Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with a sick Win 8 laptop


  • This topic is locked This topic is locked
11 replies to this topic

#1 laptop4me

laptop4me

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canton, Georgia
  • Local time:06:51 PM

Posted 27 May 2014 - 09:27 PM

Hi there

 

Sorry to skip the Introduction, but my friend's Windows 8 laptop is having some issues, malware I think.

Last week Kaspersky Pure 3.0 removed a rootkit, but blank windows keep popping up in Firefox, and there are other things, so I am seeking professional help for him.

So I started with the Preparation Guide. But when I tried to run DDS, I got the attached screen, that it won't run in compatibility mode.

First question: What do I need to do to make DDS run?

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 28 May 2014 - 03:36 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 laptop4me

laptop4me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canton, Georgia
  • Local time:06:51 PM

Posted 28 May 2014 - 05:25 PM

Hey there TB-Psychotic, I appreciate your help.

Here are the logs (multiple posts)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Lee (administrator) on LAPTOP4LEE on 28-05-2014 17:59:05
Running from C:\Users\Lee\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Users\Lee\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Lee\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-02-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2508797896-4127050247-2938979256-1002\...\Run: [Google Update] => C:\Users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-14] (Google Inc.)
Startup: C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ff&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyB0Ezy0FyE0CyB0B0EyEtN0D0Tzu0SzzyBtBtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyB0Fzz0A0FtC0F0DtGyE0C0EtAtG0DtAzy0BtGtCtCtDtCtGtAyB0CyEyEtB0AyEtDyE0A0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDyB0E0FzztCtAtGtBtDtDtCtGtCtA0B0DtGzzzyzzyBtGtByDzz0DtB0B0EzyyCtAyCyE2Q&cr=267317616&ir=
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {349336B2-50EF-438F-B23B-AAC3FF49B87B} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3153924&CUI=UN37515260262192318&UM=2&SSPV=&UP=SPDD502B1C-2534-42D6-B8AC-5AA565753D80
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3153924&CUI=UN37515260262192318&UM=2&SSPV=&UP=SPDD502B1C-2534-42D6-B8AC-5AA565753D80
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ff&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyB0Ezy0FyE0CyB0B0EyEtN0D0Tzu0SzzyBtBtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyB0Fzz0A0FtC0F0DtGyE0C0EtAtG0DtAzy0BtGtCtCtDtCtGtAyB0CyEyEtB0AyEtDyE0A0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDyB0E0FzztCtAtGtBtDtDtCtGtCtA0B0DtGzzzyzzyBtGtByDzz0DtB0B0EzyyCtAyCyE2Q&cr=267317616&ir=
SearchScopes: HKCU - {349336B2-50EF-438F-B23B-AAC3FF49B87B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3153924&CUI=UN37515260262192318&UM=2&SSPV=S41AIE
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default
FF DefaultSearchEngine: Speedial
FF Homepage: hxxp://www.dogpile.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lee\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lee\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Connect DLCS  - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\Extensions\{aad50c91-b136-49d9-8b30-0e8d3ead63d0} [2013-12-28]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-12-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-12-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-12-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-12-19]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR DefaultSearchProvider:       "name": "Speedial"
CHR Extension: (Google Docs) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-14]
CHR Extension: (Google Drive) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (Google Search) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-14]
CHR Extension: (Safe Money) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-14]
CHR Extension: (Content Blocker) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-14]
CHR Extension: (RealDownloader) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-14]
CHR Extension: (Virtual Keyboard) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-14]
CHR Extension: (Google Wallet) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-14]
CHR Extension: (Anti-Banner) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-14]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2583080 2014-03-13] (NCH Software)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-12] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 A5AGU; C:\Windows\system32\DRIVERS\AGUx64.sys [1077760 2008-08-06] (D-Link Corporation)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-12] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-04-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-26] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-12] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-04-29] ()
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 17:59 - 2014-05-28 17:59 - 00026024 _____ () C:\Users\Lee\Desktop\FRST.txt
2014-05-28 17:58 - 2014-05-28 17:59 - 00000000 ____D () C:\FRST
2014-05-28 17:57 - 2014-05-28 17:57 - 02066944 _____ (Farbar) C:\Users\Lee\Desktop\FRST64.exe
2014-05-27 20:07 - 2014-05-28 15:48 - 00003340 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-27 17:39 - 2014-05-27 17:39 - 00004026 _____ () C:\WINDOWS\System32\Tasks\LaunchApp
2014-05-27 16:47 - 2014-05-27 16:47 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Oracle
2014-05-27 16:19 - 2014-04-18 08:43 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-05-27 16:18 - 2014-04-18 08:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-05-27 16:18 - 2014-04-18 08:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-05-27 15:59 - 2014-05-27 15:59 - 00000000 ____D () C:\Users\Lee\Documents\Java
2014-05-22 07:02 - 2014-05-28 12:01 - 00003362 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-22 07:02 - 2014-05-28 12:01 - 00003310 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-21 23:12 - 2014-05-27 16:21 - 00000547 _____ () C:\WINDOWS\wininit.ini
2014-05-21 23:08 - 2014-05-21 23:31 - 00000000 ____D () C:\Program Files (x86)\webget
2014-05-21 23:06 - 2014-05-21 23:04 - 28114944 _____ () C:\Users\Lee\Downloads\SkypeSetup.exe
2014-05-17 02:20 - 2014-05-17 16:03 - 00000000 ____D () C:\Users\Lee\AppData\Local\IdleCrawler
2014-05-17 02:20 - 2014-05-17 02:20 - 00004574 _____ () C:\WINDOWS\System32\Tasks\IdleCrawler Runner
2014-05-17 02:20 - 2014-05-17 02:20 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Oxy
2014-05-17 02:09 - 2014-05-27 18:54 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Oxy
2014-05-17 01:46 - 2014-05-17 01:46 - 00000806 _____ () C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
2014-05-17 01:01 - 2014-05-17 01:42 - 00000000 ____D () C:\Users\Lee\AppData\Local\jZip
2014-05-17 00:58 - 2014-05-17 01:42 - 00000000 ____D () C:\Program Files (x86)\jZip
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\Users\Lee\AppData\Local\oDesk
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\Program Files (x86)\oDesk
2014-05-15 22:31 - 2014-05-15 22:31 - 03722456 _____ (oDesk Corporation) C:\Users\Lee\Downloads\oDeskSetup.exe
2014-05-15 12:06 - 2014-05-01 16:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-15 12:06 - 2014-05-01 16:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 06:31 - 2014-05-14 06:31 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-05-14 06:31 - 2014-05-14 06:31 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 03:31 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 03:31 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 03:31 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 03:31 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 03:31 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 03:30 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 03:30 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 03:30 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 03:30 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 03:30 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 03:30 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 03:30 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 03:30 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 03:30 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 03:30 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 03:30 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 03:30 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 03:30 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 03:30 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 03:30 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 03:30 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 03:30 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 03:30 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 03:30 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 03:30 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 03:30 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 03:30 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 03:30 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 03:30 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 03:30 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 03:30 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 03:30 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 03:29 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 03:29 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 03:29 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 03:29 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 03:29 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 03:29 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 03:29 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 03:29 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 03:29 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 03:29 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-13 00:24 - 2014-05-13 00:24 - 00000000 ____D () C:\Users\Lee\Downloads\xlsx
2014-05-12 14:38 - 2014-05-28 15:48 - 00003288 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-11 17:51 - 2014-05-11 17:51 - 398149487 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-11 17:51 - 2014-05-11 17:51 - 00712032 _____ () C:\WINDOWS\Minidump\051114-27640-01.dmp
2014-05-11 17:51 - 2014-05-11 17:51 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-08 19:34 - 2014-05-26 19:05 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 19:34 - 2014-05-08 19:34 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 19:34 - 2014-05-08 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 19:34 - 2014-05-08 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 19:34 - 2014-05-08 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-08 19:34 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-08 19:34 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-08 19:34 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-08 19:32 - 2014-05-08 19:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lee\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 13:21 - 2014-05-02 13:23 - 00000000 ____D () C:\Users\Lee\Documents\FORD PAYMENTS-RECIEPTS
2014-05-02 09:50 - 2014-05-02 09:50 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 09:50 - 2014-05-02 09:50 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 16:55 - 2014-05-01 16:55 - 00000000 __SHD () C:\Users\Lee\AppData\Local\EmieUserList
2014-05-01 16:55 - 2014-05-01 16:55 - 00000000 __SHD () C:\Users\Lee\AppData\Local\EmieSiteList
2014-04-30 16:19 - 2014-05-26 22:40 - 00000000 ___RD () C:\Backup
2014-04-29 10:58 - 2014-04-29 10:58 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{9CF0CF7A-40DA-4470-8904-32751D019F7F}
2014-04-28 03:34 - 2014-04-29 11:03 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-04-28 03:34 - 2014-04-29 10:31 - 00016152 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-04-28 03:34 - 2014-04-28 03:34 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-28 03:34 - 2014-04-28 03:34 - 00000000 ____D () C:\Users\Lee\AppData\Local\SlimWare Utilities Inc
2014-04-28 03:33 - 2014-04-28 03:33 - 00739824 _____ (SlimWare Utilities, Inc.) C:\Users\Lee\Downloads\DriverUpdate-setup.exe
2014-04-28 03:14 - 2014-05-07 23:27 - 00000000 ____D () C:\Users\Lee\Documents\Optimizer Pro
2014-04-28 03:13 - 2014-04-29 10:36 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-04-28 03:12 - 2014-04-29 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter

