Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after trying to remove Java/Lamar


  • This topic is locked This topic is locked
28 replies to this topic

#1 antohan

antohan

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 14 April 2014 - 10:09 AM

I had a problem with conduit a month or so ago but the laptop was fine after following some online tips.

 

A couple of days ago it started acting up (got hung up when trying to play videos online) and Avira quarantined a couple of Java/Lamar files. I forced their deletion, not sure if right. Then asked Java to remove it's temp files for the traces to disappear.

 

I now get no hits with Avira, Malware Bytes, ESET Online or Spybot (not sure it's any use anymore, used to so keep using it).

 

However, it is still acting up, gets hung up when restarting. It once restarted to a mess of a multiple colour screen so I restarted in safe mode but while running Avira and MBAM it overheated and shut down (never ever did that before). While reading on the internet some characters turn blurry and I need to scroll up and down to shake it off. My wi-fi connection got disabled twice for no reason at all as well.

 

I also get the feeling Avira, MBAM and ESET aren't working properly as they also get hung up for hours at a time while running, which is bizarre. Sure there's something wrong somewhere?

 

Already backed up files. Disabled Avira/Defender/Spybot, no idea if they are script-blocking or not. Will enable again now.

 

DDS as follows :

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 10.51.2
Run by Antonio at 11:46:49 on 2014-04-14
Microsoft Windows 7 Starter   6.1.7601.1.1252.598.3082.18.2048.1187 [GMT -3:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [HPOSD] c:\program files\hewlett-packard\hp on screen display\HPOSD.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{38D7E8A0-F4B1-4DA9-A29E-7E389754BB04} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{38D7E8A0-F4B1-4DA9-A29E-7E389754BB04}\36970727563737265646 : DHCPNameServer = 200.49.130.47 200.42.4.210
TCP: Interfaces\{82D00F88-5AE2-42D6-A6CA-B5815E8AA283} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\antonio\appdata\roaming\mozilla\firefox\profiles\rxxmrznp.default-1397386835784\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-1-28 66176]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-1-28 32384]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-8-23 37352]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-2-28 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-2-28 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-8-23 440400]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-8-23 440400]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-3-1 138400]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-1 72864]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-8-23 90400]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-10 246840]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2014-2-14 1784320]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-12-23 418376]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-17 1153368]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-7-19 37944]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-1 24736]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-7-28 27632]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-2-15 1071160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-23 22856]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-7-19 254056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-2-14 337512]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-7-19 35968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-12-23 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-1 34976]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-1 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-1 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-1 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-1 141088]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-1 242336]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2012-2-19 97408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-04-12 13:16:24    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-12 12:56:34    98816    ----a-w-    c:\windows\sed.exe
2014-04-12 12:56:34    256000    ----a-w-    c:\windows\PEV.exe
2014-04-12 12:56:34    208896    ----a-w-    c:\windows\MBR.exe
2014-04-08 17:33:50    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{4d7b8bd4-7602-48aa-b36d-0879beb8f4f5}\offreg.dll
2014-04-07 17:18:41    7969936    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{4d7b8bd4-7602-48aa-b36d-0879beb8f4f5}\mpengine.dll
2014-04-07 16:40:26    5120    ----a-w-    c:\windows\system32\wmi.dll
2014-04-07 16:40:26    19824    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2014-04-07 16:09:16    --------    d-----w-    c:\windows\system32\MRT
2014-04-07 15:25:57    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-04-07 15:15:56    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-04-07 15:09:07    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-04-07 15:09:05    492544    ----a-w-    c:\windows\system32\win32spl.dll
2014-04-07 15:08:30    175104    ----a-w-    c:\windows\system32\wintrust.dll
2014-04-07 15:08:06    530432    ----a-w-    c:\windows\system32\comctl32.dll
2014-04-07 15:08:05    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2014-04-07 15:08:05    36352    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2014-04-07 15:08:05    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2014-04-07 15:06:59    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-04-07 15:06:58    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2014-04-07 15:06:57    69632    ----a-w-    c:\windows\system32\smss.exe
2014-04-07 15:06:57    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2014-04-07 15:06:57    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-04-07 15:04:09    1389568    ----a-w-    c:\windows\system32\msxml6.dll
2014-04-07 15:04:07    70656    ----a-w-    c:\windows\system32\fontsub.dll
2014-04-07 15:04:07    34304    ----a-w-    c:\windows\system32\atmlib.dll
2014-04-07 15:04:07    295424    ----a-w-    c:\windows\system32\atmfd.dll
2014-04-07 15:04:07    26112    ----a-w-    c:\windows\system32\lpk.dll
2014-04-07 15:04:07    10240    ----a-w-    c:\windows\system32\dciman32.dll
2014-04-07 15:04:05    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-04-07 15:04:03    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-04-07 15:04:01    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-04-07 15:04:01    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-04-07 15:04:01    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-04-07 15:02:59    8192    ----a-w-    c:\windows\system32\rdrmemptylst.exe
2014-04-07 15:02:59    58880    ----a-w-    c:\windows\system32\rdpwsx.dll
2014-04-07 15:02:59    129536    ----a-w-    c:\windows\system32\rdpcorekmts.dll
2014-04-07 15:00:44    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2014-04-07 14:59:25    542208    ----a-w-    c:\windows\system32\kerberos.dll
2014-04-07 14:59:01    826880    ----a-w-    c:\windows\system32\rdpcore.dll
2014-04-07 14:59:01    24576    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2014-04-07 14:58:53    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2014-04-07 14:58:53    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2014-04-07 14:58:51    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-04-07 14:58:43    769024    ----a-w-    c:\windows\system32\localspl.dll
2014-04-07 14:58:41    680960    ----a-w-    c:\program files\windows defender\MpSvc.dll
2014-04-07 14:58:40    392704    ----a-w-    c:\program files\windows defender\MpClient.dll
2014-04-07 14:58:40    224768    ----a-w-    c:\program files\windows defender\MpCommu.dll
2014-04-07 14:46:52    56176    ----a-w-    c:\windows\system32\drivers\partmgr.sys
2014-04-07 14:32:48    2422272    ----a-w-    c:\windows\system32\wucltux.dll
2014-04-07 14:32:30    88576    ----a-w-    c:\windows\system32\wudriver.dll
2014-04-07 14:32:18    33792    ----a-w-    c:\windows\system32\wuapp.exe
2014-04-07 14:32:18    171904    ----a-w-    c:\windows\system32\wuwebv.dll
2014-04-03 23:21:43    --------    d-----w-    c:\users\antonio\D-Fend Reloaded
2014-04-03 23:21:40    --------    d-----w-    c:\program files\D-Fend Reloaded
2014-03-31 19:39:47    --------    d-----w-    c:\users\antonio\appdata\local\Skype
2014-03-31 19:39:12    --------    d-----r-    c:\program files\Skype
2014-03-30 01:10:46    1679360    ----a-w-    c:\windows\system32\ac3filter.acm
2014-03-30 01:10:44    --------    d-----w-    c:\program files\AC3Filter
.
==================== Find3M  ====================
.
2014-04-07 15:21:05    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-11 23:46:45    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 23:46:45    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-14 12:39:21    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2014-02-14 12:39:20    173352    ----a-w-    c:\windows\system32\SynTPAPI.dll
2014-02-14 12:39:20    1350704    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2014-02-14 12:39:20    120104    ----a-w-    c:\windows\system32\SynTPCo9.dll
2014-02-14 12:39:14    222504    ----a-w-    c:\windows\system32\SynCtrl.dll
2014-02-14 12:39:14    177448    ----a-w-    c:\windows\system32\SynCOM.dll
2014-02-14 12:18:20    80416    ----a-w-    c:\windows\system32\RtNicProp32.dll
2014-02-14 12:18:20    337512    ----a-w-    c:\windows\system32\drivers\Rt86win7.sys
2014-02-14 12:18:20    100896    ----a-w-    c:\windows\system32\RTNUninst32.dll
2014-02-14 12:14:55    9888360    ----a-w-    c:\windows\system32\RtsPStorIcon.dll
2014-02-14 12:14:55    254056    ----a-w-    c:\windows\system32\drivers\RtsPStor.sys
2014-02-13 12:46:44    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
2014-01-29 02:06:47    381440    ----a-w-    c:\windows\system32\wer.dll
.
============= FINISH: 11:48:25,04 ===============
 

Thanks in advance for any help you can provide.

Attached Files


Edited by antohan, 14 April 2014 - 10:16 AM.


BC AdBot (Login to Remove)

 


m

#2 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 18 April 2014 - 05:49 PM

I will be away over Easter and with no internet connection but will run any tests indicated upon my return on Monday.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 19 April 2014 - 10:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531025 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 April 2014 - 08:21 PM

 

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.

     

Nothing much has changed or been done. If anything computer is now slower and hangs more often.

 

 

 

2. A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.

 

 

 

New DDS below and new attach.txt attached.

 

 

3. Please tell us if you have your original Windows CD/DVD available.

 

 

Never had one, laptop was delivered with Windows 7 pre-installed, no CD/DVDs whatsoever. Data is backed up and, if needed, can format and start afresh. Would rather not, loads of former work software I don't have the faintest idea how to reinstall, but it's an option if no fix is possible.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 10.55.2
Run by Antonio at 22:14:10 on 2014-04-20
Microsoft Windows 7 Starter   6.1.7601.1.1252.598.3082.18.2048.907 [GMT -3:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [HPOSD] c:\program files\hewlett-packard\hp on screen display\HPOSD.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{38D7E8A0-F4B1-4DA9-A29E-7E389754BB04} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{38D7E8A0-F4B1-4DA9-A29E-7E389754BB04}\36970727563737265646 : DHCPNameServer = 200.49.130.47 200.42.4.210
TCP: Interfaces\{38D7E8A0-F4B1-4DA9-A29E-7E389754BB04}\45F6E69664C6F627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{82D00F88-5AE2-42D6-A6CA-B5815E8AA283} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\antonio\appdata\roaming\mozilla\firefox\profiles\rxxmrznp.default-1397386835784\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-1-28 66176]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-1-28 32384]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-8-23 37352]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-2-28 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-2-28 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-8-23 440400]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-8-23 440400]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-3-1 138400]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-1 72864]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-8-23 90400]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-7-19 37944]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-1 24736]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-7-28 27632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-23 22856]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-7-19 254056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-2-14 337512]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-7-19 35968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-1 34976]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-1 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-1 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-1 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-1 141088]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-1 242336]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2012-2-19 97408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2014-04-21 00:44:07    8050496    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{6a9a1845-8c20-4316-aa7b-6762f17743e9}\mpengine.dll
2014-04-16 10:44:05    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-04-12 13:16:24    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-12 12:56:34    98816    ----a-w-    c:\windows\sed.exe
2014-04-12 12:56:34    256000    ----a-w-    c:\windows\PEV.exe
2014-04-12 12:56:34    208896    ----a-w-    c:\windows\MBR.exe
2014-04-07 16:40:26    5120    ----a-w-    c:\windows\system32\wmi.dll
2014-04-07 16:40:26    19824    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2014-04-07 16:09:16    --------    d-----w-    c:\windows\system32\MRT
2014-04-07 15:25:57    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-04-07 15:15:56    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-04-07 15:09:07    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-04-07 15:09:05    492544    ----a-w-    c:\windows\system32\win32spl.dll
2014-04-07 15:08:30    175104    ----a-w-    c:\windows\system32\wintrust.dll
2014-04-07 15:08:06    530432    ----a-w-    c:\windows\system32\comctl32.dll
2014-04-07 15:08:05    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2014-04-07 15:08:05    36352    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2014-04-07 15:08:05    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2014-04-07 15:06:59    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-04-07 15:06:58    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2014-04-07 15:06:57    69632    ----a-w-    c:\windows\system32\smss.exe
2014-04-07 15:06:57    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2014-04-07 15:06:57    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-04-07 15:04:09    1389568    ----a-w-    c:\windows\system32\msxml6.dll
2014-04-07 15:04:07    70656    ----a-w-    c:\windows\system32\fontsub.dll
2014-04-07 15:04:07    34304    ----a-w-    c:\windows\system32\atmlib.dll
2014-04-07 15:04:07    295424    ----a-w-    c:\windows\system32\atmfd.dll
2014-04-07 15:04:07    26112    ----a-w-    c:\windows\system32\lpk.dll
2014-04-07 15:04:07    10240    ----a-w-    c:\windows\system32\dciman32.dll
2014-04-07 15:04:05    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-04-07 15:04:03    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-04-07 15:04:01    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-04-07 15:04:01    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-04-07 15:04:01    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-04-07 15:02:59    8192    ----a-w-    c:\windows\system32\rdrmemptylst.exe
2014-04-07 15:02:59    58880    ----a-w-    c:\windows\system32\rdpwsx.dll
2014-04-07 15:02:59    129536    ----a-w-    c:\windows\system32\rdpcorekmts.dll
2014-04-07 15:00:44    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2014-04-07 14:59:25    542208    ----a-w-    c:\windows\system32\kerberos.dll
2014-04-07 14:59:01    826880    ----a-w-    c:\windows\system32\rdpcore.dll
2014-04-07 14:59:01    24576    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2014-04-07 14:58:53    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2014-04-07 14:58:53    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2014-04-07 14:58:51    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-04-07 14:58:43    769024    ----a-w-    c:\windows\system32\localspl.dll
2014-04-07 14:58:41    680960    ----a-w-    c:\program files\windows defender\MpSvc.dll
2014-04-07 14:58:40    392704    ----a-w-    c:\program files\windows defender\MpClient.dll
2014-04-07 14:58:40    224768    ----a-w-    c:\program files\windows defender\MpCommu.dll
2014-04-07 14:46:52    56176    ----a-w-    c:\windows\system32\drivers\partmgr.sys
2014-04-07 14:32:48    2422272    ----a-w-    c:\windows\system32\wucltux.dll
2014-04-07 14:32:30    88576    ----a-w-    c:\windows\system32\wudriver.dll
2014-04-07 14:32:18    33792    ----a-w-    c:\windows\system32\wuapp.exe
2014-04-07 14:32:18    171904    ----a-w-    c:\windows\system32\wuwebv.dll
2014-04-03 23:21:43    --------    d-----w-    c:\users\antonio\D-Fend Reloaded
2014-04-03 23:21:40    --------    d-----w-    c:\program files\D-Fend Reloaded
2014-03-31 19:39:47    --------    d-----w-    c:\users\antonio\appdata\local\Skype
2014-03-31 19:39:12    --------    d-----r-    c:\program files\Skype
2014-03-30 01:10:46    1679360    ----a-w-    c:\windows\system32\ac3filter.acm
2014-03-30 01:10:44    --------    d-----w-    c:\program files\AC3Filter
.
==================== Find3M  ====================
.
2014-04-07 15:21:05    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-31 12:35:10    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-11 23:46:45    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 23:46:45    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-14 12:39:21    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2014-02-14 12:39:20    173352    ----a-w-    c:\windows\system32\SynTPAPI.dll
2014-02-14 12:39:20    1350704    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2014-02-14 12:39:20    120104    ----a-w-    c:\windows\system32\SynTPCo9.dll
2014-02-14 12:39:14    222504    ----a-w-    c:\windows\system32\SynCtrl.dll
2014-02-14 12:39:14    177448    ----a-w-    c:\windows\system32\SynCOM.dll
2014-02-14 12:18:20    80416    ----a-w-    c:\windows\system32\RtNicProp32.dll
2014-02-14 12:18:20    337512    ----a-w-    c:\windows\system32\drivers\Rt86win7.sys
2014-02-14 12:18:20    100896    ----a-w-    c:\windows\system32\RTNUninst32.dll
2014-02-14 12:14:55    9888360    ----a-w-    c:\windows\system32\RtsPStorIcon.dll
2014-02-14 12:14:55    254056    ----a-w-    c:\windows\system32\drivers\RtsPStor.sys
2014-02-13 12:46:44    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
2014-01-29 02:06:47    381440    ----a-w-    c:\windows\system32\wer.dll
.
============= FINISH: 22:16:08,73 ===============

