Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer gone, ad popups in Firefox (V9 hijack?)


  • Please log in to reply
9 replies to this topic

#1 Diegno

Diegno

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:31 AM

Posted 29 April 2014 - 02:50 PM

After being asked to install a program while browsing online, I chose Decline, yet the program and its accompanying programs were installed anyway. I believe the main culprit was something called v9, which seemed to hijack my browser. I'm using Windows 7 OS, Microsoft Security Essentials for anti-virus and later installed Malwarebytes trying to resolve the issue. Running MB in safe mode seems to have cleared up most of the apparent issues but now my IE is missing and I occasionally receive ads for video or media programs (within pages I'm sure they aren't native to) while using Firefox w/ NoScript. Also, I still see IdleCrawler, one of the other malware installed, in task manager. Other steps taken include DDS, Defogger, MBRcheck, and rootkitunhooker 3.8, in an attempt to detect remaining threats.

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 29 April 2014 - 07:26 PM

Hello Diegno

We need to remove safe.v9.com from your browser add ons / extensions, what one(s) are you using?

Please also run these.......


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:31 AM

Posted 30 April 2014 - 09:18 AM

Thanks for all of your help so far, boopme! The only Extension listed for Firefox is NoScript 2.6.8.20. Were you interested in plugins as well? As for Internet Explorer add-ons, I still can't access the program to look at them, and I'm still seeing the popups in Firefox today. MiniToolBox by Farbar Version: 23-01-2014 Ran by Pokemon (administrator) on 29-04-2014 at 20:24:34 Running from "C:\Users\Pokemon\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "network.proxy.http", "127.0.0.1" "network.proxy.http_port", 8118 "network.proxy.ssl", "127.0.0.1" "network.proxy.ssl_port", 8118 "network.proxy.type", 1 "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ NVIDIA nForce Networking Controller = Local Area Connection (Connecting) Compact Wireless-G USB Adapter = Wireless Network Connection 2 (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled add route prefix=0.0.0.0/0 interface="Wireless Network Connection" nexthop=192.168.0.1 publish=Yes add route prefix=0.0.0.0/0 interface="Wireless Network Connection 4" nexthop=192.168.0.1 publish=Yes add address name="Wireless Network Connection" address=192.168.0.16 mask=255.255.255.0 add address name="Wireless Network Connection 4" address=192.168.0.31 mask=255.255.255.0 popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Pokemon-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Compact Wireless-G USB Adapter #2 Physical Address. . . . . . . . . : 00-18-39-04-A3-2B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::38e5:d442:928f:8deb%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, April 29, 2014 1:34:07 PM Lease Expires . . . . . . . . . . : Wednesday, April 30, 2014 8:17:58 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 352327737 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-E4-BA-DE-F8-0F-41-2E-79-C0 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : F8-0F-41-2E-79-C0 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::105c:f382:b4e6:5067%11(Deprecated) Autoconfiguration IPv4 Address. . : 169.254.80.103(Tentative) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{438FD9FE-CBA0-447C-8CE7-DBEB5B5628B5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:895:3865:3f57:fef7(Preferred) Link-local IPv6 Address . . . . . : fe80::895:3865:3f57:fef7%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.1.1 Name: google.com Addresses: 2607:f8b0:4000:805::1004 74.125.227.206 74.125.227.192 74.125.227.193 74.125.227.194 74.125.227.195 74.125.227.196 74.125.227.197 74.125.227.198 74.125.227.199 74.125.227.200 74.125.227.201 Pinging google.com [74.125.227.192] with 32 bytes of data: Reply from 74.125.227.192: bytes=32 time=58ms TTL=51 Reply from 74.125.227.192: bytes=32 time=50ms TTL=51 Ping statistics for 74.125.227.192: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 50ms, Maximum = 58ms, Average = 54ms Server: UnKnown Address: 192.168.1.1 Name: yahoo.com Addresses: 98.138.253.109 98.139.183.24 206.190.36.45 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=161ms TTL=37 Reply from 206.190.36.45: bytes=32 time=123ms TTL=37 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 123ms, Maximum = 161ms, Average = 142ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 14...00 18 39 04 a3 2b ......Compact Wireless-G USB Adapter #2 11...f8 0f 41 2e 79 c0 ......NVIDIA nForce Networking Controller 1...........................Software Loopback Interface 1 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.8 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.8 281 192.168.1.8 255.255.255.255 On-link 192.168.1.8 281 192.168.1.255 255.255.255.255 On-link 192.168.1.8 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.8 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.8 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.0.1 Default 0.0.0.0 0.0.0.0 192.168.0.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 58 ::/0 On-link 1 306 ::1/128 On-link 12 58 2001::/32 On-link 12 306 2001:0:5ef5:79fb:895:3865:3f57:fef7/128 On-link 14 281 fe80::/64 On-link 12 306 fe80::/64 On-link 12 306 fe80::895:3865:3f57:fef7/128 On-link 14 281 fe80::38e5:d442:928f:8deb/128 On-link 1 306 ff00::/8 On-link 12 306 ff00::/8 On-link 14 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/29/2014 08:17:53 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 19204144 Error: (04/29/2014 08:17:53 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 19204144 Error: (04/29/2014 08:17:48 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/29/2014 01:35:12 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 01:17:36 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 01:13:00 PM) (Source: ConvertFilesforFree) (User: ) Description: Can't parse JSON update object Error: (04/29/2014 01:12:59 PM) (Source: ConvertFilesforFree) (User: ) Description: Can't query a value of the remote_log registry value, code: 2 Error: (04/29/2014 01:12:59 PM) (Source: ConvertFilesforFree) (User: ) Description: Can't query a buffer size for the remote_log registry value, code: 2 Error: (04/29/2014 01:12:59 PM) (Source: ConvertFilesforFree) (User: ) Description: Can't query a value of the remote_log registry value, code: 2 Error: (04/29/2014 01:12:59 PM) (Source: ConvertFilesforFree) (User: ) Description: Can't query a buffer size for the remote_log registry value, code: 2 System errors: ============= Error: (04/29/2014 02:14:12 PM) (Source: nvstor64) (User: ) Description: Data error on device. Device: \Device\RaidPort0 Model: Hitachi HDS721010CLA332 Firmware Version: JP4O Serial Number: JP2940J81LVMDD Port: 0 Error: (04/29/2014 01:16:47 PM) (Source: DCOM) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (04/29/2014 01:16:47 PM) (Source: DCOM) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/29/2014 01:16:45 PM) (Source: DCOM) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (04/29/2014 01:16:37 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6 Error: (04/29/2014 01:16:37 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: %%31 Error: (04/29/2014 01:16:37 PM) (Source: DCOM) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/29/2014 01:16:15 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 1:14:25 PM on ?4/?29/?2014 was unexpected. Error: (04/29/2014 11:58:43 AM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (04/29/2014 11:58:34 AM) (Source: cdrom) (User: ) Description: The device, \Device\CdRom0, has a bad block. Microsoft Office Sessions: ========================= Error: (04/29/2014 08:17:53 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 19204144 Error: (04/29/2014 08:17:53 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 19204144 Error: (04/29/2014 08:17:48 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/29/2014 01:35:12 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 01:17:36 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 01:13:00 PM) (Source: ConvertFilesforFree)(User: ) Description: Can't parse JSON update object Error: (04/29/2014 01:12:59 PM) (Source: ConvertFilesforFree)(User: ) Description: Can't query a value of the remote_log registry value, code: 2 Error: (04/29/2014 01:12:59 PM) (Source: ConvertFilesforFree)(User: ) Description: Can't query a buffer size for the remote_log registry value, code: 2 Error: (04/29/2014 01:12:59 PM) (Source: ConvertFilesforFree)(User: ) Description: Can't query a value of the remote_log registry value, code: 2 Error: (04/29/2014 01:12:59 PM) (Source: ConvertFilesforFree)(User: ) Description: Can't query a buffer size for the remote_log registry value, code: 2 =========================== Installed Programs ============================ AC3Filter 1.63b (Version: 1.63b) Adobe AIR (Version: 2.0.2.12610) Adobe Creative Cloud (Version: 2.4.1.351) Adobe Flash Player 13 ActiveX (Version: 13.0.0.206) Adobe Illustrator CC (Version: 17.0) Adobe Reader 9.5.5 MUI (Version: 9.5.5) AGEIA PhysX v7.11.13 (Version: 7.11.13) Amazon Cloud Player (Version: 2.3.0.422) Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Audacity 2.0.3 (Version: 2.0.3) Avi2Dvd 0.6.4 (Version: 0.6.4) AviSynth 2.5 Bonjour (Version: 3.0.0.10) Coby Media Manager (Version: 1.0.4717) Compact Wireless-G USB Adapter CoreAAC Audio Decoder (remove only) D3DX10 (Version: 15.4.2368.0902) Diablo II DirectX 9 Runtime (Version: 1.00.0000) DragonNest DVD Decrypter (Remove Only) DVD Shrink 3.2 eMachines Recovery Management (Version: 5.00.3002) eMachines Registration (Version: 1.03.3003) eMachines Updater (Version: 1.02.3005) FATE - The Traitor Soul (Version: 2.2.0.82) ffdshow [rev 3299] [2010-03-03] (Version: 1.0.0.3299) Galerie de photos Windows Live (Version: 15.4.3502.0922) GIMP 2.8.10 (Version: 2.8.10) Haali Media Splitter HandBrake 0.9.9.1 (Version: 0.9.9.1) Hotkey Utility (Version: 2.05.3014) HP Deskjet 3050A J611 series Basic Device Software (Version: 28.0.1315.0) HP Deskjet 3050A J611 series Help (Version: 140.0.2.2) HP Deskjet 3050A J611 series Product Improvement Study (Version: 28.0.1315.0) HP Photo Creations (Version: 1.0.0.7702) Identity Card (Version: 1.00.3006) IdleCrawler (Version: 35.0.0.84) IrfanView (remove only) (Version: 4.37) iTunes (Version: 11.1.3.8) Java 7 Update 55 (Version: 7.0.550) Java Auto Updater (Version: 2.1.9.8) JavaFX 2.1.1 (Version: 2.1.1) Jigsaw World Magic Encyclopedia. First Story Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Security Client (Version: 4.5.0216.0) Microsoft Security Essentials (Version: 4.5.216.0) Microsoft Silverlight (Version: 5.1.30214.