014-02-12 18:10 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 17:19 - 2014-02-12 18:10 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 17:18 - 2014-02-12 18:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 17:18 - 2014-02-12 18:09 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 15:58 - 2014-02-12 18:10 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 15:58 - 2014-02-12 18:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 15:57 - 2014-02-12 18:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 15:57 - 2014-02-12 18:09 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 15:40 - 2014-02-12 18:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 15:34 - 2014-02-12 18:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 14:45 - 2014-02-12 18:10 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-01 14:38 - 2014-02-12 18:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-29 01:36 - 2014-01-29 01:36 - 00007235 _____ () C:\Users\Vances\Desktop\attach.txt
2014-01-29 01:35 - 2014-01-29 01:36 - 00015433 _____ () C:\Users\Vances\Desktop\dds.txt
2014-01-28 18:06 - 2013-08-02 14:15 - 00109688 _____ () C:\Users\Vances\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-28 15:20 - 2014-01-28 15:20 - 00000000 ___SD () C:\Users\Vances\Documents\My Data Sources
2014-01-28 15:06 - 2014-01-28 15:06 - 00001271 _____ () C:\Users\Vances\Desktop\StikyNot.exe - Shortcut.lnk
2014-01-28 12:41 - 2014-01-28 12:41 - 02347384 _____ (ESET) C:\Users\Vances\Desktop\esetsmartinstaller_enu.exe
2014-01-28 12:35 - 2014-01-28 12:35 - 00000630 _____ () C:\Users\Vances\Desktop\JRT.txt
2014-01-28 12:27 - 2014-01-28 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-01-28 12:23 - 2009-07-14 12:45 - 00417472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-28 12:19 - 2014-01-28 12:19 - 00100127 _____ () C:\Users\Vances\Desktop\TDSS Report.txt
2014-01-28 12:16 - 2014-01-28 12:16 - 00000000 ____D () C:\Users\Vances\Desktop\tdsskiller
2014-01-28 12:13 - 2014-01-28 12:12 - 00031027 _____ () C:\Users\Vances\Desktop\Result.txt
2014-01-28 12:11 - 2014-01-28 12:11 - 01037068 _____ (Thisisu) C:\Users\Vances\Desktop\JRT.exe
2014-01-28 12:07 - 2014-01-28 12:07 - 00982016 _____ (Farbar) C:\Users\Vances\Desktop\MiniToolBox.exe
2014-01-28 11:47 - 2014-01-28 11:47 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-01-27 23:02 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-01-27 21:24 - 2014-01-13 16:17 - 00000000 ____D () C:\Users\Vances\Documents\Anna Homeschool
2014-01-27 18:15 - 2013-08-02 14:03 - 00000000 ____D () C:\Users\Vances
2014-01-27 18:11 - 2013-06-27 17:44 - 00000000 ____D () C:\FFOutput
2014-01-27 16:52 - 2013-09-16 14:01 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-01-27 16:42 - 2009-07-14 13:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-27 14:12 - 2013-08-03 05:53 - 00000000 ____D () C:\Windows\Panther
2014-01-27 14:10 - 2013-08-05 11:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-27 14:10 - 2013-08-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-27 14:04 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-01-27 14:04 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-01-27 14:00 - 2013-08-05 10:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-27 13:47 - 2013-08-05 10:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-01-24 17:53 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-20 11:00 - 2013-09-18 11:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-20 10:56 - 2014-01-20 10:56 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-20 10:56 - 2013-09-18 11:18 - 00000000 ____D () C:\Program Files (x86)\Java
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-10 13:03
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by Vances at 2014-02-15 00:58:06
Running from C:\Users\Vances\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (x32 Version: 9.2 - Atheros)
Audacity 2.0.4 (x32 Version: 2.0.4 - Audacity Team)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.06 - Piriform)
CopyTrans Suite Remove Only (HKCU Version: 2.37 - WindSolutions)
CutePDF Writer 3.0 (Version:  3.0 - CutePDF.com)
DIRECTV Player (x32 Version: 9.0 - DIRECTV)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
EPSON L210 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
FormatFactory 3.1.1 (x32 Version: 3.1.1 - Free Time)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript (Version: 9.10 - Artifex Software Inc.)
HMA! Pro VPN 2.8.3.1 (x32 Version: 2.8.3.1 - )
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (x32 Version: 9.17.10.3223 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.37 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LAME v3.99.3 (for Windows) (x32 Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
mHotspot version 6.4.0.0 (x32 Version: 6.4.0.0 - mHotspot, Inc.)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
PDF Split And Merge Basic (Version: 2.2.2 - Andrea Vacondio)
PL-2303 USB-to-Serial (x32 Version: 1.3.0 - Prolific Technology INC)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6271 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Skype Click to Call (x32 Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
StreamTorrent 1.0 (x32 Version:  - )
System Requirements Lab for Intel (x32 Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (x32 Version: 9.0.25942 - TeamViewer)
Tixati (x32 Version:  - )
TOSHIBA Value Added Package (Version: 1.5.10.64 - TOSHIBA Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
VoiceOver Kit (x32 Version: 1.42.128.0 - Apple Inc.)
 