==================== One Month Modified Files and Folders =======

2014-05-28 17:59 - 2014-05-28 17:59 - 00026024 _____ () C:\Users\Lee\Desktop\FRST.txt
2014-05-28 17:59 - 2014-05-28 17:58 - 00000000 ____D () C:\FRST
2014-05-28 17:58 - 2014-03-12 02:59 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7244D07E-8011-4788-B686-C0B9108529F7}
2014-05-28 17:57 - 2014-05-28 17:57 - 02066944 _____ (Farbar) C:\Users\Lee\Desktop\FRST64.exe
2014-05-28 17:49 - 2013-12-19 20:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-28 17:25 - 2014-03-14 00:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2508797896-4127050247-2938979256-1002UA.job
2014-05-28 17:13 - 2013-12-24 03:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-28 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-28 16:04 - 2013-12-21 14:41 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-28 15:48 - 2014-05-27 20:07 - 00003340 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-28 15:48 - 2014-05-12 14:38 - 00003288 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-28 15:48 - 2014-03-14 00:09 - 00002374 _____ () C:\Users\Lee\Desktop\Google Chrome.lnk
2014-05-28 15:48 - 2013-10-14 21:15 - 00000000 ____D () C:\Users\Lee\Documents\Outlook Files
2014-05-28 15:47 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-28 12:42 - 2014-03-12 02:54 - 01373405 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-28 12:29 - 2014-03-14 00:06 - 00000870 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2508797896-4127050247-2938979256-1002Core.job
2014-05-28 12:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-28 12:01 - 2014-05-22 07:02 - 00003362 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-28 12:01 - 2014-05-22 07:02 - 00003310 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2508797896-4127050247-2938979256-1002
2014-05-28 12:00 - 2014-03-12 02:28 - 00000000 ____D () C:\Users\Lee
2014-05-27 20:05 - 2013-11-14 03:20 - 00018862 _____ () C:\WINDOWS\PFRO.log
2014-05-27 19:36 - 2014-01-13 01:06 - 00000000 ____D () C:\Users\Lee\Documents\DOCS
2014-05-27 18:54 - 2014-05-17 02:09 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Oxy
2014-05-27 18:52 - 2013-12-19 17:58 - 00000000 ___RD () C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 17:39 - 2014-05-27 17:39 - 00004026 _____ () C:\WINDOWS\System32\Tasks\LaunchApp
2014-05-27 16:47 - 2014-05-27 16:47 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Oracle
2014-05-27 16:27 - 2014-04-18 08:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-27 16:21 - 2014-05-21 23:12 - 00000547 _____ () C:\WINDOWS\wininit.ini
2014-05-27 16:17 - 2014-04-18 08:43 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 15:59 - 2014-05-27 15:59 - 00000000 ____D () C:\Users\Lee\Documents\Java
2014-05-26 22:40 - 2014-04-30 16:19 - 00000000 ___RD () C:\Backup
2014-05-26 19:05 - 2014-05-08 19:34 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 17:19 - 2014-01-08 11:24 - 00000000 ____D () C:\Users\Lee\Documents\E-Books PDF's
2014-05-24 17:28 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-21 23:31 - 2014-05-21 23:08 - 00000000 ____D () C:\Program Files (x86)\webget
2014-05-21 23:04 - 2014-05-21 23:06 - 28114944 _____ () C:\Users\Lee\Downloads\SkypeSetup.exe
2014-05-20 21:40 - 2013-11-14 03:28 - 00006428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-20 21:39 - 2013-08-22 10:46 - 00334213 _____ () C:\WINDOWS\setupact.log
2014-05-19 16:25 - 2014-03-29 03:05 - 00000000 ____D () C:\Users\Lee\Documents\PUB's
2014-05-19 16:22 - 2014-03-20 19:38 - 00000000 ____D () C:\Users\Lee\Documents\Order PDF's
2014-05-17 16:03 - 2014-05-17 02:20 - 00000000 ____D () C:\Users\Lee\AppData\Local\IdleCrawler
2014-05-17 15:51 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-17 02:20 - 2014-05-17 02:20 - 00004574 _____ () C:\WINDOWS\System32\Tasks\IdleCrawler Runner
2014-05-17 02:20 - 2014-05-17 02:20 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Oxy
2014-05-17 01:46 - 2014-05-17 01:46 - 00000806 _____ () C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
2014-05-17 01:42 - 2014-05-17 01:01 - 00000000 ____D () C:\Users\Lee\AppData\Local\jZip
2014-05-17 01:42 - 2014-05-17 00:58 - 00000000 ____D () C:\Program Files (x86)\jZip
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\Users\Lee\AppData\Local\oDesk
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\Program Files (x86)\oDesk
2014-05-15 22:31 - 2014-05-15 22:31 - 03722456 _____ (oDesk Corporation) C:\Users\Lee\Downloads\oDeskSetup.exe
2014-05-15 13:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 12:16 - 2013-12-19 17:58 - 00000000 ___RD () C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 12:03 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-15 12:03 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 12:03 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 12:03 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-15 12:03 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-15 12:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 12:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 08:33 - 2013-12-20 19:29 - 00000000 ____D () C:\Users\Lee\AppData\Local\Microsoft Help
2014-05-14 06:34 - 2013-12-20 19:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 06:31 - 2014-05-14 06:31 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-05-14 06:31 - 2014-05-14 06:31 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 06:29 - 2013-12-19 22:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 06:25 - 2013-12-19 22:44 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 23:49 - 2014-03-25 23:29 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2014-05-13 16:15 - 2013-12-25 13:25 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 14:14 - 2013-12-24 03:16 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 00:24 - 2014-05-13 00:24 - 00000000 ____D () C:\Users\Lee\Downloads\xlsx
2014-05-11 19:42 - 2013-12-19 18:07 - 00000000 ____D () C:\Users\Lee\AppData\Local\Hewlett-Packard
2014-05-11 17:51 - 2014-05-11 17:51 - 398149487 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-11 17:51 - 2014-05-11 17:51 - 00712032 _____ () C:\WINDOWS\Minidump\051114-27640-01.dmp
2014-05-11 17:51 - 2014-05-11 17:51 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-11 16:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-05-11 08:09 - 2014-03-18 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 04:09 - 2013-12-26 18:09 - 00000000 ____D () C:\Users\Lee\Downloads\HTML's
2014-05-08 20:06 - 2013-12-28 22:05 - 00000000 ____D () C:\ProgramData\Conduit
2014-05-08 19:34 - 2014-05-08 19:34 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 19:34 - 2014-05-08 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 19:34 - 2014-05-08 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 19:34 - 2014-05-08 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-08 19:32 - 2014-05-08 19:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lee\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 12:20 - 2014-03-14 00:06 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2508797896-4127050247-2938979256-1002UA
2014-05-08 12:20 - 2014-03-14 00:06 - 00003484 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2508797896-4127050247-2938979256-1002Core
2014-05-07 23:27 - 2014-04-28 03:14 - 00000000 ____D () C:\Users\Lee\Documents\Optimizer Pro
2014-05-07 23:27 - 2014-04-11 09:48 - 00000000 ____D () C:\Users\Lee\Documents\ON-LINE PAYMENTS
2014-05-07 23:27 - 2014-04-06 12:58 - 00000000 ____D () C:\Users\Lee\Documents\PRAYERS
2014-05-07 23:27 - 2013-12-25 03:37 - 00000000 ____D () C:\Users\Lee\Documents\html's
2014-05-07 23:27 - 2013-12-23 16:31 - 00000000 ____D () C:\Users\Lee\Documents\JobsRadar_com - Find Jobs_ Showcase Your Resume_ Get Hired__files
2014-05-07 23:27 - 2013-12-19 17:47 - 00000000 ___HD () C:\Users\Lee\Documents\hp.system.package.metadata
2014-05-07 23:27 - 2013-12-11 03:22 - 00000000 ___SD () C:\Users\Lee\Documents\Passwords Database
2014-05-07 23:27 - 2013-10-30 19:11 - 00000000 ____D () C:\Users\Lee\Documents\JOBS ON LINE
2014-05-07 23:27 - 2013-10-14 11:39 - 00000000 ____D () C:\Users\Lee\Documents\Youcam
2014-05-06 00:40 - 2014-05-14 03:29 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-14 03:29 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-14 03:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 03:29 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-02 13:23 - 2014-05-02 13:21 - 00000000 ____D () C:\Users\Lee\Documents\FORD PAYMENTS-RECIEPTS
2014-05-02 09:50 - 2014-05-02 09:50 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 09:50 - 2014-05-02 09:50 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 16:55 - 2014-05-01 16:55 - 00000000 __SHD () C:\Users\Lee\AppData\Local\EmieUserList
2014-05-01 16:55 - 2014-05-01 16:55 - 00000000 __SHD () C:\Users\Lee\AppData\Local\EmieSiteList
2014-05-01 16:30 - 2014-05-15 12:06 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:30 - 2014-05-15 12:06 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 11:03 - 2014-04-28 03:34 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-04-29 10:58 - 2014-04-29 10:58 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{9CF0CF7A-40DA-4470-8904-32751D019F7F}
2014-04-29 10:36 - 2014-04-28 03:13 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-04-29 10:35 - 2014-04-28 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2014-04-29 10:31 - 2014-04-28 03:34 - 00016152 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-04-28 03:34 - 2014-04-28 03:34 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-04-28 03:34 - 2014-04-28 03:34 - 00000000 ____D () C:\Users\Lee\AppData\Local\SlimWare Utilities Inc
2014-04-28 03:33 - 2014-04-28 03:33 - 00739824 _____ (SlimWare Utilities, Inc.) C:\Users\Lee\Downloads\DriverUpdate-setup.exe
2014-04-28 03:26 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-28 03:20 - 2013-12-24 03:14 - 00000000 ____D () C:\Users\Lee\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Lee\AppData\Local\Temp\23890Largepdf_00000004499.pdf_Downloader.exe
C:\Users\Lee\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lee\AppData\Local\Temp\htmlayout.dll
C:\Users\Lee\AppData\Local\Temp\infozip2.exe
C:\Users\Lee\AppData\Local\Temp\lowproc.exe
C:\Users\Lee\AppData\Local\Temp\ms.exe
C:\Users\Lee\AppData\Local\Temp\SCC.dll
C:\Users\Lee\AppData\Local\Temp\setup.exe
C:\Users\Lee\AppData\Local\Temp\setup__3635.exe
C:\Users\Lee\AppData\Local\Temp\som_fs.exe
C:\Users\Lee\AppData\Local\Temp\som_mp4_encoder.exe
C:\Users\Lee\AppData\Local\Temp\stubhelper.dll
C:\Users\Lee\AppData\Local\Temp\SymCCIS.dll
C:\Users\Lee\AppData\Local\Temp\tmp3133.exe
C:\Users\Lee\AppData\Local\Temp\tmpA7C1.exe
C:\Users\Lee\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-28 16:05

==================== End Of Log ============================.

 

 



#4 laptop4me

laptop4me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canton, Georgia
  • Local time:06:51 PM

Posted 28 May 2014 - 05:27 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Lee at 2014-05-28 18:01:36
Running from C:\Users\Lee\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F2CE207D-C146-4BFD-A1C2-219483C58819}) (Version:  - Microsoft)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Express Dictate (HKLM-x32\...\Express) (Version: 5.72 - NCH Software)
Express Invoice (HKLM-x32\...\ExpressInvoice) (Version: 4.05 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.63 - NCH Software)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IdleCrawler (HKLM-x32\...\IdleCrawler) (Version: 41.0.0.93 - Internet Deep Research Foundation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051F0}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
oDesk Team (HKCU\...\oDVT) (Version:  - oDesk Corporation)
PC Fix Speed 1.2.0.42 (HKLM-x32\...\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1) (Version: 1.2.0.42 - Crawler, LLC)
PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

13-05-2014 20:55:14 Scheduled Checkpoint
20-05-2014 22:01:27 Scheduled Checkpoint
27-05-2014 20:11:36 Installed Java 7 Update 51

==================== Hosts content: ==========================

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1827F7E7-9B06-4102-B927-2BFAE0351D4D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2508797896-4127050247-2938979256-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1D94998F-467C-414C-A30F-DED1B4B6177F} - System32\Tasks\Oxy => C:\Users\Lee\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23C02CE9-1B74-47FF-A67C-44C8D222153F} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {261C57B4-B3F5-4E8F-A764-86679BC40AA1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {2660BE37-2372-4B0B-9AED-FD6E0C8F9643} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2508797896-4127050247-2938979256-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {275ED64D-BE4B-4DB2-9CED-13EB1DDBB15C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30041BB7-B4E6-4AAB-A7CE-602298532BFC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {375CD455-C5C6-4DEB-BD45-F45EC02BDDB4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2508797896-4127050247-2938979256-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3B1125FD-A1AB-4AE9-AD45-4D35B3364587} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4399BEEE-F85E-48A5-891B-C70918F941F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2508797896-4127050247-2938979256-1002UA => C:\Users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7B5C4496-BB5A-4A28-8676-82237291D18B} - System32\Tasks\IdleCrawler Runner => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe
Task: {7BC42248-795F-4FF2-B21A-F6B0AAEE1F5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {882EC99F-EB2B-412E-BD86-83C889EB2505} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9907A2C7-D4F1-4265-A5B7-FC879350221A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B466C5DA-C748-44A1-8E70-E5568372FF17} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C20098EF-905A-4FAA-82CA-170846B24A2F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2508797896-4127050247-2938979256-1002Core => C:\Users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {C61E7C4A-1E04-4EAA-8D8F-68DA554245CD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2508797896-4127050247-2938979256-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CBB4B491-1890-4B0E-A149-411B2DA75D21} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2508797896-4127050247-2938979256-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CD9ED6DE-C5B8-4E15-A0BE-3A52FD8BEC6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC91D68F-8FBF-4E5E-B1B9-BF84910BAC89} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {DCF6545C-1658-4B9D-A72C-08D5C5238D04} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe
Task: {E1D7DEBA-E9E1-4421-89BF-08C152E685F4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2508797896-4127050247-2938979256-1002Core.job => C:\Users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2508797896-4127050247-2938979256-1002UA.job => C:\Users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-02-18 11:25 - 2013-08-26 08:12 - 00087040 _____ () C:\WINDOWS\System32\redmonnt.dll
2012-08-06 15:09 - 2012-08-06 15:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-15 04:36 - 2013-02-15 04:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-08-06 15:08 - 2012-08-06 15:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2012-09-26 20:21 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-18 10:27 - 2014-05-11 08:09 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2014 04:20:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2014 04:15:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2014 04:04:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/28/2014 00:15:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/27/2014 05:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpgui.ppl, version: 13.0.2.653, time stamp: 0x53342696
Exception code: 0xc0000005
Fault offset: 0x0014d8cf
Faulting process id: 0xe8c
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3
Faulting package full name: avp.exe4
Faulting package-relative application ID: avp.exe5

Error: (05/27/2014 00:59:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/27/2014 00:56:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/27/2014 00:49:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/27/2014 00:45:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/27/2014 00:35:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/28/2014 03:47:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:21:05 PM on ‎5/‎28/‎2014 was unexpected.

Error: (05/28/2014 00:15:25 PM) (Source: DCOM) (EventID: 10010) (User: laptop4lee)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/28/2014 00:00:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:35:44 PM on ‎5/‎27/‎2014 was unexpected.

Error: (05/27/2014 06:52:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/27/2014 05:39:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (05/27/2014 05:39:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (05/27/2014 04:12:18 AM) (Source: DCOM) (EventID: 10010) (User: laptop4lee)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/27/2014 04:11:48 AM) (Source: DCOM) (EventID: 10010) (User: laptop4lee)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/26/2014 07:04:08 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.254.3 with the system
having network hardware address 00-19-D1-26-4F-71. Network operations on this system may
be disrupted as a result.

Error: (05/26/2014 07:02:51 PM) (Source: DCOM) (EventID: 10010) (User: laptop4lee)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (05/28/2014 04:20:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/28/2014 04:15:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/28/2014 04:04:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/28/2014 00:15:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/27/2014 05:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avp.exe13.0.2.62852558951avpgui.ppl13.0.2.65353342696c00000050014d8cfe8c01cf79c5f7120281C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avpgui.ppl206789c1-e5e7-11e3-bffa-78e3b57e9f4c

Error: (05/27/2014 00:59:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/27/2014 00:56:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/27/2014 00:49:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/27/2014 00:45:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/27/2014 00:35:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe


CodeIntegrity Errors:
===================================
  Date: 2014-01-05 19:38:20.867
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\athw8x.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-05 19:33:27.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\athw8x.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-31 09:13:05.180
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\athw8x.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-31 08:16:16.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\athw8x.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 1634.27 MB
Available physical RAM: 626.67 MB
Total Pagefile: 3298.27 MB
Available Pagefile: 1835.78 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.49 GB) (Free:206.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:14.53 GB) (Free:13.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C2C9F703)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================


