Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Infection and Resulting MBR Problems


  • This topic is locked This topic is locked
34 replies to this topic

#1 WJL2112

WJL2112

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 17 June 2014 - 11:14 AM

Good morning.  I am in need of your assitance in further identifying and removing a virus and repairing damage done.

 

Dr. Web CureIt continues to identify Trojan.PWS.Panda.5661 virus, but cannot seem to permanently remove it.  Further looking through existing topics here, I have identified other tools to help clean and repair, but nothing has worked, and the damage appears to be getting worse.

 

I run Dr. Web routinely, along with MalwareBytes Anti-Malware, Hitman, and Kaspersky TDSS.  Saw Dr. Web identify the Panda.5661 a little over a week ago.  A few days later, was reading on here and ran MBRCheck and that indicated MBR damage to the C:\ drive and two external hard drives.

 

When Dr. Web origianlly found the Panda.5661, TDSSKiller indicated the vsmon.exe file was infected, which is related to Zonealarm firewall.  I uninstalled Zonealarm, reinstalled, and vsmon.exe was infected again.  Since then, other executable files have been indicated as being infected when TDSSKiller is run, four or five in the past few days.  I have TDSS quarantine them, and have kept Zonealarm installed, but with the internet connectivity disabled; not certain anymore if Zonealarm is functioning properly.

 

I have run RJT, AdwCleaner, and other programs seen here in the forums, to no avail.

 

Appreciate any assistance that you can provide in walking me through the cleaning process.

 

Thank you,

 

Bill



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:08 PM

Posted 18 June 2014 - 01:23 PM

Hello WJL2112

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
We need to see some additional information about what is happening in your machine.
Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    DDS.jpg
  • Instead of attaching, please copy/paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
 
I would also like to see last log made with TDSSKiller
 
The report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 18 June 2014 - 04:00 PM

seedy21,
 
Thank you for the quick response.  Below are the dds.txt and attach.txt as requested.  Running TDSS right now for a fresh report that will be added in my next reply.
 
Thank you,
 
Bill
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by Bill at 16:53:37 on 2014-06-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16255.13060 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\HitmanPro\HitmanPro.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\OpenHardwareMonitor\OpenHardwareMonitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\viakaraokesrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\program files (x86)\stardock\fences\Fences.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" /m
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
StartupFolder: C:\Users\Bill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9CA9682D-05FD-4749-9187-14813C76F20C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFD51EF9-1DA5-490B-BEBD-E9D46CFD70EA} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [SDTray] c:\program files (x86)\spybot - search & destroy 2\sdtray.exe
x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - ExtSQL: 2014-06-07 15:57; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2014-06-08 15:49; ffxtlbr@zonealarm.com; C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: !HIDDEN! 2012-07-29 16:01; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-23 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-23 208416]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-5-21 16152]
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\System32\drivers\SmartDefragDriver.sys [2014-1-25 21184]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2012-7-27 1039096]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2012-7-27 423240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2014-1-12 465216]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-3 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-7-27 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-4 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-3 50344]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-4-3 127752]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-21 161560]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-21 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\windows\System32\ViakaraokeSrv.exe [2012-5-21 27760]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-5-29 90936]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2014-6-18 32512]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-5-21 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-5-21 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-5-21 786200]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-21 648808]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\windows\System32\drivers\viahduaa.sys [2012-5-21 2182768]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/01 13:18:33;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-11-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-13 111616]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-9-12 1817560]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-9-12 1033688]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-9-12 171928]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-27 1255736]
S3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter  with SpeedBooster Service;C:\windows\System32\drivers\WUSB54GSCV2_AMD64.sys [2012-7-27 253944]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-18 20:46:56 32512 ----a-w- C:\windows\System32\drivers\hitmanpro37.sys
2014-06-18 00:49:05 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-06-18 00:48:06 151005296 ----a-w- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Security\sqpl2jxw.exe
2014-06-18 00:47:49 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-06-18 00:47:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 01:10:37 -------- d-----w- C:\! Cameron Music
2014-06-15 23:07:05 -------- d-----w- C:\ProgramData\SUPERSetup
2014-06-14 23:19:54 -------- d-----w- C:\Program Files (x86)\Belarc
2014-06-14 22:17:32 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-13 23:42:27 -------- d-----w- C:\Users\Bill\AppData\Roaming\SUPERAntiSpyware.com
2014-06-13 23:42:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-06-13 02:11:25 -------- d-----w- C:\ProgramData\Sophos
2014-06-13 02:11:21 73728 ----a-r- C:\Users\Bill\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-06-13 02:11:21 73728 ----a-r- C:\Users\Bill\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-06-13 02:11:21 73728 ----a-r- C:\Users\Bill\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-06-13 02:11:18 -------- d-----w- C:\Program Files (x86)\Sophos
2014-06-13 01:50:40 -------- d-----w- C:\ProgramData\McAfee Security Scan
2014-06-12 23:38:50 92888 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-06-12 21:24:02 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-06-12 21:05:39 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2014-06-08 23:06:05 2347384 ----a-w- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Security\esetsmartinstaller_enu.exe
2014-06-08 19:24:02 107595032 ----a-w- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Security\msert.exe
2014-06-08 15:17:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Rootkit
2014-06-08 12:49:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-06-08 12:09:38 4181856 ----a-w- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Video\tdsskiller.exe
2014-06-08 00:19:11 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-07 20:01:47 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-06-06 19:16:47 -------- d-----w- C:\Users\Bill\Crystal
.
==================== Find3M  ====================
.
2014-05-30 06:35:18 450968 ----a-w- C:\windows\System32\drivers\vsdatant.sys
2014-05-18 18:54:11 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-18 18:54:11 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 21:00:51 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-05-15 21:00:51 1039096 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-05-12 11:25:56 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-05-09 06:14:03 477184 ----a-w- C:\windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-05-06 04:17:53 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-06 03:07:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-03 12:13:42 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-05-03 12:13:42 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-05-03 12:13:41 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-05-03 12:13:41 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-05-03 12:13:39 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-05-03 12:13:35 43152 ----a-w- C:\windows\avastSS.scr
2014-04-15 06:34:10 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 16:54:49.31 ===============
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2012 2:37:22 PM
System Uptime: 6/18/2014 4:39:34 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | P8B75-M
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1468.295 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
T: is FIXED (NTFS) - 2795 GiB total, 1576.153 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\8&34C4E7A2&0&4
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\8&34C4E7A2&0&4
Service: 
.
==== System Restore Points ===================
.
RP257: 6/8/2014 10:55:35 AM - Installed SpyHunter
RP258: 6/8/2014 11:04:48 AM - Removed SpyHunter
RP259: 6/12/2014 9:33:46 PM - Installed SpyHunter
RP260: 6/12/2014 10:11:03 PM - Installed Sophos Virus Removal Tool.
RP261: 6/13/2014 7:34:39 PM - Removed SpyHunter
RP262: 6/14/2014 6:15:52 PM - Installed Java 7 Update 60
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Acrobat 7.0 Professional
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Shockwave Player 12.0
Advanced SystemCare 6
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
Aurora 20.0a2 (x86 en-US)
Aurora 23.0a2 (x86 en-US)
avast! Free Antivirus
Belarc Advisor 8.4
Bonjour
BufferChm
C4700
CCleaner
Classic Shell
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DROPCLOCK Screensaver
DVDFab 8.2.2.8 (26/02/2013) Qt
DVDFab 9.0.7.0 (04/10/2013)
Elevated Installer
ESET Online Scanner v3
Exact Audio Copy 1.0beta3
Fences 2
foobar2000 v1.1.15
FreeAgent Pro Tools
Gaia 3D Jigsaw Puzzle Screensaver v2.01
Garmin Express
Garmin Express Tray
Google Chrome
Google Update Helper
GPBaseService2
HD Tune Pro 5.50
HitmanPro 3.7
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Intel® Control Center
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Processor ID Utility
Intel® Turbo Boost Technology Monitor 2.6
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IrfanView (remove only)
iTunes
Java 7 Update 45 (64-bit)
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
LAME v3.99.3 (for Windows)
LG CyberLink Media Suite
LG CyberLink PowerDVD
LifeGlobe Sharks, Terrors of the Deep
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.52
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Platform
PS_AIO_06_C4700_SW_Min
Realtek Ethernet Controller Driver
Scan
SeaTools for Windows
Security Task Manager 1.8g
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
SereneScreen Marine Aquarium 3
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.3
Smart Defrag 3
SmartWebPrinting
SolutionCenter
Sophos Virus Removal Tool
SpeedFan (remove only)
Spybot - Search & Destroy
Status
SUPERAntiSpyware
swMSM
Toolbox
TrayApp
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2012 wvaiper
TurboTax 2013
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
TurboTax 2013 wvaiper
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VIA Platform Device Manager
VLC media player 2.0.6
WebReg
Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
6/18/2014 4:40:45 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/18/2014 4:40:45 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
6/18/2014 4:40:44 PM, Error: Service Control Manager [7000]  - The WinRing0_1_2_0 service failed to start due to the following error:  The system cannot find the file specified.
6/18/2014 4:39:40 PM, Error: volmgr [46]  - Crash dump initialization failed!
6/17/2014 9:07:01 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
6/17/2014 9:07:01 AM, Error: Service Control Manager [7000]  - The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/15/2014 8:50:50 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk7\DR7.
6/15/2014 7:32:18 PM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/15/2014 7:32:18 PM, Error: Service Control Manager [7031]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/15/2014 7:32:18 PM, Error: Service Control Manager [7031]  - The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
6/15/2014 7:32:18 PM, Error: Service Control Manager [7031]  - The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/15/2014 7:32:18 PM, Error: Service Control Manager [7031]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/15/2014 6:52:41 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/15/2014 6:52:41 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/15/2014 6:52:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/15/2014 10:02:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800c755660, 0xfffff80004c733d0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061514-19078-01.
6/14/2014 6:46:30 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
6/14/2014 3:06:14 PM, Error: Service Control Manager [7024]  - The Power service terminated with service-specific error The operation completed successfully..
6/14/2014 3:06:10 PM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
6/14/2014 3:06:10 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The data is invalid.
6/14/2014 3:06:10 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  A system shutdown is in progress.
6/14/2014 3:06:10 PM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x8007045B.
6/14/2014 3:06:09 PM, Error: Service Control Manager [7023]  - The IPsec Policy Agent service terminated with the following error:  The authentication service is unknown.
.
==== End Of File ===========================
 
 
 


#4 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 18 June 2014 - 04:04 PM

seedy21,

 

Here is today's TDSS file:

 