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 AM

Posted 21 April 2014 - 08:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#6 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 21 April 2014 - 10:59 AM

TSS found no threats:

 

12:56:24.0695 0x1c34  TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:10
12:56:35.0085 0x1c34  ============================================================
12:56:35.0085 0x1c34  Current date / time: 2014/04/21 12:56:35.0085
12:56:35.0085 0x1c34  SystemInfo:
12:56:35.0085 0x1c34  
12:56:35.0085 0x1c34  OS Version: 6.1.7601 ServicePack: 1.0
12:56:35.0085 0x1c34  Product type: Workstation
12:56:35.0085 0x1c34  ComputerName: ANTONIO-HP
12:56:35.0085 0x1c34  UserName: Antonio
12:56:35.0085 0x1c34  Windows directory: C:\Windows
12:56:35.0085 0x1c34  System windows directory: C:\Windows
12:56:35.0085 0x1c34  Processor architecture: Intel x86
12:56:35.0085 0x1c34  Number of processors: 2
12:56:35.0085 0x1c34  Page size: 0x1000
12:56:35.0085 0x1c34  Boot type: Normal boot
12:56:35.0085 0x1c34  ============================================================
12:56:35.0381 0x1c34  KLMD registered as C:\Windows\system32\drivers\14135806.sys
12:56:35.0646 0x1c34  System UUID: {AE25A4B8-9996-AD54-3FD3-833864A99FA4}
12:56:37.0050 0x1c34  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:56:37.0066 0x1c34  ============================================================
12:56:37.0066 0x1c34  \Device\Harddisk0\DR0:
12:56:37.0066 0x1c34  MBR partitions:
12:56:37.0066 0x1c34  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:56:37.0066 0x1c34  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38AC8800
12:56:37.0066 0x1c34  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38B2C800, BlocksNum 0x1825800
12:56:37.0066 0x1c34  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
12:56:37.0066 0x1c34  ============================================================
12:56:37.0082 0x1c34  C: <-> \Device\Harddisk0\DR0\Partition2
12:56:37.0128 0x1c34  D: <-> \Device\Harddisk0\DR0\Partition3
12:56:37.0128 0x1c34  ============================================================
12:56:37.0128 0x1c34  Initialize success
12:56:37.0128 0x1c34  ============================================================
12:56:40.0420 0x1a3c  ============================================================
12:56:40.0420 0x1a3c  Scan started
12:56:40.0420 0x1a3c  Mode: Manual;
12:56:40.0420 0x1a3c  ============================================================
12:56:40.0420 0x1a3c  KSN ping started
12:56:43.0353 0x1a3c  KSN ping finished: true
12:56:43.0634 0x1a3c  ================ Scan system memory ========================
12:56:43.0634 0x1a3c  System memory - ok
12:56:43.0634 0x1a3c  ================ Scan services =============================
12:56:43.0883 0x1a3c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:56:43.0899 0x1a3c  1394ohci - ok
12:56:43.0992 0x1a3c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:56:44.0008 0x1a3c  ACPI - ok
12:56:44.0070 0x1a3c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:56:44.0070 0x1a3c  AcpiPmi - ok
12:56:44.0211 0x1a3c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:56:44.0226 0x1a3c  AdobeARMservice - ok
12:56:44.0320 0x1a3c  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:56:44.0336 0x1a3c  AdobeFlashPlayerUpdateSvc - ok
12:56:44.0414 0x1a3c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:56:44.0445 0x1a3c  adp94xx - ok
12:56:44.0507 0x1a3c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:56:44.0523 0x1a3c  adpahci - ok
12:56:44.0570 0x1a3c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:56:44.0585 0x1a3c  adpu320 - ok
12:56:44.0632 0x1a3c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:56:44.0632 0x1a3c  AeLookupSvc - ok
12:56:44.0694 0x1a3c  [ 9EBBBA55060F786F0FCAA3893BFA2806, 2E5A0FA2995989E9391771024839F5AD040A041CEE56787286D8FC421E26FE90 ] AFD             C:\Windows\system32\drivers\afd.sys
12:56:44.0741 0x1a3c  AFD - ok
12:56:44.0772 0x1a3c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:56:44.0772 0x1a3c  agp440 - ok
12:56:44.0819 0x1a3c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:56:44.0835 0x1a3c  aic78xx - ok
12:56:44.0882 0x1a3c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:56:44.0897 0x1a3c  ALG - ok
12:56:44.0944 0x1a3c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:56:44.0944 0x1a3c  aliide - ok
12:56:45.0006 0x1a3c  [ 28B47A057B69D8D092E375E389121426, DF71B946F94508B95F30A92FFBC2D3CB0263F6CD873E99AAFFA95114337FDDFD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:56:45.0022 0x1a3c  AMD External Events Utility - ok
12:56:45.0069 0x1a3c  AMD FUEL Service - ok
12:56:45.0100 0x1a3c  [ 9FE76D783A7D47965D086A220B54277B, 606D86B0F9314D2BB217F95EB883263912203171D4D460DD500317405A4B2F9C ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
12:56:45.0116 0x1a3c  AMD Reservation Manager - ok
12:56:45.0147 0x1a3c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:56:45.0147 0x1a3c  amdagp - ok
12:56:45.0178 0x1a3c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:56:45.0178 0x1a3c  amdide - ok
12:56:45.0225 0x1a3c  [ FF258424F0B2EF25EB98F04EE386E6E3, 09DC3854BF0D52FB80AB08DC4E0DD4A9E37ACAA500083A56F9836C837EBCFA82 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
12:56:45.0225 0x1a3c  amdiox86 - ok
12:56:45.0272 0x1a3c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:56:45.0272 0x1a3c  AmdK8 - ok
12:56:45.0833 0x1a3c  [ 51B4A4F14EA385302008EFD549D56557, 5A25FE183A9F28255A36239600158CBC928817A1B53D443504E514855C9212F6 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:56:46.0442 0x1a3c  amdkmdag - ok
12:56:46.0566 0x1a3c  [ C8FB750C6513E0616B9E2BFCE95BE68B, B33F8EE557B4C8DFBEFEF46E0F1382C56D25856DFD9B0A490809C50C7423D0E2 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:56:46.0582 0x1a3c  amdkmdap - ok
12:56:46.0613 0x1a3c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:56:46.0629 0x1a3c  AmdPPM - ok
12:56:46.0676 0x1a3c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:56:46.0691 0x1a3c  amdsata - ok
12:56:46.0722 0x1a3c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:56:46.0738 0x1a3c  amdsbs - ok
12:56:46.0769 0x1a3c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:56:46.0769 0x1a3c  amdxata - ok
12:56:46.0800 0x1a3c  [ 2113D75397A28E41530343466518699C, DC199E45DD0D1BA482565F0FE042EF86B7FA5620B232CD620B9481DDCCD25424 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
12:56:46.0800 0x1a3c  amd_sata - ok
12:56:46.0832 0x1a3c  [ 5FF6A863EEDD7A20F2ABF3977B9100DB, 7BD88F2BB5CE15C8CFEF042D6F5EC17631AC4A7EE74DF862496831DEC2E356B0 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
12:56:46.0847 0x1a3c  amd_xata - ok
12:56:46.0972 0x1a3c  [ 4D282B9C5BB05DF92C9F3977DFB9F916, E6D49ED0D5FA26F2936FC97A0F1DFA38D1066AAF2EEFCE2931AF21B2CBE54CAD ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:56:47.0003 0x1a3c  AntiVirSchedulerService - ok
12:56:47.0097 0x1a3c  [ 65AF41A7A2C5B6693E1B4164E7632C3E, BA1DC45D7BB5307BD418D2BDFDBD1DD593439245A0A3F65FE6287F6F5198B999 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:56:47.0128 0x1a3c  AntiVirService - ok
12:56:47.0175 0x1a3c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
12:56:47.0190 0x1a3c  AppID - ok
12:56:47.0237 0x1a3c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:56:47.0253 0x1a3c  AppIDSvc - ok
12:56:47.0300 0x1a3c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
12:56:47.0300 0x1a3c  Appinfo - ok
12:56:47.0331 0x1a3c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
12:56:47.0346 0x1a3c  arc - ok
12:56:47.0393 0x1a3c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:56:47.0393 0x1a3c  arcsas - ok
12:56:47.0424 0x1a3c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:47.0440 0x1a3c  AsyncMac - ok
12:56:47.0471 0x1a3c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:56:47.0487 0x1a3c  atapi - ok
12:56:47.0518 0x1a3c  [ 882EDBAFCC227852C9DCA23EA48D2E78, 309E4247EC236F2488E86B38EBA2995518ECFDC5916FBB6CF5054073C3010A1B ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
12:56:47.0518 0x1a3c  AthBTPort - ok
12:56:47.0596 0x1a3c  [ 4C4A576818EA028257C624AE36FF7A03, 951521E0531D943EF55737EE99BBCBD6CC6ABC50530985D774EEBE8564166EDB ] Atheros Bt&Wlan Coex Agent C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
12:56:47.0596 0x1a3c  Atheros Bt&Wlan Coex Agent - ok
12:56:47.0643 0x1a3c  [ D386C3F9EE8504B6EEC0B9712911FAEC, 2D6A279A718142A1E53EEC39B98F7459171FD8D15C20BE5ABF487515CBA85E94 ] AtherosSvc      C:\Program Files\Bluetooth Suite\adminservice.exe
12:56:47.0643 0x1a3c  AtherosSvc - ok
12:56:47.0939 0x1a3c  [ DA8EC3A851859FB4457B07A0075406B2, 88272A1A5D1A1CF40145C30D1761448F833FF73B7A943CF9CB1BEC13B01EDC89 ] athr            C:\Windows\system32\DRIVERS\athr.sys
12:56:48.0220 0x1a3c  athr - ok
12:56:48.0314 0x1a3c  [ 8DF873D0587596C1D35A9CECECC61DA1, 41974FCA452CE48C5A6040BF99D1AC9A1C13FF38DF341443CCE2D2ABBC4C9453 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
12:56:48.0314 0x1a3c  AtiHdmiService - ok
12:56:48.0360 0x1a3c  [ 4FFE74E33BD9170950116F0CA46EAC89, B69F2DDC63E608E4D53FDB37B720E8C1B4837DDCBA7552B938819B2DA3F701E5 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
12:56:48.0360 0x1a3c  AtiPcie - ok
12:56:48.0438 0x1a3c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:56:48.0470 0x1a3c  AudioEndpointBuilder - ok
12:56:48.0516 0x1a3c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:56:48.0548 0x1a3c  Audiosrv - ok
12:56:48.0672 0x1a3c  [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:56:48.0672 0x1a3c  avgntflt - ok
12:56:48.0704 0x1a3c  [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:56:48.0719 0x1a3c  avipbb - ok
12:56:48.0750 0x1a3c  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:56:48.0766 0x1a3c  avkmgr - ok
12:56:48.0813 0x1a3c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:56:48.0844 0x1a3c  AxInstSV - ok
12:56:48.0922 0x1a3c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
12:56:48.0953 0x1a3c  b06bdrv - ok
12:56:49.0016 0x1a3c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:56:49.0031 0x1a3c  b57nd60x - ok
12:56:49.0109 0x1a3c  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
12:56:49.0125 0x1a3c  BBSvc - ok
12:56:49.0312 0x1a3c  [ EB7C2DADF52F50F69F198C14C3556DC1, ABA6964B443B7A041C18E09376AC7F7C87122738BA71328F02510CD1D76ACBB0 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
12:56:49.0421 0x1a3c  BCM43XX - ok
12:56:49.0468 0x1a3c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:56:49.0499 0x1a3c  BDESVC - ok
12:56:49.0546 0x1a3c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:56:49.0562 0x1a3c  Beep - ok
12:56:49.0640 0x1a3c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
12:56:49.0671 0x1a3c  BFE - ok
12:56:49.0749 0x1a3c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
12:56:49.0827 0x1a3c  BITS - ok
12:56:49.0874 0x1a3c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:56:49.0874 0x1a3c  blbdrive - ok
12:56:49.0920 0x1a3c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:56:49.0920 0x1a3c  bowser - ok
12:56:49.0952 0x1a3c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:56:49.0952 0x1a3c  BrFiltLo - ok
12:56:49.0983 0x1a3c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:56:49.0983 0x1a3c  BrFiltUp - ok
12:56:50.0045 0x1a3c  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:56:50.0061 0x1a3c  BridgeMP - ok
12:56:50.0108 0x1a3c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
12:56:50.0123 0x1a3c  Browser - ok
12:56:50.0201 0x1a3c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:56:50.0217 0x1a3c  Brserid - ok
12:56:50.0248 0x1a3c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:56:50.0264 0x1a3c  BrSerWdm - ok
12:56:50.0279 0x1a3c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:56:50.0279 0x1a3c  BrUsbMdm - ok
12:56:50.0295 0x1a3c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:56:50.0295 0x1a3c  BrUsbSer - ok
12:56:50.0357 0x1a3c  [ E5B321F18A1D8B6B8DD397D92BA5946A, DBCB3234113938436E65DB6730E3E339D9E20F43F96B100D300893C0DC0B058A ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
12:56:50.0373 0x1a3c  BTATH_A2DP - ok
12:56:50.0420 0x1a3c  [ F60E0C722442EA91F0C253B7814D8192, FCD383C9DD38B57FADB8EC5F915D8040E6B116E59DC062BD3600C7BED4039F21 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
12:56:50.0420 0x1a3c  BTATH_BUS - ok
12:56:50.0451 0x1a3c  [ F31E369DB8258B28E3DCF66705AEA9E9, 75D653846A66D082B1F2235474FA0D206E50DFA6C1537FDFB64890A3945FB740 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
12:56:50.0466 0x1a3c  BTATH_HCRP - ok
12:56:50.0498 0x1a3c  [ 6651798266FDE23159D961463A63A77D, 636E4DA3122282CC37B92AA67A3B392012B57F4BDFC91AE655CD6978B8E60D22 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
12:56:50.0498 0x1a3c  BTATH_LWFLT - ok
12:56:50.0544 0x1a3c  [ 08EF5298DF80BC136523BCD2ED8B9C37, 0970A24DB16160F8BF30AF2FFC4A98A2676619A0ABDC36FCF16BE74291A4E206 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
12:56:50.0560 0x1a3c  BTATH_RCP - ok
12:56:50.0622 0x1a3c  [ 8F2223374E9FA01A016EAC0E05888D1D, E00CC0698FDB77E987804E7846D98996A29F645E32D46D87B2EAA1C1113AEB2C ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
12:56:50.0638 0x1a3c  BtFilter - ok
12:56:50.0700 0x1a3c  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:56:50.0716 0x1a3c  BthEnum - ok
12:56:50.0747 0x1a3c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:56:50.0747 0x1a3c  BTHMODEM - ok
12:56:50.0794 0x1a3c  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:56:50.0794 0x1a3c  BthPan - ok
12:56:50.0872 0x1a3c  [ C2FBF6D271D9A94D839C416BF186EAD9, 492F8344BD2E354C3525E1E535A1BAAAC17A38EE01868B986AC112E33B3B2A66 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:56:50.0903 0x1a3c  BTHPORT - ok
12:56:50.0950 0x1a3c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
12:56:50.0966 0x1a3c  bthserv - ok
12:56:51.0012 0x1a3c  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:56:51.0028 0x1a3c  BTHUSB - ok
12:56:51.0153 0x1a3c  catchme - ok
12:56:51.0184 0x1a3c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:56:51.0215 0x1a3c  cdfs - ok
12:56:51.0262 0x1a3c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:56:51.0293 0x1a3c  cdrom - ok
12:56:51.0324 0x1a3c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:56:51.0340 0x1a3c  CertPropSvc - ok
12:56:51.0371 0x1a3c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:56:51.0387 0x1a3c  circlass - ok
12:56:51.0465 0x1a3c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