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Morrowind Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Natalie Brooks - Secrets of Treasure House Nero Control Center 10 (Version: 10.2.11100.1.1) Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000) Nero Core Components 10 (Version: 2.0.18100.8.8) Nero DiscSpeed 10 (Version: 6.2.10500.2.100) Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000) Nero Express 10 (Version: 10.2.12000.21.100) Nero Express 10 Help (CHM) (Version: 10.5.10200) Nero Multimedia Suite 10 Essentials (Version: 10.5.10300) Nero StartSmart 10 (Version: 10.2.11600.14.100) Nero StartSmart 10 Help (CHM) (Version: 10.5.10000) Nero Update (Version: 1.0.0018) Nexon Game Manager NVIDIA Control Panel 307.83 (Version: 307.83) NVIDIA Display Control Panel (Version: 6.14.12.5896) NVIDIA Drivers (Version: 1.10.62.40) NVIDIA ForceWare Network Access Manager (Version: 1.00.7316) NVIDIA Graphics Driver 307.83 (Version: 307.83) NVIDIA Install Application (Version: 2.1002.109.706) NVIDIA Update 1.10.8 (Version: 1.10.8) NVIDIA Update Components (Version: 1.10.8) OpenOffice 4.0.0 (Version: 4.00.9702) PaintTool SAI Ver.1 Pando Media Booster (Version: 2.7.0.0) PDF Settings CC (Version: 12.0) PVSonyDll (Version: 1.00.0001) Python 2.5 (Version: 2.5.150) QuickTime 7 (Version: 7.75.80.95) RealDownloader (Version: 17.0.8) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0) RealPlayer Cloud (Version: 17.0.8) Realtek High Definition Audio Driver (Version: 6.0.1.6045) RealUpgrade 1.1 (Version: 1.1.0) Roxio Activation Module (Version: 1.0) Roxio Central Audio (Version: 3.8.0) Roxio Central Core (Version: 3.8.0) Roxio Easy LP to MP3 (Version: 10.3) Roxio Easy LP to MP3 (Version: 10.3.104) Roxio Easy LP to MP3 (Version: 3.8.0) Roxio Express Labeler 3 (Version: 3.2.1) Roxio Update Manager (Version: 6.0.0) Sheep's Quest Skype 6.11 (Version: 6.11.102) SlingPlayer for Web (Version: 2.4.077) SMPlayer 0.6.9 (Version: 0.6.9) Sonic CinePlayer Decoder Pack (Version: 4.3.0) SpyroDriver (Version: 1.07.0000) SpyroPortalDriver (Version: 1.0.0) System Update kb70007 (Version: 1.0.0) TeamViewer 8 (Version: 8.0.26038) TES Construction Set The Lord of the Rings Online v03.08.00.8025 (Version: 03.08.00.8025) Torchlight (Version: 0.0.66.192) TUGZip 3.5 Turtix Two Worlds (Version: 1.7.0) UpdateService (Version: 1.0.0) v9 uninstaller Welcome Center (Version: 1.02.3102) Windows Live (Version: 15.4.3502.0922) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3508.1109) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Wrye Mash wxPython 2.8.0.1 (ansi) for Python 2.5 (Version: 2.8.0.1-ansi) Xvid 1.2.2 final uninstall (Version: 1.2) ZipGenius 6.3 (Version: 6.3) ========================= Memory info: =================================== Percentage of memory in use: 36% Total physical RAM: 2815.37 MB Available physical RAM: 1797.86 MB Total Pagefile: 5628.91 MB Available Pagefile: 3868.2 MB Total Virtual: 4095.88 MB Available Virtual: 3963.63 MB ========================= Partitions: ===================================== 1 Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:783.88 GB) NTFS 3 Drive e: () (Removable) (Total:7.45 GB) (Free:7.03 GB) FAT32 ========================= Users: ======================================== User accounts for \\POKEMON-PC Administrator ASPNET Guest Pokemon UpdatusUser **** End of log **** __________________________________________________________________________ 20:31:41.0748 0x063c TDSS rootkit removing tool 3.0.0.33 Apr 24 2014 14:02:50 20:31:44.0379 0x063c ============================================================ 20:31:44.0379 0x063c Current date / time: 2014/04/29 20:31:44.0379 20:31:44.0379 0x063c SystemInfo: 20:31:44.0379 0x063c 20:31:44.0379 0x063c OS Version: 6.1.7601 ServicePack: 1.0 20:31:44.0379 0x063c Product type: Workstation 20:31:44.0380 0x063c ComputerName: POKEMON-PC 20:31:44.0380 0x063c UserName: Pokemon 20:31:44.0380 0x063c Windows directory: C:\Windows 20:31:44.0380 0x063c System windows directory: C:\Windows 20:31:44.0380 0x063c Running under WOW64 20:31:44.0380 0x063c Processor architecture: Intel x64 20:31:44.0380 0x063c Number of processors: 2 20:31:44.0380 0x063c Page size: 0x1000 20:31:44.0380 0x063c Boot type: Normal boot 20:31:44.0380 0x063c ============================================================ 20:31:46.0191 0x063c KLMD registered as C:\Windows\system32\drivers\80766217.sys 20:31:46.0607 0x063c System UUID: {C245D280-B24B-B7C6-691E-2164614039B3} 20:31:47.0911 0x063c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:31:47.0911 0x063c Drive \Device\Harddisk1\DR1 - Size: 0x1DD700000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:31:47.0927 0x063c ============================================================ 20:31:47.0927 0x063c \Device\Harddisk0\DR0: 20:31:47.0927 0x063c MBR partitions: 20:31:47.0927 0x063c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x32000 20:31:47.0927 0x063c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x71FC3DB0 20:31:47.0927 0x063c \Device\Harddisk1\DR1: 20:31:47.0927 0x063c MBR partitions: 20:31:47.0927 0x063c \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEE9800 20:31:47.0927 0x063c ============================================================ 20:31:47.0989 0x063c C: <-> \Device\Harddisk0\DR0\Partition2 20:31:47.0989 0x063c ============================================================ 20:31:47.0989 0x063c Initialize success 20:31:47.0989 0x063c ============================================================ 20:31:49.0222 0x14d4 ============================================================ 20:31:49.0222 0x14d4 Scan started 20:31:49.0222 0x14d4 Mode: Manual; 20:31:49.0222 0x14d4 ============================================================ 20:31:49.0222 0x14d4 KSN ping started 20:31:52.0061 0x14d4 KSN ping finished: true 20:31:53.0262 0x14d4 ================ Scan system memory ======================== 20:31:53.0262 0x14d4 System memory - ok 20:31:53.0262 0x14d4 ================ Scan services ============================= 20:31:53.0418 0x14d4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:31:53.0418 0x14d4 1394ohci - ok 20:31:53.0449 0x14d4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:31:53.0465 0x14d4 ACPI - ok 20:31:53.0481 0x14d4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:31:53.0481 0x14d4 AcpiPmi - ok 20:31:53.0543 0x14d4 ADExchange - ok 20:31:53.0683 0x14d4 [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:31:53.0699 0x14d4 AdobeFlashPlayerUpdateSvc - ok 20:31:53.0746 0x14d4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:31:53.0746 0x14d4 adp94xx - ok 20:31:53.0808 0x14d4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:31:53.0808 0x14d4 adpahci - ok 20:31:53.0839 0x14d4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:31:53.0839 0x14d4 adpu320 - ok 20:31:53.0871 0x14d4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:31:53.0871 0x14d4 AeLookupSvc - ok 20:31:53.0917 0x14d4 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys 20:31:53.0933 0x14d4 AFD - ok 20:31:53.0933 0x14d4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 20:31:53.0949 0x14d4 agp440 - ok 20:31:53.0964 0x14d4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 20:31:53.0964 0x14d4 ALG - ok 20:31:54.0011 0x14d4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 20:31:54.0011 0x14d4 aliide - ok 20:31:54.0011 0x14d4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 20:31:54.0011 0x14d4 amdide - ok 20:31:54.0027 0x14d4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:31:54.0042 0x14d4 AmdK8 - ok 20:31:54.0058 0x14d4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:31:54.0058 0x14d4 AmdPPM - ok 20:31:54.0089 0x14d4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:31:54.0089 0x14d4 amdsata - ok 20:31:54.0120 0x14d4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:31:54.0120 0x14d4 amdsbs - ok 20:31:54.0136 0x14d4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:31:54.0136 0x14d4 amdxata - ok 20:31:54.0167 0x14d4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys 20:31:54.0167 0x14d4 AppID - ok 20:31:54.0198 0x14d4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:31:54.0198 0x14d4 AppIDSvc - ok 20:31:54.0229 0x14d4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 20:31:54.0245 0x14d4 Appinfo - ok 20:31:54.0307 0x14d4 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:31:54.0323 0x14d4 Apple Mobile Device - ok 20:31:54.0339 0x14d4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 20:31:54.0339 0x14d4 arc - ok 20:31:54.0370 0x14d4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:31:54.0370 0x14d4 arcsas - ok 20:31:54.0510 0x14d4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:31:54.0510 0x14d4 aspnet_state - ok 20:31:54.0557 0x14d4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:31:54.0557 0x14d4 AsyncMac - ok 20:31:54.0635 0x14d4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 20:31:54.0635 0x14d4 atapi - ok 20:31:54.0682 0x14d4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:31:54.0697 0x14d4 AudioEndpointBuilder - ok 20:31:54.0729 0x14d4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:31:54.0729 0x14d4 AudioSrv - ok 20:31:54.0760 0x14d4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:31:54.0760 0x14d4 AxInstSV - ok 20:31:54.0791 0x14d4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:31:54.0807 0x14d4 b06bdrv - ok 20:31:54.0822 0x14d4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:31:54.0838 0x14d4 b57nd60a - ok 20:31:54.0853 0x14d4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 20:31:54.0853 0x14d4 BDESVC - ok 20:31:54.0869 0x14d4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 20:31:54.0869 0x14d4 Beep - ok 20:31:54.0916 0x14d4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 20:31:54.0931 0x14d4 BFE - ok 20:31:54.0994 0x14d4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 20:31:55.0009 0x14d4 BITS - ok 20:31:55.0041 0x14d4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:31:55.0041 0x14d4 blbdrive - ok 20:31:55.0119 0x14d4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:31:55.0119 0x14d4 Bonjour Service - ok 20:31:55.0150 0x14d4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:31:55.0150 