16:56:36.0038 0x1494  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
16:56:41.0854 0x1494  ============================================================
16:56:41.0854 0x1494  Current date / time: 2014/06/18 16:56:41.0854
16:56:41.0854 0x1494  SystemInfo:
16:56:41.0854 0x1494  
16:56:41.0854 0x1494  OS Version: 6.1.7601 ServicePack: 1.0
16:56:41.0854 0x1494  Product type: Workstation
16:56:41.0854 0x1494  ComputerName: BILL-COREI7-PC
16:56:41.0854 0x1494  UserName: Bill
16:56:41.0854 0x1494  Windows directory: C:\windows
16:56:41.0854 0x1494  System windows directory: C:\windows
16:56:41.0854 0x1494  Running under WOW64
16:56:41.0854 0x1494  Processor architecture: Intel x64
16:56:41.0854 0x1494  Number of processors: 8
16:56:41.0854 0x1494  Page size: 0x1000
16:56:41.0854 0x1494  Boot type: Normal boot
16:56:41.0854 0x1494  ============================================================
16:56:43.0731 0x1494  KLMD registered as C:\windows\system32\drivers\11966396.sys
16:56:44.0226 0x1494  System UUID: {E876A053-AD32-CEC1-F716-54C3F9C49652}
16:56:44.0688 0x1494  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:56:44.0701 0x1494  Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1475000 ( 2794.52 Gb ), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:56:44.0744 0x1494  ============================================================
16:56:44.0744 0x1494  \Device\Harddisk0\DR0:
16:56:44.0745 0x1494  MBR partitions:
16:56:44.0745 0x1494  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:56:44.0745 0x1494  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD58B0
16:56:44.0745 0x1494  \Device\Harddisk1\DR1:
16:56:44.0745 0x1494  MBR partitions:
16:56:44.0745 0x1494  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
16:56:44.0745 0x1494  ============================================================
16:56:44.0770 0x1494  C: <-> \Device\Harddisk0\DR0\Partition2
16:56:44.0787 0x1494  T: <-> \Device\Harddisk1\DR1\Partition1
16:56:44.0787 0x1494  ============================================================
16:56:44.0787 0x1494  Initialize success
16:56:44.0787 0x1494  ============================================================
16:56:50.0072 0x0e0c  ============================================================
16:56:50.0072 0x0e0c  Scan started
16:56:50.0073 0x0e0c  Mode: Manual; SigCheck; TDLFS; 
16:56:50.0073 0x0e0c  ============================================================
16:56:50.0073 0x0e0c  KSN ping started
16:57:35.0235 0x0e0c  KSN ping finished: false
16:57:36.0725 0x0e0c  ================ Scan system memory ========================
16:57:36.0725 0x0e0c  System memory - ok
16:57:36.0725 0x0e0c  ================ Scan services =============================
16:57:36.0832 0x0e0c  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:57:36.0860 0x0e0c  !SASCORE - ok
16:57:38.0668 0x0e0c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:57:38.0733 0x0e0c  1394ohci - ok
16:57:38.0785 0x0e0c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:57:38.0797 0x0e0c  ACPI - ok
16:57:38.0820 0x0e0c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:57:38.0843 0x0e0c  AcpiPmi - ok
16:57:38.0986 0x0e0c  [ 6D182C31ACF16213407F2768F1107FE3, 92B602152AB9F93A7AC510A01AEF714ED8EE30C9306E3D44BECEE10EC3464184 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:57:39.0009 0x0e0c  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
16:57:49.0048 0x0e0c  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
16:58:10.0408 0x0e0c  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:58:10.0417 0x0e0c  AdobeFlashPlayerUpdateSvc - ok
16:58:10.0440 0x0e0c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
16:58:10.0455 0x0e0c  adp94xx - ok
16:58:10.0482 0x0e0c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
16:58:10.0495 0x0e0c  adpahci - ok
16:58:10.0519 0x0e0c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
16:58:10.0529 0x0e0c  adpu320 - ok
16:58:10.0705 0x0e0c  [ CBFAA333EBA2E402A0439A3A0E5413F3, 46EBCE5740E613EFB31F7F97982E2CAA64046AAF00E598E71C4F6E7541AA4526 ] AdvancedSystemCareService6 C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
16:58:10.0717 0x0e0c  AdvancedSystemCareService6 - ok
16:58:10.0745 0x0e0c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:58:10.0767 0x0e0c  AeLookupSvc - ok
16:58:10.0859 0x0e0c  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
16:58:10.0899 0x0e0c  AFD - ok
16:58:10.0924 0x0e0c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
16:58:10.0933 0x0e0c  agp440 - ok
16:58:10.0956 0x0e0c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
16:58:10.0980 0x0e0c  ALG - ok
16:58:11.0000 0x0e0c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
16:58:11.0008 0x0e0c  aliide - ok
16:58:11.0020 0x0e0c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
16:58:11.0028 0x0e0c  amdide - ok
16:58:11.0046 0x0e0c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
16:58:11.0056 0x0e0c  AmdK8 - ok
16:58:11.0068 0x0e0c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
16:58:11.0096 0x0e0c  AmdPPM - ok
16:58:11.0117 0x0e0c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:58:11.0126 0x0e0c  amdsata - ok
16:58:11.0151 0x0e0c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
16:58:11.0161 0x0e0c  amdsbs - ok
16:58:11.0181 0x0e0c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:58:11.0188 0x0e0c  amdxata - ok
16:58:11.0208 0x0e0c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
16:58:11.0247 0x0e0c  AppID - ok
16:58:11.0274 0x0e0c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:58:11.0296 0x0e0c  AppIDSvc - ok
16:58:11.0335 0x0e0c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
16:58:11.0344 0x0e0c  Appinfo - ok
16:58:11.0500 0x0e0c  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:58:11.0508 0x0e0c  Apple Mobile Device - ok
16:58:11.0525 0x0e0c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
16:58:11.0534 0x0e0c  arc - ok
16:58:11.0560 0x0e0c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
16:58:11.0569 0x0e0c  arcsas - ok
16:58:12.0162 0x0e0c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:58:12.0170 0x0e0c  aspnet_state - ok
16:58:12.0238 0x0e0c  [ 340B0467E98A8C92697D73034DB4BCB7, 342572B566747A05DA5391CFC027A6703AECCE29C3D288428884D8641A35D0F5 ] aswHwid         C:\windows\system32\drivers\aswHwid.sys
16:58:12.0248 0x0e0c  aswHwid - ok
16:58:12.0299 0x0e0c  [ ED5B09937D559FFA53FC988D20031E98, EC9E50C9BC2184AE93944EA3115A25BADF5FFB91D11776498EBC9A0D60029A84 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
16:58:12.0305 0x0e0c  aswMonFlt - ok
16:58:12.0341 0x0e0c  [ 33C77DCB0AEC76E26BD6352A1A5281BB, CEA7BB3407C1F900DE5CB09F42AF7734811F86B7DE0085FADC7AAE8178D59665 ] aswRdr          C:\windows\system32\drivers\aswRdr2.sys
16:58:12.0349 0x0e0c  aswRdr - ok
16:58:12.0392 0x0e0c  [ BF5B9E9E97CED45208E498D9FA73688F, BCB2CC516EAD040573D80599C2306ECB26FCCB16A97B940327CD3A3CE9077877 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
16:58:12.0399 0x0e0c  aswRvrt - ok
16:58:12.0447 0x0e0c  [ F88CE00A7736C349ED1414D7ECDC9BED, 8C0783CE32968874065C2F46088B34F9C872F26C98AB8E8BA895D84CCB25E534 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
16:58:12.0468 0x0e0c  aswSnx - ok
16:58:12.0547 0x0e0c  [ 3AE912B08E2A1ABB2B63F3C56BED95C2, BE99BA3A74427444FEE5D47D70BDBA631DBBF50D80B0483C0675F87119926765 ] aswSP           C:\windows\system32\drivers\aswSP.sys
16:58:12.0558 0x0e0c  aswSP - ok
16:58:12.0627 0x0e0c  [ A7115ED31675BB823CFA9FE571C25676, DEEBB3920934DCDDD488DCFCB1E6F4C7EFDD3C79F31E41D59E292C3CF9400E95 ] aswStm          C:\windows\system32\drivers\aswStm.sys
16:58:12.0634 0x0e0c  aswStm - ok
16:58:12.0662 0x0e0c  [ 47CBD3F64E412FFAFD93404580A3C7B9, F9B02E232416BAFC21BCBCDC0A3D9E5E855BFAF11F29ED2C4C469692E6688278 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
16:58:12.0671 0x0e0c  aswVmm - ok
16:58:12.0714 0x0e0c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:58:12.0747 0x0e0c  AsyncMac - ok
16:58:12.0771 0x0e0c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
16:58:12.0778 0x0e0c  atapi - ok
16:58:12.0905 0x0e0c  [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
16:58:13.0053 0x0e0c  atikmdag - ok
16:58:13.0102 0x0e0c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:58:13.0132 0x0e0c  AudioEndpointBuilder - ok
16:58:13.0171 0x0e0c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:58:13.0202 0x0e0c  AudioSrv - ok
16:58:13.0452 0x0e0c  [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:58:13.0459 0x0e0c  avast! Antivirus - ok
16:58:13.0494 0x0e0c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:58:13.0527 0x0e0c  AxInstSV - ok
16:58:13.0574 0x0e0c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
16:58:13.0603 0x0e0c  b06bdrv - ok
16:58:13.0633 0x0e0c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:58:13.0655 0x0e0c  b57nd60a - ok
16:58:13.0682 0x0e0c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
16:58:13.0693 0x0e0c  BDESVC - ok
16:58:13.0738 0x0e0c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
16:58:13.0774 0x0e0c  Beep - ok
16:58:13.0823 0x0e0c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
16:58:13.0858 0x0e0c  BFE - ok
16:58:14.0039 0x0e0c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
16:58:14.0105 0x0e0c  BITS - ok
16:58:14.0139 0x0e0c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
16:58:14.0150 0x0e0c  blbdrive - ok
16:58:14.0183 0x0e0c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:58:14.0195 0x0e0c  Bonjour Service - ok
16:58:14.0240 0x0e0c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:58:14.0272 0x0e0c  bowser - ok
16:58:14.0301 0x0e0c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
16:58:14.0321 0x0e0c  BrFiltLo - ok
16:58:14.0343 0x0e0c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
16:58:14.0368 0x0e0c  BrFiltUp - ok
16:58:14.0388 0x0e0c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
16:58:14.0410 0x0e0c  BridgeMP - ok
16:58:14.0443 0x0e0c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
16:58:14.0458 0x0e0c  Browser - ok
16:58:14.0497 0x0e0c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:58:14.0510 0x0e0c  Brserid - ok
16:58:14.0532 0x0e0c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:58:14.0544 0x0e0c  BrSerWdm - ok
16:58:14.0565 0x0e0c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:58:14.0575 0x0e0c  BrUsbMdm - ok
16:58:14.0593 0x0e0c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:58:14.0604 0x0e0c  BrUsbSer - ok
16:58:14.0639 0x0e0c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
16:58:14.0662 0x0e0c  BTHMODEM - ok
16:58:14.0696 0x0e0c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
16:58:14.0730 0x0e0c  bthserv - ok
16:58:14.0770 0x0e0c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:58:14.0794 0x0e0c  cdfs - ok
16:58:14.0826 0x0e0c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:58:14.0836 0x0e0c  cdrom - ok
16:58:14.0853 0x0e0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
16:58:14.0886 0x0e0c  CertPropSvc - ok
16:58:14.0912 0x0e0c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
16:58:14.0923 0x0e0c  circlass - ok
16:58:14.0966 0x0e0c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
16:58:14.0977 0x0e0c  CLFS - ok
16:58:15.0175 0x0e0c  [ 524DC3807CB1746225F9D26ADD19C319, DC23392E8C542B02860BA1F57F03AD08A58B256D155CC6B81A48691A79D3A3F6 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
16:58:15.0183 0x0e0c  CLKMSVC10_38F51D56 - ok
16:58:15.0374 0x0e0c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:58:15.0383 0x0e0c  clr_optimization_v2.0.50727_32 - ok
16:58:15.0515 0x0e0c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:58:15.0522 0x0e0c  clr_optimization_v2.0.50727_64 - ok
16:58:15.0571 0x0e0c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:58:15.0580 0x0e0c  clr_optimization_v4.0.30319_32 - ok
16:58:15.0607 0x0e0c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:58:15.0615 0x0e0c  clr_optimization_v4.0.30319_64 - ok
16:58:15.0632 0x0e0c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
16:58:15.0655 0x0e0c  CmBatt - ok
16:58:15.0669 0x0e0c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:58:15.0677 0x0e0c  cmdide - ok
16:58:15.0727 0x0e0c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
16:58:15.0754 0x0e0c  CNG - ok
16:58:15.0766 0x0e0c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
16:58:15.0774 0x0e0c  Compbatt - ok
16:58:15.0808 0x0e0c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:58:15.0819 0x0e0c  CompositeBus - ok
16:58:15.0821 0x0e0c  COMSysApp - ok
16:58:17.0140 0x0e0c  [ 78AF1C499BF02F9814DF959A04A4F9C9, 9D569A57551C7ACE032C3ECC7BEB8C7606D6BAF58AC1660B4E9FBE907F47E274 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
16:58:17.0150 0x0e0c  cphs - ok
16:58:17.0159 0x0e0c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
16:58:17.0166 0x0e0c  crcdisk - ok
16:58:17.0243 0x0e0c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:58:17.0270 0x0e0c  CryptSvc - ok
16:58:17.0304 0x0e0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:58:17.0342 0x0e0c  DcomLaunch - ok
16:58:17.0399 0x0e0c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
16:58:17.0440 0x0e0c  defragsvc - ok
16:58:17.0466 0x0e0c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:58:17.0499 0x0e0c  DfsC - ok
16:58:17.0525 0x0e0c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:58:17.0549 0x0e0c  Dhcp - ok
16:58:17.0574 0x0e0c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
16:58:17.0605 0x0e0c  discache - ok
16:58:17.0622 0x0e0c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
16:58:17.0630 0x0e0c  Disk - ok
16:58:17.0657 0x0e0c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:58:17.0668 0x0e0c  Dnscache - ok
16:58:17.0685 0x0e0c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
16:58:17.0711 0x0e0c  dot3svc - ok
16:58:17.0748 0x0e0c  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
16:58:17.0774 0x0e0c  Dot4 - ok
16:58:17.0817 0x0e0c  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
16:58:17.0829 0x0e0c  Dot4Print - ok
16:58:17.0840 0x0e0c  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
16:58:17.0851 0x0e0c  dot4usb - ok
16:58:17.0879 0x0e0c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
16:58:17.0915 0x0e0c  DPS - ok
16:58:17.0932 0x0e0c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:58:17.0954 0x0e0c  drmkaud - ok
16:58:18.0025 0x0e0c  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:58:18.0044 0x0e0c  DXGKrnl - ok
16:58:18.0063 0x0e0c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
16:58:18.0085 0x0e0c  EapHost - ok
16:58:18.0159 0x0e0c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
16:58:18.0244 0x0e0c  ebdrv - ok
16:58:18.0265 0x0e0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
16:58:18.0274 0x0e0c  EFS - ok
16:58:18.0366 0x0e0c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:58:18.0388 0x0e0c  ehRecvr - ok
16:58:18.0402 0x0e0c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
16:58:18.0413 0x0e0c  ehSched - ok
16:58:18.0442 0x0e0c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
16:58:18.0456 0x0e0c  elxstor - ok
16:58:18.0471 0x0e0c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:58:18.0494 0x0e0c  ErrDev - ok
16:58:18.0610 0x0e0c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
16:58:18.0637 0x0e0c  EventSystem - ok
16:58:18.0660 0x0e0c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
16:58:18.0683 0x0e0c  exfat - ok
16:58:18.0718 0x0e0c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:58:18.0753 0x0e0c  fastfat - ok
16:58:18.0788 0x0e0c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
16:58:18.0809 0x0e0c  Fax - ok
16:58:18.0830 0x0e0c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
16:58:18.0850 0x0e0c  fdc - ok
16:58:18.0873 0x0e0c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