18:06:23.0611 0x12bc  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
18:06:23.0611 0x12bc  UEFI system
18:06:31.0174 0x12bc  ============================================================
18:06:31.0174 0x12bc  Current date / time: 2014/05/28 18:06:31.0174
18:06:31.0174 0x12bc  SystemInfo:
18:06:31.0174 0x12bc  
18:06:31.0174 0x12bc  OS Version: 6.3.9600 ServicePack: 0.0
18:06:31.0174 0x12bc  Product type: Workstation
18:06:31.0174 0x12bc  ComputerName: LAPTOP4LEE
18:06:31.0174 0x12bc  UserName: Lee
18:06:31.0174 0x12bc  Windows directory: C:\WINDOWS
18:06:31.0174 0x12bc  System windows directory: C:\WINDOWS
18:06:31.0174 0x12bc  Running under WOW64
18:06:31.0174 0x12bc  Processor architecture: Intel x64
18:06:31.0174 0x12bc  Number of processors: 2
18:06:31.0174 0x12bc  Page size: 0x1000
18:06:31.0174 0x12bc  Boot type: Normal boot
18:06:31.0174 0x12bc  ============================================================
18:06:31.0658 0x12bc  KLMD registered as C:\WINDOWS\system32\drivers\71970122.sys
18:06:32.0814 0x12bc  System UUID: {08B85FEC-C8DF-83B0-39D8-D37CC9AA4BA3}
18:06:35.0517 0x12bc  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:06:35.0564 0x12bc  Drive \Device\Harddisk1\DR1 - Size: 0x3A2768000 (14.54 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:06:35.0564 0x12bc  ============================================================
18:06:35.0564 0x12bc  \Device\Harddisk0\DR0:
18:06:35.0580 0x12bc  GPT partitions:
18:06:35.0596 0x12bc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4486D275-D45F-412A-A495-C8BB0BE5D2B5}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
18:06:35.0596 0x12bc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {2A8544DD-8F13-40EB-A166-B958FF85A45D}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
18:06:35.0596 0x12bc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {26CA40EC-4663-4E44-96FD-520431D0C339}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
18:06:35.0596 0x12bc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DCAF95AA-10E6-4C8A-AB29-7A97BCA172C5}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x222FC000
18:06:35.0596 0x12bc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E3B16111-9C32-4FEE-BC61-A4F0B48FBAE3}, Name: , StartLBA 0x22486800, BlocksNum 0xE1000
18:06:35.0596 0x12bc  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7BD9DA3C-C522-42C8-911B-D62C704B7D06}, Name: Basic data partition, StartLBA 0x22567800, BlocksNum 0x2EC7000
18:06:35.0596 0x12bc  MBR partitions:
18:06:35.0596 0x12bc  \Device\Harddisk1\DR1:
18:06:35.0596 0x12bc  MBR partitions:
18:06:35.0596 0x12bc  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D11BC0
18:06:35.0596 0x12bc  ============================================================
18:06:35.0643 0x12bc  C: <-> \Device\Harddisk0\DR0\Partition4
18:06:35.0690 0x12bc  D: <-> \Device\Harddisk0\DR0\Partition6
18:06:35.0690 0x12bc  ============================================================
18:06:35.0690 0x12bc  Initialize success
18:06:35.0690 0x12bc  ============================================================
18:06:38.0721 0x1088  ============================================================
18:06:38.0721 0x1088  Scan started
18:06:38.0721 0x1088  Mode: Manual;
18:06:38.0721 0x1088  ============================================================
18:06:38.0721 0x1088  KSN ping started
18:06:41.0283 0x1088  KSN ping finished: true
18:06:44.0377 0x1088  ================ Scan system memory ========================
18:06:44.0377 0x1088  System memory - ok
18:06:44.0377 0x1088  ================ Scan services =============================
18:06:44.0799 0x1088  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
18:06:44.0846 0x1088  1394ohci - ok
18:06:44.0940 0x1088  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
18:06:44.0955 0x1088  3ware - ok
18:06:45.0049 0x1088  [ 4365CCAB66CEB1B831ABEF450A23176B, 0DF09643D5103B9577DAE87491771C17449351F6AE27219E548BF2168EBD7B01 ] A5AGU           C:\WINDOWS\system32\DRIVERS\AGUx64.sys
18:06:45.0111 0x1088  A5AGU - ok
18:06:45.0205 0x1088  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
18:06:45.0236 0x1088  ACPI - ok
18:06:45.0283 0x1088  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
18:06:45.0299 0x1088  acpiex - ok
18:06:45.0314 0x1088  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
18:06:45.0314 0x1088  acpipagr - ok
18:06:45.0361 0x1088  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
18:06:45.0361 0x1088  AcpiPmi - ok
18:06:45.0392 0x1088  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
18:06:45.0392 0x1088  acpitime - ok
18:06:45.0486 0x1088  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:06:45.0502 0x1088  AdobeARMservice - ok
18:06:45.0658 0x1088  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:06:45.0674 0x1088  AdobeFlashPlayerUpdateSvc - ok
18:06:45.0767 0x1088  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:06:45.0814 0x1088  ADP80XX - ok
18:06:45.0877 0x1088  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
18:06:45.0893 0x1088  AeLookupSvc - ok
18:06:45.0971 0x1088  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:06:45.0986 0x1088  AERTFilters - ok
18:06:46.0049 0x1088  [ 239268BAB58EAE9A3FF4E08334C00451, 13F927730DF9BAEDB3A7AB6F7238270A20E4CDEB3D5324A1C471DF2209F3D239 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
18:06:46.0080 0x1088  AFD - ok
18:06:46.0143 0x1088  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
18:06:46.0143 0x1088  agp440 - ok
18:06:46.0189 0x1088  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:06:46.0189 0x1088  ahcache - ok
18:06:46.0236 0x1088  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
18:06:46.0236 0x1088  ALG - ok
18:06:46.0299 0x1088  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
18:06:46.0314 0x1088  AMD External Events Utility - ok
18:06:46.0346 0x1088  AMD FUEL Service - ok
18:06:46.0392 0x1088  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
18:06:46.0408 0x1088  AmdK8 - ok
18:06:47.0346 0x1088  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
18:06:48.0236 0x1088  amdkmdag - ok
18:06:48.0377 0x1088  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
18:06:48.0424 0x1088  amdkmdap - ok
18:06:48.0471 0x1088  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
18:06:48.0471 0x1088  AmdPPM - ok
18:06:48.0549 0x1088  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
18:06:48.0549 0x1088  amdsata - ok
18:06:48.0596 0x1088  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
18:06:48.0611 0x1088  amdsbs - ok
18:06:48.0643 0x1088  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
18:06:48.0643 0x1088  amdxata - ok
18:06:48.0705 0x1088  [ A2EFE3869B976296E097DEF368280F95, 121CD4A16146A9DF59D6E415181F48CA0D1DCD4D2B6BC4CBDABC2F3D296E28C6 ] amd_sata        C:\WINDOWS\system32\drivers\amd_sata.sys
18:06:48.0705 0x1088  amd_sata - ok
18:06:48.0736 0x1088  [ 625396421C29FB305C6C6235D01130B8, 3FAF8D3B530F1B74B2C9B0ED3377836746CE2D0A4008E1BC454095671AC9E1AF ] amd_xata        C:\WINDOWS\system32\drivers\amd_xata.sys
18:06:48.0736 0x1088  amd_xata - ok
18:06:48.0830 0x1088  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
18:06:48.0830 0x1088  AppHostSvc - ok
18:06:48.0893 0x1088  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
18:06:48.0893 0x1088  AppID - ok
18:06:48.0924 0x1088  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
18:06:48.0939 0x1088  AppIDSvc - ok
18:06:48.0986 0x1088  [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo         C:\WINDOWS\System32\appinfo.dll
18:06:48.0986 0x1088  Appinfo - ok
18:06:49.0064 0x1088  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
18:06:49.0096 0x1088  AppReadiness - ok
18:06:49.0205 0x1088  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
18:06:49.0299 0x1088  AppXSvc - ok
18:06:49.0330 0x1088  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
18:06:49.0346 0x1088  arcsas - ok
18:06:49.0455 0x1088  [ AA2E8C6B8D7EA7BAF04C988801927F48, 4B82043F1B9C67CDCDC71102F7AEE05EEA8F9775A5CB33AE80F4DCDB42521C40 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:06:49.0471 0x1088  aspnet_state - ok
18:06:49.0502 0x1088  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
18:06:49.0502 0x1088  atapi - ok
18:06:49.0783 0x1088  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\WINDOWS\system32\DRIVERS\athw8x.sys
18:06:50.0002 0x1088  athr - ok
18:06:50.0080 0x1088  [ 506907D2E7F3A5B67DBD39C00A788B7C, 618C91FB9F49C69F88A993F164D7E9E4B7CAD0F34DCF77CF0C6F259A28448171 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW86.sys
18:06:50.0096 0x1088  AtiHDAudioService - ok
18:06:50.0143 0x1088  [ F83D49F4B10E813A1F9AC8B92F16592D, E7B2F508D33861A9826F2C7B2087F14F6937C9B8F660D6363F737BAC60BD4578 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:06:50.0158 0x1088  AudioEndpointBuilder - ok
18:06:50.0236 0x1088  [ 9A71BD2E4B8EB550D0022AFDF8616014, 34D595684624114F23265CE8031ADC9E03AD374A5AFEEBB794AC57796A3CDA2F ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
18:06:50.0283 0x1088  Audiosrv - ok
18:06:50.0393 0x1088  [ 7E91655B4947EC1B18B3BC1645839145, 4425326D019A7A6380B71D6710AD94D58A11E1BC5BA42159DD4A17437A296C48 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
18:06:50.0408 0x1088  AVP - ok
18:06:50.0471 0x1088  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
18:06:50.0471 0x1088  AxInstSV - ok
18:06:50.0549 0x1088  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
18:06:50.0580 0x1088  b06bdrv - ok
18:06:50.0627 0x1088  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:06:50.0627 0x1088  BasicDisplay - ok
18:06:50.0689 0x1088  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
18:06:50.0689 0x1088  BasicRender - ok
18:06:50.0721 0x1088  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
18:06:50.0721 0x1088  bcmfn2 - ok
18:06:50.0768 0x1088  [ 5BD3A2351BEFCAC8757626271F8EFA89, 6508673210129CF7EFCA93EC7874208FAD361E37814EB4FE9E0EC034E73D5F16 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
18:06:50.0799 0x1088  BDESVC - ok
18:06:50.0830 0x1088  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:06:50.0846 0x1088  Beep - ok
18:06:50.0924 0x1088  [ BBE15881FE11BE37112F8320C41DAFB9, 5CE92563628812FF6E00556D8E2DAD6ADCAAF0F4C3B90123F1D98ED6E3BB6DAD ] BFE             C:\WINDOWS\System32\bfe.dll
18:06:50.0971 0x1088  BFE - ok
18:06:51.0080 0x1088  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
18:06:51.0143 0x1088  BITS - ok
18:06:51.0221 0x1088  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:06:51.0252 0x1088  Bonjour Service - ok
18:06:51.0283 0x1088  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
18:06:51.0283 0x1088  bowser - ok
18:06:51.0346 0x1088  [ F2559A492AF8D653D1F47ADABA4C3E97, 77347915FB433023769699DFC9511F54E69C7FC7AB75F57FDC1A58E64A7126DE ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:06:51.0361 0x1088  BrokerInfrastructure - ok
18:06:51.0424 0x1088  [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser         C:\WINDOWS\System32\browser.dll
18:06:51.0424 0x1088  Browser - ok
18:06:51.0471 0x1088  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:06:51.0471 0x1088  BthAvrcpTg - ok
18:06:51.0518 0x1088  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
18:06:51.0518 0x1088  BthHFEnum - ok
18:06:51.0549 0x1088  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
18:06:51.0549 0x1088  bthhfhid - ok
18:06:51.0596 0x1088  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
18:06:51.0611 0x1088  BTHMODEM - ok
18:06:51.0643 0x1088  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
18:06:51.0643 0x1088  bthserv - ok
18:06:51.0674 0x1088  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:06:51.0689 0x1088  cdfs - ok
18:06:51.0721 0x1088  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
18:06:51.0736 0x1088  cdrom - ok
18:06:51.0768 0x1088  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
18:06:51.0783 0x1088  CertPropSvc - ok
18:06:51.0815 0x1088  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
18:06:51.0815 0x1088  circlass - ok
18:06:51.0877 0x1088  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
18:06:51.0893 0x1088  CLFS - ok
18:06:51.0986 0x1088  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
18:06:51.0986 0x1088  CLVirtualDrive - ok
18:06:52.0033 0x1088  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
18:06:52.0049 0x1088  CmBatt - ok
18:06:52.0127 0x1088  [ 4627C1FBF2802425A408A2D2AF28CF85, 8B91C1BE1104BE93C0D689A20315FD106D89A076267493319B104EE73A90CDCB ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
18:06:52.0158 0x1088  CNG - ok
18:06:52.0189 0x1088  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
18:06:52.0205 0x1088  CompositeBus - ok
18:06:52.0221 0x1088  COMSysApp - ok
18:06:52.0252 0x1088  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
18:06:52.0252 0x1088  condrv - ok
18:06:52.0314 0x1088  [ 7150E3708FB489E7941F7A6A7A0DB282, 2D521FCF3CC75C86FF74B885490000A94468FC68113785B700FF62C912511843 ] CouponPrinterService C:\Program Files (x86)\Coupons\CouponPrinterService.exe
18:06:52.0314 0x1088  CouponPrinterService - ok
18:06:52.0361 0x1088  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
18:06:52.0377 0x1088  CryptSvc - ok
18:06:52.0424 0x1088  [ 8128B65589C944622D6809C144972ECF, 467F033A7D4A1EE63CB325BDAAA0E9C2CAA60A660912321FB74E736743923977 ] CSCrySec        C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
18:06:52.0424 0x1088  CSCrySec - ok
18:06:52.0549 0x1088  [ 0B7E221689F370C87F640C6D2EED7D3F, 2EBA565DAC2DC7182C43174BAAA373610C7083B57279CAD5EA5765E25EA27BCF ] CSObjectsSrv    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
18:06:52.0596 0x1088  CSObjectsSrv - ok
18:06:52.0627 0x1088  [ A6B7212B3735C7B4ABD602E78573F970, D1DD2F5D1AA8E5B0A97FEAC2C498E1184185CED9BB6D0C9632F79FD5962A5074 ] CSVirtualDiskDrv C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
18:06:52.0627 0x1088  CSVirtualDiskDrv - ok
18:06:52.0674 0x1088  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
18:06:52.0690 0x1088  dam - ok
18:06:52.0783 0x1088  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:06:52.0830 0x1088  DcomLaunch - ok
18:06:52.0893 0x1088  [ 78089FCDE082FD4FA471C30A7C2DC736, C4816D7125C39290C3B0B1F580CEE8BB7FFC004F727EA9E9767671D3EDB946AE ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
18:06:52.0924 0x1088  defragsvc - ok
18:06:52.0986 0x1088  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:06:53.0018 0x1088  DeviceAssociationService - ok
18:06:53.0049 0x1088  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
18:06:53.0065 0x1088  DeviceInstall - ok
18:06:53.0111 0x1088  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
18:06:53.0111 0x1088  Dfsc - ok
18:06:53.0189 0x1088  [ 8B107F55FD61654A6C9F1B819AEC5FC4, 773B1B9D3583F17B7C89BDE1EC4487ABB0AE039DF4583F8746460425443DA291 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
18:06:53.0205 0x1088  Dhcp - ok
18:06:53.0268 0x1088  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
18:06:53.0268 0x1088  disk - ok
18:06:53.0314 0x1088  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
18:06:53.0314 0x1088  dmvsc - ok
18:06:53.0346 0x1088  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:06:53.0361 0x1088  Dnscache - ok
18:06:53.0408 0x1088  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:06:53.0424 0x1088  dot3svc - ok
18:06:53.0455 0x1088  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
18:06:53.0471 0x1088  DPS - ok
18:06:53.0502 0x1088  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:06:53.0518 0x1088  drmkaud - ok
18:06:53.0549 0x1088  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
18:06:53.0564 0x1088  DsmSvc - ok
18:06:53.0689 0x1088  [ C7D252742946DD395670649742FBD73D, 333CC984CF318D36EA8C5867077A1732A214445EB6B7CF7AC2E8F1C8259CD9C7 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:06:53.0799 0x1088  DXGKrnl - ok
18:06:53.0846 0x1088  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
18:06:53.0846 0x1088  Eaphost - ok
18:06:54.0096 0x1088  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
18:06:54.0299 0x1088  ebdrv - ok
18:06:54.0346 0x1088  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
18:06:54.0361 0x1088  EFS - ok
18:06:54.0393 0x1088  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
18:06:54.0408 0x1088  EhStorClass - ok
18:06:54.0439 0x1088  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:06:54.0439 0x1088  EhStorTcgDrv - ok
18:06:54.0471 0x1088  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
18:06:54.0486 0x1088  ErrDev - ok