0x14d4 bowser - ok 20:31:55.0165 0x14d4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 20:31:55.0181 0x14d4 BrFiltLo - ok 20:31:55.0181 0x14d4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 20:31:55.0181 0x14d4 BrFiltUp - ok 20:31:55.0212 0x14d4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 20:31:55.0212 0x14d4 Browser - ok 20:31:55.0228 0x14d4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:31:55.0243 0x14d4 Brserid - ok 20:31:55.0259 0x14d4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:31:55.0259 0x14d4 BrSerWdm - ok 20:31:55.0275 0x14d4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:31:55.0275 0x14d4 BrUsbMdm - ok 20:31:55.0290 0x14d4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:31:55.0290 0x14d4 BrUsbSer - ok 20:31:55.0321 0x14d4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:31:55.0321 0x14d4 BTHMODEM - ok 20:31:55.0353 0x14d4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 20:31:55.0353 0x14d4 bthserv - ok 20:31:55.0368 0x14d4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:31:55.0368 0x14d4 cdfs - ok 20:31:55.0399 0x14d4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:31:55.0399 0x14d4 cdrom - ok 20:31:55.0431 0x14d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 20:31:55.0431 0x14d4 CertPropSvc - ok 20:31:55.0446 0x14d4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 20:31:55.0446 0x14d4 circlass - ok 20:31:55.0477 0x14d4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 20:31:55.0477 0x14d4 CLFS - ok 20:31:55.0509 0x14d4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:31:55.0540 0x14d4 clr_optimization_v2.0.50727_32 - ok 20:31:55.0571 0x14d4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:31:55.0571 0x14d4 clr_optimization_v2.0.50727_64 - ok 20:31:55.0665 0x14d4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:31:55.0665 0x14d4 clr_optimization_v4.0.30319_32 - ok 20:31:55.0680 0x14d4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:31:55.0696 0x14d4 clr_optimization_v4.0.30319_64 - ok 20:31:55.0727 0x14d4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 20:31:55.0727 0x14d4 CmBatt - ok 20:31:55.0743 0x14d4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:31:55.0743 0x14d4 cmdide - ok 20:31:55.0789 0x14d4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys 20:31:55.0789 0x14d4 CNG - ok 20:31:55.0805 0x14d4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:31:55.0805 0x14d4 Compbatt - ok 20:31:55.0836 0x14d4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:31:55.0836 0x14d4 CompositeBus - ok 20:31:55.0852 0x14d4 COMSysApp - ok 20:31:55.0867 0x14d4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:31:55.0867 0x14d4 crcdisk - ok 20:31:55.0899 0x14d4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:31:55.0899 0x14d4 CryptSvc - ok 20:31:55.0945 0x14d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:31:55.0961 0x14d4 DcomLaunch - ok 20:31:55.0977 0x14d4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 20:31:55.0992 0x14d4 defragsvc - ok 20:31:55.0992 0x14d4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:31:56.0008 0x14d4 DfsC - ok 20:31:56.0023 0x14d4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 20:31:56.0023 0x14d4 Dhcp - ok 20:31:56.0086 0x14d4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 20:31:56.0086 0x14d4 discache - ok 20:31:56.0101 0x14d4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 20:31:56.0101 0x14d4 Disk - ok 20:31:56.0133 0x14d4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:31:56.0133 0x14d4 Dnscache - ok 20:31:56.0164 0x14d4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 20:31:56.0179 0x14d4 dot3svc - ok 20:31:56.0211 0x14d4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 20:31:56.0211 0x14d4 DPS - ok 20:31:56.0242 0x14d4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:31:56.0242 0x14d4 drmkaud - ok 20:31:56.0289 0x14d4 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:31:56.0320 0x14d4 DXGKrnl - ok 20:31:56.0351 0x14d4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 20:31:56.0351 0x14d4 EapHost - ok 20:31:56.0491 0x14d4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:31:56.0601 0x14d4 ebdrv - ok 20:31:56.0632 0x14d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe 20:31:56.0632 0x14d4 EFS - ok 20:31:56.0757 0x14d4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:31:56.0772 0x14d4 ehRecvr - ok 20:31:56.0803 0x14d4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 20:31:56.0803 0x14d4 ehSched - ok 20:31:56.0835 0x14d4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:31:56.0850 0x14d4 elxstor - ok 20:31:56.0866 0x14d4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:31:56.0866 0x14d4 ErrDev - ok 20:31:56.0928 0x14d4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 20:31:56.0928 0x14d4 EventSystem - ok 20:31:56.0959 0x14d4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 20:31:56.0959 0x14d4 exfat - ok 20:31:56.0975 0x14d4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:31:56.0991 0x14d4 fastfat - ok 20:31:57.0022 0x14d4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 20:31:57.0037 0x14d4 Fax - ok 20:31:57.0053 0x14d4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 20:31:57.0053 0x14d4 fdc - ok 20:31:57.0069 0x14d4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 20:31:57.0069 0x14d4 fdPHost - ok 20:31:57.0084 0x14d4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 20:31:57.0084 0x14d4 FDResPub - ok 20:31:57.0100 0x14d4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:31:57.0100 0x14d4 FileInfo - ok 20:31:57.0115 0x14d4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:31:57.0115 0x14d4 Filetrace - ok 20:31:57.0131 0x14d4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 20:31:57.0131 0x14d4 flpydisk - ok 20:31:57.0147 0x14d4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:31:57.0162 0x14d4 FltMgr - ok 20:31:57.0225 0x14d4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 20:31:57.0256 0x14d4 FontCache - ok 20:31:57.0318 0x14d4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:31:57.0318 0x14d4 FontCache3.0.0.0 - ok 20:31:57.0381 0x14d4 [ 52B58A46BEEFB238C580B69FD051CB5B, 6C3B92F953DD55619BD6F0876850A441CAF7774EB873196F567F6A1C0D8CF182 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 20:31:57.0396 0x14d4 ForceWare Intelligent Application Manager (IAM) - ok 20:31:57.0412 0x14d4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:31:57.0412 0x14d4 FsDepends - ok 20:31:57.0443 0x14d4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:31:57.0443 0x14d4 Fs_Rec - ok 20:31:57.0474 0x14d4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:31:57.0490 0x14d4 fvevol - ok 20:31:57.0505 0x14d4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:31:57.0505 0x14d4 gagp30kx - ok 20:31:57.0552 0x14d4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:31:57.0552 0x14d4 GEARAspiWDM - ok 20:31:57.0599 0x14d4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 20:31:57.0615 0x14d4 gpsvc - ok 20:31:57.0646 0x14d4 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe 20:31:57.0646 0x14d4 GREGService - ok 20:31:57.0677 0x14d4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:31:57.0677 0x14d4 hcw85cir - ok 20:31:57.0708 0x14d4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:31:57.0724 0x14d4 HdAudAddService - ok 20:31:57.0739 0x14d4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 20:31:57.0755 0x14d4 HDAudBus - ok 20:31:57.0755 0x14d4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 20:31:57.0755 0x14d4 HidBatt - ok 20:31:57.0771 0x14d4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:31:57.0786 0x14d4 HidBth - ok 20:31:57.0802 0x14d4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 20:31:57.0802 0x14d4 HidIr - ok 20:31:57.0817 0x14d4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 20:31:57.0817 0x14d4 hidserv - ok 20:31:57.0864 0x14d4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:31:57.0864 0x14d4 HidUsb - ok 20:31:57.0895 0x14d4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:31:57.0895 0x14d4 hkmsvc - ok 20:31:57.0911 0x14d4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:31:57.0927 0x14d4 HomeGroupListener - ok 20:31:57.0942 0x14d4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:31:57.0942 0x14d4 HomeGroupProvider - ok 20:31:57.0958 0x14d4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:31:57.0958 0x14d4 HpSAMD - ok 20:31:58.0005 0x14d4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:31:58.0036 0x14d4 HTTP - ok 20:31:58.0051 0x14d4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:31:58.0051 0x14d4 hwpolicy - ok 20:31:58.0083 0x14d4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:31:58.0083 0x14d4 i8042prt - ok 20:31:58.0114 0x14d4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:31:58.0129 0x14d4 iaStorV - ok 20:31:58.0176 0x14d4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:31:58.0192 0x14d4 idsvc - ok 20:31:58.0223 0x14d4 IEEtwCollectorService - ok 20:31:58.0254 0x14d4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:31:58.0254 0x14d4 iirsp - ok 20:31:58.0301 0x14d4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 20:31:58.0317 0x14d4 IKEEXT - ok 20:31:58.0426 0x14d4 [ 2E3B99E8C23BE2BF32EBE1DB5261F275, F78C556A5152568301E8F8A2B02B154D802448D5402AB916AF8F59A95FDF479D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:31:58.0473 0x14d4 IntcAzAudAddService - ok 20:31:58.0488 0x14d4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 20:31:58.0504 0x14d4 intelide - ok 20:31:58.0535 0x14d4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys 20:31:58.0535 0x14d4 intelppm - ok 20:31:58.0566 0x14d4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:31:58.0566 0x14d4 IPBusEnum - ok 20:31:58.0582 0x14d4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:31:58.0582 0x14d4 IpFilterDriver - ok 20:31:58.0629 0x14d4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:31:58.0644 0x14d4 iphlpsvc - ok 20:31:58.0660 0x14d4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:31:58.0660 0x14d4 IPMIDRV - ok 20:31:58.0660 0x14d4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:31:58.0675 0x14d4 IPNAT - ok 20:31:58.0753 0x14d4 [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:31:58.0769 0x14d4 iPod Service - ok 20:31:58.0785 0x14d4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:31:58.0785 0x14d4 IRENUM - ok 20:31:58.0800 0x14d4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:31:58.0816 0x14d4 isapnp - ok 20:31:58.0831 