Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware Infection. Process C:\Windows\SysWOW64/svchost.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 moreasy

moreasy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 09 July 2014 - 09:31 AM

This is my friend's laptop and he has been complaining of viruses. OS is Win 7 Ultimate Someone else installed avast! and it's been popping up Web Shield warnings saying the computer is infected. I've run Malware Bytes, Avast, Spybot, CCleaner and the avast boot scanner but cannot root the issue.

 

Avast is saying the issue is with file path C:\Windows\SysWOW64/svchost.exe

 

Thanks!

 

DDS Log to follow

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by moreazy at 9:19:57 on 2014-07-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3935.2385 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\syswow64\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072314 serial=DR12WEX-1402952-DXX lang=EN
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B9B7878D-6AFB-42BB-9D3E-B93E676F2C63} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B9B7878D-6AFB-42BB-9D3E-B93E676F2C63}\A416355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B9B7878D-6AFB-42BB-9D3E-B93E676F2C63}\A51495A51495D2651494F4F5E4564777F627B6 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{EBEB70BA-97B3-4E47-9A59-4FA3A3F4E70A} : DHCPNameServer = 192.168.1.254
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\moreazy\AppData\Roaming\Mozilla\Firefox\Profiles\varlnbwo.default\
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-7 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-7 224896]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-7 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-7 427360]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-7 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-7 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-7 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-7 50344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-7 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-7 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-7 171928]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2013-3-14 398112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-4-12 139592]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-4-12 418632]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2013-3-14 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2013-3-14 157288]
S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2013-3-14 178216]
S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2013-3-14 539176]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;C:\Windows\System32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-7 111616]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-3-14 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-3-14 42192]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-12 366216]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-12 786056]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-2-27 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-2-27 213504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-15 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-9-15 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-15 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-15 1255736]
.
=============== Created Last 30 ================
.
2014-07-08 15:53:29    --------    d-----w-    C:\Program Files\CCleaner
2014-07-08 15:18:20    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-08 15:17:20    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-08 15:17:20    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-08 15:17:20    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-07-08 15:17:20    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-07-08 15:17:20    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 05:17:30    --------    d-----w-    C:\Program Files (x86)\Common Files\Corel
2014-07-08 05:15:58    --------    d-----w-    C:\Program Files (x86)\Corel
2014-07-07 23:50:28    --------    d-----w-    C:\Windows\Panther
2014-07-07 23:34:58    --------    d-----w-    C:\Windows.old.000
2014-07-07 23:13:23    --------    d-----w-    C:\Windows.old
2014-07-07 23:09:05    --------    d-----w-    C:\Users\moreazy\AppData\Roaming\AVAST Software
2014-07-07 23:08:12    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-07-07 23:08:11    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-07-07 23:08:09    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-07-07 23:08:05    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-07-07 23:07:59    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-07 23:07:57    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-07-07 23:07:56    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-07-07 23:07:42    43152    ----a-w-    C:\Windows\avastSS.scr
2014-07-07 23:00:02    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-07-07 23:00:00    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-07-07 22:59:54    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-07 22:59:29    --------    d-----w-    C:\Users\moreazy\AppData\Local\Programs
2014-07-07 22:53:22    --------    d-----w-    C:\Windows\AutoKMS
2014-07-07 22:47:42    --------    d-----w-    C:\ProgramData\Microsoft Toolkit
2014-07-07 22:35:08    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-07-07 22:35:08    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-07-07 22:35:07    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2014-07-07 22:35:06    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2014-07-07 22:28:37    --------    d-----w-    C:\Windows\Migration
2014-07-07 22:28:25    --------    d-sh--w-    C:\Windows\Installer
2014-07-07 22:22:29    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2014-07-07 22:22:29    859648    ----a-w-    C:\Windows\System32\tdh.dll
2014-07-07 22:22:29    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2014-07-07 22:22:29    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2014-07-07 22:22:29    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-07-07 22:22:29    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2014-07-07 22:22:29    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2014-07-07 22:22:29    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2014-07-07 22:22:29    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-07-07 22:05:27    --------    d-----w-    C:\Windows\System32\MRT
2014-07-07 21:42:02    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-07-07 21:41:55    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7488D464-3DB6-4B9D-AB90-90ABBCCDAA86}\mpengine.dll
2014-07-07 21:39:03    --------    d-----w-    C:\Users\moreazy\AppData\Local\Macromedia
2014-07-07 21:34:59    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-07-07 21:33:59    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-07-07 21:32:58    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-07 21:32:58    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-07 21:32:35    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-07-07 21:32:35    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-07-07 21:32:35    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-07-07 21:32:35    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-07-07 21:32:35    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-07-07 21:32:35    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-07-07 21:32:35    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-07-07 21:32:33    185344    ----a-w-    C:\Windows\System32\drivers\usbvideo.sys
2014-07-07 21:32:33    100864    ----a-w-    C:\Windows\System32\drivers\usbcir.sys
2014-07-07 21:30:13    76800    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2014-07-07 21:30:13    32896    ----a-w-    C:\Windows\System32\drivers\hidparse.sys
2014-07-07 21:30:00    --------    d-----w-    C:\Program Files\AVAST Software
2014-07-07 21:28:44    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-07-07 21:28:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-07-07 21:27:00    --------    d-----w-    C:\ProgramData\AVAST Software
2014-07-07 21:22:03    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-07-07 21:21:54    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-07-07 21:21:54    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2014-07-07 21:21:54    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2014-07-07 21:21:54    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2014-07-07 21:21:54    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2014-07-07 21:11:11    --------    d-----w-    C:\Users\moreazy\AppData\Local\VirtualStore
2014-07-07 21:07:32    142336    ----a-w-    C:\Windows\System32\poqexec.exe
2014-07-07 21:07:32    123904    ----a-w-    C:\Windows\SysWow64\poqexec.exe
2014-07-07 21:06:30    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2014-07-07 21:06:20    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2014-07-07 21:06:05    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-07-07 21:06:05    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-07-07 21:05:22    --------    d-sh--w-    C:\Recovery
.
==================== Find3M  ====================
.
2014-05-08 09:32:11    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
.
============= FINISH:  9:22:19.92 ===============
 