16:58:18.0894 0x0e0c  fdPHost - ok
16:58:18.0904 0x0e0c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
16:58:18.0925 0x0e0c  FDResPub - ok
16:58:18.0963 0x0e0c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:58:18.0971 0x0e0c  FileInfo - ok
16:58:18.0977 0x0e0c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:58:19.0014 0x0e0c  Filetrace - ok
16:58:19.0043 0x0e0c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
16:58:19.0053 0x0e0c  flpydisk - ok
16:58:19.0098 0x0e0c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:58:19.0110 0x0e0c  FltMgr - ok
16:58:19.0140 0x0e0c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
16:58:19.0167 0x0e0c  FontCache - ok
16:58:19.0214 0x0e0c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:58:19.0222 0x0e0c  FontCache3.0.0.0 - ok
16:58:19.0244 0x0e0c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:58:19.0253 0x0e0c  FsDepends - ok
16:58:19.0272 0x0e0c  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC, 7022722FA38E81F6F4D0EF9F0FBEDD27C09A238B5246A3C36AEAAC11FF76FE07 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
16:58:19.0279 0x0e0c  fssfltr - ok
16:58:19.0366 0x0e0c  [ 40CDFAD174B3D5E80F95DDA003C0B97F, 2DA149CE42B87681ECDCC8905D0957443F430A9C7002FF78F22A95F9112A7C4C ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:58:19.0393 0x0e0c  fsssvc - ok
16:58:19.0426 0x0e0c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:58:19.0432 0x0e0c  Fs_Rec - ok
16:58:19.0454 0x0e0c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:58:19.0466 0x0e0c  fvevol - ok
16:58:19.0489 0x0e0c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
16:58:19.0511 0x0e0c  gagp30kx - ok
16:58:19.0581 0x0e0c  [ ADBE0A582D839FBAF416F1F07FA53AD7, 559D95D3BCF71DDB50CC10A4EB9941B2CB95091C6E317B740E9DB3367A260573 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
16:58:19.0590 0x0e0c  Garmin Core Update Service - ok
16:58:19.0614 0x0e0c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:58:19.0620 0x0e0c  GEARAspiWDM - ok
16:58:19.0651 0x0e0c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
16:58:19.0685 0x0e0c  gpsvc - ok
16:58:19.0723 0x0e0c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:58:19.0731 0x0e0c  gupdate - ok
16:58:19.0734 0x0e0c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:58:19.0741 0x0e0c  gupdatem - ok
16:58:19.0752 0x0e0c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:58:19.0770 0x0e0c  hcw85cir - ok
16:58:19.0809 0x0e0c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:58:19.0841 0x0e0c  HdAudAddService - ok
16:58:19.0900 0x0e0c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:58:19.0925 0x0e0c  HDAudBus - ok
16:58:19.0949 0x0e0c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
16:58:19.0959 0x0e0c  HidBatt - ok
16:58:19.0985 0x0e0c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
16:58:20.0013 0x0e0c  HidBth - ok
16:58:20.0042 0x0e0c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
16:58:20.0053 0x0e0c  HidIr - ok
16:58:20.0067 0x0e0c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
16:58:20.0089 0x0e0c  hidserv - ok
16:58:20.0104 0x0e0c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
16:58:20.0114 0x0e0c  HidUsb - ok
16:58:20.0174 0x0e0c  [ CD3FE805E00666E4CDF6C92BD6F290ED, AC50896043396334413A0C08A10D08C7FCD09F1D573B50EF189BE0036E560089 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
16:58:20.0182 0x0e0c  HitmanProScheduler - ok
16:58:20.0205 0x0e0c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:58:20.0228 0x0e0c  hkmsvc - ok
16:58:20.0245 0x0e0c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:58:20.0259 0x0e0c  HomeGroupListener - ok
16:58:20.0285 0x0e0c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:58:20.0297 0x0e0c  HomeGroupProvider - ok
16:58:20.0347 0x0e0c  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:58:20.0356 0x0e0c  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
16:58:23.0339 0x0e0c  Detect skipped due to KSN trusted
16:58:23.0340 0x0e0c  hpqcxs08 - ok
16:58:23.0362 0x0e0c  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:58:23.0379 0x0e0c  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
16:58:26.0324 0x0e0c  Detect skipped due to KSN trusted
16:58:26.0324 0x0e0c  hpqddsvc - ok
16:58:26.0344 0x0e0c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:58:26.0353 0x0e0c  HpSAMD - ok
16:58:26.0414 0x0e0c  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:58:26.0446 0x0e0c  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
16:58:29.0185 0x0e0c  Detect skipped due to KSN trusted
16:58:29.0186 0x0e0c  HPSLPSVC - ok
16:58:29.0234 0x0e0c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:58:29.0398 0x0e0c  HTTP - ok
16:58:29.0433 0x0e0c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:58:29.0441 0x0e0c  hwpolicy - ok
16:58:29.0473 0x0e0c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
16:58:29.0489 0x0e0c  i8042prt - ok
16:58:29.0555 0x0e0c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:58:29.0687 0x0e0c  iaStorV - ok
16:58:29.0838 0x0e0c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:58:29.0876 0x0e0c  idsvc - ok
16:58:29.0898 0x0e0c  IEEtwCollectorService - ok
16:58:30.0107 0x0e0c  [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
16:58:30.0259 0x0e0c  igfx - ok
16:58:30.0298 0x0e0c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
16:58:30.0336 0x0e0c  iirsp - ok
16:58:30.0489 0x0e0c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
16:58:30.0523 0x0e0c  IKEEXT - ok
16:58:30.0613 0x0e0c  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
16:58:30.0745 0x0e0c  IntcDAud - ok
16:58:30.0841 0x0e0c  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:58:30.0855 0x0e0c  Intel® Capability Licensing Service Interface - ok
16:58:30.0912 0x0e0c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
16:58:30.0923 0x0e0c  intelide - ok
16:58:30.0960 0x0e0c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys
16:58:30.0985 0x0e0c  intelppm - ok
16:58:31.0075 0x0e0c  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:58:31.0081 0x0e0c  IntuitUpdateServiceV4 - ok
16:58:31.0102 0x0e0c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:58:31.0141 0x0e0c  IPBusEnum - ok
16:58:31.0162 0x0e0c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:58:31.0184 0x0e0c  IpFilterDriver - ok
16:58:31.0219 0x0e0c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:58:31.0238 0x0e0c  iphlpsvc - ok
16:58:31.0263 0x0e0c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:58:31.0288 0x0e0c  IPMIDRV - ok
16:58:31.0310 0x0e0c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:58:31.0341 0x0e0c  IPNAT - ok
16:58:31.0381 0x0e0c  [ 78486992AC657AE5065C4A2135838570, E958E2977843A15A73F06A2D2F24130C7F62305A9AA0488F419E2D729BA6939A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:58:31.0395 0x0e0c  iPod Service - ok
16:58:31.0401 0x0e0c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:58:31.0412 0x0e0c  IRENUM - ok
16:58:31.0428 0x0e0c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:58:31.0435 0x0e0c  isapnp - ok
16:58:31.0458 0x0e0c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:58:31.0467 0x0e0c  iScsiPrt - ok
16:58:31.0504 0x0e0c  [ 8E4577C6E0D3114170509159DE658907, 2FC7F96766537716503AB1BAD7EBDB2F16F3CE1584AF4261D57C6A4E00E1A417 ] iusb3hcs        C:\windows\system32\drivers\iusb3hcs.sys
16:58:31.0510 0x0e0c  iusb3hcs - ok
16:58:31.0545 0x0e0c  [ FE76346E9B57DA575BD1B3BD0CCAD7FF, 8961A08326F66E9FDF63912797C605FEEC23F9B0453D132AB6897DA98BC9AEAB ] iusb3hub        C:\windows\system32\drivers\iusb3hub.sys
16:58:31.0555 0x0e0c  iusb3hub - ok
16:58:31.0586 0x0e0c  [ 1008CD90DA2198FFD250298DEB9DF160, 2CBA5FF2369861E8F8A55799AFFFC8E5B331A8BD17B559641E87A4C6C0D70206 ] iusb3xhc        C:\windows\system32\drivers\iusb3xhc.sys
16:58:31.0603 0x0e0c  iusb3xhc - ok
16:58:31.0677 0x0e0c  [ 468F7516B4030603BA9D1427CCEACDF9, 939A0DF80F5E1B63A5B4703971F22E6FC079CC2135BA229DB88CB0425A2903BB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
16:58:31.0685 0x0e0c  jhi_service - ok
16:58:31.0701 0x0e0c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:58:31.0709 0x0e0c  kbdclass - ok
16:58:31.0720 0x0e0c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:58:31.0731 0x0e0c  kbdhid - ok
16:58:31.0739 0x0e0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
16:58:31.0748 0x0e0c  KeyIso - ok
16:58:31.0768 0x0e0c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:58:31.0776 0x0e0c  KSecDD - ok
16:58:31.0795 0x0e0c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:58:31.0803 0x0e0c  KSecPkg - ok
16:58:31.0829 0x0e0c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:58:31.0866 0x0e0c  ksthunk - ok
16:58:31.0901 0x0e0c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
16:58:31.0929 0x0e0c  KtmRm - ok
16:58:31.0967 0x0e0c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
16:58:32.0009 0x0e0c  LanmanServer - ok
16:58:32.0038 0x0e0c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:58:32.0062 0x0e0c  LanmanWorkstation - ok
16:58:32.0081 0x0e0c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:58:32.0123 0x0e0c  lltdio - ok
16:58:32.0148 0x0e0c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:58:32.0192 0x0e0c  lltdsvc - ok
16:58:32.0207 0x0e0c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:58:32.0229 0x0e0c  lmhosts - ok
16:58:32.0301 0x0e0c  [ B114B200CCDEBC7EBD8EF5D783819386, BB717C97EB058D01F34A08AE64265FBF13580404184624EA2249ACBCFC163F76 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:58:32.0310 0x0e0c  LMS - ok
16:58:32.0327 0x0e0c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
16:58:32.0360 0x0e0c  LSI_FC - ok
16:58:32.0384 0x0e0c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
16:58:32.0393 0x0e0c  LSI_SAS - ok
16:58:32.0409 0x0e0c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
16:58:32.0417 0x0e0c  LSI_SAS2 - ok
16:58:32.0426 0x0e0c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
16:58:32.0434 0x0e0c  LSI_SCSI - ok
16:58:32.0452 0x0e0c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
16:58:32.0475 0x0e0c  luafv - ok
16:58:32.0496 0x0e0c  [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2M64        C:\windows\system32\DRIVERS\LVPr2M64.sys
16:58:32.0502 0x0e0c  LVPr2M64 - ok
16:58:32.0508 0x0e0c  [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2Mon        C:\windows\system32\DRIVERS\LVPr2M64.sys
16:58:32.0515 0x0e0c  LVPr2Mon - ok
16:58:32.0565 0x0e0c  [ A35679E56E78091E1042A2D7ADBF2958, F2282B697DCDD5767F65D99FEA374D3757C6133D42BD5A9C582C217619213290 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
16:58:32.0573 0x0e0c  LVPrcS64 - ok
16:58:32.0597 0x0e0c  [ 986C1CB787A007BAA5F74E7D316D7246, 8846D5FF09A669816F57C98507FBCBE60F770B22BC784269765E46B36EE38D9D ] LVRS64          C:\windows\system32\DRIVERS\lvrs64.sys
16:58:32.0608 0x0e0c  LVRS64 - ok
16:58:32.0740 0x0e0c  [ 5747BC465ABEA2858C5D037252AED84E, 1D62E05ED1D3265FEFDD02C8653B2901B05994091F1D417632E2FBF053C5D451 ] LVUVC64         C:\windows\system32\DRIVERS\lvuvc64.sys
16:58:32.0832 0x0e0c  LVUVC64 - ok
16:58:32.0847 0x0e0c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:58:32.0859 0x0e0c  Mcx2Svc - ok
16:58:32.0877 0x0e0c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
16:58:32.0885 0x0e0c  megasas - ok
16:58:32.0912 0x0e0c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
16:58:32.0924 0x0e0c  MegaSR - ok
16:58:32.0940 0x0e0c  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
16:58:32.0946 0x0e0c  MEIx64 - ok
16:58:33.0134 0x0e0c  Microsoft SharePoint Workspace Audit Service - ok
16:58:33.0157 0x0e0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
16:58:33.0195 0x0e0c  MMCSS - ok
16:58:33.0215 0x0e0c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
16:58:33.0237 0x0e0c  Modem - ok
16:58:33.0258 0x0e0c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:58:33.0285 0x0e0c  monitor - ok
16:58:33.0308 0x0e0c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:58:33.0315 0x0e0c  mouclass - ok
16:58:33.0327 0x0e0c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:58:33.0336 0x0e0c  mouhid - ok
16:58:33.0357 0x0e0c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:58:33.0365 0x0e0c  mountmgr - ok
16:58:33.0403 0x0e0c  [ 33CF4041B134F37961241EEEF89217A6, 76857173FBD3E301CFD550868BDF8BC241EF8874C6F113A53945CC2A32561CE0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:58:33.0411 0x0e0c  MozillaMaintenance - ok
16:58:33.0432 0x0e0c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
16:58:33.0441 0x0e0c  mpio - ok
16:58:33.0463 0x0e0c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:58:33.0485 0x0e0c  mpsdrv - ok
16:58:33.0526 0x0e0c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:58:33.0561 0x0e0c  MpsSvc - ok
16:58:33.0582 0x0e0c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:58:33.0594 0x0e0c  MRxDAV - ok
16:58:33.0627 0x0e0c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:58:33.0640 0x0e0c  mrxsmb - ok
16:58:33.0663 0x0e0c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:58:33.0675 0x0e0c  mrxsmb10 - ok
16:58:33.0698 0x0e0c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:58:33.0709 0x0e0c  mrxsmb20 - ok
16:58:33.0726 0x0e0c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
16:58:33.0733 0x0e0c  msahci - ok
16:58:33.0745 0x0e0c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:58:33.0754 0x0e0c  msdsm - ok
16:58:33.0778 0x0e0c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
16:58:33.0805 0x0e0c  MSDTC - ok
16:58:33.0837 0x0e0c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:58:33.0859 0x0e0c  Msfs - ok
16:58:33.0881 0x0e0c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:58:33.0902 0x0e0c  mshidkmdf - ok
16:58:33.0920 0x0e0c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:58:33.0927 0x0e0c  msisadrv - ok
16:58:33.0951 0x0e0c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:58:33.0992 0x0e0c  MSiSCSI - ok
16:58:33.0994 0x0e0c  msiserver - ok
16:58:34.0043 0x0e0c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:58:34.0064 0x0e0c  MSKSSRV - ok
16:58:34.0075 0x0e0c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:58:34.0096 0x0e0c  MSPCLOCK - ok
16:58:34.0105 0x0e0c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:58:34.0127 0x0e0c  MSPQM - ok
16:58:34.0155 0x0e0c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:58:34.0167 0x0e0c  MsRPC - ok
16:58:34.0186 0x0e0c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:58:34.0193 0x0e0c  mssmbios - ok
16:58:34.0220 0x0e0c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:58:34.0241 0x0e0c  MSTEE - ok
16:58:34.0250 0x0e0c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
16:58:34.0260 0x0e0c  MTConfig - ok
16:58:34.0272 0x0e0c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
16:58:34.0280 0x0e0c  Mup - ok
16:58:34.0307 0x0e0c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
16:58:34.0366 0x0e0c  napagent - ok
16:58:34.0410 0x0e0c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:58:34.0428 0x0e0c  NativeWifiP - ok
16:58:34.0492 0x0e0c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
16:58:34.0581 0x0e0c  NDIS - ok
16:58:34.0644 0x0e0c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:58:34.0722 0x0e0c  NdisCap - ok
16:58:34.0745 0x0e0c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:58:34.0787 0x0e0c  NdisTapi - ok
16:58:34.0848 0x0e0c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:58:34.0872 0x0e0c  Ndisuio - ok
16:58:34.0886 0x0e0c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:58:34.0922 0x0e0c  NdisWan - ok
16:58:34.0954 0x0e0c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:58:34.0975 0x0e0c  NDProxy - ok
16:58:34.0991 0x0e0c  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:58:34.0996 0x0e0c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:58:37.0992 0x0e0c  Detect skipped due to KSN trusted
16:58:37.0993 0x0e0c  Net Driver HPZ12 - ok