0x14d4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:31:58.0847 0x14d4 iScsiPrt - ok 20:31:58.0878 0x14d4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:31:58.0878 0x14d4 kbdclass - ok 20:31:58.0894 0x14d4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:31:58.0894 0x14d4 kbdhid - ok 20:31:58.0925 0x14d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe 20:31:58.0925 0x14d4 KeyIso - ok 20:31:58.0956 0x14d4 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:31:58.0956 0x14d4 KSecDD - ok 20:31:58.0972 0x14d4 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:31:58.0972 0x14d4 KSecPkg - ok 20:31:58.0987 0x14d4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:31:58.0987 0x14d4 ksthunk - ok 20:31:59.0034 0x14d4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 20:31:59.0034 0x14d4 KtmRm - ok 20:31:59.0081 0x14d4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:31:59.0081 0x14d4 LanmanServer - ok 20:31:59.0097 0x14d4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:31:59.0097 0x14d4 LanmanWorkstation - ok 20:31:59.0159 0x14d4 [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe 20:31:59.0159 0x14d4 Live Updater Service - ok 20:31:59.0190 0x14d4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:31:59.0190 0x14d4 lltdio - ok 20:31:59.0206 0x14d4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:31:59.0221 0x14d4 lltdsvc - ok 20:31:59.0237 0x14d4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:31:59.0237 0x14d4 lmhosts - ok 20:31:59.0284 0x14d4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:31:59.0299 0x14d4 LSI_FC - ok 20:31:59.0315 0x14d4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:31:59.0331 0x14d4 LSI_SAS - ok 20:31:59.0331 0x14d4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:31:59.0346 0x14d4 LSI_SAS2 - ok 20:31:59.0377 0x14d4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:31:59.0377 0x14d4 LSI_SCSI - ok 20:31:59.0393 0x14d4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 20:31:59.0409 0x14d4 luafv - ok 20:31:59.0487 0x14d4 [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 20:31:59.0502 0x14d4 LVRS64 - ok 20:31:59.0908 0x14d4 [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 20:32:00.0048 0x14d4 LVUVC64 - ok 20:32:00.0111 0x14d4 [ FD5465B876D55534117963FAAA4B9DFC, 63A822A1EEEC42C30CCC9477431E310E3D360489A68BBCD805124681F21C0B6B ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 20:32:00.0111 0x14d4 MBAMProtector - ok 20:32:00.0313 0x14d4 [ 0E08BDD7326E657D59DB40BAD23D8169, 428C6CCCC0BB540DFD35847776140D60C186B9D2D14F0ACCD1A4D42A8877BD98 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe 20:32:00.0345 0x14d4 MBAMScheduler - ok 20:32:00.0391 0x14d4 [ A8E7F3DB083EB0839DFC1C763CDD2594, BDF416E360A52130B23B029C89E6406A97FB0516C52C7E63B94CAECEEB431A2E ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe 20:32:00.0407 0x14d4 MBAMService - ok 20:32:00.0454 0x14d4 [ 6140163BFE9D8F2DFDBA088ED5521C13, B7B501F0D1527A15B1610D133E97AB431574502F0553734009627488D0007595 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 20:32:00.0469 0x14d4 MBAMSwissArmy - ok 20:32:00.0532 0x14d4 [ C49915271600CFC2305FAA4271D0002F, 8412989C50579C79F27E4F9B178B2FF944C8F221AD70D213279D888F5449F868 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 20:32:00.0563 0x14d4 MBAMWebAccessControl - ok 20:32:00.0610 0x14d4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:32:00.0610 0x14d4 Mcx2Svc - ok 20:32:00.0641 0x14d4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 20:32:00.0641 0x14d4 megasas - ok 20:32:00.0672 0x14d4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:32:00.0672 0x14d4 MegaSR - ok 20:32:00.0750 0x14d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 20:32:00.0750 0x14d4 MMCSS - ok 20:32:00.0781 0x14d4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 20:32:00.0781 0x14d4 Modem - ok 20:32:00.0828 0x14d4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:32:00.0828 0x14d4 monitor - ok 20:32:00.0859 0x14d4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:32:00.0859 0x14d4 mouclass - ok 20:32:00.0875 0x14d4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\drivers\mouhid.sys 20:32:00.0875 0x14d4 mouhid - ok 20:32:00.0891 0x14d4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:32:00.0891 0x14d4 mountmgr - ok 20:32:00.0937 0x14d4 [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 20:32:00.0953 0x14d4 MpFilter - ok 20:32:00.0969 0x14d4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 20:32:00.0969 0x14d4 mpio - ok 20:32:00.0984 0x14d4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:32:01.0000 0x14d4 mpsdrv - ok 20:32:01.0031 0x14d4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:32:01.0047 0x14d4 MpsSvc - ok 20:32:01.0109 0x14d4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:32:01.0109 0x14d4 MRxDAV - ok 20:32:01.0140 0x14d4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:32:01.0140 0x14d4 mrxsmb - ok 20:32:01.0156 0x14d4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:32:01.0171 0x14d4 mrxsmb10 - ok 20:32:01.0187 0x14d4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:32:01.0187 0x14d4 mrxsmb20 - ok 20:32:01.0218 0x14d4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 20:32:01.0218 0x14d4 msahci - ok 20:32:01.0249 0x14d4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:32:01.0249 0x14d4 msdsm - ok 20:32:01.0265 0x14d4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 20:32:01.0265 0x14d4 MSDTC - ok 20:32:01.0296 0x14d4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:32:01.0296 0x14d4 Msfs - ok 20:32:01.0312 0x14d4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:32:01.0312 0x14d4 mshidkmdf - ok 20:32:01.0327 0x14d4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:32:01.0327 0x14d4 msisadrv - ok 20:32:01.0359 0x14d4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:32:01.0359 0x14d4 MSiSCSI - ok 20:32:01.0374 0x14d4 msiserver - ok 20:32:01.0390 0x14d4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:32:01.0405 0x14d4 MSKSSRV - ok 20:32:01.0468 0x14d4 [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 20:32:01.0468 0x14d4 MsMpSvc - ok 20:32:01.0499 0x14d4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:32:01.0499 0x14d4 MSPCLOCK - ok 20:32:01.0530 0x14d4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:32:01.0530 0x14d4 MSPQM - ok 20:32:01.0546 0x14d4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:32:01.0561 0x14d4 MsRPC - ok 20:32:01.0577 0x14d4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:32:01.0577 0x14d4 mssmbios - ok 20:32:01.0577 0x14d4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:32:01.0593 0x14d4 MSTEE - ok 20:32:01.0593 0x14d4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 20:32:01.0593 0x14d4 MTConfig - ok 20:32:01.0608 0x14d4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 20:32:01.0608 0x14d4 Mup - ok 20:32:01.0639 0x14d4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 20:32:01.0655 0x14d4 napagent - ok 20:32:01.0686 0x14d4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:32:01.0686 0x14d4 NativeWifiP - ok 20:32:01.0749 0x14d4 [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 20:32:01.0764 0x14d4 NAUpdate - ok 20:32:01.0827 0x14d4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 20:32:01.0858 0x14d4 NDIS - ok 20:32:01.0873 0x14d4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:32:01.0873 0x14d4 NdisCap - ok 20:32:01.0889 0x14d4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:32:01.0889 0x14d4 NdisTapi - ok 20:32:01.0905 0x14d4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:32:01.0905 0x14d4 Ndisuio - ok 20:32:01.0920 0x14d4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:32:01.0920 0x14d4 NdisWan - ok 20:32:01.0936 0x14d4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:32:01.0936 0x14d4 NDProxy - ok 20:32:01.0967 0x14d4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:32:01.0967 0x14d4 NetBIOS - ok 20:32:01.0983 0x14d4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:32:01.0983 0x14d4 NetBT - ok 20:32:01.0998 0x14d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe 20:32:01.0998 0x14d4 Netlogon - ok 20:32:02.0029 0x14d4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 20:32:02.0045 0x14d4 Netman - ok 20:32:02.0076 0x14d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:32:02.0076 0x14d4 NetMsmqActivator - ok 20:32:02.0092 0x14d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:32:02.0092 0x14d4 NetPipeActivator - ok 20:32:02.0123 0x14d4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 20:32:02.0139 0x14d4 netprofm - ok 20:32:02.0170 0x14d4 [ F3A1D8B7317939813568992D1BFDDE37, 816829E4B8DF5C6A2B09685ED45E844D8DE2C2721C90490A2957227025D057A0 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys 20:32:02.0185 0x14d4 netr7364 - ok 20:32:02.0217 0x14d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:32:02.0217 0x14d4 NetTcpActivator - ok 20:32:02.0217 0x14d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:32:02.0232 0x14d4 NetTcpPortSharing - ok 20:32:02.0248 0x14d4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:32:02.0248 0x14d4 nfrd960 - ok 20:32:02.0295 0x14d4 [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 20:32:02.0295 0x14d4 NisDrv - ok 20:32:02.0326 0x14d4 [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 20:32:02.0341 0x14d4 NisSrv - ok 20:32:02.0357 0x14d4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:32:02.0373 0x14d4 NlaSvc - ok 20:32:02.0388 0x14d4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:32:02.0404 0x14d4 Npfs - ok 20:32:02.0435 0x14d4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 20:32:02.0435 0x14d4 nsi - ok 20:32:02.0482 0x14d4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:32:02.0482 0x14d4 nsiproxy - ok 20:32:02.0591 0x14d4 [ 20E179A7FE78B37A02D30C4D34C870E7, 3E720CD52749E2F86897A89A2B7D3DE4C14255638111DB644C8F2C15174A6A2A ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 20:32:02.0591 0x14d4 nSvcIp - ok 20:32:02.0700 0x14d4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:32:02.0747 0x14d4 Ntfs - ok 20:32:02.0763 0x14d4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 20:32:02.0763 0x14d4 Null - ok 20:32:02.0809 0x14d4 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 20:32:02.0825 0x14d4 NVENETFD - ok 20:32:03.0262 0x14d4 [ 8E6247F418B4C8AE9EEB0B532CABCC21, 42AD2588CBC8C9478F289955AB1391C65788D0564CCA7E0F9A41B8498A8BA117 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:32:03.0574 0x14d4 nvlddmkm - ok 20:32:03.0667 0x14d4 [ 