18:06:54.0564 0x1088  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
18:06:54.0596 0x1088  EventSystem - ok
18:06:54.0627 0x1088  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
18:06:54.0643 0x1088  exfat - ok
18:06:54.0861 0x1088  [ C4AF4A25367C5662F428B4E8944B1579, F589142E9B978CB3A643892237CC76C068C345DBE477B0013A2E6F6BE9EBE897 ] ExpressInvoiceService C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
18:06:55.0033 0x1088  ExpressInvoiceService - ok
18:06:55.0096 0x1088  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
18:06:55.0096 0x1088  fastfat - ok
18:06:55.0189 0x1088  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:06:55.0236 0x1088  Fax - ok
18:06:55.0268 0x1088  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
18:06:55.0268 0x1088  fdc - ok
18:06:55.0314 0x1088  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
18:06:55.0330 0x1088  fdPHost - ok
18:06:55.0361 0x1088  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
18:06:55.0361 0x1088  FDResPub - ok
18:06:55.0393 0x1088  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
18:06:55.0393 0x1088  fhsvc - ok
18:06:55.0439 0x1088  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
18:06:55.0455 0x1088  FileInfo - ok
18:06:55.0486 0x1088  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
18:06:55.0486 0x1088  Filetrace - ok
18:06:55.0518 0x1088  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
18:06:55.0518 0x1088  flpydisk - ok
18:06:55.0580 0x1088  [ 46D1DF775FFF14585218BBE16E5B2C9A, F39EF615B18CEC7BA3F68C7639B636C06812AD9DBEDE90EB7B2C04C64396FC9E ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:06:55.0596 0x1088  FltMgr - ok
18:06:55.0721 0x1088  [ 183CA7699474FDE235853967D1DA4D9B, 8FBD5997F1E39AFFD8C4322520DF4D2227279B5149017D825C188D7411BA99AF ] FontCache       C:\WINDOWS\system32\FntCache.dll
18:06:55.0814 0x1088  FontCache - ok
18:06:55.0893 0x1088  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:06:55.0893 0x1088  FontCache3.0.0.0 - ok
18:06:55.0924 0x1088  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
18:06:55.0924 0x1088  FsDepends - ok
18:06:55.0955 0x1088  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:06:55.0955 0x1088  Fs_Rec - ok
18:06:56.0018 0x1088  [ B2BD017231836DA9F63F41E3A075D73E, 31B1DD677FE8B4F90B8AB5A131DA0105439AC2D91BC0CEDC972D2D87E595A686 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:06:56.0049 0x1088  fvevol - ok
18:06:56.0064 0x1088  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
18:06:56.0080 0x1088  FxPPM - ok
18:06:56.0111 0x1088  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
18:06:56.0111 0x1088  gagp30kx - ok
18:06:56.0189 0x1088  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:06:56.0221 0x1088  GamesAppService - ok
18:06:56.0268 0x1088  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
18:06:56.0268 0x1088  gencounter - ok
18:06:56.0299 0x1088  [ EF3AE7773394DF49CE74AF78A1C8D23D, CB12FF004C460A89F12AFF2467512B479A07CA10D4280CD4E624A5A9CDAB9C1B ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:06:56.0314 0x1088  GPIOClx0101 - ok
18:06:56.0424 0x1088  [ 58C11DCCC6241CC13861A559E31A69F0, 78B38BBC362C9209B06849CC79301EC595AFCE3E2BDE402A0B1F2725D3EDEFA3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
18:06:56.0518 0x1088  gpsvc - ok
18:06:56.0549 0x1088  [ 03909BDBFF0DCACCABF2B2D4ADEE44DC, 42E631B23BB004F5C2128BAD334C21AB20FAD08AFED9E8191AE9373531BC73DD ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
18:06:56.0564 0x1088  HDAudBus - ok
18:06:56.0611 0x1088  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
18:06:56.0611 0x1088  HidBatt - ok
18:06:56.0674 0x1088  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
18:06:56.0689 0x1088  HidBth - ok
18:06:56.0705 0x1088  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
18:06:56.0705 0x1088  hidi2c - ok
18:06:56.0752 0x1088  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
18:06:56.0768 0x1088  HidIr - ok
18:06:56.0799 0x1088  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
18:06:56.0814 0x1088  hidserv - ok
18:06:56.0830 0x1088  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
18:06:56.0846 0x1088  HidUsb - ok
18:06:56.0877 0x1088  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
18:06:56.0893 0x1088  hkmsvc - ok
18:06:56.0939 0x1088  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:06:56.0955 0x1088  HomeGroupListener - ok
18:06:57.0049 0x1088  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:06:57.0064 0x1088  HomeGroupProvider - ok
18:06:57.0252 0x1088  [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:06:57.0314 0x1088  hpqwmiex - ok
18:06:57.0377 0x1088  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
18:06:57.0377 0x1088  HpSAMD - ok
18:06:57.0486 0x1088  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
18:06:57.0549 0x1088  HTTP - ok
18:06:57.0596 0x1088  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
18:06:57.0596 0x1088  hwpolicy - ok
18:06:57.0627 0x1088  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
18:06:57.0627 0x1088  hyperkbd - ok
18:06:57.0658 0x1088  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:06:57.0658 0x1088  HyperVideo - ok
18:06:57.0689 0x1088  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
18:06:57.0705 0x1088  i8042prt - ok
18:06:57.0736 0x1088  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:06:57.0736 0x1088  iaLPSSi_GPIO - ok
18:06:57.0768 0x1088  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:06:57.0783 0x1088  iaLPSSi_I2C - ok
18:06:57.0861 0x1088  [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA         C:\WINDOWS\System32\drivers\iaStorA.sys
18:06:57.0893 0x1088  iaStorA - ok
18:06:57.0971 0x1088  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
18:06:58.0002 0x1088  iaStorAV - ok
18:06:58.0064 0x1088  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
18:06:58.0096 0x1088  iaStorV - ok
18:06:58.0111 0x1088  IEEtwCollectorService - ok
18:06:58.0221 0x1088  [ CFE7F0267B0C3077042FF291949B5546, 7B8C432632D0210119BFF57D4994F2B8F75307A9D6867353AF93BBA3F561595B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
18:06:58.0299 0x1088  IKEEXT - ok
18:06:58.0643 0x1088  [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:06:58.0877 0x1088  IntcAzAudAddService - ok
18:06:59.0018 0x1088  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
18:06:59.0033 0x1088  intelide - ok
18:06:59.0096 0x1088  [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
18:06:59.0096 0x1088  intelpep - ok
18:06:59.0205 0x1088  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
18:06:59.0221 0x1088  intelppm - ok
18:06:59.0252 0x1088  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:06:59.0268 0x1088  IpFilterDriver - ok
18:06:59.0439 0x1088  [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
18:06:59.0486 0x1088  iphlpsvc - ok
18:06:59.0533 0x1088  [ FD9C9E9E3F0ED51502C7E8C066BE26B9, 290E74380F1543DD22C9F3821513B3E2FB42E995724238D8779CBBCB4FC386C8 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:06:59.0549 0x1088  IPMIDRV - ok
18:06:59.0596 0x1088  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
18:06:59.0611 0x1088  IPNAT - ok
18:06:59.0627 0x1088  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
18:06:59.0643 0x1088  IRENUM - ok
18:06:59.0705 0x1088  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
18:06:59.0705 0x1088  isapnp - ok
18:06:59.0768 0x1088  [ 034D4BD9DC67C64F3A4C8A049B5173BF, C68AF5A5AD4092AA1C871BD38473AEF84EC3ECF4D06FBEB5F6C09972EF1B8A81 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
18:06:59.0783 0x1088  iScsiPrt - ok
18:06:59.0814 0x1088  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
18:06:59.0814 0x1088  kbdclass - ok
18:06:59.0846 0x1088  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
18:06:59.0861 0x1088  kbdhid - ok
18:06:59.0877 0x1088  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:06:59.0877 0x1088  kdnic - ok
18:06:59.0908 0x1088  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
18:06:59.0908 0x1088  KeyIso - ok
18:06:59.0986 0x1088  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\WINDOWS\system32\DRIVERS\kl1.sys
18:07:00.0002 0x1088  kl1 - ok
18:07:00.0158 0x1088  [ 2248A9F2B7704271C72E306001C7FBE0, FEC8E10F4FAB332E36C1C5801396174B4CE21186431A2A234CE49695C4674ACA ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
18:07:00.0158 0x1088  klelam - ok
18:07:00.0236 0x1088  [ 5F247D87B44E26AED440A063A7A4FDB7, BC2BAD216A9262105CAF0F20BF539B92CB66FD0EB67AB8FAE45B0249E9F59C57 ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
18:07:00.0283 0x1088  KLIF - ok
18:07:00.0314 0x1088  [ B6822DEFE601629F19E0A2D7F0D623F2, FD71A2AA3FC4698B5436D185E2F2A3EB6A111AE8F35606E1658E2D18CE744F13 ] KLIM6           C:\WINDOWS\system32\DRIVERS\klim6.sys
18:07:00.0330 0x1088  KLIM6 - ok
18:07:00.0346 0x1088  [ AEEC4E904850525C4D4552AF4A971BA3, C8E5267A5CE244096162118DFE72D2EA494DD34ECAEC74B7EB0DF770761E06C0 ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
18:07:00.0346 0x1088  klkbdflt - ok
18:07:00.0361 0x1088  [ 8849D8F6259D3494E8C5C9482EE40A08, 62C60FD28916407AEF3C4F8B8FF7E5FCDFAE261E772E672E3E06F0D0CA6D6729 ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
18:07:00.0361 0x1088  klmouflt - ok
18:07:00.0393 0x1088  [ 781EFBB7BDE229C1615892E2A2D98721, 82D017AE1ADE75075F83B62256A9DC14F6D764ADF6E79CF2717854BCA5F5F1C5 ] klwfp           C:\WINDOWS\system32\DRIVERS\klwfp.sys
18:07:00.0393 0x1088  klwfp - ok
18:07:00.0424 0x1088  [ 1FCB657B581CC4DF17FD6571F93602DE, D5D95773D19AA47BA619D149FD6068198E2AA05C219C3936E327B3DFFDE6B10C ] kneps           C:\WINDOWS\system32\DRIVERS\kneps.sys
18:07:00.0439 0x1088  kneps - ok
18:07:00.0486 0x1088  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
18:07:00.0486 0x1088  KSecDD - ok
18:07:00.0533 0x1088  [ F88CC88F4A6D8476F1664E805CA18CC2, 2C61EE5EEA4FD45AA3FA927CC16E34EF90BD44324EAB14198AF65C3A27617991 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:07:00.0549 0x1088  KSecPkg - ok
18:07:00.0580 0x1088  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
18:07:00.0580 0x1088  ksthunk - ok
18:07:00.0643 0x1088  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
18:07:00.0658 0x1088  KtmRm - ok
18:07:00.0721 0x1088  [ 27B58E16CF895AC1F1A97C04814C2239, D4336155331DDBF91952CDC6C446C68FF524F979099BA8D9B3A578758F97B2BE ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
18:07:00.0736 0x1088  LanmanServer - ok
18:07:00.0783 0x1088  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:07:00.0799 0x1088  LanmanWorkstation - ok
18:07:00.0877 0x1088  [ EE289BD147FDFF95EF1B9BD65D3B974A, EFD9D0F6C73E7D2D52DBE2E2A8D3009BFB6AB24776A100CA528A8365002C6105 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
18:07:00.0908 0x1088  lfsvc - ok
18:07:00.0939 0x1088  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:07:00.0955 0x1088  lltdio - ok
18:07:01.0002 0x1088  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
18:07:01.0018 0x1088  lltdsvc - ok
18:07:01.0049 0x1088  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
18:07:01.0049 0x1088  lmhosts - ok
18:07:01.0111 0x1088  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
18:07:01.0127 0x1088  LSI_SAS - ok
18:07:01.0143 0x1088  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:07:01.0158 0x1088  LSI_SAS2 - ok
18:07:01.0189 0x1088  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:07:01.0189 0x1088  LSI_SAS3 - ok
18:07:01.0221 0x1088  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
18:07:01.0236 0x1088  LSI_SSS - ok
18:07:01.0314 0x1088  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll
18:07:01.0361 0x1088  LSM - ok
18:07:01.0424 0x1088  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
18:07:01.0439 0x1088  luafv - ok
18:07:01.0486 0x1088  [ 6140163BFE9D8F2DFDBA088ED5521C13, B7B501F0D1527A15B1610D133E97AB431574502F0553734009627488D0007595 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:07:01.0486 0x1088  MBAMSwissArmy - ok
18:07:01.0533 0x1088  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
18:07:01.0549 0x1088  megasas - ok
18:07:01.0596 0x1088  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
18:07:01.0627 0x1088  megasr - ok
18:07:01.0689 0x1088  Microsoft SharePoint Workspace Audit Service - ok
18:07:01.0736 0x1088  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
18:07:01.0752 0x1088  MMCSS - ok
18:07:01.0815 0x1088  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
18:07:01.0815 0x1088  Modem - ok
18:07:01.0861 0x1088  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
18:07:01.0861 0x1088  monitor - ok
18:07:01.0893 0x1088  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
18:07:01.0893 0x1088  mouclass - ok
18:07:01.0924 0x1088  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
18:07:01.0924 0x1088  mouhid - ok
18:07:01.0955 0x1088  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
18:07:01.0955 0x1088  mountmgr - ok
18:07:01.0986 0x1088  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
18:07:02.0002 0x1088  mpsdrv - ok
18:07:02.0096 0x1088  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
18:07:02.0158 0x1088  MpsSvc - ok
18:07:02.0189 0x1088  [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
18:07:02.0205 0x1088  MRxDAV - ok
18:07:02.0252 0x1088  [ C997E6A37BA8915224B3FB5024A34F69, 43E1B83072DF9E878151D276DDB6EB7B3801D72494C43E9B9ABECA4B2DCFD606 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:07:02.0283 0x1088  mrxsmb - ok
18:07:02.0314 0x1088  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:07:02.0346 0x1088  mrxsmb10 - ok
18:07:02.0393 0x1088  [ AAF56E4E84D35411B4E446C445732DFE, 7AC41CAA0842AE4DA4EEF976202C58D7923DAA367F0D7E800D432323D5E7DE1A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:07:02.0408 0x1088  mrxsmb20 - ok
18:07:02.0455 0x1088  [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
18:07:02.0455 0x1088  MsBridge - ok
18:07:02.0518 0x1088  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:07:02.0533 0x1088  MSDTC - ok
18:07:02.0580 0x1088  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:07:02.0580 0x1088  Msfs - ok
18:07:02.0627 0x1088  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:07:02.0627 0x1088  msgpiowin32 - ok
18:07:02.0643 0x1088  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:07:02.0658 0x1088  mshidkmdf - ok
18:07:02.0690 0x1088  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
18:07:02.0690 0x1088  mshidumdf - ok
18:07:02.0736 0x1088  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
18:07:02.0752 0x1088  msisadrv - ok
18:07:02.0799 0x1088  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
18:07:02.0799 0x1088  MSiSCSI - ok
18:07:02.0814 0x1088  msiserver - ok
18:07:02.0846 0x1088  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:07:02.0846 0x1088  MSKSSRV - ok
18:07:02.0877 0x1088  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:07:02.0877 0x1088  MsLldp - ok
18:07:02.0908 0x1088  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:07:02.0908 0x1088  MSPCLOCK - ok
18:07:02.0940 0x1088  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:07:02.0940 0x1088  MSPQM - ok
18:07:02.0986 0x1088  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
18:07:03.0002 0x1088  MsRPC - ok
18:07:03.0049 0x1088  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
18:07:03.0049 0x1088  mssmbios - ok
18:07:03.0080 0x1088  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:07:03.0080 0x1088  MSTEE - ok
18:07:03.0096 0x1088  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
18:07:03.0111 0x1088  MTConfig - ok
18:07:03.0127 0x1088  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
18:07:03.0143 0x1088  Mup - ok
18:07:03.0158 0x1088  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
18:07:03.0174 0x1088  mvumis - ok
18:07:03.0236 0x1088  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
18:07:03.0268 0x1088  napagent - ok
18:07:03.0330 0x1088  [ 647C7652FA19F98CADF2BFDA2164BFEC, 711A4A06309393922A70D7FBE5684938CD634F5DED158D847BFADDD5ACF9E44C ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:07:03.0361 0x1088  NativeWifiP - ok
18:07:03.0393 0x1088  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
18:07:03.0408 0x1088  NcaSvc - ok
18:07:03.0439 0x1088  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
18:07:03.0455 0x1088  NcbService - ok
18:07:03.0502 0x1088  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
18:07:03.0502 0x1088  NcdAutoSetup - ok
18:07:03.0611 0x1088  [ F21B77B4D74092A543807D3CEB711A88, 5C3C17A10E990070FAB317C0C5333DE768E408CAF43EC4FA9D18116C6EE3B3DC ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