16:58:38.0007 0x0e0c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:58:38.0041 0x0e0c  NetBIOS - ok
16:58:38.0071 0x0e0c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:58:38.0096 0x0e0c  NetBT - ok
16:58:38.0102 0x0e0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
16:58:38.0111 0x0e0c  Netlogon - ok
16:58:38.0132 0x0e0c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
16:58:38.0159 0x0e0c  Netman - ok
16:58:38.0665 0x0e0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:58:38.0674 0x0e0c  NetMsmqActivator - ok
16:58:38.0678 0x0e0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:58:38.0687 0x0e0c  NetPipeActivator - ok
16:58:38.0726 0x0e0c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
16:58:38.0764 0x0e0c  netprofm - ok
16:58:38.0769 0x0e0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:58:38.0778 0x0e0c  NetTcpActivator - ok
16:58:38.0801 0x0e0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:58:38.0810 0x0e0c  NetTcpPortSharing - ok
16:58:38.0836 0x0e0c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
16:58:38.0844 0x0e0c  nfrd960 - ok
16:58:38.0859 0x0e0c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:58:38.0883 0x0e0c  NlaSvc - ok
16:58:38.0925 0x0e0c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:58:38.0947 0x0e0c  Npfs - ok
16:58:38.0965 0x0e0c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
16:58:38.0986 0x0e0c  nsi - ok
16:58:39.0018 0x0e0c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:58:39.0187 0x0e0c  nsiproxy - ok
16:58:39.0263 0x0e0c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:58:39.0580 0x0e0c  Ntfs - ok
16:58:39.0716 0x0e0c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
16:58:39.0740 0x0e0c  Null - ok
16:58:39.0821 0x0e0c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:58:39.0851 0x0e0c  nvraid - ok
16:58:39.0878 0x0e0c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:58:39.0904 0x0e0c  nvstor - ok
16:58:39.0970 0x0e0c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:58:39.0982 0x0e0c  nv_agp - ok
16:58:39.0992 0x0e0c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:58:40.0010 0x0e0c  ohci1394 - ok
16:58:40.0054 0x0e0c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:58:40.0061 0x0e0c  ose - ok
16:58:40.0235 0x0e0c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:58:40.0366 0x0e0c  osppsvc - ok
16:58:40.0401 0x0e0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:58:40.0426 0x0e0c  p2pimsvc - ok
16:58:40.0461 0x0e0c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
16:58:40.0478 0x0e0c  p2psvc - ok
16:58:40.0507 0x0e0c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
16:58:40.0518 0x0e0c  Parport - ok
16:58:40.0542 0x0e0c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:58:40.0550 0x0e0c  partmgr - ok
16:58:40.0579 0x0e0c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
16:58:40.0610 0x0e0c  PcaSvc - ok
16:58:40.0636 0x0e0c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
16:58:40.0645 0x0e0c  pci - ok
16:58:40.0668 0x0e0c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
16:58:40.0675 0x0e0c  pciide - ok
16:58:40.0702 0x0e0c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
16:58:40.0713 0x0e0c  pcmcia - ok
16:58:40.0737 0x0e0c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
16:58:40.0745 0x0e0c  pcw - ok
16:58:40.0776 0x0e0c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:58:40.0808 0x0e0c  PEAUTH - ok
16:58:42.0037 0x0e0c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:58:42.0065 0x0e0c  PerfHost - ok
16:58:42.0147 0x0e0c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
16:58:42.0197 0x0e0c  pla - ok
16:58:42.0221 0x0e0c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:58:42.0236 0x0e0c  PlugPlay - ok
16:58:42.0264 0x0e0c  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:58:42.0269 0x0e0c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:58:45.0002 0x0e0c  Detect skipped due to KSN trusted
16:58:45.0002 0x0e0c  Pml Driver HPZ12 - ok
16:58:45.0035 0x0e0c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:58:45.0062 0x0e0c  PNRPAutoReg - ok
16:58:45.0087 0x0e0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:58:45.0101 0x0e0c  PNRPsvc - ok
16:58:45.0126 0x0e0c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:58:45.0167 0x0e0c  PolicyAgent - ok
16:58:45.0198 0x0e0c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
16:58:45.0222 0x0e0c  Power - ok
16:58:45.0263 0x0e0c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:58:45.0286 0x0e0c  PptpMiniport - ok
16:58:45.0311 0x0e0c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
16:58:45.0321 0x0e0c  Processor - ok
16:58:45.0344 0x0e0c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
16:58:45.0356 0x0e0c  ProfSvc - ok
16:58:45.0373 0x0e0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
16:58:45.0381 0x0e0c  ProtectedStorage - ok
16:58:45.0439 0x0e0c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:58:45.0478 0x0e0c  Psched - ok
16:58:45.0569 0x0e0c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
16:58:45.0641 0x0e0c  ql2300 - ok
16:58:45.0657 0x0e0c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
16:58:45.0666 0x0e0c  ql40xx - ok
16:58:45.0683 0x0e0c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
16:58:45.0699 0x0e0c  QWAVE - ok
16:58:45.0725 0x0e0c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:58:45.0748 0x0e0c  QWAVEdrv - ok
16:58:45.0762 0x0e0c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:58:45.0783 0x0e0c  RasAcd - ok
16:58:45.0792 0x0e0c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:58:45.0814 0x0e0c  RasAgileVpn - ok
16:58:45.0837 0x0e0c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
16:58:45.0881 0x0e0c  RasAuto - ok
16:58:45.0901 0x0e0c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:58:45.0941 0x0e0c  Rasl2tp - ok
16:58:45.0972 0x0e0c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
16:58:46.0000 0x0e0c  RasMan - ok
16:58:46.0019 0x0e0c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:58:46.0058 0x0e0c  RasPppoe - ok
16:58:46.0076 0x0e0c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:58:46.0098 0x0e0c  RasSstp - ok
16:58:46.0145 0x0e0c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:58:46.0171 0x0e0c  rdbss - ok
16:58:46.0185 0x0e0c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
16:58:46.0196 0x0e0c  rdpbus - ok
16:58:46.0210 0x0e0c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:58:46.0230 0x0e0c  RDPCDD - ok
16:58:46.0246 0x0e0c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:58:46.0278 0x0e0c  RDPENCDD - ok
16:58:46.0291 0x0e0c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:58:46.0311 0x0e0c  RDPREFMP - ok
16:58:46.0334 0x0e0c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
16:58:46.0343 0x0e0c  RdpVideoMiniport - ok
16:58:46.0363 0x0e0c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:58:46.0375 0x0e0c  RDPWD - ok
16:58:46.0393 0x0e0c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:58:46.0402 0x0e0c  rdyboost - ok
16:58:46.0427 0x0e0c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:58:46.0451 0x0e0c  RemoteAccess - ok
16:58:46.0475 0x0e0c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:58:46.0499 0x0e0c  RemoteRegistry - ok
16:58:46.0511 0x0e0c  [ 5790BCA445CC40DF8B38C2C48608AAC2, E8CC273ECF44B6638FEC7AF443745C04E03580B5C6ECFE45648F18BA2B9B89E7 ] RimUsb          C:\windows\system32\Drivers\RimUsb_AMD64.sys
16:58:46.0536 0x0e0c  RimUsb - ok
16:58:46.0557 0x0e0c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:58:46.0579 0x0e0c  RpcEptMapper - ok
16:58:46.0596 0x0e0c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
16:58:46.0606 0x0e0c  RpcLocator - ok
16:58:46.0633 0x0e0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
16:58:46.0662 0x0e0c  RpcSs - ok
16:58:46.0700 0x0e0c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:58:46.0723 0x0e0c  rspndr - ok
16:58:46.0764 0x0e0c  [ 6CF9DB101A75360E98659F823852E540, A7D48DF41A831EEF9978B51786EF80DB9CC40602BE66D46CA11BE1548BC2D10C ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
16:58:46.0777 0x0e0c  RTL8167 - ok
16:58:46.0787 0x0e0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
16:58:46.0795 0x0e0c  SamSs - ok
16:58:46.0835 0x0e0c  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:58:46.0841 0x0e0c  SASDIFSV - ok
16:58:46.0872 0x0e0c  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:58:46.0878 0x0e0c  SASKUTIL - ok
16:58:46.0892 0x0e0c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:58:46.0900 0x0e0c  sbp2port - ok
16:58:46.0915 0x0e0c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:58:46.0940 0x0e0c  SCardSvr - ok
16:58:46.0956 0x0e0c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:58:46.0994 0x0e0c  scfilter - ok
16:58:47.0039 0x0e0c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
16:58:47.0097 0x0e0c  Schedule - ok
16:58:47.0122 0x0e0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
16:58:47.0143 0x0e0c  SCPolicySvc - ok
16:58:47.0175 0x0e0c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:58:47.0188 0x0e0c  SDRSVC - ok
16:58:47.0271 0x0e0c  [ 95AA9E165C7DE1B64A11E8B18E91E499, 505BB51F358EAE5835071A89069530DFDA99E9C5220EA6A648842C15E74E4907 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
16:58:47.0303 0x0e0c  SDScannerService - ok
16:58:47.0361 0x0e0c  [ D31398D4BB4907B517B6E784C2100C4A, 36BDB2BFAC2C0ADF8C6DF6D1511ECF43C8F6ED7D4D76244DC5232AD97BA5E9C9 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:58:47.0380 0x0e0c  SDUpdateService - ok
16:58:47.0404 0x0e0c  [ 6AE8E702D1027A9627DDE2B77BB9992B, 5EA68E2A487D252A68DB0861E7FAFA69956D266CBAA5A1D77751F7E6BD4169B7 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:58:47.0412 0x0e0c  SDWSCService - ok
16:58:47.0460 0x0e0c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:58:47.0492 0x0e0c  secdrv - ok
16:58:47.0520 0x0e0c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
16:58:47.0541 0x0e0c  seclogon - ok
16:58:47.0560 0x0e0c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
16:58:47.0592 0x0e0c  SENS - ok
16:58:47.0608 0x0e0c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:58:47.0619 0x0e0c  SensrSvc - ok
16:58:47.0642 0x0e0c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
16:58:47.0651 0x0e0c  Serenum - ok
16:58:47.0669 0x0e0c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
16:58:47.0681 0x0e0c  Serial - ok
16:58:47.0690 0x0e0c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
16:58:47.0713 0x0e0c  sermouse - ok
16:58:47.0756 0x0e0c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
16:58:47.0796 0x0e0c  SessionEnv - ok
16:58:47.0821 0x0e0c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:58:47.0832 0x0e0c  sffdisk - ok
16:58:47.0853 0x0e0c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:58:47.0864 0x0e0c  sffp_mmc - ok
16:58:47.0897 0x0e0c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:58:47.0908 0x0e0c  sffp_sd - ok
16:58:47.0929 0x0e0c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
16:58:47.0956 0x0e0c  sfloppy - ok
16:58:48.0024 0x0e0c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:58:48.0052 0x0e0c  SharedAccess - ok
16:58:48.0112 0x0e0c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:58:48.0139 0x0e0c  ShellHWDetection - ok
16:58:48.0200 0x0e0c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
16:58:48.0208 0x0e0c  SiSRaid2 - ok
16:58:48.0228 0x0e0c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
16:58:48.0236 0x0e0c  SiSRaid4 - ok
16:58:48.0273 0x0e0c  [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:58:48.0281 0x0e0c  SkypeUpdate - ok
16:58:48.0317 0x0e0c  [ E77CB3736A702D46A6FB15FB4A9894E3, A341AD51825D4DB8A68ADDABE0FD17693DE387B0DA11800D427B8EA31577626C ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys
16:58:48.0324 0x0e0c  SmartDefragDriver - ok
16:58:48.0346 0x0e0c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:58:48.0370 0x0e0c  Smb - ok
16:58:48.0391 0x0e0c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:58:48.0402 0x0e0c  SNMPTRAP - ok
16:58:48.0445 0x0e0c  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\windows\syswow64\speedfan.sys
16:58:48.0453 0x0e0c  speedfan - ok
16:58:48.0468 0x0e0c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
16:58:48.0475 0x0e0c  spldr - ok
16:58:48.0505 0x0e0c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
16:58:48.0523 0x0e0c  Spooler - ok
16:58:48.0599 0x0e0c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
16:58:48.0708 0x0e0c  sppsvc - ok
16:58:48.0788 0x0e0c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:58:48.0835 0x0e0c  sppuinotify - ok
16:58:48.0912 0x0e0c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
16:58:48.0928 0x0e0c  srv - ok
16:58:48.0983 0x0e0c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:58:49.0000 0x0e0c  srv2 - ok
16:58:49.0037 0x0e0c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:58:49.0048 0x0e0c  srvnet - ok
16:58:49.0064 0x0e0c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:58:49.0108 0x0e0c  SSDPSRV - ok
16:58:49.0136 0x0e0c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:58:49.0159 0x0e0c  SstpSvc - ok
16:58:49.0175 0x0e0c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
16:58:49.0183 0x0e0c  stexstor - ok
16:58:49.0223 0x0e0c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
16:58:49.0244 0x0e0c  stisvc - ok
16:58:49.0276 0x0e0c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
16:58:49.0282 0x0e0c  swenum - ok
16:58:49.0315 0x0e0c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
16:58:49.0346 0x0e0c  swprv - ok
16:58:49.0388 0x0e0c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
16:58:49.0428 0x0e0c  SysMain - ok
16:58:49.0444 0x0e0c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
16:58:49.0481 0x0e0c  TabletInputService - ok
16:58:49.0494 0x0e0c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
16:58:49.0537 0x0e0c  TapiSrv - ok
16:58:49.0573 0x0e0c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
16:58:49.0596 0x0e0c  TBS - ok
16:58:49.0658 0x0e0c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:58:49.0709 0x0e0c  Tcpip - ok
16:58:49.0779 0x0e0c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:58:49.0810 0x0e0c  TCPIP6 - ok
16:58:49.0830 0x0e0c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:58:49.0850 0x0e0c  tcpipreg - ok
16:58:49.0872 0x0e0c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:58:49.0897 0x0e0c  TDPIPE - ok
16:58:49.0926 0x0e0c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:58:49.0951 0x0e0c  TDTCP - ok
16:58:49.0972 0x0e0c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:58:49.0994 0x0e0c  tdx - ok
16:58:50.0012 0x0e0c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
16:58:50.0019 0x0e0c  TermDD - ok
16:58:50.0050 0x0e0c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
16:58:50.0083 0x0e0c  TermService - ok
16:58:50.0106 0x0e0c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
16:58:50.0118 0x0e0c  Themes - ok
16:58:50.0135 0x0e0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
16:58:50.0156 0x0e0c  THREADORDER - ok
16:58:50.0176 0x0e0c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
16:58:50.0214 0x0e0c  TrkWks - ok
16:58:50.0261 0x0e0c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:58:50.0283 0x0e0c  TrustedInstaller - ok
16:58:50.0308 0x0e0c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:58:50.0336 0x0e0c  tssecsrv - ok
16:58:50.0360 0x0e0c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:58:50.0378 0x0e0c  TsUsbFlt - ok
16:58:50.0401 0x0e0c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
16:58:50.0410 0x0e0c  TsUsbGD - ok
16:58:50.0442 0x0e0c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:58:50.0465 0x0e0c  tunnel - ok
16:58:50.0493 0x0e0c  [ 42350E49DA754D2D77362FDAE3491651, F29E8BA444ECB0484066B02C0A3DCE09B8417159EE37D7A2E05D4C06A98449C4 ] TurboB          C:\windows\system32\DRIVERS\TurboB.sys