0AD267A4674805B61A5D7B911D2A978A, FD4A80BD4BBBC0D820E363EB1566FF878DE4097F2CCA2AC1BEDF75DE343F60E7 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys 20:32:03.0667 0x14d4 NVNET - ok 20:32:03.0745 0x14d4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:32:03.0761 0x14d4 nvraid - ok 20:32:03.0777 0x14d4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:32:03.0777 0x14d4 nvstor - ok 20:32:03.0808 0x14d4 [ 1E45F96342429D63DC30E0D9117DA3D8, 3D6DB9514594377CACFD766F0153B8DCF51DDF4172864DAF589CB1EE480D2027 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys 20:32:03.0808 0x14d4 nvstor64 - ok 20:32:03.0855 0x14d4 [ 41B97DCE2B2D113B831EB197F02A7398, 3168C646327E5C72741A326C12AD46A73234DA6A67DC21F66FF1D195A971FBFE ] nvsvc C:\Windows\system32\nvvsvc.exe 20:32:03.0886 0x14d4 nvsvc - ok 20:32:03.0964 0x14d4 [ A3A25E0509F67473B960DAF214828BE3, F2EC38B82DF46E5765FD8976AA5A7043637AC716F56B17D6DC7524E774602DE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 20:32:03.0979 0x14d4 nvUpdatusService - ok 20:32:04.0026 0x14d4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:32:04.0026 0x14d4 nv_agp - ok 20:32:04.0026 0x14d4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:32:04.0042 0x14d4 ohci1394 - ok 20:32:04.0073 0x14d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:32:04.0073 0x14d4 p2pimsvc - ok 20:32:04.0104 0x14d4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 20:32:04.0120 0x14d4 p2psvc - ok 20:32:04.0135 0x14d4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 20:32:04.0135 0x14d4 Parport - ok 20:32:04.0167 0x14d4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:32:04.0167 0x14d4 partmgr - ok 20:32:04.0182 0x14d4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll 20:32:04.0198 0x14d4 PcaSvc - ok 20:32:04.0213 0x14d4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 20:32:04.0213 0x14d4 pci - ok 20:32:04.0245 0x14d4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 20:32:04.0260 0x14d4 pciide - ok 20:32:04.0291 0x14d4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:32:04.0291 0x14d4 pcmcia - ok 20:32:04.0323 0x14d4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 20:32:04.0323 0x14d4 pcw - ok 20:32:04.0354 0x14d4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:32:04.0369 0x14d4 PEAUTH - ok 20:32:04.0494 0x14d4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:32:04.0525 0x14d4 PerfHost - ok 20:32:05.0025 0x14d4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 20:32:05.0071 0x14d4 pla - ok 20:32:05.0196 0x14d4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:32:05.0227 0x14d4 PlugPlay - ok 20:32:05.0290 0x14d4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:32:05.0305 0x14d4 PNRPAutoReg - ok 20:32:05.0368 0x14d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:32:05.0368 0x14d4 PNRPsvc - ok 20:32:05.0508 0x14d4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:32:05.0524 0x14d4 PolicyAgent - ok 20:32:05.0680 0x14d4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 20:32:05.0727 0x14d4 Power - ok 20:32:05.0758 0x14d4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:32:05.0773 0x14d4 PptpMiniport - ok 20:32:05.0789 0x14d4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 20:32:05.0805 0x14d4 Processor - ok 20:32:05.0883 0x14d4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll 20:32:05.0883 0x14d4 ProfSvc - ok 20:32:05.0914 0x14d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe 20:32:05.0914 0x14d4 ProtectedStorage - ok 20:32:06.0007 0x14d4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:32:06.0007 0x14d4 Psched - ok 20:32:06.0070 0x14d4 [ AED797CCA02783296C68AA10D0CFF8A9, DAD0ECDA3DE4F8A95B6DB8E447E484CD13A14133D39D766E7D0FB166E29216E8 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 20:32:06.0070 0x14d4 PxHlpa64 - ok 20:32:06.0117 0x14d4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:32:06.0148 0x14d4 ql2300 - ok 20:32:06.0195 0x14d4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:32:06.0195 0x14d4 ql40xx - ok 20:32:06.0241 0x14d4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 20:32:06.0241 0x14d4 QWAVE - ok 20:32:06.0257 0x14d4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:32:06.0257 0x14d4 QWAVEdrv - ok 20:32:06.0273 0x14d4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:32:06.0273 0x14d4 RasAcd - ok 20:32:06.0288 0x14d4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:32:06.0288 0x14d4 RasAgileVpn - ok 20:32:06.0304 0x14d4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 20:32:06.0319 0x14d4 RasAuto - ok 20:32:06.0335 0x14d4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:32:06.0335 0x14d4 Rasl2tp - ok 20:32:06.0366 0x14d4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 20:32:06.0366 0x14d4 RasMan - ok 20:32:06.0397 0x14d4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:32:06.0413 0x14d4 RasPppoe - ok 20:32:06.0413 0x14d4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:32:06.0413 0x14d4 RasSstp - ok 20:32:06.0444 0x14d4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:32:06.0460 0x14d4 rdbss - ok 20:32:06.0491 0x14d4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 20:32:06.0507 0x14d4 rdpbus - ok 20:32:06.0538 0x14d4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:32:06.0538 0x14d4 RDPCDD - ok 20:32:06.0569 0x14d4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:32:06.0569 0x14d4 RDPENCDD - ok 20:32:06.0585 0x14d4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:32:06.0585 0x14d4 RDPREFMP - ok 20:32:06.0631 0x14d4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:32:06.0631 0x14d4 RDPWD - ok 20:32:06.0663 0x14d4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:32:06.0663 0x14d4 rdyboost - ok 20:32:06.0850 0x14d4 [ 26BA6AB9DC5B0AAFFAACD8677A1DC95D, 4E49FC8783DFC768CDE3971CBA8EB26463A99DF20E94496FD502263E2452A7D1 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 20:32:06.0850 0x14d4 RealNetworks Downloader Resolver Service - ok 20:32:07.0115 0x14d4 [ 2CDB350B30063D18F4B5F7FBE8622107, 64D6E073925D6A09084A69D97EA72614924291076C718CB1C3851CC01AB07CE0 ] RealPlayer Cloud Service c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe 20:32:07.0146 0x14d4 RealPlayer Cloud Service - ok 20:32:07.0209 0x14d4 [ 60A867EE8C756FB631872084F9C29937, DB4E3CEF816C4085F8AF8C204398EEB548987C6F1DD99A30492185FE9EDA21BF ] RealPlayerUpdateSvc C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 20:32:07.0209 0x14d4 RealPlayerUpdateSvc - ok 20:32:07.0224 0x14d4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:32:07.0240 0x14d4 RemoteAccess - ok 20:32:07.0271 0x14d4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:32:07.0271 0x14d4 RemoteRegistry - ok 20:32:07.0396 0x14d4 [ 05FC44D32A144925EAE45570029FD6E1, 843976755AC807920C84D769D91C04AFA9CD02B71F4E8F20B0C16493AA878923 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe 20:32:07.0427 0x14d4 RoxMediaDB10 - ok 20:32:07.0505 0x14d4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:32:07.0505 0x14d4 RpcEptMapper - ok 20:32:07.0552 0x14d4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 20:32:07.0552 0x14d4 RpcLocator - ok 20:32:07.0599 0x14d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 20:32:07.0599 0x14d4 RpcSs - ok 20:32:07.0645 0x14d4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:32:07.0645 0x14d4 rspndr - ok 20:32:07.0645 0x14d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe 20:32:07.0645 0x14d4 SamSs - ok 20:32:07.0677 0x14d4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:32:07.0677 0x14d4 sbp2port - ok 20:32:07.0723 0x14d4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:32:07.0723 0x14d4 SCardSvr - ok 20:32:07.0739 0x14d4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:32:07.0739 0x14d4 scfilter - ok 20:32:07.0801 0x14d4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 20:32:07.0833 0x14d4 Schedule - ok 20:32:07.0864 0x14d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:32:07.0864 0x14d4 SCPolicySvc - ok 20:32:07.0895 0x14d4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:32:07.0895 0x14d4 SDRSVC - ok 20:32:07.0926 0x14d4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:32:07.0926 0x14d4 secdrv - ok 20:32:07.0942 0x14d4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 20:32:07.0942 0x14d4 seclogon - ok 20:32:07.0957 0x14d4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 20:32:07.0957 0x14d4 SENS - ok 20:32:07.0973 0x14d4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:32:07.0973 0x14d4 SensrSvc - ok 20:32:08.0004 0x14d4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:32:08.0004 0x14d4 Serenum - ok 20:32:08.0035 0x14d4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys 20:32:08.0035 0x14d4 Serial - ok 20:32:08.0035 0x14d4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:32:08.0035 0x14d4 sermouse - ok 20:32:08.0067 0x14d4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 20:32:08.0067 0x14d4 SessionEnv - ok 20:32:08.0082 0x14d4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:32:08.0082 0x14d4 sffdisk - ok 20:32:08.0082 0x14d4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:32:08.0098 0x14d4 sffp_mmc - ok 20:32:08.0098 0x14d4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:32:08.0098 0x14d4 sffp_sd - ok 20:32:08.0113 0x14d4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:32:08.0113 0x14d4 sfloppy - ok 20:32:08.0145 0x14d4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:32:08.0145 0x14d4 SharedAccess - ok 20:32:08.0223 0x14d4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:32:08.0223 0x14d4 ShellHWDetection - ok 20:32:08.0285 0x14d4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:32:08.0285 0x14d4 SiSRaid2 - ok 20:32:08.0301 0x14d4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:32:08.0301 0x14d4 SiSRaid4 - ok 20:32:08.0363 0x14d4 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:32:08.0363 0x14d4 SkypeUpdate - ok 20:32:08.0410 0x14d4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:32:08.0410 0x14d4 Smb - ok 20:32:08.0425 0x14d4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:32:08.0441 0x14d4 SNMPTRAP - ok 20:32:08.0457 0x14d4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 20:32:08.0457 0x14d4 spldr - ok 20:32:08.0550 0x14d4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 20:32:08.0566 0x14d4 Spooler - ok 20:32:08.0815 0x14d4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 20:32:08.0878 0x14d4 sppsvc - ok 20:32:08.0925 0x14d4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:32:08.0925 0x14d4 sppuinotify - ok 20:32:08.0956 0x14d4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:32:08.0971 