18:07:03.0689 0x1088  NDIS - ok
18:07:03.0736 0x1088  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:07:03.0736 0x1088  NdisCap - ok
18:07:03.0768 0x1088  [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:07:03.0783 0x1088  NdisImPlatform - ok
18:07:03.0799 0x1088  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:07:03.0799 0x1088  NdisTapi - ok
18:07:03.0861 0x1088  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:07:03.0861 0x1088  Ndisuio - ok
18:07:03.0877 0x1088  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:07:03.0877 0x1088  NdisVirtualBus - ok
18:07:03.0924 0x1088  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:07:03.0939 0x1088  NdisWan - ok
18:07:03.0955 0x1088  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:07:03.0971 0x1088  NdisWanLegacy - ok
18:07:04.0002 0x1088  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:07:04.0018 0x1088  NDProxy - ok
18:07:04.0049 0x1088  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
18:07:04.0049 0x1088  Ndu - ok
18:07:04.0080 0x1088  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:07:04.0080 0x1088  NetBIOS - ok
18:07:04.0127 0x1088  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:07:04.0143 0x1088  NetBT - ok
18:07:04.0174 0x1088  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:07:04.0174 0x1088  Netlogon - ok
18:07:04.0221 0x1088  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
18:07:04.0236 0x1088  Netman - ok
18:07:04.0330 0x1088  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
18:07:04.0361 0x1088  netprofm - ok
18:07:04.0455 0x1088  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:07:04.0486 0x1088  NetTcpPortSharing - ok
18:07:04.0518 0x1088  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
18:07:04.0533 0x1088  netvsc - ok
18:07:04.0596 0x1088  [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
18:07:04.0611 0x1088  NlaSvc - ok
18:07:04.0643 0x1088  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:07:04.0658 0x1088  Npfs - ok
18:07:04.0690 0x1088  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
18:07:04.0705 0x1088  npsvctrig - ok
18:07:04.0721 0x1088  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
18:07:04.0736 0x1088  nsi - ok
18:07:04.0752 0x1088  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
18:07:04.0752 0x1088  nsiproxy - ok
18:07:04.0939 0x1088  [ 1C80517BE6836A812F6A9B99B8321351, 7DBED4633820E201C9C242D961EF6F25BA2B1D5593BA60F707CC71A4014C2D4B ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:07:05.0064 0x1088  Ntfs - ok
18:07:05.0111 0x1088  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:07:05.0111 0x1088  Null - ok
18:07:05.0158 0x1088  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
18:07:05.0158 0x1088  nvraid - ok
18:07:05.0205 0x1088  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
18:07:05.0221 0x1088  nvstor - ok
18:07:05.0252 0x1088  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
18:07:05.0268 0x1088  nv_agp - ok
18:07:05.0361 0x1088  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:07:05.0377 0x1088  ose64 - ok
18:07:05.0783 0x1088  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:07:06.0096 0x1088  osppsvc - ok
18:07:06.0205 0x1088  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
18:07:06.0236 0x1088  p2pimsvc - ok
18:07:06.0299 0x1088  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
18:07:06.0330 0x1088  p2psvc - ok
18:07:06.0361 0x1088  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
18:07:06.0377 0x1088  Parport - ok
18:07:06.0393 0x1088  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
18:07:06.0408 0x1088  partmgr - ok
18:07:06.0455 0x1088  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
18:07:06.0486 0x1088  PcaSvc - ok
18:07:06.0549 0x1088  [ 275AFE3FA35E8D78BE97695DF49817C6, 447CEBB16285AE073B4251D2DA71399306EF2DCB7F56286ABE2F0BD6C83EB489 ] pci             C:\WINDOWS\system32\drivers\pci.sys
18:07:06.0564 0x1088  pci - ok
18:07:06.0611 0x1088  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
18:07:06.0611 0x1088  pciide - ok
18:07:06.0658 0x1088  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
18:07:06.0658 0x1088  pcmcia - ok
18:07:06.0690 0x1088  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
18:07:06.0690 0x1088  pcw - ok
18:07:06.0705 0x1088  [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
18:07:06.0721 0x1088  pdc - ok
18:07:06.0799 0x1088  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
18:07:06.0846 0x1088  PEAUTH - ok
18:07:06.0940 0x1088  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
18:07:06.0955 0x1088  PerfHost - ok
18:07:07.0111 0x1088  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
18:07:07.0205 0x1088  pla - ok
18:07:07.0268 0x1088  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
18:07:07.0283 0x1088  PlugPlay - ok
18:07:07.0314 0x1088  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
18:07:07.0314 0x1088  PNRPAutoReg - ok
18:07:07.0361 0x1088  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
18:07:07.0393 0x1088  PNRPsvc - ok
18:07:07.0439 0x1088  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
18:07:07.0471 0x1088  PolicyAgent - ok
18:07:07.0502 0x1088  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
18:07:07.0518 0x1088  Power - ok
18:07:07.0783 0x1088  [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
18:07:07.0971 0x1088  PrintNotify - ok
18:07:08.0033 0x1088  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
18:07:08.0049 0x1088  Processor - ok
18:07:08.0096 0x1088  [ B2A890D96C05E33FDD2BF3F3D4D0DF92, 3A29E17424429A5654D906E420D938148F09F57457356EFA72DA003B73F2D81E ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
18:07:08.0111 0x1088  ProfSvc - ok
18:07:08.0158 0x1088  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
18:07:08.0174 0x1088  Psched - ok
18:07:08.0221 0x1088  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
18:07:08.0252 0x1088  QWAVE - ok
18:07:08.0283 0x1088  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
18:07:08.0283 0x1088  QWAVEdrv - ok
18:07:08.0314 0x1088  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:07:08.0330 0x1088  RasAcd - ok
18:07:08.0361 0x1088  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:07:08.0377 0x1088  RasAuto - ok
18:07:08.0455 0x1088  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:07:08.0486 0x1088  RasMan - ok
18:07:08.0518 0x1088  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:07:08.0518 0x1088  RasPppoe - ok
18:07:08.0580 0x1088  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:07:08.0611 0x1088  rdbss - ok
18:07:08.0658 0x1088  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
18:07:08.0658 0x1088  rdpbus - ok
18:07:08.0721 0x1088  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
18:07:08.0721 0x1088  RDPDR - ok
18:07:08.0768 0x1088  [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:07:08.0768 0x1088  RdpVideoMiniport - ok
18:07:08.0830 0x1088  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
18:07:08.0846 0x1088  rdyboost - ok
18:07:08.0908 0x1088  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
18:07:08.0924 0x1088  RealNetworks Downloader Resolver Service - ok
18:07:09.0033 0x1088  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
18:07:09.0080 0x1088  ReFS - ok
18:07:09.0143 0x1088  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:07:09.0158 0x1088  RemoteAccess - ok
18:07:09.0221 0x1088  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:07:09.0236 0x1088  RemoteRegistry - ok
18:07:09.0268 0x1088  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
18:07:09.0283 0x1088  RpcEptMapper - ok
18:07:09.0330 0x1088  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:07:09.0330 0x1088  RpcLocator - ok
18:07:09.0439 0x1088  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:07:09.0471 0x1088  RpcSs - ok
18:07:09.0549 0x1088  [ A1D5FFEFDBEB3881EC3D74CC7136847F, B3D278267EF17CC6F2FAF92D3FE67734FB9689EDDFA2A78F620300409DA5D0BB ] RSP2STOR        C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
18:07:09.0564 0x1088  RSP2STOR - ok
18:07:09.0611 0x1088  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:07:09.0627 0x1088  rspndr - ok
18:07:09.0689 0x1088  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
18:07:09.0721 0x1088  RTL8168 - ok
18:07:09.0736 0x1088  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
18:07:09.0752 0x1088  s3cap - ok
18:07:09.0783 0x1088  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:07:09.0783 0x1088  SamSs - ok
18:07:09.0861 0x1088  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
18:07:09.0877 0x1088  sbp2port - ok
18:07:09.0924 0x1088  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
18:07:09.0940 0x1088  SCardSvr - ok
18:07:09.0971 0x1088  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
18:07:09.0986 0x1088  ScDeviceEnum - ok
18:07:10.0033 0x1088  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:07:10.0033 0x1088  scfilter - ok
18:07:10.0158 0x1088  [ A95838FFFAEAA7500263D491575F7E0C, FEB79ECAE6D9AB0C29D9AFE12F60502A8357B3A382C0FACF4C6DA4852B6ECFA4 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:07:10.0236 0x1088  Schedule - ok
18:07:10.0299 0x1088  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
18:07:10.0314 0x1088  SCPolicySvc - ok
18:07:10.0377 0x1088  [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
18:07:10.0408 0x1088  sdbus - ok
18:07:10.0455 0x1088  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
18:07:10.0455 0x1088  sdstor - ok
18:07:10.0502 0x1088  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
18:07:10.0502 0x1088  secdrv - ok
18:07:10.0549 0x1088  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
18:07:10.0564 0x1088  seclogon - ok
18:07:10.0580 0x1088  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
18:07:10.0596 0x1088  SENS - ok
18:07:10.0643 0x1088  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
18:07:10.0658 0x1088  SensrSvc - ok
18:07:10.0689 0x1088  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
18:07:10.0705 0x1088  SerCx - ok
18:07:10.0752 0x1088  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
18:07:10.0768 0x1088  SerCx2 - ok
18:07:10.0799 0x1088  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
18:07:10.0799 0x1088  Serenum - ok
18:07:10.0830 0x1088  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
18:07:10.0846 0x1088  Serial - ok
18:07:10.0861 0x1088  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
18:07:10.0877 0x1088  sermouse - ok
18:07:10.0955 0x1088  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
18:07:10.0986 0x1088  SessionEnv - ok
18:07:11.0018 0x1088  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
18:07:11.0018 0x1088  sfloppy - ok
18:07:11.0080 0x1088  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:07:11.0111 0x1088  SharedAccess - ok
18:07:11.0205 0x1088  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:07:11.0252 0x1088  ShellHWDetection - ok
18:07:11.0299 0x1088  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:07:11.0299 0x1088  SiSRaid2 - ok
18:07:11.0346 0x1088  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
18:07:11.0361 0x1088  SiSRaid4 - ok
18:07:11.0408 0x1088  [ AF5CC3F9B88F140D78FC967ABF0F4EC7, 7CE3AB7B0A36635CF00E35E84C14B8661FAF794ABCFA61AE45A0E5E8EA996A3B ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
18:07:11.0408 0x1088  SmbDrv - ok
18:07:11.0439 0x1088  [ 19555D03CB179BED8B8AAA239A36BDA4, 7B975821D52ABE077496B3CFC010B33D478CD2C36E6A74D8F72D2BF582B8C84A ] SmbDrvI         C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
18:07:11.0439 0x1088  SmbDrvI - ok
18:07:11.0471 0x1088  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
18:07:11.0471 0x1088  smphost - ok
18:07:11.0533 0x1088  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
18:07:11.0533 0x1088  SNMPTRAP - ok
18:07:11.0611 0x1088  [ 87765EF43C33BE342F4ACB0E3FBF89A6, 3C1DDED7F96F796702F1BC73D5CEE5251DD16011AA349FE4EE1D9C002E0171C6 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
18:07:11.0643 0x1088  spaceport - ok
18:07:11.0690 0x1088  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
18:07:11.0705 0x1088  SpbCx - ok
18:07:11.0768 0x1088  [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
18:07:11.0830 0x1088  Spooler - ok
18:07:12.0440 0x1088  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
18:07:12.0924 0x1088  sppsvc - ok
18:07:13.0096 0x1088  [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:07:13.0127 0x1088  srv - ok
18:07:13.0299 0x1088  [ E62EAEF0BAC9DD61BF22D4A7F2F18571, 910D85FDDBAF0E003A0CA0C23D27615F1B7D6145FB9E3A1661E93498196B303A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
18:07:13.0346 0x1088  srv2 - ok
18:07:13.0440 0x1088  [ 466BDC0006103F2547D308DD3CD64398, 334E0729B369C7F7CBB9878F423B53E05476D1288A8ECEB18240318ABF2370C1 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:07:13.0455 0x1088  srvnet - ok
18:07:13.0705 0x1088  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:07:13.0721 0x1088  SSDPSRV - ok
18:07:13.0815 0x1088  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
18:07:13.0815 0x1088  SstpSvc - ok
18:07:13.0908 0x1088  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
18:07:14.0080 0x1088  stexstor - ok
18:07:14.0205 0x1088  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
18:07:14.0252 0x1088  stisvc - ok
18:07:14.0315 0x1088  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
18:07:14.0330 0x1088  storahci - ok
18:07:14.0424 0x1088  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
18:07:14.0424 0x1088  storflt - ok
18:07:14.0580 0x1088  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
18:07:14.0596 0x1088  stornvme - ok
18:07:14.0690 0x1088  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
18:07:14.0705 0x1088  StorSvc - ok
18:07:15.0049 0x1088  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
18:07:15.0049 0x1088  storvsc - ok
18:07:15.0158 0x1088  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
18:07:15.0237 0x1088  svsvc - ok
18:07:15.0658 0x1088  [ 04CF5027B31AF88D2714B0DC6A524EC8, 2DF10EFA88167749AA8384A8F41564208624D33719E755BAFB83411F5BC6BE95 ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
18:07:15.0674 0x1088  SWDUMon - ok
18:07:15.0752 0x1088  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
18:07:15.0752 0x1088  swenum - ok
18:07:15.0940 0x1088  [ E3C92D60F6AD7763961D1E7628002844, A33EED7CB3EE0EF4890AAD095F989FCA7F44CA1055E03D3892AB543DEE74C9B6 ] swprv           C:\WINDOWS\System32\swprv.dll
18:07:15.0986 0x1088  swprv - ok
18:07:16.0143 0x1088  [ 1C9BC67929C728DED1091CA19C3F7D41, 78C7EA28E339FCDBD74470938298E33AB41A14CEE967E1B82CE1D11C54594135 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:07:16.0174 0x1088  SynTP - ok
18:07:16.0330 0x1088  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
18:07:16.0408 0x1088  SysMain - ok
18:07:16.0533 0x1088  [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:07:16.0549 0x1088  SystemEventsBroker - ok
18:07:16.0658 0x1088  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:07:16.0674 0x1088  TabletInputService - ok
18:07:16.0846 0x1088  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:07:16.0861 0x1088  TapiSrv - ok
18:07:17.0315 0x1088  [ FEEFE783D87C9063CDAC6DBDCF95F533, EBD00EEE90AC657823A88190BBBED6DA47AF597510C201F3392F4325069D2669 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
18:07:17.0580 0x1088  Tcpip - ok
18:07:17.0768 0x1088  [ FEEFE783D87C9063CDAC6DBDCF95F533, EBD00EEE90AC657823A88190BBBED6DA47AF597510C201F3392F4325069D2669 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:07:17.0908 0x1088  TCPIP6 - ok
18:07:18.0033 0x1088  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
18:07:18.0049 0x1088  tcpipreg - ok
18:07:18.0174 0x1088  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
18:07:18.0189 0x1088  tdx - ok
18:07:18.0283 0x1088  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
18:07:18.0283 0x1088  terminpt - ok
18:07:18.0533 0x1088  [ 2C77831737491F4D684D315B95C62883, 90A2574A281F19646CFCDA5FDF40063220058290D2D5523AD91B7E709EC36D3D ] TermService     C:\WINDOWS\System32\termsrv.dll
18:07:18.0596 0x1088  TermService - ok
18:07:18.0674 0x1088  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
18:07:18.0705 0x1088  Themes - ok
18:07:18.0783 0x1088  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
18:07:18.0799 0x1088  THREADORDER - ok
18:07:18.0908 0x1088  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
18:07:18.0924 0x1088  TimeBroker - ok
18:07:19.0018 0x1088  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