16:58:50.0499 0x0e0c  TurboB - ok
16:58:50.0591 0x0e0c  [ 4F4B0AB2FB69C414CCBCEF7CF2E1C8D8, E1F197554369C97DBF61389346B4CB0233F40AAA2575F5D2FEC809AC9123FC69 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:58:50.0598 0x0e0c  TurboBoost - ok
16:58:50.0618 0x0e0c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
16:58:50.0626 0x0e0c  uagp35 - ok
16:58:50.0653 0x0e0c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:58:50.0694 0x0e0c  udfs - ok
16:58:50.0748 0x0e0c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:58:50.0760 0x0e0c  UI0Detect - ok
16:58:50.0784 0x0e0c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:58:50.0792 0x0e0c  uliagpkx - ok
16:58:50.0807 0x0e0c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
16:58:50.0835 0x0e0c  umbus - ok
16:58:50.0854 0x0e0c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
16:58:50.0878 0x0e0c  UmPass - ok
16:58:50.0991 0x0e0c  [ 6617E7CC9DC6729A11BFF54C47CEA7D0, 637DC1E3F18DF40592ED7E16979097E4A4F3E9F735B9CA3E6DB139DED898BB8B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:58:51.0001 0x0e0c  UNS - ok
16:58:51.0030 0x0e0c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
16:58:51.0074 0x0e0c  upnphost - ok
16:58:51.0099 0x0e0c  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
16:58:51.0108 0x0e0c  USBAAPL64 - ok
16:58:51.0130 0x0e0c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
16:58:51.0158 0x0e0c  usbaudio - ok
16:58:51.0199 0x0e0c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:58:51.0209 0x0e0c  usbccgp - ok
16:58:51.0227 0x0e0c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:58:51.0252 0x0e0c  usbcir - ok
16:58:51.0280 0x0e0c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
16:58:51.0289 0x0e0c  usbehci - ok
16:58:51.0314 0x0e0c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:58:51.0328 0x0e0c  usbhub - ok
16:58:51.0345 0x0e0c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:58:51.0353 0x0e0c  usbohci - ok
16:58:51.0373 0x0e0c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:58:51.0396 0x0e0c  usbprint - ok
16:58:51.0418 0x0e0c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
16:58:51.0438 0x0e0c  usbscan - ok
16:58:51.0464 0x0e0c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:58:51.0484 0x0e0c  USBSTOR - ok
16:58:51.0512 0x0e0c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:58:51.0521 0x0e0c  usbuhci - ok
16:58:51.0527 0x0e0c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
16:58:51.0564 0x0e0c  UxSms - ok
16:58:51.0585 0x0e0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
16:58:51.0594 0x0e0c  VaultSvc - ok
16:58:51.0615 0x0e0c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:58:51.0622 0x0e0c  vdrvroot - ok
16:58:51.0651 0x0e0c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
16:58:51.0681 0x0e0c  vds - ok
16:58:51.0710 0x0e0c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:58:51.0722 0x0e0c  vga - ok
16:58:51.0737 0x0e0c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
16:58:51.0768 0x0e0c  VgaSave - ok
16:58:51.0800 0x0e0c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:58:51.0810 0x0e0c  vhdmp - ok
16:58:51.0867 0x0e0c  [ EECF5B7210D773F3501CEDA848D53D31, C98034418DA5351A82B3FFAFBD277BAE4AE8AF25DD491BF628CEA0C708A5A9B2 ] VIAHdAudAddService C:\windows\system32\drivers\viahduaa.sys
16:58:51.0902 0x0e0c  VIAHdAudAddService - ok
16:58:51.0930 0x0e0c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
16:58:51.0937 0x0e0c  viaide - ok
16:58:51.0958 0x0e0c  [ 43412F74D9516EF87988F2397A9B8E78, 82253E49D2762D67D202A8D3A215EF5F937ADFCF711AD238B6FDACAE0CC80A49 ] VIAKaraokeService C:\windows\system32\viakaraokesrv.exe
16:58:51.0965 0x0e0c  VIAKaraokeService - ok
16:58:51.0985 0x0e0c  [ 3F63FA4A5D8A7C1B1A87E342569FBA53, E562BAF184E29A67960523843F4C5D351250951542A68891A996C5848649A4DC ] VNUSB           C:\windows\system32\Drivers\VNUSB.sys
16:58:51.0992 0x0e0c  VNUSB - ok
16:58:52.0027 0x0e0c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:58:52.0035 0x0e0c  volmgr - ok
16:58:52.0051 0x0e0c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:58:52.0063 0x0e0c  volmgrx - ok
16:58:52.0096 0x0e0c  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:58:52.0107 0x0e0c  volsnap - ok
16:58:52.0149 0x0e0c  [ D122E5576F7CA9903F6576C7F09FA62D, 1A706C24BBAD6A322CBECF9F82231234F1D11CA0398C49EB7743B6932A25AB29 ] Vsdatant        C:\windows\system32\DRIVERS\vsdatant.sys
16:58:52.0161 0x0e0c  Vsdatant - ok
16:58:52.0213 0x0e0c  vsmon - ok
16:58:52.0238 0x0e0c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
16:58:52.0247 0x0e0c  vsmraid - ok
16:58:52.0301 0x0e0c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
16:58:52.0345 0x0e0c  VSS - ok
16:58:52.0387 0x0e0c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
16:58:52.0407 0x0e0c  vwifibus - ok
16:58:52.0442 0x0e0c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
16:58:52.0475 0x0e0c  W32Time - ok
16:58:52.0512 0x0e0c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
16:58:52.0537 0x0e0c  WacomPen - ok
16:58:52.0551 0x0e0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:58:52.0591 0x0e0c  WANARP - ok
16:58:52.0595 0x0e0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:58:52.0616 0x0e0c  Wanarpv6 - ok
16:58:52.0699 0x0e0c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:58:52.0727 0x0e0c  WatAdminSvc - ok
16:58:52.0780 0x0e0c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
16:58:52.0835 0x0e0c  wbengine - ok
16:58:52.0863 0x0e0c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:58:52.0879 0x0e0c  WbioSrvc - ok
16:58:52.0902 0x0e0c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:58:52.0933 0x0e0c  wcncsvc - ok
16:58:52.0953 0x0e0c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:58:52.0978 0x0e0c  WcsPlugInService - ok
16:58:53.0009 0x0e0c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
16:58:53.0017 0x0e0c  Wd - ok
16:58:53.0050 0x0e0c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:58:53.0070 0x0e0c  Wdf01000 - ok
16:58:53.0096 0x0e0c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:58:53.0123 0x0e0c  WdiServiceHost - ok
16:58:53.0136 0x0e0c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:58:53.0150 0x0e0c  WdiSystemHost - ok
16:58:53.0182 0x0e0c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
16:58:53.0197 0x0e0c  WebClient - ok
16:58:53.0247 0x0e0c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:58:53.0294 0x0e0c  Wecsvc - ok
16:58:53.0299 0x0e0c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:58:53.0322 0x0e0c  wercplsupport - ok
16:58:53.0360 0x0e0c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
16:58:53.0383 0x0e0c  WerSvc - ok
16:58:53.0398 0x0e0c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:58:53.0420 0x0e0c  WfpLwf - ok
16:58:53.0459 0x0e0c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:58:53.0467 0x0e0c  WIMMount - ok
16:58:53.0502 0x0e0c  WinDefend - ok
16:58:53.0521 0x0e0c  WinHttpAutoProxySvc - ok
16:58:53.0717 0x0e0c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:58:53.0741 0x0e0c  Winmgmt - ok
16:58:54.0049 0x0e0c  WinRing0_1_2_0 - ok
16:58:54.0182 0x0e0c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
16:58:54.0260 0x0e0c  WinRM - ok
16:58:54.0328 0x0e0c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:58:54.0339 0x0e0c  WinUsb - ok
16:58:54.0381 0x0e0c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
16:58:54.0407 0x0e0c  Wlansvc - ok
16:58:54.0466 0x0e0c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:58:54.0472 0x0e0c  wlcrasvc - ok
16:58:54.0550 0x0e0c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:58:54.0585 0x0e0c  wlidsvc - ok
16:58:54.0605 0x0e0c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:58:54.0613 0x0e0c  WmiAcpi - ok
16:58:54.0657 0x0e0c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:58:54.0682 0x0e0c  wmiApSrv - ok
16:58:54.0713 0x0e0c  WMPNetworkSvc - ok
16:58:54.0757 0x0e0c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:58:54.0767 0x0e0c  WPCSvc - ok
16:58:54.0795 0x0e0c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:58:54.0807 0x0e0c  WPDBusEnum - ok
16:58:54.0840 0x0e0c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:58:54.0879 0x0e0c  ws2ifsl - ok
16:58:54.0905 0x0e0c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
16:58:54.0935 0x0e0c  wscsvc - ok
16:58:54.0939 0x0e0c  WSearch - ok
16:58:55.0009 0x0e0c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
16:58:55.0072 0x0e0c  wuauserv - ok
16:58:55.0100 0x0e0c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:58:55.0112 0x0e0c  WudfPf - ok
16:58:55.0148 0x0e0c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:58:55.0172 0x0e0c  WUDFRd - ok
16:58:55.0201 0x0e0c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:58:55.0211 0x0e0c  wudfsvc - ok
16:58:55.0227 0x0e0c  [ CA3B16EA714C1AEA267F828849797C41, B52121991D69F053DD25705C8EF62BA66890787582E48FB37B1C1E0AE66F5000 ] WUSB54GSCv2.NTamd64 C:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys
16:58:55.0236 0x0e0c  WUSB54GSCv2.NTamd64 - ok
16:58:55.0262 0x0e0c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
16:58:55.0285 0x0e0c  WwanSvc - ok
16:58:55.0314 0x0e0c  [ A8A49F0427D783BFF78BC3226B4ABD0D, BE074147C825292C5A4CB859EE0238061511753F24348975BC51B313F370DD2C ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
16:58:55.0320 0x0e0c  ZAPrivacyService - ok
16:58:55.0326 0x0e0c  ================ Scan global ===============================
16:58:55.0418 0x0e0c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
16:58:55.0442 0x0e0c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
16:58:55.0450 0x0e0c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
16:58:55.0466 0x0e0c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
16:58:55.0490 0x0e0c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
16:58:55.0495 0x0e0c  [ Global ] - ok
16:58:55.0495 0x0e0c  ================ Scan MBR ==================================
16:58:55.0505 0x0e0c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:58:56.0020 0x0e0c  \Device\Harddisk0\DR0 - ok
16:58:56.0263 0x0e0c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:58:56.0891 0x0e0c  \Device\Harddisk1\DR1 - ok
16:58:56.0891 0x0e0c  ================ Scan VBR ==================================
16:58:56.0893 0x0e0c  [ 0F968211E44D93B97335F1237E593B3D ] \Device\Harddisk0\DR0\Partition1
16:58:56.0969 0x0e0c  \Device\Harddisk0\DR0\Partition1 - ok
16:58:56.0997 0x0e0c  [ 9DD9F01C5CEC073D2C240954B2EA0B29 ] \Device\Harddisk0\DR0\Partition2
16:58:57.0056 0x0e0c  \Device\Harddisk0\DR0\Partition2 - ok
16:58:57.0057 0x0e0c  [ B474C1729279E80FCBBB67AF88F48445 ] \Device\Harddisk1\DR1\Partition1
16:58:57.0136 0x0e0c  \Device\Harddisk1\DR1\Partition1 - ok
16:58:57.0136 0x0e0c  ================ Scan generic autorun ======================
16:58:57.0157 0x0e0c  [ 899D435E1C190C204E349CE0E483098B, FC6E84D7A382FBCBF3B2DAA4B75BD78F447359F314C1CD4424759E2EC97FD2DE ] C:\windows\system32\igfxpers.exe
16:58:57.0169 0x0e0c  Persistence - ok
16:58:57.0171 0x0e0c  IntelTBRunOnce - ok
16:58:57.0196 0x0e0c  [ BE49AF92F13030E188DBE8E2841D173A, AFC312A888F63D34E4F4E27A3FF50D5569BCAF0DD061671CC661E778FEC02EEB ] C:\windows\system32\igfxtray.exe
16:58:57.0204 0x0e0c  IgfxTray - ok
16:58:57.0227 0x0e0c  [ 664FF61BE83FCACBF67A8D307011ADF5, B5270D13A355002336D25C092C042CA8E36795D23EB81134418BB2A8ABFBDF66 ] C:\windows\system32\hkcmd.exe
16:58:57.0238 0x0e0c  HotKeysCmds - ok
16:58:57.0366 0x0e0c  [ D547C84BEB1FC5707825243F3219561F, C7C6CBF6C7E8398E70AC6D14A63D0301241CE07BA2EFF3CD003609903D6245AC ] C:\Program Files (x86)\Stardock\Fences\Fences.exe
16:58:57.0423 0x0e0c  Fences - ok
16:58:57.0546 0x0e0c  [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] c:\program files (x86)\spybot - search & destroy 2\sdtray.exe
16:58:57.0625 0x0e0c  SDTray - ok
16:58:57.0701 0x0e0c  [ 5F8CBEE9B9D9DAB0A401094695431F8D, 7788D6D5A25C2A3B170F1394B7D1831EBC1F9D0E6C3F1AC3F1CCF40BED197B8B ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
16:58:57.0706 0x0e0c  Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 )
16:59:07.0708 0x0e0c  Classic Start Menu ( UnsignedFile.Multi.Generic ) - warning
16:59:07.0708 0x0e0c  Force sending object to P2P due to detect: C:\Program Files\Classic Shell\ClassicStartMenu.exe
16:59:11.0623 0x0e0c  Object send P2P result: true
16:59:14.0823 0x0e0c  [ 5CA0EB9538C6ACEBDC3593FC53527B9D, 35AC60899254C7414FF42BCDA4165FB58F6369BD5EDCAC24EBB1B5A095664CAC ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:59:14.0881 0x0e0c  AvastUI.exe - ok
16:59:14.0929 0x0e0c  [ 6ACC44D3C8B72617061A6D2B66C7D5A7, 2CCA5D68B8C9640AADAF42E0260CFB94DDF60213D7BB3FFA6DCB673C096DB86C ] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
16:59:14.0936 0x0e0c  ZoneAlarm - ok
16:59:15.0100 0x0e0c  [ 6364FA7D825B600251A4D1DE7D6FF695, 1BEDD2E9DCE4C50FE7FE644D5DDD447DF79975D666CE128F945DD776E46AFC60 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
16:59:15.0109 0x0e0c  USB3MON - ok
16:59:15.0156 0x0e0c  [ CE42DFE915F78246364D464902E47360, A0CE51355A126E10CE54DE9A59DBD36C404340113764B4520606863794031D69 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
16:59:15.0163 0x0e0c  iTunesHelper - ok
16:59:15.0229 0x0e0c  [ D9DF49233588871A407700932812E436, 1A0479CD540250559B2CBF1E76DE454B50BD1D8069C9B077BD0A56782BAEAB2E ] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
16:59:15.0237 0x0e0c  IMSS - ok
16:59:15.0431 0x0e0c  [ 3D6737ADDB9B1DF81605C442ED6D2D90, 5B8D68945E1A97FD1AF40333448FE335743F48F46A70E303ADF406CC0CC253FB ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
16:59:15.0513 0x0e0c  HDAudDeck - detected UnsignedFile.Multi.Generic ( 1 )
16:59:18.0261 0x0e0c  Detect skipped due to KSN trusted
16:59:18.0261 0x0e0c  HDAudDeck - ok
16:59:18.0371 0x0e0c  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
16:59:18.0377 0x0e0c  APSDaemon - ok
16:59:18.0434 0x0e0c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
16:59:18.0465 0x0e0c  Sidebar - ok
16:59:18.0735 0x0e0c  [ 4BC008AE9C231723C6C71CD1BB712753, 7EA70360940811BCC3664759E3AF1CF8B24AFEEFC4B86985E9A9136866F12787 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
16:59:18.0825 0x0e0c  SUPERAntiSpyware - ok
16:59:19.0001 0x0e0c  [ C47545C4941F205DA99ABD4259C63F94, B67E1DCA0E5F489EB78675D52E2400C2EA2B1145E93DCD56BC4B751F693C94CA ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe
16:59:19.0014 0x0e0c  SmartRAM - ok
16:59:19.0035 0x0e0c  [ 521BE0575EE9CBD360ECC57BDE9A0309, 9CAA0C107AD7B8CE0D8C3CC120391905CEC2B799F2AA3DB2071D5CF0BF52D11A ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
16:59:19.0046 0x0e0c  Advanced SystemCare 6 - ok
16:59:19.0047 0x0e0c  Waiting for KSN requests completion. In queue: 10
16:59:20.0047 0x0e0c  Waiting for KSN requests completion. In queue: 10
16:59:21.0047 0x0e0c  Waiting for KSN requests completion. In queue: 10
16:59:22.0078 0x0e0c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2018.391 ), 0x41000 ( enabled : updated )
16:59:22.0092 0x0e0c  FW detected via SS2: ZoneAlarm Free Firewall Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.2.15.0 ), 0x41010 ( enabled )
16:59:24.0856 0x0e0c  ============================================================
16:59:24.0856 0x0e0c  Scan finished
16:59:24.0856 0x0e0c  ============================================================
16:59:24.0860 0x0fc4  Detected object count: 2
16:59:24.0860 0x0fc4  Actual detected object count: 2
17:02:32.0794 0x0fc4  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:32.0794 0x0fc4  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:02:32.0794 0x0fc4  Classic Start Menu ( UnsignedFile.Multi.Generic ) - skipped by user
17:02:32.0794 0x0fc4  Classic Start Menu ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:02:38.0968 0x05b4  Deinitialize success