0x14d4 srv - ok 20:32:08.0987 0x14d4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:32:09.0003 0x14d4 srv2 - ok 20:32:09.0018 0x14d4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:32:09.0018 0x14d4 srvnet - ok 20:32:09.0049 0x14d4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:32:09.0049 0x14d4 SSDPSRV - ok 20:32:09.0065 0x14d4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:32:09.0065 0x14d4 SstpSvc - ok 20:32:09.0096 0x14d4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:32:09.0096 0x14d4 stexstor - ok 20:32:09.0112 0x14d4 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys 20:32:09.0127 0x14d4 StillCam - ok 20:32:09.0159 0x14d4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 20:32:09.0174 0x14d4 stisvc - ok 20:32:09.0237 0x14d4 [ FF5EB78AF7DFB68C2FB363537AAF753E, BF34EBC28A18D31ADA21098FCD2F2D5FACE7AA9B49DB1AFA4AD248B2A58FE86E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 20:32:09.0237 0x14d4 stllssvr - ok 20:32:09.0252 0x14d4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 20:32:09.0252 0x14d4 swenum - ok 20:32:09.0299 0x14d4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 20:32:09.0315 0x14d4 swprv - ok 20:32:09.0424 0x14d4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 20:32:09.0455 0x14d4 SysMain - ok 20:32:09.0533 0x14d4 [ 90EF46C5E48B21087B6B4D07EDFDF6E3, EA3475774DB9269BBC7AE6E88984B0506EFEC8BCB30E5164FFEC6B2B95E2FB19 ] System Update kb70007 C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe 20:32:09.0533 0x14d4 System Update kb70007 - ok 20:32:09.0564 0x14d4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:32:09.0580 0x14d4 TabletInputService - ok 20:32:09.0595 0x14d4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 20:32:09.0595 0x14d4 TapiSrv - ok 20:32:09.0611 0x14d4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 20:32:09.0611 0x14d4 TBS - ok 20:32:09.0736 0x14d4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:32:09.0783 0x14d4 Tcpip - ok 20:32:09.0876 0x14d4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:32:09.0923 0x14d4 TCPIP6 - ok 20:32:09.0970 0x14d4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:32:09.0970 0x14d4 tcpipreg - ok 20:32:10.0001 0x14d4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:32:10.0001 0x14d4 TDPIPE - ok 20:32:10.0017 0x14d4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:32:10.0017 0x14d4 TDTCP - ok 20:32:10.0048 0x14d4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:32:10.0048 0x14d4 tdx - ok 20:32:10.0344 0x14d4 [ 775A7C4B689C0F112A12AD62064E57D1, C9E9B0F89AEA660CA80F8CC1C9E7116E199B267700265BB47640B0A9341C52FF ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe 20:32:10.0438 0x14d4 TeamViewer8 - ok 20:32:10.0453 0x14d4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 20:32:10.0469 0x14d4 TermDD - ok 20:32:10.0500 0x14d4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll 20:32:10.0516 0x14d4 TermService - ok 20:32:10.0531 0x14d4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 20:32:10.0531 0x14d4 Themes - ok 20:32:10.0563 0x14d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 20:32:10.0563 0x14d4 THREADORDER - ok 20:32:10.0625 0x14d4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 20:32:10.0625 0x14d4 TrkWks - ok 20:32:10.0703 0x14d4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:32:10.0719 0x14d4 TrustedInstaller - ok 20:32:10.0781 0x14d4 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:32:10.0781 0x14d4 tssecsrv - ok 20:32:10.0828 0x14d4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:32:10.0828 0x14d4 TsUsbFlt - ok 20:32:10.0843 0x14d4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 20:32:10.0843 0x14d4 TsUsbGD - ok 20:32:10.0859 0x14d4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:32:10.0875 0x14d4 tunnel - ok 20:32:10.0890 0x14d4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:32:10.0890 0x14d4 uagp35 - ok 20:32:10.0906 0x14d4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:32:10.0921 0x14d4 udfs - ok 20:32:10.0953 0x14d4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:32:10.0953 0x14d4 UI0Detect - ok 20:32:10.0968 0x14d4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:32:10.0968 0x14d4 uliagpkx - ok 20:32:10.0984 0x14d4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:32:10.0999 0x14d4 umbus - ok 20:32:11.0015 0x14d4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 20:32:11.0015 0x14d4 UmPass - ok 20:32:11.0062 0x14d4 [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 20:32:11.0062 0x14d4 UMVPFSrv - ok 20:32:11.0093 0x14d4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 20:32:11.0093 0x14d4 upnphost - ok 20:32:11.0124 0x14d4 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 20:32:11.0124 0x14d4 USBAAPL64 - ok 20:32:11.0155 0x14d4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:32:11.0155 0x14d4 usbaudio - ok 20:32:11.0187 0x14d4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys 20:32:11.0202 0x14d4 usbccgp - ok 20:32:11.0249 0x14d4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:32:11.0249 0x14d4 usbcir - ok 20:32:11.0280 0x14d4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:32:11.0296 0x14d4 usbehci - ok 20:32:11.0358 0x14d4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:32:11.0358 0x14d4 usbhub - ok 20:32:11.0374 0x14d4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 20:32:11.0374 0x14d4 usbohci - ok 20:32:11.0405 0x14d4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:32:11.0405 0x14d4 usbprint - ok 20:32:11.0421 0x14d4 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:32:11.0421 0x14d4 usbscan - ok 20:32:11.0436 0x14d4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:32:11.0452 0x14d4 USBSTOR - ok 20:32:11.0467 0x14d4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:32:11.0467 0x14d4 usbuhci - ok 20:32:11.0483 0x14d4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 20:32:11.0499 0x14d4 UxSms - ok 20:32:11.0499 0x14d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe 20:32:11.0499 0x14d4 VaultSvc - ok 20:32:11.0530 0x14d4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:32:11.0530 0x14d4 vdrvroot - ok 20:32:11.0561 0x14d4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 20:32:11.0577 0x14d4 vds - ok 20:32:11.0592 0x14d4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:32:11.0592 0x14d4 vga - ok 20:32:11.0608 0x14d4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 20:32:11.0608 0x14d4 VgaSave - ok 20:32:11.0623 0x14d4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:32:11.0623 0x14d4 vhdmp - ok 20:32:11.0655 0x14d4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 20:32:11.0655 0x14d4 viaide - ok 20:32:11.0670 0x14d4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:32:11.0670 0x14d4 volmgr - ok 20:32:11.0701 0x14d4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:32:11.0701 0x14d4 volmgrx - ok 20:32:11.0717 0x14d4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:32:11.0733 0x14d4 volsnap - ok 20:32:11.0748 0x14d4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:32:11.0748 0x14d4 vsmraid - ok 20:32:11.0811 0x14d4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 20:32:11.0857 0x14d4 VSS - ok 20:32:11.0873 0x14d4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:32:11.0873 0x14d4 vwifibus - ok 20:32:11.0889 0x14d4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:32:11.0889 0x14d4 vwififlt - ok 20:32:11.0920 0x14d4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 20:32:11.0935 0x14d4 W32Time - ok 20:32:11.0951 0x14d4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:32:11.0967 0x14d4 WacomPen - ok 20:32:12.0013 0x14d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:32:12.0013 0x14d4 WANARP - ok 20:32:12.0013 0x14d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:32:12.0013 0x14d4 Wanarpv6 - ok 20:32:12.0076 0x14d4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 20:32:12.0107 0x14d4 WatAdminSvc - ok 20:32:12.0169 0x14d4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 20:32:12.0201 0x14d4 wbengine - ok 20:32:12.0216 0x14d4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:32:12.0232 0x14d4 WbioSrvc - ok 20:32:12.0247 0x14d4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:32:12.0263 0x14d4 wcncsvc - ok 20:32:12.0279 0x14d4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:32:12.0279 0x14d4 WcsPlugInService - ok 20:32:12.0310 0x14d4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 20:32:12.0310 0x14d4 Wd - ok 20:32:12.0357 0x14d4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:32:12.0372 0x14d4 Wdf01000 - ok 20:32:12.0403 0x14d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:32:12.0403 0x14d4 WdiServiceHost - ok 20:32:12.0419 0x14d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:32:12.0419 0x14d4 WdiSystemHost - ok 20:32:12.0450 0x14d4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 20:32:12.0450 0x14d4 WebClient - ok 20:32:12.0481 0x14d4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:32:12.0497 0x14d4 Wecsvc - ok 20:32:12.0528 0x14d4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:32:12.0528 0x14d4 wercplsupport - ok 20:32:12.0606 0x14d4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 20:32:12.0606 0x14d4 WerSvc - ok 20:32:12.0684 0x14d4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:32:12.0684 0x14d4 WfpLwf - ok 20:32:12.0731 0x14d4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:32:12.0731 0x14d4 WIMMount - ok 20:32:12.0747 0x14d4 WinDefend - ok 20:32:12.0762 0x14d4 WinHttpAutoProxySvc - ok 20:32:12.0809 0x14d4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:32:12.0809 0x14d4 Winmgmt - ok 20:32:12.0887 0x14d4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 20:32:12.0934 0x14d4 WinRM - ok 20:32:12.0996 0x14d4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:32:13.0012 0x14d4 WinUsb - ok 20:32:13.0043 0x14d4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:32:13.0059 0x14d4 Wlansvc - ok 20:32:13.0168 0x14d4 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:32:13.0215 0x14d4 wlidsvc - ok 20:32:13.0246 0x14d4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:32:13.0246 0x14d4 WmiAcpi - ok 20:32:13.0277 0x14d4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:32:13.0277 0x14d4 wmiApSrv - ok 20:32:13.0308 0x14d4 WMPNetworkSvc - ok 20:32:13.0339 0x14d4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:32:13.0355 0x14d4 WPCSvc - ok 20:32:13.0355 0x14d4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:32:13.0371 0x14d4 WPDBusEnum - ok 