12:56:51.0480 0x1a3c  CLFS - ok
12:56:51.0574 0x1a3c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:56:51.0574 0x1a3c  clr_optimization_v2.0.50727_32 - ok
12:56:51.0668 0x1a3c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:56:51.0683 0x1a3c  clr_optimization_v4.0.30319_32 - ok
12:56:51.0746 0x1a3c  [ 125C828BF3673406DFD642D7BEE8434F, 0D35DFFC1B7958E5C44F8ABCAFBF965D41AB431E7829568F391B6F771523B243 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
12:56:51.0746 0x1a3c  clwvd - ok
12:56:51.0777 0x1a3c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:56:51.0792 0x1a3c  CmBatt - ok
12:56:51.0824 0x1a3c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:56:51.0824 0x1a3c  cmdide - ok
12:56:51.0902 0x1a3c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
12:56:51.0933 0x1a3c  CNG - ok
12:56:51.0964 0x1a3c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:56:51.0980 0x1a3c  Compbatt - ok
12:56:52.0011 0x1a3c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:56:52.0026 0x1a3c  CompositeBus - ok
12:56:52.0042 0x1a3c  COMSysApp - ok
12:56:52.0073 0x1a3c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:56:52.0089 0x1a3c  crcdisk - ok
12:56:52.0151 0x1a3c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:56:52.0167 0x1a3c  CryptSvc - ok
12:56:52.0229 0x1a3c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:56:52.0260 0x1a3c  DcomLaunch - ok
12:56:52.0307 0x1a3c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
12:56:52.0323 0x1a3c  defragsvc - ok
12:56:52.0370 0x1a3c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:56:52.0385 0x1a3c  DfsC - ok
12:56:52.0432 0x1a3c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:56:52.0463 0x1a3c  Dhcp - ok
12:56:52.0479 0x1a3c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
12:56:52.0494 0x1a3c  discache - ok
12:56:52.0541 0x1a3c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
12:56:52.0541 0x1a3c  Disk - ok
12:56:52.0588 0x1a3c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:56:52.0588 0x1a3c  Dnscache - ok
12:56:52.0650 0x1a3c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:56:52.0697 0x1a3c  dot3svc - ok
12:56:52.0806 0x1a3c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
12:56:52.0806 0x1a3c  DPS - ok
12:56:52.0853 0x1a3c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:56:52.0869 0x1a3c  drmkaud - ok
12:56:52.0978 0x1a3c  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:56:53.0056 0x1a3c  DXGKrnl - ok
12:56:53.0118 0x1a3c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
12:56:53.0118 0x1a3c  EapHost - ok
12:56:53.0462 0x1a3c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
12:56:53.0711 0x1a3c  ebdrv - ok
12:56:53.0789 0x1a3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\Windows\System32\lsass.exe
12:56:53.0789 0x1a3c  EFS - ok
12:56:53.0914 0x1a3c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:56:53.0945 0x1a3c  elxstor - ok
12:56:53.0976 0x1a3c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:56:53.0976 0x1a3c  ErrDev - ok
12:56:54.0054 0x1a3c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
12:56:54.0070 0x1a3c  EventSystem - ok
12:56:54.0117 0x1a3c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:56:54.0148 0x1a3c  exfat - ok
12:56:54.0195 0x1a3c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:56:54.0210 0x1a3c  fastfat - ok
12:56:54.0273 0x1a3c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
12:56:54.0320 0x1a3c  Fax - ok
12:56:54.0366 0x1a3c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
12:56:54.0366 0x1a3c  fdc - ok
12:56:54.0398 0x1a3c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
12:56:54.0413 0x1a3c  fdPHost - ok
12:56:54.0444 0x1a3c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:56:54.0444 0x1a3c  FDResPub - ok
12:56:54.0491 0x1a3c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:56:54.0491 0x1a3c  FileInfo - ok
12:56:54.0522 0x1a3c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:56:54.0538 0x1a3c  Filetrace - ok
12:56:54.0569 0x1a3c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:56:54.0585 0x1a3c  flpydisk - ok
12:56:54.0616 0x1a3c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:56:54.0632 0x1a3c  FltMgr - ok
12:56:54.0756 0x1a3c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
12:56:54.0834 0x1a3c  FontCache - ok
12:56:54.0912 0x1a3c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:56:54.0928 0x1a3c  FontCache3.0.0.0 - ok
12:56:54.0944 0x1a3c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:56:54.0959 0x1a3c  FsDepends - ok
12:56:55.0006 0x1a3c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:56:55.0022 0x1a3c  Fs_Rec - ok
12:56:55.0084 0x1a3c  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:56:55.0100 0x1a3c  fvevol - ok
12:56:55.0131 0x1a3c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:56:55.0146 0x1a3c  gagp30kx - ok
12:56:55.0224 0x1a3c  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
12:56:55.0240 0x1a3c  GamesAppService - ok
12:56:55.0349 0x1a3c  [ CFD54D70F76E84E1E737AE1140FBC5C0, 29B71794842FDFEC1512EAD8E298E2D0568E062A119141F7C309CC8910C6BA9C ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
12:56:55.0365 0x1a3c  Garmin Core Update Service - ok
12:56:55.0443 0x1a3c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:56:55.0490 0x1a3c  gpsvc - ok
12:56:55.0568 0x1a3c  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:56:55.0583 0x1a3c  gusvc - ok
12:56:55.0614 0x1a3c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:56:55.0614 0x1a3c  hcw85cir - ok
12:56:55.0677 0x1a3c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:56:55.0755 0x1a3c  HdAudAddService - ok
12:56:55.0802 0x1a3c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:56:55.0817 0x1a3c  HDAudBus - ok
12:56:55.0848 0x1a3c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:56:55.0848 0x1a3c  HidBatt - ok
12:56:55.0880 0x1a3c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:56:55.0895 0x1a3c  HidBth - ok
12:56:55.0926 0x1a3c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:56:55.0942 0x1a3c  HidIr - ok
12:56:55.0973 0x1a3c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
12:56:55.0989 0x1a3c  hidserv - ok
12:56:56.0004 0x1a3c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:56:56.0020 0x1a3c  HidUsb - ok
12:56:56.0051 0x1a3c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:56:56.0051 0x1a3c  hkmsvc - ok
12:56:56.0129 0x1a3c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:56:56.0176 0x1a3c  HomeGroupListener - ok
12:56:56.0223 0x1a3c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:56:56.0238 0x1a3c  HomeGroupProvider - ok
12:56:56.0332 0x1a3c  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:56:56.0348 0x1a3c  HP Support Assistant Service - ok
12:56:56.0426 0x1a3c  [ DFEC85328A07E518B4DBDF43BBBA5740, 86AB2ED9A234D26A05B1F7953B8BA555C9D4B0C6AE4D9DE707976AFB35C955CF ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
12:56:56.0441 0x1a3c  HPClientSvc - ok
12:56:56.0566 0x1a3c  [ E040F0064D39F73BB4995D494F3DCBB8, F13369719673DC7E533931EDD07464E03146D9C226E8399A062CF9A70F5942A7 ] hpCMSrv         C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
12:56:56.0660 0x1a3c  hpCMSrv - ok
12:56:56.0800 0x1a3c  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
12:56:56.0894 0x1a3c  hpqwmiex - ok
12:56:56.0940 0x1a3c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:56:56.0940 0x1a3c  HpSAMD - ok
12:56:57.0003 0x1a3c  [ 2BEC76BDCD1BC080210325E7B5094834, 9CD9DF5C974C20F38423B07063A4F44E533B3B4EF39E01AC701C04BFC5F3EC53 ] HPWMISVC        C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
12:56:57.0018 0x1a3c  HPWMISVC - ok
12:56:57.0081 0x1a3c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:56:57.0143 0x1a3c  HTTP - ok
12:56:57.0174 0x1a3c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:56:57.0174 0x1a3c  hwpolicy - ok
12:56:57.0221 0x1a3c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:56:57.0252 0x1a3c  i8042prt - ok
12:56:57.0315 0x1a3c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:56:57.0330 0x1a3c  iaStorV - ok
12:56:57.0533 0x1a3c  [ 30F8B0992033529216535AABE0BCF0FA, 13B1FBA896ECE1DCFCBB010BA5D93CEC6B1E76B0DC98E0922CF14629A7B1E9F7 ] IconMan_R       C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
12:56:57.0705 0x1a3c  IconMan_R - ok
12:56:57.0814 0x1a3c  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:56:57.0908 0x1a3c  idsvc - ok
12:56:57.0954 0x1a3c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:56:57.0954 0x1a3c  iirsp - ok
12:56:58.0048 0x1a3c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:56:58.0126 0x1a3c  IKEEXT - ok
12:56:58.0157 0x1a3c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:56:58.0157 0x1a3c  intelide - ok
12:56:58.0188 0x1a3c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\drivers\intelppm.sys
12:56:58.0204 0x1a3c  intelppm - ok
12:56:58.0235 0x1a3c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:56:58.0266 0x1a3c  IPBusEnum - ok
12:56:58.0313 0x1a3c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:56:58.0329 0x1a3c  IpFilterDriver - ok
12:56:58.0391 0x1a3c  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:56:58.0438 0x1a3c  iphlpsvc - ok
12:56:58.0485 0x1a3c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:56:58.0485 0x1a3c  IPMIDRV - ok
12:56:58.0516 0x1a3c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:56:58.0532 0x1a3c  IPNAT - ok
12:56:58.0563 0x1a3c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:56:58.0563 0x1a3c  IRENUM - ok
12:56:58.0594 0x1a3c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:56:58.0594 0x1a3c  isapnp - ok
12:56:58.0641 0x1a3c  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:56:58.0672 0x1a3c  iScsiPrt - ok
12:56:58.0703 0x1a3c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:56:58.0719 0x1a3c  kbdclass - ok
12:56:58.0766 0x1a3c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:56:58.0766 0x1a3c  kbdhid - ok
12:56:58.0797 0x1a3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\Windows\system32\lsass.exe
12:56:58.0797 0x1a3c  KeyIso - ok
12:56:58.0844 0x1a3c  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:56:58.0859 0x1a3c  KSecDD - ok
12:56:58.0922 0x1a3c  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:56:58.0937 0x1a3c  KSecPkg - ok
12:56:59.0000 0x1a3c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:56:59.0046 0x1a3c  KtmRm - ok
12:56:59.0093 0x1a3c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:56:59.0124 0x1a3c  LanmanServer - ok
12:56:59.0156 0x1a3c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:56:59.0171 0x1a3c  LanmanWorkstation - ok
12:56:59.0218 0x1a3c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:56:59.0234 0x1a3c  lltdio - ok
12:56:59.0280 0x1a3c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:56:59.0312 0x1a3c  lltdsvc - ok
12:56:59.0343 0x1a3c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:56:59.0358 0x1a3c  lmhosts - ok
12:56:59.0405 0x1a3c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:56:59.0405 0x1a3c  LSI_FC - ok
12:56:59.0452 0x1a3c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:56:59.0468 0x1a3c  LSI_SAS - ok
12:56:59.0499 0x1a3c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:56:59.0499 0x1a3c  LSI_SAS2 - ok
12:56:59.0530 0x1a3c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:56:59.0546 0x1a3c  LSI_SCSI - ok
12:56:59.0577 0x1a3c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:56:59.0592 0x1a3c  luafv - ok
12:56:59.0639 0x1a3c  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:56:59.0655 0x1a3c  MBAMProtector - ok
12:56:59.0702 0x1a3c  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:56:59.0733 0x1a3c  MBAMScheduler - ok
12:56:59.0811 0x1a3c  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:56:59.0889 0x1a3c  MBAMService - ok
12:56:59.0936 0x1a3c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:56:59.0936 0x1a3c  megasas - ok
12:56:59.0982 0x1a3c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:56:59.0998 0x1a3c  MegaSR - ok
12:57:00.0029 0x1a3c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
12:57:00.0045 0x1a3c  MMCSS - ok
12:57:00.0076 0x1a3c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
12:57:00.0092 0x1a3c  Modem - ok
12:57:00.0123 0x1a3c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:57:00.0138 0x1a3c  monitor - ok
12:57:00.0170 0x1a3c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:57:00.0185 0x1a3c  mouclass - ok
12:57:00.0216 0x1a3c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:57:00.0232 0x1a3c  mouhid - ok
12:57:00.0279 0x1a3c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:57:00.0279 0x1a3c  mountmgr - ok
12:57:00.0357 0x1a3c  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:57:00.0372 0x1a3c  MozillaMaintenance - ok
12:57:00.0419 0x1a3c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:57:00.0435 0x1a3c  mpio - ok
12:57:00.0466 0x1a3c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:57:00.0497 0x1a3c  mpsdrv - ok
12:57:00.0560 0x1a3c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:57:00.0638 0x1a3c  MpsSvc - ok
12:57:00.0669 0x1a3c  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:57:00.0700 0x1a3c  MRxDAV - ok
12:57:00.0747 0x1a3c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:57:00.0762 0x1a3c  mrxsmb - ok
12:57:00.0840 0x1a3c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:57:00.0856 0x1a3c  mrxsmb10 - ok
12:57:00.0872 0x1a3c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:57:00.0887 0x1a3c  mrxsmb20 - ok
12:57:00.0918 0x1a3c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:57:00.0918 0x1a3c  msahci - ok
12:57:00.0950 0x1a3c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:57:00.0965 0x1a3c  msdsm - ok
12:57:01.0028 0x1a3c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
12:57:01.0074 0x1a3c  MSDTC - ok
12:57:01.0121 0x1a3c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:57:01.0121 0x1a3c  Msfs - ok
12:57:01.0152 0x1a3c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:57:01.0152 0x1a3c  mshidkmdf - ok
12:57:01.0184 0x1a3c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:57:01.0184 0x1a3c  msisadrv - ok
12:57:01.0230 0x1a3c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:57:01.0246 0x1a3c  MSiSCSI - ok
12:57:01.0262 0x1a3c  msiserver - ok
12:57:01.0293 0x1a3c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:57:01.0308 0x1a3c  MSKSSRV - ok
12:57:01.0340 0x1a3c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:57:01.0340 0x1a3c  MSPCLOCK - ok