#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:08 PM

Posted 19 June 2014 - 03:56 PM

Hi WJL2112

Your logs show you have alot of virus/ spyware software which we need to fix.

Click on start...  settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:


Advanced SystemCare 6
ESET Online Scanner v3
Java 7 Update 45 (64-bit)
Sophos Virus Removal Tool
Spybot - Search & Destroy
SUPERAntiSpyware



Step 2

Download RogueKiller and save it to your desktop.

  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

Step 3

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg                                                                                                                                                   
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 19 June 2014 - 05:04 PM

Hello seedy21,

 

Indicated programs have been removed.

 

RogueKiller report is below:

 

RogueKiller V9.0.3.0 [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bill [Admin rights]
Mode : Scan -- Date : 06/19/2014  17:46:32
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] 3156e7c08c02337e356dbb1a33cb34ea
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Seagate Backup+ Desk USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06142014_222237.log - RKreport_DEL_06142014_224648.log - RKreport_DEL_06152014_190643.log - RKreport_SCN_06072014_202553.log
RKreport_SCN_06082014_075257.log - RKreport_SCN_06132014_202306.log - RKreport_SCN_06142014_221856.log - RKreport_SCN_06142014_222653.log
RKreport_SCN_06142014_224627.log - RKreport_SCN_06152014_190450.log
 
 
MBAM log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/19/2014
Scan Time: 5:50:15 PM
Logfile: 
Administrator: No
 
Version: 2.00.2.1012
Malware Database: v2014.06.19.09
Rootkit Database: v2014.06.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bill
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292696
Time Elapsed: 7 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\searchplugins\mixidj-v37-customized-web-search.xml, Quarantined, [352042387ffc55e1de27693c0bf7ec14], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
seedy21,
 
I believe that everything has been added.  I will also mention that ZoneAlarm has been blocked over 1100 access attempts in the past two days.
 
Thank you,
 
Bill


#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:08 PM

Posted 20 June 2014 - 11:22 AM

Hi WJL2112

 

how long it's been since you have been able to get Windows Updates?

 

Have you set a proxyserver on your machine?

 

I need a log from Zone Alarm to see where the alerts are coming from

 

Please post the contents of the ZALog.txt with answers the question's above. You can find this file at:-

 

C:\ProgramData\CheckPoint\ZoneAlarm\Logs\ZALog.txt


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 20 June 2014 - 01:14 PM

seedy21,

 

I am still receiving Windows updates; have quite a few queued up right now that I have not installed though.

 

I have not intentionally set a proxy server.

 

I will post the ZoneAlarm log later today.

 

Thank you!

 

Bill



#9 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 20 June 2014 - 05:06 PM

seedy21,

 

Had a little hiccup.  Upon booting pc, ZoneAlarm was unresponsive.  Rebooted, same thing.  I ended up uninstalling it.  I have since reinstalled.  Log is below.  It of course does not show the full history of the 1200 incoming/outgoing hits that were blocked.  Those may start coming again.

 

ZoneAlarm Logging Client v11.0.768.000
Windows 7 x64-6.1.7601-Service Pack 1-SMP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
 
What's next to try?
 
Thanks,
 
Bill


#10 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 20 June 2014 - 05:10 PM

seedy21,

 

another thing worth mentioning.  With ZoneAlarm removed, pc boots really fast.  With ZoneAlarm firewall installed, pc displays boot screen for about 2 minutes before Win7 screen comes up.  Thinking I should remove ZApermanently, but not sure what is next to use; been reading the Bleeping Computer forum on firewalls and its a mishmash of 'use this' and 'don't use that.'

 

Thanks,

 

Bill



#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:08 PM

Posted 20 June 2014 - 06:34 PM

Hi WJL2112

As you have re-installed ZA the logs have also been cleared.

I am going to have to request that you keep the program for the next couple of day's so I can get the results if your still having problems. Afterwards we can look at a replacement Firewall.

Step 1

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Delete button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Step 2

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Step 3

If you start to get the noticifications from ZA. Please copy the contents of the log file into your next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 20 June 2014 - 06:39 PM

seedy21,

 

Sorry, but only way I could seem to get to the internet was to uninstall ZoneAlarm, which I think is the program infected (vsmon.exe) with the trojan.

 

Anyways, below is the latest ZoneAlarm log, with plenty of activity already:

 

ZoneAlarm Logging Client v11.0.768.000
Windows 7 x64-6.1.7601-Service Pack 1-SMP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
AV/update,2014/06/20,18:04:56 -4:00 GMT,,Update Install Completed,Auto,Version: 0
LOCK,2014/06/20,18:11:02 -4:00 GMT,Google Chrome,,N/A
LOCK,2014/06/20,18:11:12 -4:00 GMT,Google Chrome,127.0.0.1,N/A
LOCK,2014/06/20,18:11:16 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,18:11:16 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,18:11:18 -4:00 GMT,Host Process for Windows Services,255.2.0.0,N/A
LOCK,2014/06/20,18:11:50 -4:00 GMT,Host Process for Windows Services,255.255.255.255,N/A
LOCK,2014/06/20,18:11:58 -4:00 GMT,Host Process for Windows Services,224.0.0.252,N/A
LOCK,2014/06/20,18:12:08 -4:00 GMT,Google Chrome,255.2.0.0,N/A
LOCK,2014/06/20,18:13:48 -4:00 GMT,Firefox,127.0.0.1,N/A
LOCK,2014/06/20,18:16:58 -4:00 GMT,Google Chrome,,N/A
LOCK,2014/06/20,18:16:58 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,18:16:58 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,18:17:22 -4:00 GMT,Host Process for Windows Services,255.2.0.0,N/A
LOCK,2014/06/20,18:18:56 -4:00 GMT,Host Process for Windows Services,255.255.255.255,N/A
LOCK,2014/06/20,18:19:14 -4:00 GMT,Host Process for Windows Services,224.0.0.252,N/A
LOCK,2014/06/20,18:19:32 -4:00 GMT,Google Chrome,127.0.0.1,N/A
LOCK,2014/06/20,18:21:56 -4:00 GMT,Google Chrome,192.168.1.1,N/A
LOCK,2014/06/20,18:22:08 -4:00 GMT,Firefox,127.0.0.1,N/A
LOCK,2014/06/20,18:22:24 -4:00 GMT,Google Chrome,224.0.0.252,N/A
LOCK,2014/06/20,18:27:22 -4:00 GMT,Google Chrome,,N/A
LOCK,2014/06/20,18:27:22 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,18:27:22 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,18:27:52 -4:00 GMT,Google Chrome,127.0.0.1,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.32,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.33,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.35,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.46,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.39,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.37,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.38,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.41,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.36,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.40,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.34,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.32,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.33,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.35,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.46,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.39,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.37,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.38,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.41,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.36,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.40,N/A
LOCK,2014/06/20,18:29:02 -4:00 GMT,Firefox,173.194.121.34,N/A
LOCK,2014/06/20,18:29:04 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,18:29:04 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,18:29:38 -4:00 GMT,Google Chrome,,N/A
LOCK,2014/06/20,18:30:28 -4:00 GMT,Firefox,127.0.0.1,N/A
LOCK,2014/06/20,18:31:36 -4:00 GMT,Host Process for Windows Services,255.2.0.0,N/A
LOCK,2014/06/20,18:36:12 -4:00 GMT,Google Chrome,127.0.0.1,N/A
LOCK,2014/06/20,18:37:48 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,18:38:44 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,18:44:32 -4:00 GMT,Google Chrome,,N/A
LOCK,2014/06/20,18:46:52 -4:00 GMT,Google Chrome,192.168.1.1,N/A
LOCK,2014/06/20,18:46:54 -4:00 GMT,Host Process for Windows Services,255.2.0.0,N/A
LOCK,2014/06/20,18:47:08 -4:00 GMT,Firefox,127.0.0.1,N/A
LOCK,2014/06/20,18:52:52 -4:00 GMT,Google Chrome,127.0.0.1,N/A
LOCK,2014/06/20,18:57:12 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,18:57:12 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,19:00:04 -4:00 GMT,Host Process for Windows Services,255.2.0.0,N/A
LOCK,2014/06/20,19:00:08 -4:00 GMT,Firefox,127.0.0.1,N/A
LOCK,2014/06/20,19:01:12 -4:00 GMT,Google Chrome,,N/A
LOCK,2014/06/20,19:07:30 -4:00 GMT,Google Chrome,127.0.0.1,N/A
LOCK,2014/06/20,19:12:34 -4:00 GMT,Google Chrome,192.168.1.1,N/A
LOCK,2014/06/20,19:13:58 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,19:13:58 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,19:18:06 -4:00 GMT,Firefox,127.0.0.1,N/A
LOCK,2014/06/20,19:18:12 -4:00 GMT,Google Chrome,,N/A
LOCK,2014/06/20,19:18:34 -4:00 GMT,Host Process for Windows Services,255.255.255.255,N/A
LOCK,2014/06/20,19:18:38 -4:00 GMT,Google Chrome,127.0.0.1,N/A
LOCK,2014/06/20,19:18:52 -4:00 GMT,Host Process for Windows Services,255.2.0.0,N/A
LOCK,2014/06/20,19:18:52 -4:00 GMT,Host Process for Windows Services,224.0.0.252,N/A
LOCK,2014/06/20,19:18:54 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,19:18:54 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,19:20:22 -4:00 GMT,Google Chrome,224.0.0.252,N/A
LOCK,2014/06/20,19:21:28 -4:00 GMT,Google Chrome,192.168.1.1,N/A
LOCK,2014/06/20,19:22:04 -4:00 GMT,Google Chrome,255.2.0.0,N/A
LOCK,2014/06/20,19:22:08 -4:00 GMT,Firefox,127.0.0.1,N/A
LOCK,2014/06/20,19:22:24 -4:00 GMT,Google Chrome,,N/A
LOCK,2014/06/20,19:22:54 -4:00 GMT,Host Process for Windows Services,255.255.255.255,N/A
LOCK,2014/06/20,19:23:10 -4:00 GMT,Google Chrome,127.0.0.1,N/A
LOCK,2014/06/20,19:23:12 -4:00 GMT,Host Process for Windows Services,255.2.0.0,N/A
LOCK,2014/06/20,19:23:12 -4:00 GMT,Host Process for Windows Services,224.0.0.252,N/A
LOCK,2014/06/20,19:23:16 -4:00 GMT,Host Process for Windows Services,,N/A
LOCK,2014/06/20,19:23:16 -4:00 GMT,Host Process for Windows Services,192.168.1.1,N/A
LOCK,2014/06/20,19:32:38 -4:00 GMT,Firefox,127.0.0.1,N/A
LOCK,2014/06/20,19:32:38 -4:00 GMT,Google Chrome,,N/A
 
 
I will run Rogue and Farbar now and post those next.
 
Thanks,
 
Bill


#13 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 20 June 2014 - 06:55 PM

Hello again seedy21,

 

Below are the logs for RogueKiller and Farbar.

 

RogueKiller V9.0.3.0 [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bill [Admin rights]
Mode : Scan -- Date : 06/20/2014  19:46:26
 
¤¤¤ Bad processes : 3 ¤¤¤
[Hidden]  -- [x] -> KILLED [TermThr]
[Hidden]  -- [x] -> KILLED [TermThr]
[Hidden]  -- [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 6 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] 3156e7c08c02337e356dbb1a33cb34ea
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Seagate Backup+ Desk USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06142014_222237.log - RKreport_DEL_06142014_224648.log - RKreport_DEL_06152014_190643.log - RKreport_SCN_06072014_202553.log
RKreport_SCN_06082014_075257.log - RKreport_SCN_06132014_202306.log - RKreport_SCN_06142014_221856.log - RKreport_SCN_06142014_222653.log
RKreport_SCN_06142014_224627.log - RKreport_SCN_06152014_190450.log - RKreport_SCN_06192014_174631.log
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014
Ran by Bill (administrator) on BILL-COREI7-PC on 20-06-2014 19:53:05
Running from C:\Users\Bill\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [SDTray] => c:\program files (x86)\spybot - search & destroy 2\sdtray.exe
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [159744 2012-08-19] (IvoSoft)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\S-1-5-21-3286439377-479878827-1266509880-1000\...\Run: [SmartRAM] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" /m
HKU\S-1-5-21-3286439377-479878827-1266509880-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3286439377-479878827-1266509880-1000\...\MountPoints2: I - I:\DTVP_Launcher.exe
HKU\S-1-5-21-3286439377-479878827-1266509880-1000\...\MountPoints2: {7d8d776e-da88-11e1-b3bb-10bf487c61e3} - D:\DTVP_Launcher.exe
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: No Name - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {AE7CD045-E861-484f-8273-0445EE161910} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -  No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {553891B7-A0D5-4526-BE18-D3CE461D6310} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKLM-x32 - No Name - {553891B7-A0D5-4526-BE18-D3CE461D6310} -  No File
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default
FF DefaultSearchEngine: Search By ZoneAlarm
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=83b7065055364ac08a0d160a7b211de5&tu=10G9000EL2B000v&sku=&tstsId=&ver=&
FF Keyword.URL: hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&gu=339803c2dbee4a5a99e5a02f78c28952&tu=10OWz00EX2B0CO0&sku=&tstsId=&ver=&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\user.js
FF SearchPlugin: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\searchplugins\zonealarm.xml
FF Extension: zonealarm.com - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\Extensions\ffxtlbr@zonealarm.com [2014-06-20]
FF Extension: WOT - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Flash and Video Download - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-06-17]
FF Extension: Test Pilot - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-07-27]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-27]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-29]
 
Chrome: 
=======
CHR DefaultSearchKeyword: check point software technologies ltd
CHR DefaultSearchProvider: Search By ZoneAlarm
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (Google Search) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Raindrops(Non-Aero)) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-02-07]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-03-13]
CHR Extension: (avast! Online Security) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
 