20:32:13.0386 0x14d4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:32:13.0386 0x14d4 ws2ifsl - ok 20:32:13.0417 0x14d4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 20:32:13.0417 0x14d4 wscsvc - ok 20:32:13.0417 0x14d4 WSearch - ok 20:32:13.0542 0x14d4 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll 20:32:13.0589 0x14d4 wuauserv - ok 20:32:13.0620 0x14d4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:32:13.0620 0x14d4 WudfPf - ok 20:32:13.0651 0x14d4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:32:13.0667 0x14d4 WUDFRd - ok 20:32:13.0683 0x14d4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:32:13.0683 0x14d4 wudfsvc - ok 20:32:13.0714 0x14d4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 20:32:13.0729 0x14d4 WwanSvc - ok 20:32:13.0823 0x14d4 X6va008 - ok 20:32:13.0854 0x14d4 ================ Scan global =============================== 20:32:13.0870 0x14d4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 20:32:13.0901 0x14d4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 20:32:13.0917 0x14d4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 20:32:13.0948 0x14d4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 20:32:13.0963 0x14d4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 20:32:13.0963 0x14d4 [ Global ] - ok 20:32:13.0963 0x14d4 ================ Scan MBR ================================== 20:32:13.0979 0x14d4 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0 20:32:16.0085 0x14d4 \Device\Harddisk0\DR0 - ok 20:32:16.0085 0x14d4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 20:32:16.0101 0x14d4 \Device\Harddisk1\DR1 - ok 20:32:16.0101 0x14d4 ================ Scan VBR ================================== 20:32:16.0147 0x14d4 [ B7CAEC7C8BC77644351F08C502C2CB2A ] \Device\Harddisk0\DR0\Partition1 20:32:16.0179 0x14d4 \Device\Harddisk0\DR0\Partition1 - ok 20:32:16.0210 0x14d4 [ 80CE2CD362B2AC67F67980991AB1F004 ] \Device\Harddisk0\DR0\Partition2 20:32:16.0303 0x14d4 \Device\Harddisk0\DR0\Partition2 - ok 20:32:16.0303 0x14d4 [ 1A0EE1F5E7116DBD00032965D8381548 ] \Device\Harddisk1\DR1\Partition1 20:32:16.0303 0x14d4 \Device\Harddisk1\DR1\Partition1 - ok 20:32:16.0303 0x14d4 Waiting for KSN requests completion. In queue: 75 20:32:17.0349 0x14d4 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated ) 20:32:17.0349 0x14d4 Win FW state via NFP2: enabled 20:32:20.0344 0x14d4 ============================================================ 20:32:20.0344 0x14d4 Scan finished 20:32:20.0344 0x14d4 ============================================================ 20:32:20.0344 0x011c Detected object count: 0 20:32:20.0344 0x011c Actual detected object count: 0 20:33:54.0866 0x1618 Deinitialize success ___________________________________________________________________________________________________________ # AdwCleaner v3.205 - Report created 29/04/2014 at 20:39:32 # Updated 28/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Pokemon - POKEMON-PC # Running from : C:\Users\Pokemon\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\File Type Helper Folder Deleted : C:\Windows\SysWOW64\SearchProtect Folder Deleted : C:\Users\Pokemon\AppData\Local\Conduit Folder Deleted : C:\Users\Pokemon\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Pokemon\AppData\Roaming\SupTab Folder Deleted : C:\Users\Pokemon\AppData\Roaming\v9 Folder Deleted : C:\Users\Pokemon\Documents\Optimizer Pro Folder Deleted : C:\Users\Public\Documents\AlawarWrapper Folder Deleted : C:\Users\Pokemon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgboogeaaklojbicocbcepgdjjfbmgli File Deleted : C:\END File Deleted : C:\Users\Pokemon\AppData\Local\Temp\Uninstall.exe File Deleted : C:\Users\Pokemon\AppData\Roaming\Mozilla\Firefox\Profiles\y569mhko.default\searchplugins\bingp.xml File Deleted : C:\Windows\System32\Tasks\BlockAndSurf Update File Deleted : C:\Windows\System32\Tasks\BlockAndSurf_wd ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299570 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\blockAndSurf Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\supWPM Key Deleted : HKLM\Software\V9Software Key Deleted : HKLM\Software\Wpm Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\v9 uninstaller ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Pokemon\AppData\Roaming\Mozilla\Firefox\Profiles\y569mhko.default\prefs.js ] Line Deleted : user_pref("CT3299570.FF19Solved", "true"); Line Deleted : user_pref("CT3299570.UserID", "UN37116749261190419"); Line Deleted : user_pref("CT3299570.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3299570.fullUserID", "UN37116749261190419.IN.20131114140544"); Line Deleted : user_pref("CT3299570.installDate", "14/11/2013 14:05:48"); Line Deleted : user_pref("CT3299570.installSessionId", "{B150CF58-E856-48CC-9309-77A64027B7F5}"); Line Deleted : user_pref("CT3299570.installSp", "TRUE"); Line Deleted : user_pref("CT3299570.installerVersion", "1.8.1.4"); Line Deleted : user_pref("CT3299570.keyword", "true"); Line Deleted : user_pref("CT3299570.originalHomepage", "hxxp://www.google.com/"); Line Deleted : user_pref("CT3299570.originalSearchAddressUrl", ""); Line Deleted : user_pref("CT3299570.originalSearchEngine", ""); Line Deleted : user_pref("CT3299570.originalSearchEngineName", ""); Line Deleted : user_pref("CT3299570.searchRevert", "false"); Line Deleted : user_pref("CT3299570.searchUninstallUserMode", "2"); Line Deleted : user_pref("CT3299570.searchUserMode", "2"); Line Deleted : user_pref("CT3299570.smartbar.homepage", "true"); Line Deleted : user_pref("CT3299570.toolbarInstallDate", "14-11-2013 14:05:44"); Line Deleted : user_pref("CT3299570.versionFromInstaller", "10.22.3.18"); Line Deleted : user_pref("CT3299570.xpeMode", "0"); Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3299570&octid=CT3299570&SearchSource=61&CUI=UN37116749261190419&UM=2&UP=SP58F92D00-A4B4-4344-A080-EDCF3A262043"); Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Deleted : user_pref("browser.search.defaultthis.engineName", "findr- Customized Web Search"); Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3299570"); Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3299570&CUI=UN37116749261190419&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3299570&octid=CT3299570&SearchSource[...] Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299570&SearchSource=2&CUI=UN37116749261190419&UM=2&q="); Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3299570"); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3299570"); Line Deleted : user_pref("smartbar.machineId", "AWWKHCYP+DC5Z70ERDXCWPMNQHRPQQNVYN+FWPKRFB1BQJUFQBCDXAK5JMBEU9ZNPHOXM2TPVR2VJQSXTDPPYQ"); -\\ Google Chrome v [ File : C:\Users\Pokemon\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : fgboogeaaklojbicocbcepgdjjfbmgli Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc ************************* AdwCleaner[R0].txt - [8698 octets] - [29/04/2014 20:37:04] AdwCleaner[S0].txt - [7572 octets] - [29/04/2014 20:39:32] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7632 octets] ########## __________________________________________________________________________________ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Pokemon on Tue 04/29/2014 at 20:48:20.60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\conduit" Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{00C8B1A7-DA6D-45BF-AA41-F44E3C3FE0B4} Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{1C9AA11C-D0D2-4260-B53D-9AB0162F7783} Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{42616071-1A81-42D2-BF4A-127ED2F5C4BE} Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{46B26C3F-BEE2-4D09-A56B-B12CCD17298F} Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{70A38957-84EF-4258-896D-F8CC5179B6DB} Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{769D9DE5-568A-4D03-898A-45DD765D1384} Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{87F45961-74A8-486C-B195-653CEB9C78D1} Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{9EAADC5F-6FF4-4753-82C8-72AAF2039BE6} Successfully deleted: [Empty Folder] C:\Users\Pokemon\appdata\local\{E7E4E870-7DDE-4C0F-9265-3B4710C22265} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 04/29/2014 at 21:00:15.34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ______________________________________________________________________ C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined C:\OEM\Preload\Autorun\APP\Nero 10 Essentials eMachines Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted - quarantined C:\Users\Pokemon\AppData\Local\IdleCrawler\IdleCrawler.exe a variant of Win32/GigaClicks.AD potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AKZT735\findr-[1].exe Win32/Conduit.SearchProtect.J potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AKZT735\findr-[2].exe Win32/Conduit.SearchProtect.J potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AKZT735\stubinst_pkg_en-us[1].cab Win32/OpenCandy potentially unsafe application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NEVMGVYW\Setup[1].exe Win32/BrowseFox.B potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NEVMGVYW\SPSetup[1].exe Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NEVMGVYW\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCLUJFKC\statisticsstub[1].exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCLUJFKC\stubinst_pkg_en-us[1].cab Win32/OpenCandy potentially unsafe application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCLUJFKC\stublogic[1].exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCN6M3QS\stubinst_pkg_en-us[1].cab Win32/OpenCandy potentially unsafe application deleted - quarantined C:\Users\Pokemon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCN6M3QS\stubinst_pkg_en-us[2].cab Win32/OpenCandy potentially unsafe application deleted - quarantined C:\Users\Pokemon\AppData\Local\PMB Files\Upgrade41270\PMB_update.exe a variant of Win32/Injected.F trojan cleaned by deleting - quarantined C:\Users\Pokemon\AppData\Local\Temp\eova432m.0oi.exe probably a variant of Win32/AdWare.AddLyrics.AJ application cleaned by deleting - quarantined C:\Users\Pokemon\AppData\Local\Temp\hs5lpuro.mno.exe a variant of Win32/GigaClicks.AD potentially unwanted application deleted - quarantined C:\Users\Pokemon\AppData\Local\Temp\is1104650885\11140080_stp\OptimizerPro.exe Win32/SpeedingUpMyPC.I application cleaned by deleting - quarantined C:\Users\Pokemon\AppData\Local\Temp\{55DC42F0-FD09-4B5A-9782-9072A7C8280D}\setup.exe multiple threats cleaned by deleting - quarantined