12:57:01.0371 0x1a3c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:57:01.0386 0x1a3c  MSPQM - ok
12:57:01.0464 0x1a3c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:57:01.0480 0x1a3c  MsRPC - ok
12:57:01.0511 0x1a3c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:57:01.0511 0x1a3c  mssmbios - ok
12:57:01.0542 0x1a3c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:57:01.0574 0x1a3c  MSTEE - ok
12:57:01.0605 0x1a3c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:57:01.0605 0x1a3c  MTConfig - ok
12:57:01.0636 0x1a3c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:57:01.0636 0x1a3c  Mup - ok
12:57:01.0698 0x1a3c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
12:57:01.0730 0x1a3c  napagent - ok
12:57:01.0776 0x1a3c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:57:01.0839 0x1a3c  NativeWifiP - ok
12:57:01.0901 0x1a3c  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:57:01.0979 0x1a3c  NDIS - ok
12:57:02.0010 0x1a3c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:57:02.0026 0x1a3c  NdisCap - ok
12:57:02.0073 0x1a3c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:57:02.0088 0x1a3c  NdisTapi - ok
12:57:02.0120 0x1a3c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:57:02.0151 0x1a3c  Ndisuio - ok
12:57:02.0182 0x1a3c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:02.0198 0x1a3c  NdisWan - ok
12:57:02.0213 0x1a3c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:57:02.0244 0x1a3c  NDProxy - ok
12:57:02.0260 0x1a3c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:57:02.0260 0x1a3c  NetBIOS - ok
12:57:02.0322 0x1a3c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:57:02.0369 0x1a3c  NetBT - ok
12:57:02.0385 0x1a3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\Windows\system32\lsass.exe
12:57:02.0385 0x1a3c  Netlogon - ok
12:57:02.0447 0x1a3c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
12:57:02.0478 0x1a3c  Netman - ok
12:57:02.0541 0x1a3c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
12:57:02.0572 0x1a3c  netprofm - ok
12:57:02.0603 0x1a3c  [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:57:02.0619 0x1a3c  NetTcpPortSharing - ok
12:57:02.0666 0x1a3c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:57:02.0666 0x1a3c  nfrd960 - ok
12:57:02.0728 0x1a3c  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:57:02.0744 0x1a3c  NlaSvc - ok
12:57:02.0806 0x1a3c  [ 25401B0C9576C8456B3E0BBD74FF0771, BB569C99360A631850537DC2EDA0BF85D091CC30BD98B3FD2AC9DABDFB7741DA ] NPF             C:\Windows\system32\drivers\npf.sys
12:57:02.0822 0x1a3c  NPF - ok
12:57:02.0837 0x1a3c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:57:02.0853 0x1a3c  Npfs - ok
12:57:02.0884 0x1a3c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
12:57:02.0884 0x1a3c  nsi - ok
12:57:02.0900 0x1a3c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:57:02.0915 0x1a3c  nsiproxy - ok
12:57:03.0056 0x1a3c  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:57:03.0149 0x1a3c  Ntfs - ok
12:57:03.0196 0x1a3c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
12:57:03.0227 0x1a3c  Null - ok
12:57:03.0274 0x1a3c  [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
12:57:03.0290 0x1a3c  NVENETFD - ok
12:57:03.0321 0x1a3c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:57:03.0336 0x1a3c  nvraid - ok
12:57:03.0383 0x1a3c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:57:03.0399 0x1a3c  nvstor - ok
12:57:03.0446 0x1a3c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:57:03.0461 0x1a3c  nv_agp - ok
12:57:03.0570 0x1a3c  [ 1F0E05DFF4F5A833168E49BE1256F002, A858267572033C185293B0FD15B2BFDA679D0771A14C0ADF24461B529DBAD8DF ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:57:03.0602 0x1a3c  odserv - ok
12:57:03.0633 0x1a3c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:57:03.0648 0x1a3c  ohci1394 - ok
12:57:03.0695 0x1a3c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:57:03.0711 0x1a3c  ose - ok
12:57:03.0789 0x1a3c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:57:03.0836 0x1a3c  p2pimsvc - ok
12:57:03.0882 0x1a3c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:57:03.0945 0x1a3c  p2psvc - ok
12:57:03.0976 0x1a3c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
12:57:03.0992 0x1a3c  Parport - ok
12:57:04.0038 0x1a3c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:57:04.0038 0x1a3c  partmgr - ok
12:57:04.0070 0x1a3c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:57:04.0070 0x1a3c  Parvdm - ok
12:57:04.0116 0x1a3c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:57:04.0132 0x1a3c  PcaSvc - ok
12:57:04.0194 0x1a3c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
12:57:04.0210 0x1a3c  pci - ok
12:57:04.0241 0x1a3c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:57:04.0241 0x1a3c  pciide - ok
12:57:04.0288 0x1a3c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:57:04.0304 0x1a3c  pcmcia - ok
12:57:04.0335 0x1a3c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:57:04.0350 0x1a3c  pcw - ok
12:57:04.0460 0x1a3c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:57:04.0538 0x1a3c  PEAUTH - ok
12:57:04.0709 0x1a3c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
12:57:04.0928 0x1a3c  pla - ok
12:57:04.0990 0x1a3c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:57:05.0006 0x1a3c  PlugPlay - ok
12:57:05.0037 0x1a3c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:57:05.0068 0x1a3c  PNRPAutoReg - ok
12:57:05.0146 0x1a3c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:57:05.0162 0x1a3c  PNRPsvc - ok
12:57:05.0240 0x1a3c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:57:05.0271 0x1a3c  PolicyAgent - ok
12:57:05.0302 0x1a3c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
12:57:05.0318 0x1a3c  Power - ok
12:57:05.0380 0x1a3c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:57:05.0380 0x1a3c  PptpMiniport - ok
12:57:05.0427 0x1a3c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
12:57:05.0427 0x1a3c  Processor - ok
12:57:05.0474 0x1a3c  [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:57:05.0489 0x1a3c  ProfSvc - ok
12:57:05.0505 0x1a3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:57:05.0520 0x1a3c  ProtectedStorage - ok
12:57:05.0536 0x1a3c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:57:05.0552 0x1a3c  Psched - ok
12:57:05.0598 0x1a3c  [ 562DCDD45902F1863B4B120F0633258B, BA47FEFA277AE753031B2E497E71AB0F0CC005480371927B9321468D8CF24508 ] qcusbser        C:\Windows\system32\DRIVERS\cmusbser.sys
12:57:05.0614 0x1a3c  qcusbser - ok
12:57:05.0723 0x1a3c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:57:05.0848 0x1a3c  ql2300 - ok
12:57:05.0879 0x1a3c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:57:05.0895 0x1a3c  ql40xx - ok
12:57:05.0942 0x1a3c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
12:57:05.0988 0x1a3c  QWAVE - ok
12:57:06.0035 0x1a3c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:57:06.0051 0x1a3c  QWAVEdrv - ok
12:57:06.0066 0x1a3c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:57:06.0082 0x1a3c  RasAcd - ok
12:57:06.0113 0x1a3c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:57:06.0129 0x1a3c  RasAgileVpn - ok
12:57:06.0176 0x1a3c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:57:06.0207 0x1a3c  RasAuto - ok
12:57:06.0238 0x1a3c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:57:06.0254 0x1a3c  Rasl2tp - ok
12:57:06.0316 0x1a3c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
12:57:06.0347 0x1a3c  RasMan - ok
12:57:06.0363 0x1a3c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:57:06.0394 0x1a3c  RasPppoe - ok
12:57:06.0441 0x1a3c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:57:06.0456 0x1a3c  RasSstp - ok
12:57:06.0519 0x1a3c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:57:06.0534 0x1a3c  rdbss - ok
12:57:06.0581 0x1a3c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:57:06.0581 0x1a3c  rdpbus - ok
12:57:06.0612 0x1a3c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:57:06.0612 0x1a3c  RDPCDD - ok
12:57:06.0659 0x1a3c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:57:06.0659 0x1a3c  RDPENCDD - ok
12:57:06.0690 0x1a3c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:57:06.0706 0x1a3c  RDPREFMP - ok
12:57:06.0753 0x1a3c  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:57:06.0784 0x1a3c  RDPWD - ok
12:57:06.0815 0x1a3c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:57:06.0831 0x1a3c  rdyboost - ok
12:57:06.0878 0x1a3c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:57:06.0909 0x1a3c  RemoteAccess - ok
12:57:06.0956 0x1a3c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:57:07.0002 0x1a3c  RemoteRegistry - ok
12:57:07.0049 0x1a3c  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:57:07.0096 0x1a3c  RFCOMM - ok
12:57:07.0158 0x1a3c  [ 4F4A4C09CC5BE58A76CAC1C337E004E6, 5DFFB1C60709A80DAC46BCBB9BA76408332A681EFA6ABB330CD74236109F4296 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
12:57:07.0174 0x1a3c  RimUsb - ok
12:57:07.0205 0x1a3c  [ 3A5633AD615E2B15291BD0B1B97CCD8A, 17E6FE788E8FBC6CB84B68F49FAFB4F63398EA97D89AACF677B338464B68E2AD ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
12:57:07.0221 0x1a3c  RimVSerPort - ok
12:57:07.0268 0x1a3c  [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
12:57:07.0268 0x1a3c  ROOTMODEM - ok
12:57:07.0346 0x1a3c  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
12:57:07.0346 0x1a3c  rpcapd - ok
12:57:07.0392 0x1a3c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:57:07.0392 0x1a3c  RpcEptMapper - ok
12:57:07.0424 0x1a3c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
12:57:07.0439 0x1a3c  RpcLocator - ok
12:57:07.0533 0x1a3c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
12:57:07.0564 0x1a3c  RpcSs - ok
12:57:07.0611 0x1a3c  [ 683B328B077D21F06E18C426DBAC0616, 977E9DE417C859488DCB071E98BCD1F363644768DCAD28A40307B0CC4DC9138F ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
12:57:07.0626 0x1a3c  RSPCIESTOR - ok
12:57:07.0673 0x1a3c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:57:07.0689 0x1a3c  rspndr - ok
12:57:07.0751 0x1a3c  [ EB0C65D79C94A5BA9713AB18E48874DB, CFDCBDF7F4CB4AC40645395823F9E3F40087C282C7BE79169622323FC78E1BDE ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
12:57:07.0782 0x1a3c  RTL8167 - ok
12:57:07.0814 0x1a3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs           C:\Windows\system32\lsass.exe
12:57:07.0814 0x1a3c  SamSs - ok
12:57:07.0860 0x1a3c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:57:07.0860 0x1a3c  sbp2port - ok
12:57:08.0032 0x1a3c  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
12:57:08.0110 0x1a3c  SBSDWSCService - ok
12:57:08.0157 0x1a3c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:57:08.0188 0x1a3c  SCardSvr - ok
12:57:08.0235 0x1a3c  [ 9A8925F0E6919272A768D7C42232AA3A, B0DF850169B672A0BA9C233B2D003D6A059431BE905331D38A519F1DE4CBC4DD ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
12:57:08.0250 0x1a3c  SCDEmu - ok
12:57:08.0266 0x1a3c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:57:08.0282 0x1a3c  scfilter - ok
12:57:08.0391 0x1a3c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
12:57:08.0469 0x1a3c  Schedule - ok
12:57:08.0500 0x1a3c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:57:08.0500 0x1a3c  SCPolicySvc - ok
12:57:08.0547 0x1a3c  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
12:57:08.0547 0x1a3c  sdbus - ok
12:57:08.0578 0x1a3c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:57:08.0625 0x1a3c  SDRSVC - ok
12:57:08.0687 0x1a3c  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
12:57:08.0718 0x1a3c  SeaPort - ok
12:57:08.0750 0x1a3c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:57:08.0750 0x1a3c  secdrv - ok
12:57:08.0781 0x1a3c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
12:57:08.0812 0x1a3c  seclogon - ok
12:57:08.0828 0x1a3c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
12:57:08.0828 0x1a3c  SENS - ok
12:57:08.0874 0x1a3c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:57:08.0874 0x1a3c  Serenum - ok
12:57:08.0906 0x1a3c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
12:57:08.0921 0x1a3c  Serial - ok
12:57:08.0937 0x1a3c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:57:08.0952 0x1a3c  sermouse - ok
12:57:08.0999 0x1a3c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:57:09.0015 0x1a3c  SessionEnv - ok
12:57:09.0046 0x1a3c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:57:09.0046 0x1a3c  sffdisk - ok
12:57:09.0077 0x1a3c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:57:09.0077 0x1a3c  sffp_mmc - ok
12:57:09.0093 0x1a3c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:57:09.0108 0x1a3c  sffp_sd - ok
12:57:09.0124 0x1a3c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:57:09.0140 0x1a3c  sfloppy - ok
12:57:09.0186 0x1a3c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:57:09.0233 0x1a3c  SharedAccess - ok
12:57:09.0296 0x1a3c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:57:09.0311 0x1a3c  ShellHWDetection - ok
12:57:09.0342 0x1a3c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:57:09.0342 0x1a3c  sisagp - ok
12:57:09.0374 0x1a3c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:57:09.0374 0x1a3c  SiSRaid2 - ok
12:57:09.0420 0x1a3c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:57:09.0420 0x1a3c  SiSRaid4 - ok
12:57:09.0498 0x1a3c  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:57:09.0498 0x1a3c  SkypeUpdate - ok
12:57:09.0545 0x1a3c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:57:09.0576 0x1a3c  Smb - ok
12:57:09.0654 0x1a3c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:57:09.0670 0x1a3c  SNMPTRAP - ok
12:57:09.0686 0x1a3c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:57:09.0686 0x1a3c  spldr - ok
12:57:09.0779 0x1a3c  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
12:57:09.0810 0x1a3c  Spooler - ok
12:57:10.0076 0x1a3c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
12:57:10.0325 0x1a3c  sppsvc - ok
12:57:10.0403 0x1a3c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:57:10.0434 0x1a3c  sppuinotify - ok
12:57:10.0497 0x1a3c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:57:10.0512 0x1a3c  srv - ok
12:57:10.0575 0x1a3c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:57:10.0606 0x1a3c  srv2 - ok
12:57:10.0653 0x1a3c  [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:57:10.0668 0x1a3c  SrvHsfHDA - ok