18:07:19.0033 0x1088  TPM - ok
18:07:19.0127 0x1088  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
18:07:19.0158 0x1088  TrkWks - ok
18:07:19.0268 0x1088  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:07:19.0283 0x1088  TrustedInstaller - ok
18:07:19.0330 0x1088  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
18:07:19.0346 0x1088  TsUsbFlt - ok
18:07:19.0361 0x1088  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:07:19.0361 0x1088  TsUsbGD - ok
18:07:19.0408 0x1088  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:07:19.0408 0x1088  tunnel - ok
18:07:19.0471 0x1088  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
18:07:19.0486 0x1088  uagp35 - ok
18:07:19.0518 0x1088  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
18:07:19.0518 0x1088  UASPStor - ok
18:07:19.0580 0x1088  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
18:07:19.0596 0x1088  UCX01000 - ok
18:07:19.0674 0x1088  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
18:07:19.0690 0x1088  udfs - ok
18:07:19.0752 0x1088  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
18:07:19.0752 0x1088  UEFI - ok
18:07:19.0830 0x1088  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
18:07:19.0830 0x1088  UI0Detect - ok
18:07:19.0893 0x1088  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
18:07:19.0893 0x1088  uliagpkx - ok
18:07:19.0924 0x1088  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
18:07:19.0940 0x1088  umbus - ok
18:07:20.0018 0x1088  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
18:07:20.0018 0x1088  UmPass - ok
18:07:20.0080 0x1088  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
18:07:20.0096 0x1088  UmRdpService - ok
18:07:20.0174 0x1088  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:07:20.0189 0x1088  upnphost - ok
18:07:20.0252 0x1088  [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
18:07:20.0268 0x1088  usbccgp - ok
18:07:20.0315 0x1088  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
18:07:20.0330 0x1088  usbcir - ok
18:07:20.0361 0x1088  [ 5477D6E27C7D266EF8C152B9A25ADE5E, FEE81677D284A78A0C0FB60F887A952CFC759AE78B01206D73F59FE33612C519 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
18:07:20.0377 0x1088  usbehci - ok
18:07:20.0424 0x1088  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\WINDOWS\system32\DRIVERS\usbfilter.sys
18:07:20.0424 0x1088  usbfilter - ok
18:07:20.0502 0x1088  [ DF56C2C04EFA328D7A66B69007130266, 719316EB25A8C7B82C7941D1C5B964CC4EDA4A997732F481526DE7356F6FC0D8 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
18:07:20.0533 0x1088  usbhub - ok
18:07:20.0611 0x1088  [ CFC52C49BEFE4D70D87FFA900EAB9777, 09A2F5D8AB07C3AE3F2B092F4DD7AE5838736CDC263016F188B442B32EC928F8 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
18:07:20.0643 0x1088  USBHUB3 - ok
18:07:20.0924 0x1088  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
18:07:20.0940 0x1088  usbohci - ok
18:07:20.0971 0x1088  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
18:07:20.0971 0x1088  usbprint - ok
18:07:21.0018 0x1088  [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:07:21.0033 0x1088  USBSTOR - ok
18:07:21.0096 0x1088  [ BA4FA655E0FC577DB7436FC963932CE4, 3336FDECD4AEC6B316D4C0803E22A12719EBEDD1A9427C0DF5D3B263BE600EE6 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
18:07:21.0096 0x1088  usbuhci - ok
18:07:21.0143 0x1088  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
18:07:21.0174 0x1088  usbvideo - ok
18:07:21.0252 0x1088  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:07:21.0299 0x1088  USBXHCI - ok
18:07:21.0315 0x1088  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
18:07:21.0330 0x1088  VaultSvc - ok
18:07:21.0361 0x1088  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
18:07:21.0361 0x1088  vdrvroot - ok
18:07:21.0486 0x1088  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe
18:07:21.0565 0x1088  vds - ok
18:07:21.0612 0x1088  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
18:07:21.0627 0x1088  VerifierExt - ok
18:07:21.0689 0x1088  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
18:07:21.0736 0x1088  vhdmp - ok
18:07:21.0783 0x1088  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
18:07:21.0783 0x1088  viaide - ok
18:07:21.0830 0x1088  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
18:07:21.0830 0x1088  vmbus - ok
18:07:21.0861 0x1088  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
18:07:21.0877 0x1088  VMBusHID - ok
18:07:21.0940 0x1088  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:07:21.0971 0x1088  vmicguestinterface - ok
18:07:22.0018 0x1088  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
18:07:22.0049 0x1088  vmicheartbeat - ok
18:07:22.0096 0x1088  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:07:22.0127 0x1088  vmickvpexchange - ok
18:07:22.0174 0x1088  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
18:07:22.0190 0x1088  vmicrdv - ok
18:07:22.0236 0x1088  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
18:07:22.0268 0x1088  vmicshutdown - ok
18:07:22.0315 0x1088  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
18:07:22.0346 0x1088  vmictimesync - ok
18:07:22.0377 0x1088  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
18:07:22.0408 0x1088  vmicvss - ok
18:07:22.0455 0x1088  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
18:07:22.0471 0x1088  volmgr - ok
18:07:22.0549 0x1088  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
18:07:22.0580 0x1088  volmgrx - ok
18:07:22.0643 0x1088  [ 3595FBDF25F8BA6256072D103937D7D6, 547AA103804790E31F6E5658923627945948B48F36354EEA2FC0FE09098F9FD5 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
18:07:22.0658 0x1088  volsnap - ok
18:07:22.0721 0x1088  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
18:07:22.0736 0x1088  vpci - ok
18:07:22.0768 0x1088  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
18:07:22.0783 0x1088  vsmraid - ok
18:07:22.0940 0x1088  [ 4957B27219515B93A508B91068B87BF5, 5B6B37A57FC8F4FC8B119C013338292550C63AB5295A596D382D8DCF26D751A2 ] VSS             C:\WINDOWS\system32\vssvc.exe
18:07:23.0018 0x1088  VSS - ok
18:07:23.0080 0x1088  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
18:07:23.0096 0x1088  VSTXRAID - ok
18:07:23.0127 0x1088  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
18:07:23.0127 0x1088  vwifibus - ok
18:07:23.0158 0x1088  [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:07:23.0158 0x1088  vwififlt - ok
18:07:23.0190 0x1088  [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:07:23.0190 0x1088  vwifimp - ok
18:07:23.0252 0x1088  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
18:07:23.0283 0x1088  W32Time - ok
18:07:23.0377 0x1088  [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
18:07:23.0393 0x1088  w3logsvc - ok
18:07:23.0440 0x1088  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
18:07:23.0440 0x1088  WacomPen - ok
18:07:23.0518 0x1088  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:07:23.0549 0x1088  WAS - ok
18:07:23.0736 0x1088  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
18:07:23.0846 0x1088  wbengine - ok
18:07:23.0955 0x1088  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
18:07:23.0986 0x1088  WbioSrvc - ok
18:07:24.0033 0x1088  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
18:07:24.0065 0x1088  Wcmsvc - ok
18:07:24.0111 0x1088  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
18:07:24.0143 0x1088  wcncsvc - ok
18:07:24.0174 0x1088  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:07:24.0174 0x1088  WcsPlugInService - ok
18:07:24.0221 0x1088  [ F5D4FA3E1F4879C361FFF3855259D2C2, 48C60FE4AAB011E2250157506FF0624031BFA346F8F2F8C6DFDF6F3CAA4F3F42 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
18:07:24.0221 0x1088  WdBoot - ok
18:07:24.0299 0x1088  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
18:07:24.0346 0x1088  Wdf01000 - ok
18:07:24.0393 0x1088  [ 019CC610AD95FF47EAD7C08B7A683B96, BB9D42F8ED90ECA2E7B8C906E06A1EA859FAD9BD1B3492BB1E28C0D00004812A ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
18:07:24.0408 0x1088  WdFilter - ok
18:07:24.0440 0x1088  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
18:07:24.0440 0x1088  WdiServiceHost - ok
18:07:24.0455 0x1088  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
18:07:24.0471 0x1088  WdiSystemHost - ok
18:07:24.0502 0x1088  [ 6CC1BB8F6851A262E2E824F0E92D5EEF, 45A88A984179BBA38C1F4434C4D6C2823C1FE6AFBE8CB0F656DAE0092D1D5611 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:07:24.0518 0x1088  WdNisDrv - ok
18:07:24.0549 0x1088  WdNisSvc - ok
18:07:24.0580 0x1088  [ 6588A957873326361AB1CAC4E76F8394, BE17880CEDCAE5ED3B983443E3777842646A3E48B661422A717656E11F6DBA94 ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:07:24.0611 0x1088  WebClient - ok
18:07:24.0643 0x1088  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
18:07:24.0658 0x1088  Wecsvc - ok
18:07:24.0674 0x1088  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
18:07:24.0690 0x1088  WEPHOSTSVC - ok
18:07:24.0736 0x1088  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
18:07:24.0736 0x1088  wercplsupport - ok
18:07:24.0783 0x1088  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
18:07:24.0799 0x1088  WerSvc - ok
18:07:24.0830 0x1088  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:07:24.0846 0x1088  WFPLWFS - ok
18:07:24.0877 0x1088  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
18:07:24.0877 0x1088  WiaRpc - ok
18:07:24.0924 0x1088  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
18:07:24.0924 0x1088  WIMMount - ok
18:07:24.0940 0x1088  WinDefend - ok
18:07:25.0033 0x1088  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:07:25.0096 0x1088  WinHttpAutoProxySvc - ok
18:07:25.0158 0x1088  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:07:25.0174 0x1088  Winmgmt - ok
18:07:25.0393 0x1088  [ C8D6344BDE2691A196E61C0D3372EAB7, FF8EB79D8A7E298343C22B83276FF68293D08A9DA438BB22600BEFC4CA93A91D ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
18:07:25.0580 0x1088  WinRM - ok
18:07:25.0627 0x1088  [ DAF801153E8F33E13AB278332250D78A, 0F277DA63E8A058A474994CF3A8345DEA967B78E54F4F97FEC995499A1D541A0 ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
18:07:25.0627 0x1088  WirelessButtonDriver - ok
18:07:25.0768 0x1088  [ 5A917027826D759CC3238C7D3CEC3438, A8FFA28B6D8A314692AA08788FC9E2E0F03D8AD1FCD662826ABA71DB39C3605A ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
18:07:25.0877 0x1088  WlanSvc - ok
18:07:26.0033 0x1088  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
18:07:26.0127 0x1088  wlidsvc - ok
18:07:26.0174 0x1088  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
18:07:26.0190 0x1088  WmiAcpi - ok
18:07:26.0237 0x1088  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:07:26.0252 0x1088  wmiApSrv - ok
18:07:26.0283 0x1088  WMPNetworkSvc - ok
18:07:26.0330 0x1088  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:07:26.0346 0x1088  Wof - ok
18:07:26.0471 0x1088  [ 65C65F3BD784158C456E721DDC9F0EA2, CBD3ADFD960456BD4B9557BF691E12D31153499549F5D3D08258BD62013952ED ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
18:07:26.0596 0x1088  workfolderssvc - ok
18:07:26.0627 0x1088  [ C1F564F324685C088ECAB1933576CF91, 022F0EC160352AB73AF7DA557D1A5798964231B82C556F22F4163E8B3E4088B2 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:07:26.0643 0x1088  wpcfltr - ok
18:07:26.0674 0x1088  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
18:07:26.0674 0x1088  WPCSvc - ok
18:07:26.0705 0x1088  [ D27491CFCE452C154CECFA155AD0EBC8, 1F3F74C253E3B07DE7EFE27C34DD9AF08617C7B03BB44C2902F69BA9DA3F21F2 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
18:07:26.0721 0x1088  WPDBusEnum - ok
18:07:26.0768 0x1088  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:07:26.0768 0x1088  WpdUpFltr - ok
18:07:26.0815 0x1088  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:07:26.0815 0x1088  ws2ifsl - ok
18:07:26.0846 0x1088  [ 515583507D3828E827FF6352C9ACCEFA, D0C42020FA787804DA26FE07D67C8880FE027A230BD9EB6A706862D89181F2BE ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
18:07:26.0861 0x1088  wscsvc - ok
18:07:26.0893 0x1088  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
18:07:26.0893 0x1088  WSDPrintDevice - ok
18:07:26.0924 0x1088  [ D38297814FB6E33655342D869996E617, 3701892EEF87D1BF0E73322B90678802B6EA4AFA9CBF6111F39611C79DBA96C7 ] WSDScan         C:\WINDOWS\System32\drivers\WSDScan.sys
18:07:26.0940 0x1088  WSDScan - ok
18:07:26.0955 0x1088  WSearch - ok
18:07:27.0221 0x1088  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\WINDOWS\System32\WSService.dll
18:07:27.0486 0x1088  WSService - ok
18:07:27.0768 0x1088  [ 7E609FBF50774CC5A239420FE34EBB9C, 69B643B11717D51BC5D3F1CDE47D4C9E198AB8D9160C852DBE9B940E40AD8A57 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
18:07:28.0002 0x1088  wuauserv - ok
18:07:28.0049 0x1088  [ 2FEAE33E9B2B56104596E1BA444405A9, 0A142F50E06F6224B9CB36B3CE62BE0B36DE8B8DB9F9E05D287DFB884CC7826E ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
18:07:28.0049 0x1088  WudfPf - ok
18:07:28.0127 0x1088  [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
18:07:28.0143 0x1088  WUDFRd - ok
18:07:28.0174 0x1088  [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:07:28.0190 0x1088  WUDFSensorLP - ok
18:07:28.0221 0x1088  [ BB73CBC65AABC4EA0A5C6A1474A0A743, D644B3C6A7202CADDADB3B68FE1B2A7C76B023FE58F667EED4D538C1F4A65D64 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
18:07:28.0236 0x1088  wudfsvc - ok
18:07:28.0268 0x1088  [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:07:28.0283 0x1088  WUDFWpdFs - ok
18:07:28.0346 0x1088  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
18:07:28.0377 0x1088  WwanSvc - ok
18:07:28.0424 0x1088  ================ Scan global ===============================
18:07:28.0471 0x1088  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
18:07:28.0518 0x1088  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
18:07:28.0565 0x1088  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
18:07:28.0611 0x1088  [ B4B610BBCB002EC478C6FD80CF915697, CE22B87A7C7C0D325CE66FB97E7318B4A41EE0BD14D902A410126A1EBBEAA6FB ] C:\WINDOWS\system32\services.exe
18:07:28.0643 0x1088  [ Global ] - ok
18:07:28.0643 0x1088  ================ Scan MBR ==================================
18:07:28.0658 0x1088  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:07:28.0752 0x1088  \Device\Harddisk0\DR0 - ok
18:07:28.0752 0x1088  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:07:28.0768 0x1088  \Device\Harddisk1\DR1 - ok
18:07:28.0768 0x1088  ================ Scan VBR ==================================
18:07:28.0783 0x1088  [ 2CF57EDD7CF1EE235FD79FFE51DB077D ] \Device\Harddisk0\DR0\Partition1
18:07:28.0799 0x1088  \Device\Harddisk0\DR0\Partition1 - ok
18:07:28.0830 0x1088  [ 2733AD34FA9E09ED4C948D74CA3AC32E ] \Device\Harddisk0\DR0\Partition2
18:07:28.0846 0x1088  \Device\Harddisk0\DR0\Partition2 - ok
18:07:28.0861 0x1088  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
18:07:28.0861 0x1088  \Device\Harddisk0\DR0\Partition3 - ok
18:07:28.0877 0x1088  [ E9841DAC92D9806C63EAF6CB7D585A6A ] \Device\Harddisk0\DR0\Partition4
18:07:28.0893 0x1088  \Device\Harddisk0\DR0\Partition4 - ok
18:07:28.0940 0x1088  [ 25A612D4E2433EC8C5F9C3FBC0E6AA57 ] \Device\Harddisk0\DR0\Partition5
18:07:28.0940 0x1088  \Device\Harddisk0\DR0\Partition5 - ok
18:07:28.0971 0x1088  [ D62BED658CCBC36D14C1BBE5E75D7675 ] \Device\Harddisk0\DR0\Partition6
18:07:28.0986 0x1088  \Device\Harddisk0\DR0\Partition6 - ok
18:07:29.0002 0x1088  [ 5F649EA0F5C308EF84236BBA1D963A8F ] \Device\Harddisk1\DR1\Partition1
18:07:29.0002 0x1088  \Device\Harddisk1\DR1\Partition1 - ok
18:07:29.0002 0x1088  Waiting for KSN requests completion. In queue: 94
18:07:30.0018 0x1088  Waiting for KSN requests completion. In queue: 94
18:07:31.0033 0x1088  Waiting for KSN requests completion. In queue: 94
18:07:32.0299 0x1088  AV detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmiav.exe ( 13.0.2.558 ), 0x41000 ( enabled : updated )
18:07:32.0346 0x1088  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
18:07:32.0393 0x1088  FW detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmifw.exe ( 13.0.2.558 ), 0x41010 ( enabled )
18:07:34.0971 0x1088  ============================================================
18:07:34.0971 0x1088  Scan finished
18:07:34.0971 0x1088  ============================================================
18:07:35.0002 0x0bc4  Detected object count: 0
18:07:35.0002 0x0bc4  Actual detected object count: 0
 