Edited by boopme, 02 May 2014 - 02:28 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 02 May 2014 - 02:29 PM

Hi, Yes any unknown Add-ons too.

Restart the machine

 

Update MBAM and scan again and post that log.

 

How is it running now?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:31 AM

Posted 02 May 2014 - 09:57 PM

I'm still not able to access IE and Firefox spawns popups. Firefox v28.0; Plugins:Adobe Acrobat 9.5.5.316, AdobeAAMDetect 2.0.0.0, iTunes Application Detector 1.0.1.1, Java Development Toolkit 7.0.550.14 10.55.2.14, Java™ Platform SE 7 U55 10.55.2.14, Nexon Game Controller 1.0.1.2, Pando Web Plugin 1.0.0.1, QuickTime Plug-in 7.7.5 7.7.5.0, RealPlayer Download Plugin 17.0.8.22, RealPlayer Video Downloader (32-bit) 17.0.8.6, RealPlayer Video Downloader for HTML5 (32-bit) 17.0.8.6, RealPlayer Video Downloader for PepperFlash (32-bit) 17.0.8.6, RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) 17.0.8.22, Silverlight Plug-In 5.1.30214.0, Windows Live Photo Gallery 15.4.3508.1109 -- Firefox Extensions: NoScript 2.6.8.20 -- Firefox Appearance: Default 29.0 --- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/2/2014 Scan Time: 9:14:20 PM Logfile: Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.03.01 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Pokemon Scan Type: Threat Scan Result: Completed Objects Scanned: 316170 Time Elapsed: 31 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 03 May 2014 - 09:48 AM

Let's try one more here.

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:31 AM

Posted 03 May 2014 - 10:26 AM

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Pokemon [Admin rights] Mode : Scan -- Date : 05/03/2014 10:23:08 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8118;hxxps=127.0.0.1:8118) -> FOUND [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][SUSP PATH] IdleCrawler Runner : "%LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe" [x] -> FOUND [V2][SUSP PATH] IdleCrawler Update : "%LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe" - --Update [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA SCSI Disk Device +++++ --- User --- [MBR] c761b701cb82f86b44de09240033faa1 [BSP] 9e58ca0a6bf918de1465b98e6dc89597 : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20000 MB 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40962048 | Size: 100 MB 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 933767 MB User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_05032014_102308.txt >>

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 05 May 2014 - 01:22 PM

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", this time click the Delete button.
  • Copy and paste the report that opens into your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete
Sorry for the delay, had a major working weekend.
 
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:31 AM

Posted 05 May 2014 - 07:54 PM

Hey, no problem. There are still ads and popups, and without IE. While logging into this site, I received a message from Malwarebytes that it blocked a process called privoxy.exe. Although you didn't tell me to, without thinking I deleted the files in MB quarantine (after the roguekiller scan/delete)and the ads seemed to appear more often. I'm sorry about that. RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Pokemon [Admin rights] Mode : Scan -- Date : 05/05/2014 19:23:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8118;hxxps=127.0.0.1:8118) -> FOUND [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][SUSP PATH] IdleCrawler Runner : "%LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe" [x] -> FOUND [V2][SUSP PATH] IdleCrawler Update : "%LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe" - --Update [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA SCSI Disk Device +++++ --- User --- [MBR] c761b701cb82f86b44de09240033faa1 [BSP] 9e58ca0a6bf918de1465b98e6dc89597 : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20000 MB 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40962048 | Size: 100 MB 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 933767 MB User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_05052014_192348.txt >> RKreport[0]_S_05032014_102308.txt;RKreport[0]_S_05032014_103052.txt

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 05 May 2014 - 10:40 PM

There is something on here that I cannot see. For one the logs are not posting properly. I think it is protected and we willneed a deeper look and stronger tools to remove it.
We need a new topic.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users