==================== Services (Whitelisted) =================
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2012-07-27] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-03] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-04-03] (SurfRight B.V.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-03] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-20] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
S3 VNUSB; C:\Windows\SysWOW64\Drivers\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 WUSB54GSCv2.NTamd64; C:\Windows\System32\DRIVERS\WUSB54GSCV2_AMD64.sys [253944 2008-01-09] ()
U0 iaStor; 
R3 WinRing0_1_2_0; \??\C:\Users\Bill\AppData\Local\Temp\tmpD142.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-20 19:53 - 2014-06-20 19:53 - 00028022 _____ () C:\Users\Bill\Desktop\FRST.txt
2014-06-20 19:50 - 2014-06-20 19:50 - 00000115 _____ () C:\Users\Bill\Desktop\what is KILLED [Term Thr] from RogueKiller - Am I infected- What do I do-.url
2014-06-20 19:47 - 2014-06-20 19:47 - 00003969 _____ () C:\Users\Bill\Desktop\RKreport_SCN_06202014_194626.log
2014-06-20 19:43 - 2014-06-20 19:43 - 02083328 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2014-06-20 19:40 - 2014-06-19 17:42 - 04707328 _____ () C:\Users\Bill\Desktop\RogueKiller.exe
2014-06-20 18:00 - 2014-06-20 18:00 - 00000112 _____ () C:\Users\Bill\Desktop\Firewalls - Firewall Software and Hardware.url
2014-06-20 17:57 - 2014-06-20 17:57 - 00000000 _____ () C:\Users\Bill\Desktop\2014_06_CrystallineBody_360_Day4.mp4
2014-06-20 17:55 - 2014-06-20 17:57 - 00417513 _____ () C:\windows\system32\Drivers\vsconfig.xml
2014-06-20 17:55 - 2014-06-20 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-20 17:55 - 2013-02-21 14:44 - 00613720 _____ (Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2014-06-20 17:55 - 2013-02-21 14:44 - 00089944 _____ (Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2014-06-20 17:55 - 2012-11-15 21:06 - 00458584 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kl1.sys
2014-06-20 17:44 - 2014-06-20 17:55 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-06-20 17:44 - 2014-06-20 17:44 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Check Point Software Technologies LTD
2014-06-20 17:44 - 2014-06-20 17:44 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-06-20 17:41 - 2014-06-20 17:43 - 00000000 ____D () C:\Users\Bill\Downloads\ZoneAlarm
2014-06-20 17:20 - 2014-06-20 17:51 - 00030432 _____ () C:\windows\PFRO.log
2014-06-20 16:43 - 2014-06-20 17:51 - 00000336 _____ () C:\windows\setupact.log
2014-06-20 16:43 - 2014-06-20 16:43 - 00000000 _____ () C:\windows\setuperr.log
2014-06-19 17:37 - 2014-06-19 17:37 - 00000130 _____ () C:\Users\Bill\Desktop\Virus Infection and Resulting MBR Problems - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-06-17 21:46 - 2014-06-03 16:08 - 00000000 ____D () C:\Users\Bill\Desktop\Chameleon
2014-06-17 21:44 - 2014-06-17 21:44 - 04872677 _____ () C:\Users\Bill\Downloads\mbam-chameleon-3.1.4.0.zip
2014-06-17 20:49 - 2014-06-20 17:50 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 20:47 - 2014-06-17 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 20:47 - 2014-06-17 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 20:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-17 19:46 - 2014-06-17 19:47 - 05203235 _____ (Swearware) C:\Users\Bill\Desktop\ComboFix.exe
2014-06-16 19:54 - 2014-06-17 21:44 - 260957149 _____ () C:\Users\Bill\Desktop\2014_06_CrystallineBody_360_Day4.mp4.part
2014-06-14 22:28 - 2014-06-14 22:28 - 00000000 ____D () C:\Users\Bill\Desktop\TMRBLog
2014-06-14 22:15 - 2014-06-14 22:15 - 00000154 _____ () C:\Users\Bill\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-06-14 22:13 - 2014-06-14 22:13 - 00400384 _____ (Farbar) C:\Users\Bill\Desktop\MiniToolBox.exe
2014-06-14 20:36 - 2014-06-14 20:36 - 00000084 _____ () C:\Users\Bill\Desktop\Burning ISO images with ImgBurn.url
2014-06-14 19:52 - 2014-06-17 20:46 - 00000000 ____D () C:\Users\Bill\Downloads\ImgBurn
2014-06-14 19:34 - 2014-06-14 19:49 - 00000000 ____D () C:\Users\Bill\Downloads\MS Windows
2014-06-14 19:30 - 2014-06-14 19:30 - 00000100 _____ () C:\Users\Bill\Desktop\How To Create a Windows 7 System Repair Disc.url
2014-06-14 19:30 - 2014-06-14 19:30 - 00000089 _____ () C:\Users\Bill\Desktop\Where Can I Download Windows 7- (Free & Legally).url
2014-06-14 19:19 - 2014-06-14 19:27 - 00000000 ____D () C:\Users\Bill\Downloads\Belarc
2014-06-14 19:19 - 2014-06-14 19:19 - 00002094 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-06-14 19:19 - 2014-06-14 19:19 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-06-14 18:17 - 2014-06-14 18:17 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-06-14 18:17 - 2014-06-14 18:17 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-06-14 18:17 - 2014-06-14 18:17 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-06-14 18:17 - 2014-06-14 18:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 15:01 - 2014-06-14 15:01 - 00001195 _____ () C:\Users\Bill\Desktop\JRT.txt
2014-06-13 20:38 - 2014-06-13 20:38 - 00000114 _____ () C:\Users\Bill\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.url
2014-06-13 20:17 - 2014-06-13 20:17 - 00000113 _____ () C:\Users\Bill\Desktop\Google Hijacker - MajorGeeks Support Forums.url
2014-06-13 19:42 - 2014-06-19 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-13 19:37 - 2014-06-13 19:37 - 00000079 _____ () C:\Users\Bill\Desktop\Google Hijacker - Page 2 - MajorGeeks Support Forums.url
2014-06-13 19:12 - 2014-06-13 19:12 - 00000110 _____ () C:\Users\Bill\Desktop\Awakening the Crystalline Body - Access All Sessions - Paths 2 Empowerment.url
2014-06-12 22:17 - 2014-06-12 22:17 - 00000125 _____ () C:\Users\Bill\Desktop\Trojan.PWS.Panda.5661 found via Dr. web CURE IT! on RAM - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-06-12 22:11 - 2014-06-19 17:34 - 00000000 ____D () C:\ProgramData\Sophos
2014-06-12 22:09 - 2014-06-12 22:10 - 89257856 _____ (Sophos Limited) C:\Users\Bill\Desktop\Sophos Virus Removal Tool.exe
2014-06-12 21:58 - 2014-06-12 21:58 - 00000184 _____ () C:\Users\Bill\Desktop\How to Re-install windows 7 using the recovery partition from a - Microsoft Community.url
2014-06-12 21:49 - 2014-06-12 21:50 - 08461968 _____ (McAfee, Inc.) C:\Users\Bill\Desktop\SecurityScan_Release.exe
2014-06-12 21:47 - 2014-06-12 21:47 - 00000093 _____ () C:\Users\Bill\Desktop\PWS-Zbot-FAHU!880343AE561C!880343AE561C - Virus Profile & Definition - McAfee Inc..url
2014-06-12 19:38 - 2014-06-17 22:03 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-12 17:24 - 2014-06-12 17:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-12 17:05 - 2014-06-12 17:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-06-08 15:49 - 2014-06-08 15:49 - 00000000 ____D () C:\Users\Bill\Documents\ForceField Shared Files
2014-06-08 11:56 - 2014-06-08 11:56 - 00000087 _____ () C:\Users\Bill\Desktop\The Prostate Gland - The Learning Center.url
2014-06-08 11:17 - 2014-06-08 11:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Rootkit
2014-06-07 20:19 - 2014-06-07 20:19 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-07 16:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-06 15:16 - 2014-06-13 07:02 - 00000000 ____D () C:\Users\Bill\Crystal
2014-05-24 18:15 - 2014-05-24 18:16 - 35292148 _____ () C:\Users\Bill\Desktop\NHRA - Fire Breathing Monsters - YouTube.mp4
2014-05-22 20:44 - 2014-05-22 20:45 - 123527991 _____ () C:\Users\Bill\Desktop\Nitin Garg - projections-selected singles.zip
 
==================== One Month Modified Files and Folders =======
 
2014-06-20 19:53 - 2014-06-20 19:53 - 00028022 _____ () C:\Users\Bill\Desktop\FRST.txt
2014-06-20 19:53 - 2013-11-14 21:51 - 00000000 ____D () C:\FRST
2014-06-20 19:50 - 2014-06-20 19:50 - 00000115 _____ () C:\Users\Bill\Desktop\what is KILLED [Term Thr] from RogueKiller - Am I infected- What do I do-.url
2014-06-20 19:47 - 2014-06-20 19:47 - 00003969 _____ () C:\Users\Bill\Desktop\RKreport_SCN_06202014_194626.log
2014-06-20 19:43 - 2014-06-20 19:43 - 02083328 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2014-06-20 19:30 - 2013-08-29 17:14 - 02016039 _____ () C:\windows\WindowsUpdate.log
2014-06-20 19:24 - 2012-07-27 16:10 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-20 18:54 - 2014-05-18 14:06 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 18:03 - 2014-05-17 11:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 18:00 - 2014-06-20 18:00 - 00000112 _____ () C:\Users\Bill\Desktop\Firewalls - Firewall Software and Hardware.url
2014-06-20 17:59 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 17:59 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 17:57 - 2014-06-20 17:57 - 00000000 _____ () C:\Users\Bill\Desktop\2014_06_CrystallineBody_360_Day4.mp4
2014-06-20 17:57 - 2014-06-20 17:55 - 00417513 _____ () C:\windows\system32\Drivers\vsconfig.xml
2014-06-20 17:55 - 2014-06-20 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-20 17:55 - 2014-06-20 17:44 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-06-20 17:53 - 2013-03-13 19:18 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-20 17:51 - 2014-06-20 17:20 - 00030432 _____ () C:\windows\PFRO.log
2014-06-20 17:51 - 2014-06-20 16:43 - 00000336 _____ () C:\windows\setupact.log
2014-06-20 17:51 - 2012-07-27 16:10 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-20 17:51 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-20 17:50 - 2014-06-17 20:49 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 17:46 - 2013-08-30 17:58 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-20 17:44 - 2014-06-20 17:44 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Check Point Software Technologies LTD
2014-06-20 17:44 - 2014-06-20 17:44 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-06-20 17:43 - 2014-06-20 17:41 - 00000000 ____D () C:\Users\Bill\Downloads\ZoneAlarm
2014-06-20 17:42 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-20 16:43 - 2014-06-20 16:43 - 00000000 _____ () C:\windows\setuperr.log
2014-06-19 17:42 - 2014-06-20 19:40 - 04707328 _____ () C:\Users\Bill\Desktop\RogueKiller.exe
2014-06-19 17:40 - 2013-09-12 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 17:37 - 2014-06-19 17:37 - 00000130 _____ () C:\Users\Bill\Desktop\Virus Infection and Resulting MBR Problems - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-06-19 17:36 - 2014-06-13 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-19 17:36 - 2013-08-29 17:02 - 00003743 _____ () C:\windows\wininit.ini
2014-06-19 17:34 - 2014-06-12 22:11 - 00000000 ____D () C:\ProgramData\Sophos
2014-06-19 14:23 - 2013-02-15 11:37 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora.lnk
2014-06-19 14:23 - 2013-01-12 19:31 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-17 22:03 - 2014-06-12 19:38 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-17 21:44 - 2014-06-17 21:44 - 04872677 _____ () C:\Users\Bill\Downloads\mbam-chameleon-3.1.4.0.zip
2014-06-17 21:44 - 2014-06-16 19:54 - 260957149 _____ () C:\Users\Bill\Desktop\2014_06_CrystallineBody_360_Day4.mp4.part
2014-06-17 20:49 - 2013-09-10 13:57 - 00000000 ___RD () C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Security
2014-06-17 20:47 - 2014-06-17 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 20:47 - 2014-06-17 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 20:47 - 2012-08-18 13:09 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Malwarebytes
2014-06-17 20:47 - 2012-08-18 13:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 20:46 - 2014-06-14 19:52 - 00000000 ____D () C:\Users\Bill\Downloads\ImgBurn
2014-06-17 19:47 - 2014-06-17 19:46 - 05203235 _____ (Swearware) C:\Users\Bill\Desktop\ComboFix.exe
2014-06-16 20:53 - 2013-09-14 14:13 - 00000000 ____D () C:\windows\Minidump
2014-06-16 19:52 - 2013-08-29 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-16 19:37 - 2014-04-03 22:07 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-15 19:07 - 2012-07-27 20:38 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\IObit
2014-06-14 22:59 - 2012-09-12 20:50 - 00000000 ____D () C:\Users\Bill\Downloads\! Registry Backups from CCleaner
2014-06-14 22:52 - 2012-07-28 17:33 - 00000000 ____D () C:\Users\Bill\AppData\Local\CrashDumps
2014-06-14 22:34 - 2013-04-06 15:55 - 00007599 _____ () C:\Users\Bill\AppData\Local\Resmon.ResmonCfg
2014-06-14 22:28 - 2014-06-14 22:28 - 00000000 ____D () C:\Users\Bill\Desktop\TMRBLog
2014-06-14 22:15 - 2014-06-14 22:15 - 00000154 _____ () C:\Users\Bill\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-06-14 22:13 - 2014-06-14 22:13 - 00400384 _____ (Farbar) C:\Users\Bill\Desktop\MiniToolBox.exe
2014-06-14 20:36 - 2014-06-14 20:36 - 00000084 _____ () C:\Users\Bill\Desktop\Burning ISO images with ImgBurn.url
2014-06-14 20:12 - 2012-08-04 11:17 - 00000000 ___RD () C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Utilities
2014-06-14 19:49 - 2014-06-14 19:34 - 00000000 ____D () C:\Users\Bill\Downloads\MS Windows
2014-06-14 19:30 - 2014-06-14 19:30 - 00000100 _____ () C:\Users\Bill\Desktop\How To Create a Windows 7 System Repair Disc.url
2014-06-14 19:30 - 2014-06-14 19:30 - 00000089 _____ () C:\Users\Bill\Desktop\Where Can I Download Windows 7- (Free & Legally).url
2014-06-14 19:27 - 2014-06-14 19:19 - 00000000 ____D () C:\Users\Bill\Downloads\Belarc
2014-06-14 19:19 - 2014-06-14 19:19 - 00002094 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-06-14 19:19 - 2014-06-14 19:19 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-06-14 18:53 - 2013-08-20 18:25 - 00000000 ____D () C:\windows\pss
2014-06-14 18:18 - 2013-10-15 19:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 18:17 - 2014-06-14 18:17 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-06-14 18:17 - 2014-06-14 18:17 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-06-14 18:17 - 2014-06-14 18:17 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-06-14 18:17 - 2014-06-14 18:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 15:05 - 2012-07-27 16:10 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-06-14 15:01 - 2014-06-14 15:01 - 00001195 _____ () C:\Users\Bill\Desktop\JRT.txt
2014-06-14 08:54 - 2012-07-31 16:59 - 00000000 ____D () C:\Users\Bill\Downloads\Temp
2014-06-14 07:15 - 2009-07-14 01:08 - 00032568 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-06-13 20:38 - 2014-06-13 20:38 - 00000114 _____ () C:\Users\Bill\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.url
2014-06-13 20:17 - 2014-06-13 20:17 - 00000113 _____ () C:\Users\Bill\Desktop\Google Hijacker - MajorGeeks Support Forums.url
2014-06-13 19:37 - 2014-06-13 19:37 - 00000079 _____ () C:\Users\Bill\Desktop\Google Hijacker - Page 2 - MajorGeeks Support Forums.url
2014-06-13 19:36 - 2014-04-20 14:34 - 00000000 ____D () C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-13 19:12 - 2014-06-13 19:12 - 00000110 _____ () C:\Users\Bill\Desktop\Awakening the Crystalline Body - Access All Sessions - Paths 2 Empowerment.url
2014-06-13 07:02 - 2014-06-06 15:16 - 00000000 ____D () C:\Users\Bill\Crystal
2014-06-13 07:02 - 2012-07-27 14:37 - 00000000 ____D () C:\Users\Bill
2014-06-12 22:17 - 2014-06-12 22:17 - 00000125 _____ () C:\Users\Bill\Desktop\Trojan.PWS.Panda.5661 found via Dr. web CURE IT! on RAM - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-06-12 22:10 - 2014-06-12 22:09 - 89257856 _____ (Sophos Limited) C:\Users\Bill\Desktop\Sophos Virus Removal Tool.exe
2014-06-12 21:58 - 2014-06-12 21:58 - 00000184 _____ () C:\Users\Bill\Desktop\How to Re-install windows 7 using the recovery partition from a - Microsoft Community.url
2014-06-12 21:50 - 2014-06-12 21:49 - 08461968 _____ (McAfee, Inc.) C:\Users\Bill\Desktop\SecurityScan_Release.exe
2014-06-12 21:47 - 2014-06-12 21:47 - 00000093 _____ () C:\Users\Bill\Desktop\PWS-Zbot-FAHU!880343AE561C!880343AE561C - Virus Profile & Definition - McAfee Inc..url
2014-06-12 17:24 - 2014-06-12 17:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-12 17:08 - 2014-06-12 17:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-06-11 21:04 - 2012-07-28 22:41 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Mp3tag
2014-06-11 20:27 - 2012-08-06 19:19 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\foobar2000
2014-06-08 20:36 - 2013-07-20 14:22 - 00000000 ____D () C:\Users\Bill\Downloads\FreeRip
2014-06-08 20:36 - 2013-03-10 19:08 - 00000000 ____D () C:\Users\Bill\Downloads\IObit
2014-06-08 19:28 - 2013-11-09 14:26 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-08 15:49 - 2014-06-08 15:49 - 00000000 ____D () C:\Users\Bill\Documents\ForceField Shared Files
2014-06-08 15:20 - 2012-08-04 14:54 - 00000000 ___RD () C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Audio
2014-06-08 14:25 - 2013-11-03 08:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky
2014-06-08 11:56 - 2014-06-08 11:56 - 00000087 _____ () C:\Users\Bill\Desktop\The Prostate Gland - The Learning Center.url
2014-06-08 11:18 - 2014-06-08 11:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Rootkit
2014-06-08 08:10 - 2012-08-04 14:54 - 00000000 ___RD () C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Video
2014-06-07 20:28 - 2013-11-14 19:58 - 00000000 ____D () C:\AdwCleaner
2014-06-07 20:19 - 2014-06-07 20:19 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-03 16:08 - 2014-06-17 21:46 - 00000000 ____D () C:\Users\Bill\Desktop\Chameleon
2014-05-31 20:55 - 2013-05-18 10:26 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\dvdcss
2014-05-31 17:31 - 2012-07-29 15:24 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-05-25 17:02 - 2012-09-14 14:10 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Audacity
2014-05-24 18:53 - 2013-04-06 17:03 - 00000000 ____D () C:\Users\Bill\Temp
2014-05-24 18:16 - 2014-05-24 18:15 - 35292148 _____ () C:\Users\Bill\Desktop\NHRA - Fire Breathing Monsters - YouTube.mp4
2014-05-22 20:45 - 2014-05-22 20:44 - 123527991 _____ () C:\Users\Bill\Desktop\Nitin Garg - projections-selected singles.zip
 
Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\GOKZVPESE.exe
C:\Users\Bill\AppData\Local\Temp\RIYLGFDYP.exe
C:\Users\Bill\AppData\Local\Temp\RZX.exe
C:\Users\Bill\AppData\Local\Temp\Uninstall.exe
C:\Users\Bill\AppData\Local\Temp\XLFMVV.exe
C:\Users\Bill\AppData\Local\Temp\{352628A4-064B-40B7-A7EB-F0CA5C125CD8}.exe
C:\Users\Bill\AppData\Local\Temp\{4FF0FC48-2297-4024-AA51-92D39398932E}.exe
C:\Users\Bill\AppData\Local\Temp\{5EDAD81F-56DB-4991-846B-F260AC548FA7}.exe
C:\Users\Bill\AppData\Local\Temp\{9D0AE473-0DF5-4E6E-9C91-998790E1590C}.exe
C:\Users\Bill\AppData\Local\Temp\{E94BAF5A-0020-4354-B9CC-3E1E410E8077}.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 19:59
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014
Ran by Bill at 2014-06-20 19:53:28
Running from C:\Users\Bill\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ZoneAlarm Antivirus (Disabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Disabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat 7.0 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional) (Version: 7.0.0 - Adobe Systems)
Adobe Acrobat 7.0 Professional (x32 Version: 7.0.0 - Adobe Systems) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Aurora 20.0a2 (x86 en-US) (HKLM-x32\...\Aurora 20.0a2 (x86 en-US)) (Version: 20.0a2 - Mozilla)
Aurora 23.0a2 (x86 en-US) (HKCU\...\Aurora 23.0a2 (x86 en-US)) (Version: 23.0a2 - Mozilla)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Classic Shell (HKLM\...\{DC45D291-769A-4608-A688-77E6DBC03498}) (Version: 3.6.1 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DROPCLOCK Screensaver (HKLM-x32\...\DROPCLOCK) (Version:  - )
DVDFab 8.2.2.8 (26/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.0.7.0 (04/10/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
foobar2000 v1.1.15 (HKLM-x32\...\foobar2000) (Version: 1.1.15 - Peter Pawlowski)
FreeAgent Pro Tools (HKLM-x32\...\InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}) (Version: 1.00.0032 - Seagate)
FreeAgent Pro Tools (x32 Version: 1.00.0032 - Seagate) Hidden
Gaia 3D Jigsaw Puzzle Screensaver v2.01 (HKLM-x32\...\Gaia 3D Jigsaw Puzzle Screensaver 2_is1) (Version:  - Gaia Dream Creation Inc.)
Garmin Express (HKLM-x32\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Processor ID Utility (HKLM-x32\...\{961C5B66-92B7-47C6-923B-AB492B5E55D4}) (Version: 4.60.0000 - Intel® Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LifeGlobe Sharks, Terrors of the Deep (HKLM-x32\...\LifeGlobe Sharks, Terrors of the Deep_is1) (Version: 1.0 - Prolific Publishing, Inc.)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 18.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0 (x86 en-US)) (Version: 18.0 - Mozilla)
Mozilla Firefox 29.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 20.0a2 - Mozilla)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PS_AIO_06_C4700_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2178 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0473 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0184 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2012 wvaiper (x32 Version: 012.000.1440 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax 2013 wvaiper (x32 Version: 013.000.1388 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0) (HKLM\...\75BD84FDFF77342C2A347F729669CBD84CE11B04) (Version: 09/29/2009 2.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZoneAlarm Antivirus (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 11.0.768.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
 
==================== Restore Points  =========================
 
19-06-2014 21:34:07 Removed Sophos Virus Removal Tool.
19-06-2014 22:07:47 Removed Java 7 Update 45 (64-bit)
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2013-08-20 18:42 - 00000804 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {076F79FE-4928-45FD-9A83-F0F7890F1D49} - System32\Tasks\Open Hardware Monitor\Startup => C:\Program Files (x86)\OpenHardwareMonitor\OpenHardwareMonitor.exe [2013-04-27] ()
Task: {1EB4DF10-32A2-4E5C-A587-5D05F2D30B11} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3286439377-479878827-1266509880-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2EABA661-9517-47C5-A1A6-52CF3F85D07B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: {30317102-172D-4C50-B2B7-41FA15498E14} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-03] (AVAST Software)
Task: {4C8408FE-3D01-4CE2-AC2A-E9FF68F4D766} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-27] (Google Inc.)
Task: {5C79F041-EDF7-483D-86BE-6C347D985A45} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {8D788959-ECF7-4EFB-ADE0-97A4F5C21318} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3286439377-479878827-1266509880-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A4CA4585-DD03-4656-BAFE-10FE1FA9EDE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-27] (Google Inc.)
Task: {BED735AC-E5F9-4CF1-923C-76B2444ADA1F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {CDA4F1E1-DEDB-414D-AB6E-5ED3AC626D8E} - System32\Tasks\{BD265059-2CCE-43FD-A0E5-1C8EECBA8C98} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {D5ADF64E-3899-4A6A-8EE2-291B239B8060} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-01-09] (IObit)
Task: {E8E36753-DF64-42EA-8540-57140E6685F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {FA58A92A-C74A-4C31-897A-CA61F69403B5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-26 08:27 - 2013-04-27 14:37 - 00483328 _____ () C:\Program Files (x86)\OpenHardwareMonitor\OpenHardwareMonitor.exe
2012-05-27 18:05 - 2013-04-27 14:37 - 00149504 _____ () C:\Program Files (x86)\OpenHardwareMonitor\Aga.Controls.dll
2012-07-26 08:27 - 2013-04-27 14:37 - 00252928 _____ () C:\Program Files (x86)\OpenHardwareMonitor\OpenHardwareMonitorLib.dll
2012-05-21 15:55 - 2012-01-05 13:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-25 20:23 - 2013-04-25 20:23 - 00012520 _____ () C:\Users\Bill\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\CoreTempReader.dll
2013-04-25 20:23 - 2013-04-25 20:23 - 00015080 _____ () C:\Users\Bill\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\GetCoreTempInfoNET.dll
2013-04-25 20:23 - 2013-04-25 20:23 - 00014056 _____ () C:\Users\Bill\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\SystemInfo.dll
2012-05-21 15:54 - 2011-12-06 13:58 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-05-21 15:54 - 2011-12-06 13:58 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-06-20 17:16 - 2014-06-20 17:16 - 02783232 _____ () C:\Program Files\AVAST Software\Avast\defs\14062001\algo.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-15 21:31 - 2013-11-15 21:31 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-12 22:23 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 22:23 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 22:23 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 22:23 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 22:23 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2012-05-21 15:58 - 2012-02-07 13:39 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-06-12 22:23 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
2014-05-17 11:47 - 2014-05-17 11:47 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01707386.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05043909.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10328617.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19979242.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35403231.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52328005.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56526994.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67510703.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78395490.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90484360.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92286803.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01707386.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\05043909.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\10328617.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19979242.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35403231.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52328005.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56526994.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67510703.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78395490.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90484360.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92286803.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk => C:\windows\pss\Device Detector 3.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => c:\program files (x86)\cyberlink\shared files\brs.exe
MSCONFIG\startupreg: GarminExpressTrayApp => c:\program files (x86)\garmin\express tray\expresstray.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "c:\program files\logitech\logitech webcam software\lws.exe" /hide
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: StxTrayMenu => c:\program files (x86)\seagate\systemtray\freeagentlauncher.exe c:\program files (x86)\seagate\systemtray\stxmenumgr.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/20/2014 06:37:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/20/2014 05:52:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 05:48:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 05:38:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 05:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 05:16:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Bill-Corei7-PC)
Description: Application or service 'ZoneAlarm Privacy Service' could not be shut down.
 
Error: (06/20/2014 05:16:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Bill-Corei7-PC)
Description: Application or service 'ZoneAlarm Privacy Service' could not be shut down.
 
Error: (06/20/2014 05:16:38 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Bill-Corei7-PC)
Description: Application or service 'Check Point Install Utility' could not be shut down.
 
Error: (06/20/2014 04:57:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 04:44:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/20/2014 07:39:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (06/20/2014 05:55:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/20/2014 05:52:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error: 
%%2
 
Error: (06/20/2014 05:52:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (06/20/2014 05:52:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (06/20/2014 05:51:36 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (06/20/2014 05:50:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147467243
 
Error: (06/20/2014 05:48:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error: 
%%2
 
Error: (06/20/2014 05:48:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (06/20/2014 05:48:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (06/20/2014 06:37:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Security\esetsmartinstaller_enu.exe
 
Error: (06/20/2014 05:52:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 05:48:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 05:38:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 05:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 05:16:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Bill-Corei7-PC)
Description: 1C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exeZoneAlarm Privacy Service03026216135760
 
Error: (06/20/2014 05:16:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Bill-Corei7-PC)
Description: 0C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exeZoneAlarm Privacy Service0302621613576143003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0043006800650063006B0050006F0069006E0074005C005A006F006E00650041006C00610072006D005C005A004100500072006900760061006300790053006500720076006900630065002E006500780065000000
 
Error: (06/20/2014 05:16:38 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Bill-Corei7-PC)
Description: 1C:\Program Files (x86)\CheckPoint\Install\Install.exeCheck Point Install Utility0111737880
 
Error: (06/20/2014 04:57:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2014 04:44:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-12 17:00:18.735
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 21:30:31.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 21:11:13.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 21:00:58.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 20:27:40.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 20:00:01.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 19:44:14.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 19:27:27.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 19:06:09.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-10 21:54:32.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 28%
Total physical RAM: 16255.42 MB
Available physical RAM: 11680.19 MB
Total Pagefile: 32509.02 MB
Available Pagefile: 28485.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1862.92 GB) (Free:1479.6 GB) NTFS
Drive t: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:1576.15 GB) NTFS
 
==================== MBR & Partition Table ==================
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End Of Log ============================


#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:08 PM

Posted 21 June 2014 - 10:43 AM

Hi WJL2112
 

which I think is the program infected (vsmon.exe) with the trojan.


vsmon.exe is part of ZoneAlarm.
http://www.neuber.com/taskmanager/process/vsmon.exe.html

It looks like you didn't run Rougekiller correctly.

Mode : Scan -- Date : 06/20/2014 19:46:26

I needed you to Delete the items instead of just scanning them.

Step 1

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Delete button.
  • Next, click on the Fix Proxy button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Step 2

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt



HKLM\...\Run: [SDTray] => c:\program files (x86)\spybot - search & destroy 2\sdtray.exe
HKU\.DEFAULT\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\S-1-5-21-3286439377-479878827-1266509880-1000\...\Run: [SmartRAM] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" /m
HKU\S-1-5-21-3286439377-479878827-1266509880-1000\...\MountPoints2: I - I:\DTVP_Launcher.exe
HKU\S-1-5-21-3286439377-479878827-1266509880-1000\...\MountPoints2: {7d8d776e-da88-11e1-b3bb-10bf487c61e3} - D:\DTVP_Launcher.exe
ProxyServer: localhost:8080
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name - {AE7CD045-E861-484f-8273-0445EE161910} - No File
BHO-x32: No Name - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - No File
Toolbar: HKLM - No Name - {553891B7-A0D5-4526-BE18-D3CE461D6310} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKLM-x32 - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM-x32 - No Name - {553891B7-A0D5-4526-BE18-D3CE461D6310} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R3 WinRing0_1_2_0; \??\C:\Users\Bill\AppData\Local\Temp\tmpD142.tmp [X]
Task: {5C79F041-EDF7-483D-86BE-6C347D985A45} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {BED735AC-E5F9-4CF1-923C-76B2444ADA1F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {FA58A92A-C74A-4C31-897A-CA61F69403B5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
c:\program files (x86)\spybot - search & destroy 2\
C:\Program Files (x86)\IObit\Advanced SystemCare 6\
C:\Windows\System32\DRIVERS\kl1.sys
C:\Windows\System32\Drivers\klflt.sys
C:\Windows\System32\DRIVERS\klif.sys
C:\Users\Bill\AppData\Local\Temp\

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 3

We need to re-run FRST

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
     

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 21 June 2014 - 11:25 AM

seedy21,

 

Hello again.

 

I ran RogueKiller the way it runs, meaning after the prescan, the delete button is not active, e.g. cannot be pushed.  What I did last night was run the prescan then scan, then I pushed delete.

 

I just reran RogueKiller again, prescan ran, and again, no way to push the delete button.  Same result when run as administrator or not.

 

I will not proceed to step 2 until we can get RogueKiller resolved, or you instruct otherwise.

 

I will await your next message.

 

Thanks,

 

Bill






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users