12:57:10.0778 0x1a3c  [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:57:10.0871 0x1a3c  SrvHsfV92 - ok
12:57:10.0949 0x1a3c  [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:57:11.0027 0x1a3c  SrvHsfWinac - ok
12:57:11.0058 0x1a3c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:57:11.0074 0x1a3c  srvnet - ok
12:57:11.0121 0x1a3c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:57:11.0136 0x1a3c  SSDPSRV - ok
12:57:11.0199 0x1a3c  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
12:57:11.0199 0x1a3c  ssmdrv - ok
12:57:11.0230 0x1a3c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:57:11.0246 0x1a3c  SstpSvc - ok
12:57:11.0339 0x1a3c  [ FB851E3A6971381D493D11904323E4E7, 547674451AA6ECF8B8DE1124F1069A5FA75EE761A30078CF6C37928382DF9E2C ] STacSV          C:\Program Files\IDT\WDM\STacSV.exe
12:57:11.0355 0x1a3c  STacSV - ok
12:57:11.0386 0x1a3c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:57:11.0386 0x1a3c  stexstor - ok
12:57:11.0448 0x1a3c  [ 119ADBC385C1661989ECB7F6789F99B8, 9C36B197AF152D3BCE39E5BF042815AA5762C66988D7A06F3A5D944F68AF9273 ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
12:57:11.0480 0x1a3c  STHDA - ok
12:57:11.0542 0x1a3c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:57:11.0589 0x1a3c  StiSvc - ok
12:57:11.0620 0x1a3c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:57:11.0620 0x1a3c  swenum - ok
12:57:11.0682 0x1a3c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
12:57:11.0714 0x1a3c  swprv - ok
12:57:11.0854 0x1a3c  [ 826E37FFC509BB4815A698AA4041865E, 248907DA0F40AD206F0F838B4D91377FD4A5F11DFB8B6055453E8511D5E18F49 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:57:11.0963 0x1a3c  SynTP - ok
12:57:12.0088 0x1a3c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
12:57:12.0197 0x1a3c  SysMain - ok
12:57:12.0228 0x1a3c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
12:57:12.0228 0x1a3c  TabletInputService - ok
12:57:12.0275 0x1a3c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:57:12.0306 0x1a3c  TapiSrv - ok
12:57:12.0322 0x1a3c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
12:57:12.0353 0x1a3c  TBS - ok
12:57:12.0509 0x1a3c  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C, 0FA6A6F065A99B0F40A3D50A20DF69D692824EE5776AC3904F9ED1F6F8832BD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:57:12.0618 0x1a3c  Tcpip - ok
12:57:12.0806 0x1a3c  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C, 0FA6A6F065A99B0F40A3D50A20DF69D692824EE5776AC3904F9ED1F6F8832BD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:57:12.0884 0x1a3c  TCPIP6 - ok
12:57:12.0930 0x1a3c  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:57:12.0946 0x1a3c  tcpipreg - ok
12:57:12.0977 0x1a3c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:57:12.0977 0x1a3c  TDPIPE - ok
12:57:13.0024 0x1a3c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:57:13.0040 0x1a3c  TDTCP - ok
12:57:13.0071 0x1a3c  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:57:13.0086 0x1a3c  tdx - ok
12:57:13.0133 0x1a3c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:57:13.0149 0x1a3c  TermDD - ok
12:57:13.0227 0x1a3c  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
12:57:13.0274 0x1a3c  TermService - ok
12:57:13.0289 0x1a3c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
12:57:13.0305 0x1a3c  Themes - ok
12:57:13.0320 0x1a3c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:57:13.0336 0x1a3c  THREADORDER - ok
12:57:13.0352 0x1a3c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
12:57:13.0367 0x1a3c  TrkWks - ok
12:57:13.0445 0x1a3c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:57:13.0461 0x1a3c  TrustedInstaller - ok
12:57:13.0508 0x1a3c  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:57:13.0523 0x1a3c  tssecsrv - ok
12:57:13.0570 0x1a3c  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:57:13.0586 0x1a3c  TsUsbFlt - ok
12:57:13.0617 0x1a3c  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:57:13.0617 0x1a3c  TsUsbGD - ok
12:57:13.0664 0x1a3c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:57:13.0695 0x1a3c  tunnel - ok
12:57:13.0710 0x1a3c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:57:13.0726 0x1a3c  uagp35 - ok
12:57:13.0773 0x1a3c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:57:13.0804 0x1a3c  udfs - ok
12:57:13.0851 0x1a3c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:57:13.0882 0x1a3c  UI0Detect - ok
12:57:13.0913 0x1a3c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:57:13.0929 0x1a3c  uliagpkx - ok
12:57:13.0976 0x1a3c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:57:13.0991 0x1a3c  umbus - ok
12:57:14.0022 0x1a3c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:57:14.0022 0x1a3c  UmPass - ok
12:57:14.0085 0x1a3c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
12:57:14.0100 0x1a3c  upnphost - ok
12:57:14.0163 0x1a3c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:57:14.0178 0x1a3c  usbccgp - ok
12:57:14.0210 0x1a3c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:57:14.0225 0x1a3c  usbcir - ok
12:57:14.0241 0x1a3c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:57:14.0256 0x1a3c  usbehci - ok
12:57:14.0303 0x1a3c  [ 56E89C8E05A987A49FFA595428FB9767, 9435512985C60E6D3DEC50902CB4FD936852C3BBFCCADA68D3DBB13EDE99D5C9 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
12:57:14.0303 0x1a3c  usbfilter - ok
12:57:14.0381 0x1a3c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:57:14.0412 0x1a3c  usbhub - ok
12:57:14.0444 0x1a3c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:57:14.0459 0x1a3c  usbohci - ok
12:57:14.0475 0x1a3c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:57:14.0490 0x1a3c  usbprint - ok
12:57:14.0522 0x1a3c  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:57:14.0537 0x1a3c  usbscan - ok
12:57:14.0568 0x1a3c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:57:14.0584 0x1a3c  USBSTOR - ok
12:57:14.0631 0x1a3c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:57:14.0646 0x1a3c  usbuhci - ok
12:57:14.0740 0x1a3c  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:57:14.0771 0x1a3c  usbvideo - ok
12:57:14.0802 0x1a3c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
12:57:14.0818 0x1a3c  UxSms - ok
12:57:14.0834 0x1a3c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc        C:\Windows\system32\lsass.exe
12:57:14.0834 0x1a3c  VaultSvc - ok
12:57:14.0880 0x1a3c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:57:14.0880 0x1a3c  vdrvroot - ok
12:57:14.0974 0x1a3c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
12:57:15.0052 0x1a3c  vds - ok
12:57:15.0083 0x1a3c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:57:15.0099 0x1a3c  vga - ok
12:57:15.0130 0x1a3c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:57:15.0146 0x1a3c  VgaSave - ok
12:57:15.0192 0x1a3c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:57:15.0208 0x1a3c  vhdmp - ok
12:57:15.0255 0x1a3c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:57:15.0255 0x1a3c  viaagp - ok
12:57:15.0302 0x1a3c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:57:15.0302 0x1a3c  ViaC7 - ok
12:57:15.0333 0x1a3c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:57:15.0333 0x1a3c  viaide - ok
12:57:15.0364 0x1a3c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:57:15.0364 0x1a3c  volmgr - ok
12:57:15.0458 0x1a3c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:57:15.0489 0x1a3c  volmgrx - ok
12:57:15.0536 0x1a3c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:57:15.0551 0x1a3c  volsnap - ok
12:57:15.0598 0x1a3c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:57:15.0598 0x1a3c  vsmraid - ok
12:57:15.0723 0x1a3c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
12:57:15.0801 0x1a3c  VSS - ok
12:57:15.0832 0x1a3c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:57:15.0848 0x1a3c  vwifibus - ok
12:57:15.0879 0x1a3c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:57:15.0910 0x1a3c  vwififlt - ok
12:57:15.0941 0x1a3c  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:57:15.0957 0x1a3c  vwifimp - ok
12:57:16.0050 0x1a3c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
12:57:16.0082 0x1a3c  W32Time - ok
12:57:16.0113 0x1a3c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:57:16.0128 0x1a3c  WacomPen - ok
12:57:16.0160 0x1a3c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:57:16.0175 0x1a3c  WANARP - ok
12:57:16.0191 0x1a3c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:57:16.0206 0x1a3c  Wanarpv6 - ok
12:57:16.0331 0x1a3c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
12:57:16.0456 0x1a3c  wbengine - ok
12:57:16.0503 0x1a3c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:57:16.0534 0x1a3c  WbioSrvc - ok
12:57:16.0581 0x1a3c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:57:16.0628 0x1a3c  wcncsvc - ok
12:57:16.0659 0x1a3c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:57:16.0674 0x1a3c  WcsPlugInService - ok
12:57:16.0690 0x1a3c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
12:57:16.0706 0x1a3c  Wd - ok
12:57:16.0784 0x1a3c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:57:16.0862 0x1a3c  Wdf01000 - ok
12:57:16.0877 0x1a3c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:57:16.0893 0x1a3c  WdiServiceHost - ok
12:57:16.0908 0x1a3c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:57:16.0924 0x1a3c  WdiSystemHost - ok
12:57:16.0971 0x1a3c  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
12:57:17.0080 0x1a3c  WebClient - ok
12:57:17.0111 0x1a3c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:57:17.0142 0x1a3c  Wecsvc - ok
12:57:17.0174 0x1a3c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:57:17.0189 0x1a3c  wercplsupport - ok
12:57:17.0220 0x1a3c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
12:57:17.0236 0x1a3c  WerSvc - ok
12:57:17.0267 0x1a3c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:57:17.0283 0x1a3c  WfpLwf - ok
12:57:17.0314 0x1a3c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:57:17.0330 0x1a3c  WIMMount - ok
12:57:17.0439 0x1a3c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:57:17.0517 0x1a3c  WinDefend - ok
12:57:17.0564 0x1a3c  WinHttpAutoProxySvc - ok
12:57:17.0626 0x1a3c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:57:17.0642 0x1a3c  Winmgmt - ok
12:57:17.0766 0x1a3c  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:57:17.0876 0x1a3c  WinRM - ok
12:57:17.0954 0x1a3c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:57:17.0969 0x1a3c  WinUsb - ok
12:57:18.0063 0x1a3c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:57:18.0125 0x1a3c  Wlansvc - ok
12:57:18.0188 0x1a3c  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:57:18.0188 0x1a3c  wlcrasvc - ok
12:57:18.0359 0x1a3c  [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:57:18.0484 0x1a3c  wlidsvc - ok
12:57:18.0546 0x1a3c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:57:18.0546 0x1a3c  WmiAcpi - ok
12:57:18.0593 0x1a3c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:57:18.0624 0x1a3c  wmiApSrv - ok
12:57:18.0749 0x1a3c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:57:18.0890 0x1a3c  WMPNetworkSvc - ok
12:57:18.0921 0x1a3c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:57:18.0936 0x1a3c  WPCSvc - ok
12:57:18.0968 0x1a3c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:57:18.0983 0x1a3c  WPDBusEnum - ok
12:57:19.0014 0x1a3c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:57:19.0046 0x1a3c  ws2ifsl - ok
12:57:19.0108 0x1a3c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
12:57:19.0124 0x1a3c  wscsvc - ok
12:57:19.0124 0x1a3c  WSearch - ok
12:57:19.0326 0x1a3c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:57:19.0482 0x1a3c  wuauserv - ok
12:57:19.0529 0x1a3c  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:57:19.0560 0x1a3c  WudfPf - ok
12:57:19.0607 0x1a3c  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:19.0623 0x1a3c  WUDFRd - ok
12:57:19.0670 0x1a3c  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:57:19.0701 0x1a3c  wudfsvc - ok
12:57:19.0794 0x1a3c  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:57:19.0826 0x1a3c  WwanSvc - ok
12:57:19.0857 0x1a3c  ZTEusbmdm6k - ok
12:57:19.0872 0x1a3c  ZTEusbnmea - ok
12:57:19.0904 0x1a3c  ZTEusbser6k - ok
12:57:19.0919 0x1a3c  ZTEusbvoice - ok
12:57:19.0982 0x1a3c  ================ Scan global ===============================
12:57:20.0013 0x1a3c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
12:57:20.0060 0x1a3c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:57:20.0091 0x1a3c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:57:20.0138 0x1a3c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:57:20.0200 0x1a3c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:57:20.0216 0x1a3c  [ Global ] - ok
12:57:20.0216 0x1a3c  ================ Scan MBR ==================================
12:57:20.0231 0x1a3c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:57:20.0512 0x1a3c  \Device\Harddisk0\DR0 - ok
12:57:20.0512 0x1a3c  ================ Scan VBR ==================================
12:57:20.0512 0x1a3c  [ 5B6A81907086FF7051BE4397FBEE5E60 ] \Device\Harddisk0\DR0\Partition1
12:57:20.0528 0x1a3c  \Device\Harddisk0\DR0\Partition1 - ok
12:57:20.0528 0x1a3c  [ 4A4B1B81B4ED0E99F5FDCC783426B57D ] \Device\Harddisk0\DR0\Partition2
12:57:20.0528 0x1a3c  \Device\Harddisk0\DR0\Partition2 - ok
12:57:20.0543 0x1a3c  [ 5253BB757782BDDA34F33AD1220E9D22 ] \Device\Harddisk0\DR0\Partition3
12:57:20.0543 0x1a3c  \Device\Harddisk0\DR0\Partition3 - ok
12:57:20.0559 0x1a3c  [ 0885B90353E6EEA1F49FD9EB1B70B809 ] \Device\Harddisk0\DR0\Partition4
12:57:20.0559 0x1a3c  \Device\Harddisk0\DR0\Partition4 - ok
12:57:20.0559 0x1a3c  Waiting for KSN requests completion. In queue: 79
12:57:21.0573 0x1a3c  Waiting for KSN requests completion. In queue: 79
12:57:22.0587 0x1a3c  Waiting for KSN requests completion. In queue: 79
12:57:23.0601 0x1a3c  Waiting for KSN requests completion. In queue: 79
12:57:24.0693 0x1a3c  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.3.336 ), 0x41000 ( enabled : updated )
12:57:24.0755 0x1a3c  Win FW state via NFP2: enabled
12:57:27.0813 0x1a3c  ============================================================
12:57:27.0813 0x1a3c  Scan finished
12:57:27.0813 0x1a3c  ============================================================
12:57:27.0828 0x1d8c  Detected object count: 0
12:57:27.0828 0x1d8c  Actual detected object count: 0
 