==================== Restore Points  =========================
 
04-02-2014 12:17:54 Revo Uninstaller's restore point - McAfee Security Scan Plus
09-02-2014 13:22:20 Revo Uninstaller's restore point - McAfee Security Scan Plus
10-02-2014 12:10:12 Revo Uninstaller's restore point - TeamViewer 9
12-02-2014 10:05:01 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02B81784-8FBA-4552-B137-41FBA5D0760E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-01] (AVAST Software)
Task: {0F3D4EED-FC1F-44E6-B33B-7192B209E3AC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-892678901-2589689131-1633928775-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {10B69724-858B-4D95-A269-E1B0340095F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-20] (Piriform Ltd)
Task: {5A1F8BA1-A851-4E49-B289-12ED50927ABD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-20] (Google Inc.)
Task: {82EB9DEC-D8A7-43BC-9B80-C0BA9E6D8401} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-892678901-2589689131-1633928775-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {833DC7F5-0C53-48B8-BCEE-35321332FC76} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-892678901-2589689131-1633928775-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {85357DE8-9992-4B01-BB31-ACE1FFC5E740} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-892678901-2589689131-1633928775-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9118ED83-7C27-4903-A70B-30F032F96917} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-892678901-2589689131-1633928775-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {EDF5F041-011A-44FE-9062-5C182434B60C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-20] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-04-04 19:18 - 2011-04-04 19:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 07956328 _____ () C:\Users\Vances\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-02-14 11:02 - 2014-02-14 02:08 - 02180096 _____ () C:\Program Files\AVAST Software\Avast\defs\14021301\algo.dll
2014-02-14 22:18 - 2014-02-14 18:26 - 02180096 _____ () C:\Program Files\AVAST Software\Avast\defs\14021401\algo.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-06-25 15:12 - 2013-06-25 15:12 - 00332128 _____ () C:\Users\Vances\AppData\Local\DIRECTV Player\ndsLogStore.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 03175264 _____ () C:\Users\Vances\AppData\Local\DIRECTV Player\DrmSingleton.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 02237288 _____ () C:\Users\Vances\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 07554400 _____ () C:\Users\Vances\AppData\Local\DIRECTV Player\gsttspplugin.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00689000 _____ () C:\Users\Vances\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 01403224 _____ () C:\Users\Vances\AppData\Local\DIRECTV Player\libxml2-2.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00091976 _____ () C:\Users\Vances\AppData\Local\DIRECTV Player\z.dll
2013-10-19 07:55 - 2013-10-19 07:55 - 25100288 _____ () C:\Users\Vances\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-22 09:57 - 2013-10-22 09:58 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-26 22:05 - 2013-11-26 22:05 - 00227240 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\HMAClientEngine.dll
2013-11-26 22:05 - 2013-11-26 22:05 - 00080808 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\Util.dll
2013-11-26 22:05 - 2013-11-26 22:05 - 00253864 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\System.ComponentModel.Composition.dll
2013-11-18 20:33 - 2013-11-18 20:33 - 00019456 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\TabStripsDLL.dll
2013-11-26 22:05 - 2013-11-26 22:05 - 00101288 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\HMA.GUI.Controls.dll
2014-02-04 17:45 - 2014-02-02 07:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 17:45 - 2014-02-02 07:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 17:45 - 2014-02-02 07:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 17:45 - 2014-02-02 07:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 17:44 - 2014-02-02 07:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2014 04:09:23 PM) (Source: RasClient) (User: )
Description: CoId={926F3871-1FAF-4C59-9E4E-B39E80AD5C0F}: The user Vances-PC\Vances dialed a connection named HMAVPN which has failed. The error code returned on failure is 0.
 