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 31 May 2014 - 01:47 PM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 laptop4me

laptop4me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canton, Georgia
  • Local time:06:51 PM

Posted 31 May 2014 - 05:57 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Lee at 2014-05-31 17:43:21 Run:1
Running from C:\Users\Lee\Desktop\Tools
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {23C02CE9-1B74-47FF-A67C-44C8D222153F} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {1D94998F-467C-414C-A30F-DED1B4B6177F} - System32\Tasks\Oxy => C:\Users\Lee\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
2014-04-29 11:03 - 2014-04-28 03:34 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-04-29 10:58 - 2014-04-29 10:58 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{9CF0CF7A-40DA-4470-8904-32751D019F7F}
2014-04-29 10:36 - 2014-04-28 03:13 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-04-29 10:35 - 2014-04-28 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ff&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyB0Ezy0FyE0CyB0B0EyEtN0D0Tzu0SzzyBtBtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyB0Fzz0A0FtC0F0DtGyE0C0EtAtG0DtAzy0BtGtCtCtDtCtGtAyB0CyEyEtB0AyEtDyE0A0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDyB0E0FzztCtAtGtBtDtDtCtGtCtA0B0DtGzzzyzzyBtGtByDzz0DtB0B0EzyyCtAyCyE2Q&cr=267317616&ir=
SearchScopes: HKCU - {349336B2-50EF-438F-B23B-AAC3FF49B87B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3153924&CUI=UN37515260262192318&UM=2&SSPV=S41AIE
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3153924&CUI=UN37515260262192318&UM=2&SSPV=&UP=SPDD502B1C-2534-42D6-B8AC-5AA565753D80
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3153924&CUI=UN37515260262192318&UM=2&SSPV=&UP=SPDD502B1C-2534-42D6-B8AC-5AA565753D80
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope {349336B2-50EF-438F-B23B-AAC3FF49B87B} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ff&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyB0Ezy0FyE0CyB0B0EyEtN0D0Tzu0SzzyBtBtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyB0Fzz0A0FtC0F0DtGyE0C0EtAtG0DtAzy0BtGtCtCtDtCtGtAyB0CyEyEtB0AyEtDyE0A0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDyB0E0FzztCtAtGtBtDtDtCtGtCtA0B0DtGzzzyzzyBtGtByDzz0DtB0B0EzyyCtAyCyE2Q&cr=267317616&ir=
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