#7 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 21 April 2014 - 12:49 PM

All supposedly clear again with avast but halfway through that the network connectivity unilaterally disabled itself. When restarting it hangs, had to force reboot, it rebooted back to a black screen and had to force a restart and now in safe mode with network.

 

Log below and dat zip attached:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-21 12:59:38
-----------------------------
12:59:38.619    OS Version: Windows 6.1.7601 Service Pack 1
12:59:38.619    Number of processors: 2 586 0x603
12:59:38.635    ComputerName: ANTONIO-HP  UserName: Antonio
12:59:40.039    Initialize success
13:08:26.874    AVAST engine defs: 14042100
13:11:48.983    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
13:11:48.998    Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 11
13:11:49.108    Disk 0 MBR read successfully
13:11:49.108    Disk 0 MBR scan
13:11:49.154    Disk 0 Windows 7 default MBR code
13:11:49.170    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
13:11:49.186    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       464273 MB offset 409600
13:11:49.264    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        12363 MB offset 951240704
13:11:49.357    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
13:11:49.420    Disk 0 scanning sectors +976771120
13:11:49.607    Disk 0 scanning C:\Windows\system32\drivers
13:12:17.468    Service scanning
13:13:18.043    Modules scanning
13:13:37.231    Disk 0 trace - called modules:
13:13:37.263    ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys
13:13:37.263    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a2030]
13:13:37.263    3 CLASSPNP.SYS[891ab59e] -> nt!IofCallDriver -> [0x860703f8]
13:13:37.263    5 amd_xata.sys[88e018e5] -> nt!IofCallDriver -> \Device\0000005f[0x85e514b8]
13:13:38.776    AVAST engine scan C:\Windows
13:13:47.013    AVAST engine scan C:\Windows\system32
13:22:20.913    AVAST engine scan C:\Windows\system32\drivers
13:22:51.941    AVAST engine scan C:\Users\Antonio
14:24:11.877    AVAST engine scan C:\ProgramData
14:28:28.311    Scan finished successfully
14:36:35.438    Disk 0 MBR has been saved successfully to "C:\Users\Antonio\Desktop\MBR.dat"
14:36:35.454    The log file has been saved successfully to "C:\Users\Antonio\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   580bytes   0 downloads


#8 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 21 April 2014 - 01:02 PM

Managed to restart in normal mode after a few failed (black screen) attempts. Not sure if relevant but it may help to know the sort of problems that keep coming up in a laptop which was absolutely fine until right before that virus came up and was "removed" a couple of weeks ago.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 AM

Posted 22 April 2014 - 09:37 AM

The master boot record is fine.