Attached Files

  • Attached File  dds.txt   14.58KB   0 downloads


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 09 July 2014 - 11:41 AM

Hi there,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 moreasy

moreasy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 09 July 2014 - 01:32 PM

Someone else had already suggested tdsskiller in the interium so I ran it and it found an infection which I moved to quarantine. The file was labeled mbr0000 and like I said, I just quarantined it, has not been deleted.

 

13:14:43.0820 0x09ec  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
13:14:48.0524 0x09ec  ============================================================
13:14:48.0524 0x09ec  Current date / time: 2014/07/09 13:14:48.0524
13:14:48.0524 0x09ec  SystemInfo:
13:14:48.0524 0x09ec  
13:14:48.0524 0x09ec  OS Version: 6.1.7601 ServicePack: 1.0
13:14:48.0524 0x09ec  Product type: Workstation
13:14:48.0524 0x09ec  ComputerName: MOREAZY-PC
13:14:48.0525 0x09ec  UserName: moreazy
13:14:48.0525 0x09ec  Windows directory: C:\Windows
13:14:48.0525 0x09ec  System windows directory: C:\Windows
13:14:48.0525 0x09ec  Running under WOW64
13:14:48.0525 0x09ec  Processor architecture: Intel x64
13:14:48.0525 0x09ec  Number of processors: 2
13:14:48.0525 0x09ec  Page size: 0x1000
13:14:48.0525 0x09ec  Boot type: Normal boot
13:14:48.0525 0x09ec  ============================================================
13:14:56.0273 0x09ec  KLMD registered as C:\Windows\system32\drivers\57644979.sys
13:14:57.0161 0x09ec  System UUID: {BF14F2A6-FCA8-B39F-6074-DDC6704D5A47}
13:14:58.0992 0x09ec  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:14:59.0055 0x09ec  ============================================================
13:14:59.0055 0x09ec  \Device\Harddisk0\DR0:
13:14:59.0055 0x09ec  MBR partitions:
13:14:59.0055 0x09ec  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFCF000, BlocksNum 0x32000
13:14:59.0055 0x09ec  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1001000, BlocksNum 0x2442D2B0
13:14:59.0055 0x09ec  ============================================================
13:14:59.0103 0x09ec  C: <-> \Device\Harddisk0\DR0\Partition2
13:14:59.0104 0x09ec  ============================================================
13:14:59.0104 0x09ec  Initialize success
13:14:59.0104 0x09ec  ============================================================
13:15:27.0035 0x0a7c  ============================================================
13:15:27.0035 0x0a7c  Scan started
13:15:27.0035 0x0a7c  Mode: Manual; SigCheck; TDLFS;
13:15:27.0035 0x0a7c  ============================================================
13:15:27.0035 0x0a7c  KSN ping started
13:15:40.0649 0x0a7c  KSN ping finished: true
13:15:45.0948 0x0a7c  ================ Scan system memory ========================
13:15:45.0948 0x0a7c  System memory - ok
13:15:45.0949 0x0a7c  ================ Scan services =============================
13:15:46.0378 0x0a7c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
13:15:46.0497 0x0a7c  1394ohci - ok
13:15:46.0522 0x0a7c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:15:46.0549 0x0a7c  ACPI - ok
13:15:46.0557 0x0a7c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:15:46.0652 0x0a7c  AcpiPmi - ok
13:15:46.0913 0x0a7c  [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:15:46.0958 0x0a7c  AdobeFlashPlayerUpdateSvc - ok
13:15:47.0026 0x0a7c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:15:47.0088 0x0a7c  adp94xx - ok