C:\Program Files (x86)\MyPC Backup
C:\Users\Lee\AppData\Roaming\Oxy
2014-05-07 23:27 - 2014-04-28 03:14 - 00000000 ____D () C:\Users\Lee\Documents\Optimizer Pro
2014-05-08 20:06 - 2013-12-28 22:05 - 00000000 ____D () C:\ProgramData\Conduit
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\Users\Lee\AppData\Local\oDesk
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk
2014-05-15 22:43 - 2014-05-15 22:43 - 00000000 ____D () C:\Program Files (x86)\oDesk
2014-05-15 22:31 - 2014-05-15 22:31 - 03722456 _____ (oDesk Corporation) C:\Users\Lee\Downloads\oDeskSetup.exe
2014-05-17 02:20 - 2014-05-17 02:20 - 00004574 _____ () C:\WINDOWS\System32\Tasks\IdleCrawler Runner
2014-05-17 02:20 - 2014-05-17 02:20 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Oxy
2014-05-17 16:03 - 2014-05-17 02:20 - 00000000 ____D () C:\Users\Lee\AppData\Local\IdleCrawler
2014-05-27 18:54 - 2014-05-17 02:09 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Oxy

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C02CE9-1B74-47FF-A67C-44C8D222153F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C02CE9-1B74-47FF-A67C-44C8D222153F} => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchApp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D94998F-467C-414C-A30F-DED1B4B6177F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D94998F-467C-414C-A30F-DED1B4B6177F} => Key deleted successfully.
C:\Windows\System32\Tasks\Oxy => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy => Key deleted successfully.
C:\Program Files (x86)\DriverUpdate => Moved successfully.
C:\WINDOWS\System32\Tasks\{9CF0CF7A-40DA-4470-8904-32751D019F7F} => Moved successfully.
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => Key deleted successfully.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{349336B2-50EF-438F-B23B-AAC3FF49B87B} => Key deleted successfully.
HKCR\CLSID\{349336B2-50EF-438F-B23B-AAC3FF49B87B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => Key deleted successfully.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
C:\Users\Lee\AppData\Roaming\Oxy => Moved successfully.
C:\Users\Lee\Documents\Optimizer Pro => Moved successfully.
C:\ProgramData\Conduit => Moved successfully.
C:\Users\Lee\AppData\Local\oDesk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk => Moved successfully.
C:\Program Files (x86)\oDesk => Moved successfully.
C:\Users\Lee\Downloads\oDeskSetup.exe => Moved successfully.
C:\WINDOWS\System32\Tasks\IdleCrawler Runner => Moved successfully.
"C:\WINDOWS\System32\Tasks\Oxy" => File/Directory not found.
C:\Users\Lee\AppData\Local\IdleCrawler => Moved successfully.
"C:\Users\Lee\AppData\Roaming\Oxy" => File/Directory not found.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/31/2014
Scan Time: 6:42:02 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.31.10
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Lee

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306277
Time Elapsed: 52 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Amonetize, C:\Users\Lee\AppData\Local\Temp\setup.exe, Quarantined, [828d183c017acb6b1e8eed57b050b24e],
PUP.Optional.Amonetize, C:\Users\Lee\AppData\Local\Temp\setup__3635.exe, Quarantined, [af609cb82d4ea0965458350f966a7b85],
PUP.Optional.NewTab.A, C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage, Quarantined, [ae61470d2e4dae88c429cc14bd460df3],
PUP.Optional.DogPile.A, C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.dogpile.com/");), Replaced,[1ef142124b303bfbd74b335a59ab56aa]

Physical Sectors: 0
(No malicious items detected)


(end)



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 02 June 2014 - 03:13 PM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 laptop4me

laptop4me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canton, Georgia
  • Local time:06:51 PM

Posted 03 June 2014 - 05:21 AM

C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files (x86)\NCH Software\Express\express.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\Express\expresssetup_v5.72.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoicesetup_v4.05.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\Scribe\scribe.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\Scribe\scribesetup_v5.63.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Lee\AppData\Local\Microsoft\Windows\INetCache\IE\34LWP9SV\SPSetup[1].exe    Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Users\Lee\AppData\Local\Microsoft\Windows\INetCache\IE\FUP45KCG\StormAlertsSetup[1].exe    a variant of MSIL/Adware.StrongVault.A application
C:\Users\Lee\AppData\Local\Temp\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\ms.exe    a variant of Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\tmp3133.exe    a variant of Win32/Amonetize.AP potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\tmpA7C1.exe    a variant of Win32/Amonetize.AP potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\23890Largepdf 00000004499.pdfDownload_707A\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\84cf867e16614343b280cc3a78c2b42d\iman2.exe    a variant of Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\84cf867e16614343b280cc3a78c2b42d\10d2670116c74ecd83e873ffb71f8a551075\wsrv.exe    a variant of Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\84cf867e16614343b280cc3a78c2b42d\32af0a2c11f94a2ea1adc858f147b4821082\winsrvinst.exe    a variant of Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\84cf867e16614343b280cc3a78c2b42d\d000d8364987401ea50fc4667520cf431079\trustedwinman.exe    a variant of Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\84cf867e16614343b280cc3a78c2b42d\d3b103374abe4e2d835d2b02ccba71e51077\winman.exe    a variant of Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\84cf867e16614343b280cc3a78c2b42d\dda55bd08e8b4a59961447ad32a801db1080\wsint.exe    a variant of Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\84cf867e16614343b280cc3a78c2b42d\ecbc66d926dd4f3d97cf74d9f2d6d53a1081\winman.exe    a variant of Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_2163\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_242\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_3B2B\oxyinst.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_4207\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_5806\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_5957\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_6268\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_66C4\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_769F\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_7ADA\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_869A\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_923F\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_A6BB\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_ACAC\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_D156\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\Download_FCCB\23890Largepdf_00000004499.pdf_Downloader.exe    probably a variant of Win32/BundleInstaller.D potentially unwanted application
C:\Users\Lee\AppData\Local\Temp\tmpF65F\Bundle.exe    a variant of Win32/Amonetize.AP potentially unwanted application
C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\extensions\{aad50c91-b136-49d9-8b30-0e8d3ead63d0}\Plugins\npConduitFirefoxPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\Lee\Documents\exe files downloads\PackageTrackingSetup.exe    Win32/Toolbar.Inbox.H potentially unwanted application
C:\Users\Lee\Documents\exe files downloads\Skype_Setup.exe    Win32/InstallCore.MM potentially unwanted application
C:\Users\Lee\Downloads\essetup(1).exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Lee\Downloads\essetup(2).exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Lee\Downloads\essetup.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Lee\Downloads\PDFlite-0.11.2.exe    a variant of Win32/Injected.F trojan
C:\Users\Lee\Downloads\scribesetup_v5.63.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Lee\Downloads\Setup_ODM.exe    multiple threats
C:\Users\Lee\Downloads\SOFTWARE PROGRAMS\jre-7u51-windows-i586(1).exe    Win32/AdGazelle.A potentially unwanted application
C:\Users\Lee\Downloads\SOFTWARE PROGRAMS\jre-7u51-windows-i586.exe    Win32/AdGazelle.A potentially unwanted application
 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 05 June 2014 - 01:33 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 laptop4me

laptop4me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canton, Georgia
  • Local time:06:51 PM

Posted 05 June 2014 - 05:38 PM

# AdwCleaner v3.212 - Report created 05/06/2014 at 17:45:21
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Lee - LAPTOP4LEE
# Running from : C:\Users\Lee\Desktop\Tools\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Found : C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\jZip
Folder Found : C:\Program Files (x86)\webget
Folder Found : C:\ProgramData\QuickSet
Folder Found : C:\Users\Lee\AppData\Local\Conduit
Folder Found : C:\Users\Lee\AppData\Local\jZip
Folder Found : C:\Users\Lee\AppData\Local\Temp\jZip
Folder Found : C:\Users\Lee\AppData\Local\Temp\VuuPC
Folder Found : C:\Users\Lee\AppData\Local\Temp\webget
Folder Found : C:\Users\Lee\AppData\LocalLow\Conduit
Folder Found : C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\CT3153924
Folder Found : C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\Extensions\{aad50c91-b136-49d9-8b30-0e8d3ead63d0}
Folder Found : C:\Users\Lee\AppData\Roaming\SearchProtect
Folder Found : C:\WINDOWS\SysWOW64\SearchProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Escolade
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Escolade
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3153924
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\prefs.js ]

Line Found : user_pref("CT3153924.FF19Solved", "true");
Line Found : user_pref("CT3153924.UserID", "UN35455818964556662");
Line Found : user_pref("CT3153924.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3153924.fullUserID", "UN35455818964556662.IN.20131228210305");
Line Found : user_pref("CT3153924.installDate", "28/12/2013 21:03:08");
Line Found : user_pref("CT3153924.installSessionId", "{8468A05C-BFBF-493C-B6EC-8F87BB3DCED6}");
Line Found : user_pref("CT3153924.installSp", "TRUE");
Line Found : user_pref("CT3153924.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3153924.keyword", "true");
Line Found : user_pref("CT3153924.originalHomepage", "hxxp://dogpile.com/");
Line Found : user_pref("CT3153924.originalSearchAddressUrl", "");
Line Found : user_pref("CT3153924.originalSearchEngine", "");
Line Found : user_pref("CT3153924.originalSearchEngineName", "");
Line Found : user_pref("CT3153924.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3153924.searchRevert", "false");
Line Found : user_pref("CT3153924.searchUninstallUserMode", "2");
Line Found : user_pref("CT3153924.searchUserMode", "2");
Line Found : user_pref("CT3153924.smartbar.homepage", "true");
Line Found : user_pref("CT3153924.toolbarInstallDate", "28-12-2013 21:03:05");
Line Found : user_pref("CT3153924.versionFromInstaller", "10.23.0.722");
Line Found : user_pref("CT3153924.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3153924&octid=CT3153924&SearchSource=61&CUI=UN35455818964556662&UM=2&UP=SPDD502B1C-2534-42D6-B8AC-5AA565753D80");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.newtabpage.pinned", "[null,{\"url\":\"hxxp://www.dogpile.com/\",\"title\":\"Dogpile Web Search\"}]");
Line Found : user_pref("browser.search.defaultenginename", "Speedial");
Line Found : user_pref("browser.search.defaultthis.engineName", "Connect DLCS Customized Web Search");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN35455818964556662&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3153924&octid=CT3153924&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&SearchSource=2&CUI=UN35455818964556662&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.machineId", "SFDXMLFGTEJYIA4VGXLXQT9KY/PL7TSM2ZQR5C5FVVCYFQHHRX1GCNEEH6Y/YVMXFRNUGXBX/HC5SPYAJR+9HA");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN35455818964556662&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6617 octets] - [05/06/2014 17:45:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6677 octets] ##########
 

 

 

# AdwCleaner v3.212 - Report created 05/06/2014 at 17:47:48
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Lee - LAPTOP4LEE
# Running from : C:\Users\Lee\Desktop\Tools\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\webget
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Lee\AppData\Local\Conduit
Folder Deleted : C:\Users\Lee\AppData\Local\jZip
Folder Deleted : C:\Users\Lee\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Lee\AppData\Local\Temp\VuuPC
Folder Deleted : C:\Users\Lee\AppData\Local\Temp\webget
Folder Deleted : C:\Users\Lee\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lee\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\CT3153924
Folder Deleted : C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\Extensions\{aad50c91-b136-49d9-8b30-0e8d3ead63d0}
File Deleted : C:\END
File Deleted : C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3153924
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\jZip

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8y6ex.default\prefs.js ]

Line Deleted : user_pref("CT3153924.FF19Solved", "true");
Line Deleted : user_pref("CT3153924.UserID", "UN35455818964556662");
Line Deleted : user_pref("CT3153924.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3153924.fullUserID", "UN35455818964556662.IN.20131228210305");
Line Deleted : user_pref("CT3153924.installDate", "28/12/2013 21:03:08");
Line Deleted : user_pref("CT3153924.installSessionId", "{8468A05C-BFBF-493C-B6EC-8F87BB3DCED6}");
Line Deleted : user_pref("CT3153924.installSp", "TRUE");
Line Deleted : user_pref("CT3153924.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3153924.keyword", "true");
Line Deleted : user_pref("CT3153924.originalHomepage", "hxxp://dogpile.com/");
Line Deleted : user_pref("CT3153924.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3153924.originalSearchEngine", "");
Line Deleted : user_pref("CT3153924.originalSearchEngineName", "");
Line Deleted : user_pref("CT3153924.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3153924.searchRevert", "false");
Line Deleted : user_pref("CT3153924.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3153924.searchUserMode", "2");
Line Deleted : user_pref("CT3153924.smartbar.homepage", "true");
Line Deleted : user_pref("CT3153924.toolbarInstallDate", "28-12-2013 21:03:05");
Line Deleted : user_pref("CT3153924.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3153924.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3153924&octid=CT3153924&SearchSource=61&CUI=UN35455818964556662&UM=2&UP=SPDD502B1C-2534-42D6-B8AC-5AA565753D80");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.newtabpage.pinned", "[null,{\"url\":\"hxxp://www.dogpile.com/\",\"title\":\"Dogpile Web Search\"}]");
Line Deleted : user_pref("browser.search.defaultenginename", "Speedial");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLCS Customized Web Search");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3153924");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN35455818964556662&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3153924&octid=CT3153924&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&SearchSource=2&CUI=UN35455818964556662&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3153924");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3153924");
Line Deleted : user_pref("smartbar.machineId", "SFDXMLFGTEJYIA4VGXLXQT9KY/PL7TSM2ZQR5C5FVVCYFQHHRX1GCNEEH6Y/YVMXFRNUGXBX/HC5SPYAJR+9HA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN35455818964556662&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6781 octets] - [05/06/2014 17:45:21]
AdwCleaner[S0].txt - [6608 octets] - [05/06/2014 17:47:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6668 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Lee on Thu 06/05/2014 at 17:58:35.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2508797896-4127050247-2938979256-1002\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted the following from C:\Users\Lee\AppData\Roaming\mozilla\firefox\profiles\kzm8y6ex.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://www.dogpile.com/");
Emptied folder: C:\Users\Lee\AppData\Roaming\mozilla\firefox\profiles\kzm8y6ex.default\minidumps [37 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/05/2014 at 18:13:35.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky PURE 3.0   
Windows Defender     
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Java 7 Update 55  
 Adobe Flash Player     13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1)
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky PURE 3.0 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 06 June 2014 - 03:11 AM

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 03 July 2014 - 03:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users