Run these tools now.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#10 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 22 April 2014 - 09:48 AM

Was just about to go out, will do so in an hour or so.

 

Thanks nasdaq, your help is much appreciated.



#11 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 22 April 2014 - 12:52 PM

Rogue Killer deleted some stuff. Was that it? Will run the other now.

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Antonio [Admin rights]
Mode : Remove -- Date : 04/22/2014 14:49:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[84] : NtCreateSection @ 0x8325E12D -> HOOKED (Unknown @ 0x8E8C8CEE)
[Address] SSDT[299] : NtRequestWaitReplyPort @ 0x83278B12 -> HOOKED (Unknown @ 0x8E8C8CF8)
[Address] SSDT[316] : NtSetContextThread @ 0x8331889F -> HOOKED (Unknown @ 0x8E8C8CF3)
[Address] SSDT[347] : NtSetSecurityObject @ 0x8323C7F3 -> HOOKED (Unknown @ 0x8E8C8CFD)
[Address] SSDT[368] : NtSystemDebugControl @ 0x832C07DA -> HOOKED (Unknown @ 0x8E8C8D02)
[Address] SSDT[370] : NtTerminateProcess @ 0x83295D76 -> HOOKED (Unknown @ 0x8E8C8C8F)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8E8C8D16)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8E8C8D1B)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741009AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74120731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741008ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7410E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7410D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F94AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7410D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74113B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741235E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F51BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FFCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74122FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741206CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741004BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74100473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74122E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741005DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74100FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FCD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7410165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FBF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74122932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74122412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FFF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741223B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741006E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FCDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74122350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74113FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74103611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741039D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741222E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74123172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74113274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7412301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741229C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74122BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7412320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74122B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74101081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FDF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74103CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FF869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7412312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F85B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740F73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74113D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74123296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74100134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7410CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740FB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7412068D)
[Address] EAT @explorer.exe (DllGetClassObject) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FCFAD)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE059)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE082)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE0A2)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDDA6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEAD0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEAF3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEB16)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD855)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEA2C)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEA55)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEAA7)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEA7E)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD832)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEA03)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDCA1)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD9FB)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD89B)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD878)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDCF0)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD855)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDC81)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDC03)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDBDA)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD9FB)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDBAE)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDC58)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDC2F)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDDA6)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD8C1)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD878)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD8EA)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDA1E)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDACA)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE010)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDB82)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDA70)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDA3E)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDB59)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDAED)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD80C)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD92D)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDD7A)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDCA1)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDCC4)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD92D)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD80C)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD950)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE9DA)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDCF0)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDD13)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD976)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD7BA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD7E3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE9B1)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD92D)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEA03)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD8C1)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE9DA)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD90D)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD92D)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDD43)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD567)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD590)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD6CA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD6F6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD666)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD63D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD53E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD69B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD4E9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD4B1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD476)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD43E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD5E2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD71C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Prox.Ž°ø"PÿÿÿÿtDE$/Ž°J) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD742)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD515)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDB59)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD791)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD768)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD5B9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD92D)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD80C)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE010)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDCA1)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE0A2)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD80C)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD878)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE033)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD9C5)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD8C1)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD832)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD9FB)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD976)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD99C)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDCA1)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD950)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDACA)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEB39)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEB5C)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEB39)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDDCC)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDE11)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDFE6)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDEE5)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FEB88)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD03B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE676)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD0FC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD2F0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FD227)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE0CB)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FE20D)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : authui.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x720FDDF2)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5076GSX SATA Disk Device +++++
--- User ---
[MBR] c0b75d280b89d1bf1e27f00df0aa4d61
[BSP] f2e4a6b1de345bb92af81b448526bd1d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 464273 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951240704 | Size: 12363 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04222014_144928.txt >>
RKreport[0]_S_04222014_144710.txt


 



#12 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 22 April 2014 - 01:01 PM