13:15:47.0105 0x0a7c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:15:47.0134 0x0a7c  adpahci - ok
13:15:47.0147 0x0a7c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:15:47.0168 0x0a7c  adpu320 - ok
13:15:47.0255 0x0a7c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:15:47.0379 0x0a7c  AeLookupSvc - ok
13:15:47.0494 0x0a7c  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
13:15:47.0756 0x0a7c  AFD - ok
13:15:47.0882 0x0a7c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:15:47.0899 0x0a7c  agp440 - ok
13:15:47.0976 0x0a7c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:15:48.0139 0x0a7c  ALG - ok
13:15:48.0181 0x0a7c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:15:48.0197 0x0a7c  aliide - ok
13:15:48.0209 0x0a7c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:15:48.0230 0x0a7c  amdide - ok
13:15:48.0238 0x0a7c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:15:48.0314 0x0a7c  AmdK8 - ok
13:15:48.0323 0x0a7c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:15:48.0432 0x0a7c  AmdPPM - ok
13:15:48.0473 0x0a7c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:15:48.0492 0x0a7c  amdsata - ok
13:15:48.0504 0x0a7c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:15:48.0527 0x0a7c  amdsbs - ok
13:15:48.0535 0x0a7c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:15:48.0550 0x0a7c  amdxata - ok
13:15:48.0557 0x0a7c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:15:48.0632 0x0a7c  AppID - ok
13:15:48.0682 0x0a7c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:15:48.0733 0x0a7c  AppIDSvc - ok
13:15:48.0759 0x0a7c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:15:48.0860 0x0a7c  Appinfo - ok
13:15:48.0898 0x0a7c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:15:48.0923 0x0a7c  AppMgmt - ok
13:15:48.0958 0x0a7c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
13:15:48.0984 0x0a7c  arc - ok
13:15:48.0994 0x0a7c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:15:49.0013 0x0a7c  arcsas - ok
13:15:49.0096 0x0a7c  [ 236023DAC93037A8DDE9539F36D7F3EE, DA689EA3FD5A886D19003B71114DC2F5ABE9F0D9B2F501881BB6AD1641E8BA14 ] asmthub3        C:\Windows\system32\drivers\asmthub3.sys
13:15:49.0120 0x0a7c  asmthub3 - ok
13:15:49.0141 0x0a7c  [ 1390ABD16ADE1F2443B5749D06C4C8F2, 3F5BE10CC1D6459B7062206FA4981BF81956B3CBC92D3B596B7B7A383DA4C106 ] asmtxhci        C:\Windows\system32\drivers\asmtxhci.sys
13:15:49.0170 0x0a7c  asmtxhci - ok
13:15:49.0369 0x0a7c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:15:49.0389 0x0a7c  aspnet_state - ok
13:15:49.0489 0x0a7c  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:15:49.0514 0x0a7c  aswHwid - ok
13:15:49.0552 0x0a7c  [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:15:49.0569 0x0a7c  aswMonFlt - ok
13:15:49.0617 0x0a7c  [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:15:49.0634 0x0a7c  aswRdr - ok
13:15:49.0671 0x0a7c  [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:15:49.0685 0x0a7c  aswRvrt - ok
13:15:49.0765 0x0a7c  [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:15:49.0816 0x0a7c  aswSnx - ok
13:15:49.0894 0x0a7c  [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:15:49.0919 0x0a7c  aswSP - ok
13:15:49.0971 0x0a7c  [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:15:49.0986 0x0a7c  aswStm - ok
13:15:50.0052 0x0a7c  [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:15:50.0071 0x0a7c  aswVmm - ok
13:15:50.0148 0x0a7c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:15:50.0206 0x0a7c  AsyncMac - ok