Error: (02/12/2014 05:27:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/12/2014 04:08:31 PM) (Source: RasClient) (User: )
Description: CoId={848C5B30-075B-477C-B3F1-E3071C1424A0}: The user Vances-PC\Vances dialed a connection named HMAVPN which has failed. The error code returned on failure is 868.
 
Error: (02/12/2014 03:11:33 PM) (Source: RasClient) (User: )
Description: CoId={DBF03213-8D83-45F3-9BEE-9A4FEA7D7598}: The user Vances-PC\Vances dialed a connection named HMAVPN which has failed. The error code returned on failure is 807.
 
Error: (02/12/2014 03:11:20 PM) (Source: RasClient) (User: )
Description: CoId={E4346616-E8B8-4A36-A18B-49A25516D3C8}: The user Vances-PC\Vances dialed a connection named HMAVPN which has failed. The error code returned on failure is 807.
 
Error: (02/11/2014 09:31:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16750, time stamp: 0x5269c643
Faulting module name: MSHTML.dll, version: 10.0.9200.16750, time stamp: 0x5269d985
Exception code: 0xc0000005
Fault offset: 0x00b8e917
Faulting process id: 0x18c8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2014 09:31:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16750, time stamp: 0x5269c643
Faulting module name: MSHTML.dll, version: 10.0.9200.16750, time stamp: 0x5269d985
Exception code: 0xc0000005
Fault offset: 0x00b8e917
Faulting process id: 0x1b80
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2014 02:15:17 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 12.0.6680.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1350
 
Start Time: 01cf26eac8d2d010
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
 
Report Id: cf987166-92e3-11e3-8610-e89d87e14626
 
Error: (02/10/2014 01:05:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/09/2014 09:32:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16750, time stamp: 0x5269c643
Faulting module name: MSHTML.dll, version: 10.0.9200.16750, time stamp: 0x5269d985
Exception code: 0xc0000005
Fault offset: 0x00b8e917
Faulting process id: 0x498
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (02/15/2014 00:56:27 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.
 
Error: (02/13/2014 10:14:27 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/12/2014 06:18:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (02/12/2014 05:59:10 PM) (Source: DCOM) (User: )
Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
 
Error: (02/12/2014 05:24:54 PM) (Source: DCOM) (User: )
Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
 
Error: (02/12/2014 01:13:49 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/11/2014 00:56:06 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/10/2014 01:20:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (02/10/2014 00:41:35 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/10/2014 00:37:28 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (01/15/2014 05:01:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1213 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (11/22/2013 05:10:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 6520 seconds with 4860 seconds of active time.  This session ended with a crash.
 
Error: (11/22/2013 03:00:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-29 22:57:37.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-29 22:57:37.192
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-29 22:57:36.152
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-29 22:57:35.342
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 69%
Total physical RAM: 1951.43 MB
Available physical RAM: 598.64 MB
Total Pagefile: 3902.85 MB
Available Pagefile: 1930.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (S3A8523D003) (Fixed) (Total:265.25 GB) (Free:195.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E17F02D0)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=265 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=17)
Partition 4: (Not Active) - (Size=11 GB) - (Type=17)
 
==================== End Of Log ============================


#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:52 PM

Posted 14 February 2014 - 05:51 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Users\Vances\Downloads\gs910w64.exe

 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users