FARBAR:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2014
Ran by Antonio (administrator) on ANTONIO-HP on 22-04-2014 14:55:16
Running from C:\Users\Antonio\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Spanish Modern Sort
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2274600 2014-02-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2010-12-17] (IDT, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [HPConnectionManager] => C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [312376 2011-11-15] (Power Software Ltd)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [HPOSD] => C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
HKU\S-1-5-21-4285530924-3421228706-1560576532-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-4285530924-3421228706-1560576532-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3321903&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2AAD629B-9C08-49AF-A96A-540A30C0AA74&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\rxxmrznp.default-1397386835784
FF NewTab: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\drae.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolibre-ar.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-ar.xml
FF Extension: Adblock Plus - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\rxxmrznp.default-1397386835784\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-14]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284672 2011-02-28] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1784320 2014-02-14] (Realsil Microelectronics Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [262226 2010-12-17] (IDT, Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66176 2011-01-28] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [32384 2011-01-28] (Advanced Micro Devices)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-01] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3059200 2012-10-24] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-01] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-01] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-01] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-01] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 qcusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [97408 2007-10-16] (Mobile Connector)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2014-02-14] (Realtek Semiconductor Corp.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [112096 2011-11-15] (Power Software Ltd)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-20] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Antonio\AppData\Local\Temp\catchme.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 14:55 - 2014-04-22 14:55 - 00015802 _____ () C:\Users\Antonio\Desktop\FRST.txt
2014-04-22 14:55 - 2014-04-22 14:55 - 00000000 ____D () C:\FRST
2014-04-22 14:49 - 2014-04-22 14:49 - 00028893 _____ () C:\Users\Antonio\Desktop\RKreport[0]_D_04222014_144928.txt
2014-04-22 14:47 - 2014-04-22 14:47 - 00028842 _____ () C:\Users\Antonio\Desktop\RKreport[0]_S_04222014_144710.txt
2014-04-22 14:17 - 2014-04-22 14:54 - 00000000 ____D () C:\Users\Antonio\Desktop\RK_Quarantine
2014-04-22 14:16 - 2014-04-22 11:46 - 01048064 _____ (Farbar) C:\Users\Antonio\Desktop\FRST.exe
2014-04-22 14:16 - 2014-04-22 11:45 - 03972608 _____ () C:\Users\Antonio\Desktop\RogueKiller.exe
2014-04-22 11:45 - 2014-04-22 11:46 - 01048064 _____ (Farbar) C:\Users\Antonio\Downloads\FRST.exe
2014-04-22 11:44 - 2014-04-22 11:45 - 03972608 _____ () C:\Users\Antonio\Downloads\RogueKiller.exe
2014-04-21 14:54 - 2014-04-21 14:57 - 00000000 ____D () C:\Users\Antonio\Downloads\Backup escritorio
2014-04-16 14:42 - 2014-04-16 14:42 - 03685888 _____ () C:\Users\Antonio\Downloads\Guyer y Regules - presentación PB - 8 abril 2014.ppt
2014-04-16 13:31 - 2014-04-16 13:38 - 00000000 ____D () C:\Users\Antonio\Documents\Bluetooth Folder
2014-04-16 13:31 - 2014-04-16 13:31 - 00000000 ____D () C:\Users\Public\Documents\Atheros
2014-04-16 07:44 - 2014-03-17 22:11 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-16 07:44 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-16 07:44 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-16 07:44 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-16 07:43 - 2014-04-16 07:44 - 00004115 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-14 16:52 - 2014-04-14 16:53 - 08452995 _____ () C:\Users\Antonio\Downloads\INFORMACIÓN_HSL.zip
2014-04-12 10:18 - 2014-04-12 10:18 - 00019992 _____ () C:\ComboFix.txt
2014-04-12 09:56 - 2014-04-12 10:18 - 00000000 ____D () C:\Qoobox
2014-04-12 09:56 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-12 09:56 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-12 09:56 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-12 09:56 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-12 09:56 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-12 09:56 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-12 09:56 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-12 09:56 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-12 09:55 - 2014-04-12 10:15 - 00000000 ____D () C:\Windows\erdnt
2014-04-07 13:40 - 2012-03-01 02:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-04-07 13:40 - 2012-03-01 02:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-04-07 13:09 - 2014-04-07 13:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-07 12:27 - 2014-04-07 12:27 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-07 12:27 - 2014-04-07 12:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-07 12:27 - 2014-04-07 12:27 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-07 12:27 - 2014-04-07 12:27 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-07 12:27 - 2014-04-07 12:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-07 12:27 - 2014-04-07 12:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-07 12:25 - 2014-04-07 12:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-07 12:21 - 2014-04-07 12:21 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-07 12:15 - 2014-04-07 12:15 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-07 12:14 - 2014-04-07 12:40 - 00014048 _____ () C:\Windows\IE10_main.log
2014-04-07 12:09 - 2014-02-06 22:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-07 12:09 - 2013-04-26 01:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-04-07 12:08 - 2013-07-09 01:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-07 12:08 - 2013-07-04 08:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-07 12:08 - 2013-07-03 01:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-04-07 12:08 - 2013-07-03 00:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-07 12:08 - 2013-07-03 00:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-07 12:06 - 2013-07-09 02:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-07 12:06 - 2013-07-09 02:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-07 12:06 - 2013-07-09 01:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-07 12:06 - 2013-03-19 01:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-04-07 12:06 - 2013-03-18 23:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-04-07 12:05 - 2013-10-18 22:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-07 12:05 - 2013-09-24 23:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-07 12:05 - 2013-09-24 23:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-07 12:05 - 2013-09-24 22:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-07 12:05 - 2013-09-24 22:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-07 12:05 - 2013-09-24 22:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-07 12:05 - 2013-09-24 22:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-07 12:05 - 2013-09-24 22:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-07 12:05 - 2013-09-24 21:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-07 12:05 - 2013-09-24 21:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-07 12:05 - 2013-07-09 01:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-07 12:05 - 2013-07-04 09:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-07 12:05 - 2013-05-13 00:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-04-07 12:05 - 2013-05-13 00:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-04-07 12:05 - 2013-02-15 01:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-07 12:05 - 2013-02-15 01:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-04-07 12:05 - 2013-02-15 00:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-07 12:05 - 2012-06-06 02:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-04-07 12:04 - 2014-02-03 23:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-07 12:04 - 2013-07-06 02:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-07 12:04 - 2013-06-06 01:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-07 12:04 - 2013-06-06 01:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-07 12:04 - 2013-06-06 01:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-07 12:04 - 2013-06-06 00:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-07 12:04 - 2013-06-06 00:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-07 12:04 - 2013-04-12 10:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 12:04 - 2013-01-03 02:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-04-07 12:04 - 2012-11-01 01:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-04-07 12:04 - 2012-08-22 14:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-07 12:03 - 2013-12-05 23:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-07 12:03 - 2013-12-05 23:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-07 12:03 - 2013-11-11 23:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-07 12:03 - 2013-10-11 23:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-07 12:03 - 2013-10-11 23:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-07 12:03 - 2013-10-11 22:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-07 12:03 - 2013-10-11 22:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-07 12:03 - 2013-08-01 08:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-07 12:03 - 2013-07-20 07:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-07 12:03 - 2013-04-10 02:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-04-07 12:03 - 2013-02-27 02:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-04-07 12:03 - 2013-02-27 01:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-07 12:03 - 2013-02-27 01:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-04-07 12:03 - 2013-02-12 00:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-04-07 12:03 - 2012-11-02 02:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-04-07 12:03 - 2012-04-28 00:17 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-07 12:02 - 2013-07-25 22:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-07 12:02 - 2013-07-25 22:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-07 12:02 - 2012-04-26 01:45 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-04-07 12:02 - 2012-04-26 01:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-04-07 12:02 - 2012-04-26 01:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-04-07 12:01 - 2014-01-28 23:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-07 12:01 - 2013-10-11 23:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-07 12:01 - 2013-10-11 23:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-07 12:01 - 2013-10-11 23:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-07 12:01 - 2013-10-05 16:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-07 12:01 - 2013-07-09 01:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-07 12:01 - 2013-07-09 01:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-07 12:01 - 2013-06-25 19:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-07 12:01 - 2013-06-15 00:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-07 12:01 - 2012-11-28 19:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-07 12:01 - 2012-11-28 19:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-04-07 12:01 - 2012-11-28 19:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-04-07 12:01 - 2012-09-25 19:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-04-07 12:01 - 2012-07-04 18:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-04-07 12:01 - 2012-07-04 18:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-04-07 12:01 - 2012-07-04 18:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-04-07 12:00 - 2013-11-26 22:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-07 12:00 - 2013-11-26 22:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-07 12:00 - 2013-11-26 22:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-07 12:00 - 2013-11-26 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-07 12:00 - 2013-11-26 22:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-07 12:00 - 2013-11-26 22:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-07 12:00 - 2013-11-26 22:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-07 12:00 - 2013-08-01 22:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-07 12:00 - 2013-08-01 22:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-07 12:00 - 2013-08-01 22:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 21:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-07 12:00 - 2013-08-01 21:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 21:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 21:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-07 12:00 - 2013-08-01 21:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-07 12:00 - 2013-07-25 05:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-07 12:00 - 2013-07-12 07:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-04-07 12:00 - 2013-07-12 07:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-07 11:59 - 2012-08-10 20:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-04-07 11:59 - 2012-02-17 02:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-07 11:59 - 2012-02-17 01:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-04-07 11:58 - 2013-10-03 22:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-07 11:58 - 2013-10-03 22:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-07 11:58 - 2013-10-02 22:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-07 11:58 - 2012-05-14 01:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-04-07 11:46 - 2012-03-17 04:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-04-07 11:36 - 2013-12-22 11:46 - 00450660 _____ () C:\Windows\system32\Drivers\etc\hosts.20140407-113646.backup
2014-04-07 11:35 - 2013-12-22 11:46 - 00450660 _____ () C:\Windows\system32\Drivers\etc\hosts.20140407-113551.backup
2014-04-07 11:32 - 2012-06-02 19:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-07 11:32 - 2012-06-02 19:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-07 11:32 - 2012-06-02 19:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-07 11:32 - 2012-06-02 19:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-07 11:32 - 2012-06-02 19:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-07 11:32 - 2012-06-02 19:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-07 11:32 - 2012-06-02 19:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-07 11:32 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-07 11:32 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-03 20:22 - 2014-04-03 20:22 - 00001037 _____ () C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2014-04-03 20:21 - 2014-04-03 20:23 - 00000000 ____D () C:\Users\Antonio\D-Fend Reloaded
2014-04-03 20:21 - 2014-04-03 20:22 - 00000000 ____D () C:\Program Files\D-Fend Reloaded
2014-03-31 16:39 - 2014-04-12 00:14 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-31 16:39 - 2014-03-31 16:39 - 00000000 ___RD () C:\Program Files\Skype
2014-03-31 16:39 - 2014-03-31 16:39 - 00000000 ____D () C:\Users\Antonio\AppData\Local\Skype
2014-03-31 16:39 - 2014-03-31 16:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-29 22:10 - 2014-03-29 22:10 - 00000000 ____D () C:\Program Files\AC3Filter
2014-03-29 22:10 - 2013-04-05 21:26 - 01679360 _____ () C:\Windows\system32\ac3filter.acm
2014-03-28 22:36 - 2014-03-28 22:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-22 14:55 - 2014-04-22 14:55 - 00015802 _____ () C:\Users\Antonio\Desktop\FRST.txt
2014-04-22 14:55 - 2014-04-22 14:55 - 00000000 ____D () C:\FRST
2014-04-22 14:54 - 2014-04-22 14:17 - 00000000 ____D () C:\Users\Antonio\Desktop\RK_Quarantine
2014-04-22 14:49 - 2014-04-22 14:49 - 00028893 _____ () C:\Users\Antonio\Desktop\RKreport[0]_D_04222014_144928.txt
2014-04-22 14:47 - 2014-04-22 14:47 - 00028842 _____ () C:\Users\Antonio\Desktop\RKreport[0]_S_04222014_144710.txt
2014-04-22 14:46 - 2012-06-19 10:45 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-22 14:27 - 2011-07-19 20:38 - 01406896 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 14:24 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-22 11:49 - 2009-07-14 01:34 - 00016480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 11:49 - 2009-07-14 01:34 - 00016480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 11:46 - 2014-04-22 14:16 - 01048064 _____ (Farbar) C:\Users\Antonio\Desktop\FRST.exe
2014-04-22 11:46 - 2014-04-22 11:45 - 01048064 _____ (Farbar) C:\Users\Antonio\Downloads\FRST.exe
2014-04-22 11:45 - 2014-04-22 14:16 - 03972608 _____ () C:\Users\Antonio\Desktop\RogueKiller.exe
2014-04-22 11:45 - 2014-04-22 11:44 - 03972608 _____ () C:\Users\Antonio\Downloads\RogueKiller.exe
2014-04-22 09:17 - 2013-07-12 21:17 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-21 14:57 - 2014-04-21 14:54 - 00000000 ____D () C:\Users\Antonio\Downloads\Backup escritorio
2014-04-21 14:50 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 14:50 - 2009-07-14 01:39 - 00149319 _____ () C:\Windows\setupact.log
2014-04-20 22:14 - 2013-11-02 22:31 - 00000000 ____D () C:\Users\Antonio\Downloads\Docs a archivar
2014-04-20 21:44 - 2014-03-06 14:40 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForAntonio.job
2014-04-20 18:46 - 2010-11-20 18:01 - 01555646 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 19:25 - 2012-02-20 21:58 - 00000000 ____D () C:\Users\Antonio\Downloads\Pelis
2014-04-16 14:42 - 2014-04-16 14:42 - 03685888 _____ () C:\Users\Antonio\Downloads\Guyer y Regules - presentación PB - 8 abril 2014.ppt
2014-04-16 13:38 - 2014-04-16 13:31 - 00000000 ____D () C:\Users\Antonio\Documents\Bluetooth Folder
2014-04-16 13:31 - 2014-04-16 13:31 - 00000000 ____D () C:\Users\Public\Documents\Atheros
2014-04-16 07:44 - 2014-04-16 07:43 - 00004115 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 07:44 - 2013-10-28 07:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 07:44 - 2011-04-12 05:00 - 00000000 ____D () C:\Program Files\Java
2014-04-14 16:53 - 2014-04-14 16:52 - 08452995 _____ () C:\Users\Antonio\Downloads\INFORMACIÓN_HSL.zip
2014-04-13 10:09 - 2012-02-03 10:22 - 00000000 ____D () C:\Users\Antonio\AppData\Local\CrashDumps
2014-04-12 11:34 - 2010-11-20 18:48 - 00343308 _____ () C:\Windows\PFRO.log
2014-04-12 10:18 - 2014-04-12 10:18 - 00019992 _____ () C:\ComboFix.txt
2014-04-12 10:18 - 2014-04-12 09:56 - 00000000 ____D () C:\Qoobox
2014-04-12 10:18 - 2009-07-13 23:37 - 00000000 __RHD () C:\Users\Default
2014-04-12 10:18 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Public
2014-04-12 10:15 - 2014-04-12 09:55 - 00000000 ____D () C:\Windows\erdnt
2014-04-12 10:13 - 2009-07-13 23:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-12 00:15 - 2012-07-30 14:50 - 00000000 ____D () C:\ProgramData\Skype
2014-04-12 00:14 - 2014-03-31 16:39 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-11 17:04 - 2012-01-02 23:29 - 00000000 ____D () C:\Users\Antonio\AppData\Roaming\vlc
2014-04-11 11:06 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Web
2014-04-10 15:44 - 2012-01-19 07:15 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-10 15:44 - 2012-01-05 17:31 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-04-07 16:55 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\rescache
2014-04-07 16:28 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-07 16:05 - 2009-07-14 01:33 - 00414272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-07 16:02 - 2009-07-14 01:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-04-07 16:02 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-07 13:15 - 2014-04-07 13:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-07 12:40 - 2014-04-07 12:14 - 00014048 _____ () C:\Windows\IE10_main.log
2014-04-07 12:27 - 2014-04-07 12:27 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-07 12:27 - 2014-04-07 12:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-07 12:27 - 2014-04-07 12:27 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-07 12:27 - 2014-04-07 12:27 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-07 12:27 - 2014-04-07 12:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-07 12:27 - 2014-04-07 12:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-07 12:27 - 2014-04-07 12:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-07 12:27 - 2014-04-07 12:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-07 12:25 - 2014-04-07 12:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-07 12:21 - 2014-04-07 12:21 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-07 12:21 - 2014-04-07 12:21 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-07 12:15 - 2014-04-07 12:15 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-07 11:14 - 2009-07-14 01:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-04 22:14 - 2011-12-29 00:11 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForANTONIO-HP$.job
2014-04-04 22:13 - 2012-04-26 11:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-03 20:23 - 2014-04-03 20:21 - 00000000 ____D () C:\Users\Antonio\D-Fend Reloaded
2014-04-03 20:22 - 2014-04-03 20:22 - 00001037 _____ () C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2014-04-03 20:22 - 2014-04-03 20:21 - 00000000 ____D () C:\Program Files\D-Fend Reloaded
2014-04-03 20:21 - 2011-12-29 10:36 - 00000000 ____D () C:\Users\Antonio
2014-04-03 20:14 - 2011-12-29 20:41 - 00000000 ____D () C:\Users\Antonio\Games
2014-04-03 20:13 - 2012-10-21 12:57 - 00000000 ____D () C:\Program Files\Championship Manager 01-02
2014-04-01 14:31 - 2012-07-30 14:50 - 00000000 ____D () C:\Users\Antonio\AppData\Roaming\Skype
2014-03-31 16:39 - 2014-03-31 16:39 - 00000000 ___RD () C:\Program Files\Skype
2014-03-31 16:39 - 2014-03-31 16:39 - 00000000 ____D () C:\Users\Antonio\AppData\Local\Skype
2014-03-31 16:39 - 2014-03-31 16:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-31 09:35 - 2012-02-27 11:02 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-29 22:10 - 2014-03-29 22:10 - 00000000 ____D () C:\Program Files\AC3Filter
2014-03-28 22:36 - 2014-03-28 22:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Antonio\AppData\Local\Temp\avgnt.exe
C:\Users\Antonio\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Antonio\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-21 03:14

==================== End Of Log ============================

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:48 AM

Posted 23 April 2014 - 06:58 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3321903&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2AAD629B-9C08-49AF-A96A-540A30C0AA74&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
S3 catchme; \??\C:\Users\Antonio\AppData\Local\Temp\catchme.sys [X]
C:\Users\Antonio\AppData\Local\Temp\avgnt.exe
C:\Users\Antonio\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Antonio\AppData\Local\Temp\ntdll_dump.dl

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know if the problem persists.

#14 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 23 April 2014 - 09:56 AM

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-04-2014
Ran by Antonio at 2014-04-23 11:55:08 Run:1
Running from C:\Users\Antonio\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3321903&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2AAD629B-9C08-49AF-A96A-540A30C0AA74&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
S3 catchme; \??\C:\Users\Antonio\AppData\Local\Temp\catchme.sys [X]
C:\Users\Antonio\AppData\Local\Temp\avgnt.exe
C:\Users\Antonio\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Antonio\AppData\Local\Temp\ntdll_dump.dl

End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.
catchme => Service deleted successfully.
C:\Users\Antonio\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Antonio\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
"C:\Users\Antonio\AppData\Local\Temp\ntdll_dump.dl" => File/Directory not found.

==== End of Fixlog ====



#15 antohan

antohan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 23 April 2014 - 10:02 AM

 Security check:

 

Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 JavaFX 2.1.1    
 Java™ 6 Update 30  
 Java 7 Update 55  
  Adobe Flash Player     12.0.0.77 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users