13:15:50.0214 0x0a7c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:15:50.0229 0x0a7c  atapi - ok
13:15:50.0484 0x0a7c  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
13:15:50.0673 0x0a7c  athr - ok
13:15:50.0772 0x0a7c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:15:50.0938 0x0a7c  AudioEndpointBuilder - ok
13:15:50.0965 0x0a7c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:15:51.0038 0x0a7c  AudioSrv - ok
13:15:51.0141 0x0a7c  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:15:51.0155 0x0a7c  avast! Antivirus - ok
13:15:51.0196 0x0a7c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:15:51.0282 0x0a7c  AxInstSV - ok
13:15:51.0362 0x0a7c  [ 1FED668A08CD871ED317A0388CDD4537, DBE7A53E163D4090EF99DB9621FD0116AA633193E523738552E75D97D79919CD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:15:51.0560 0x0a7c  b06bdrv - ok
13:15:51.0597 0x0a7c  [ CFE42B9C72CD047E478C3B7F4B1FAFFD, E8CAB5F6D54DA3777D9F351FBF393B85C7E2F3D3CD37B2F3C9F05A246E270FCB ] b06diag         C:\Windows\system32\drivers\bxdiaga.sys
13:15:51.0612 0x0a7c  b06diag - ok
13:15:51.0658 0x0a7c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:15:51.0735 0x0a7c  b57nd60a - ok
13:15:51.0781 0x0a7c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:15:51.0835 0x0a7c  BDESVC - ok
13:15:51.0960 0x0a7c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:15:52.0076 0x0a7c  Beep - ok
13:15:52.0158 0x0a7c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:15:52.0241 0x0a7c  BFE - ok
13:15:52.0341 0x0a7c  [ 33B114FC0394358DB521828B6F6ACC54, 3EF2AB62A23BDB2C5976B5C470E48FCD11154C1CCFC5633CA90C08D32E97D330 ] BFN7x64         C:\Windows\system32\drivers\Xeno7x64.sys
13:15:52.0359 0x0a7c  BFN7x64 - ok
13:15:52.0428 0x0a7c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:15:52.0546 0x0a7c  BITS - ok
13:15:52.0578 0x0a7c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:15:52.0708 0x0a7c  blbdrive - ok
13:15:52.0767 0x0a7c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:15:52.0840 0x0a7c  bowser - ok
13:15:53.0035 0x0a7c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:15:53.0202 0x0a7c  BrFiltLo - ok
13:15:53.0226 0x0a7c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:15:53.0247 0x0a7c  BrFiltUp - ok
13:15:53.0267 0x0a7c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:15:53.0348 0x0a7c  Browser - ok
13:15:53.0362 0x0a7c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:15:53.0419 0x0a7c  Brserid - ok
13:15:53.0427 0x0a7c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:15:53.0487 0x0a7c  BrSerWdm - ok
13:15:53.0493 0x0a7c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:15:53.0528 0x0a7c  BrUsbMdm - ok
13:15:53.0537 0x0a7c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:15:53.0592 0x0a7c  BrUsbSer - ok
13:15:53.0600 0x0a7c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:15:53.0643 0x0a7c  BTHMODEM - ok
13:15:53.0675 0x0a7c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:15:53.0741 0x0a7c  bthserv - ok
13:15:53.0770 0x0a7c  [ 96858ECF6D017E33A5A1A87E7A1E3206, 2D56CE8EDE1A23C0AD931C284838413110A9DDCF1C29BB75FFE3D54A22FF3DA0 ] bxfcoe          C:\Windows\system32\drivers\bxfcoe.sys
13:15:53.0789 0x0a7c  bxfcoe - ok
13:15:53.0858 0x0a7c  [ 33B60616D5DE1D7FE8B5939D437BC74F, 510AA2796D1238EB236062322E027267C9708DC966553B4D7990128D7BBA2460 ] bxois           C:\Windows\system32\drivers\bxois.sys
13:15:53.0917 0x0a7c  bxois - ok
13:15:54.0079 0x0a7c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:15:54.0142 0x0a7c  cdfs - ok
13:15:54.0153 0x0a7c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:15:54.0208 0x0a7c  cdrom - ok
13:15:54.0258 0x0a7c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:15:54.0325 0x0a7c  CertPropSvc - ok
13:15:54.0334 0x0a7c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:15:54.0375 0x0a7c  circlass - ok
13:15:54.0403 0x0a7c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:15:54.0438 0x0a7c  CLFS - ok
13:15:54.0575 0x0a7c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:15:54.0601 0x0a7c  clr_optimization_v2.0.50727_32 - ok
13:15:54.0735 0x0a7c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:15:54.0761 0x0a7c  clr_optimization_v2.0.50727_64 - ok
13:15:54.0866 0x0a7c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:15:54.0886 0x0a7c  clr_optimization_v4.0.30319_32 - ok
13:15:54.0932 0x0a7c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:15:54.0952 0x0a7c  clr_optimization_v4.0.30319_64 - ok
13:15:55.0006 0x0a7c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:15:55.0080 0x0a7c  CmBatt - ok
13:15:55.0090 0x0a7c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:15:55.0108 0x0a7c  cmdide - ok
13:15:55.0197 0x0a7c  [ AAFCB52FE0037207FB6FBEA070D25EFE, 7D035BFB6DD86944CCDE6D71811891406D7FD08344EF8CF57C4D932E096F1377 ] CNG             C:\Windows\system32\Drivers\cng.sys
13:15:55.0274 0x0a7c  CNG - ok
13:15:55.0373 0x0a7c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:15:55.0388 0x0a7c  Compbatt - ok
13:15:55.0395 0x0a7c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:15:55.0641 0x0a7c  CompositeBus - ok
13:15:55.0649 0x0a7c  COMSysApp - ok
13:15:55.0669 0x0a7c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:15:55.0685 0x0a7c  crcdisk - ok
13:15:55.0783 0x0a7c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:15:55.0836 0x0a7c  CryptSvc - ok
13:15:56.0089 0x0a7c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:15:56.0200 0x0a7c  CSC - ok
13:15:56.0276 0x0a7c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:15:56.0357 0x0a7c  CscService - ok
13:15:56.0441 0x0a7c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:15:56.0607 0x0a7c  DcomLaunch - ok
13:15:56.0666 0x0a7c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:15:56.0775 0x0a7c  defragsvc - ok
13:15:56.0823 0x0a7c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:15:56.0916 0x0a7c  DfsC - ok
13:15:57.0001 0x0a7c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:15:57.0100 0x0a7c  Dhcp - ok
13:15:57.0122 0x0a7c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:15:57.0238 0x0a7c  discache - ok
13:15:57.0263 0x0a7c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
13:15:57.0279 0x0a7c  Disk - ok
13:15:57.0363 0x0a7c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:15:57.0435 0x0a7c  dmvsc - ok
13:15:57.0480 0x0a7c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:15:57.0556 0x0a7c  Dnscache - ok
13:15:57.0595 0x0a7c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:15:57.0682 0x0a7c  dot3svc - ok
13:15:57.0712 0x0a7c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:15:57.0785 0x0a7c  DPS - ok
13:15:57.0838 0x0a7c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:15:57.0870 0x0a7c  drmkaud - ok
13:15:58.0019 0x0a7c  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:15:58.0066 0x0a7c  DXGKrnl - ok
13:15:58.0272 0x0a7c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:15:58.0393 0x0a7c  EapHost - ok
13:15:58.0738 0x0a7c  [ 8947C98CC212AEEE1FABEC4582F652EE, 998B8A768CF7B6B4C4AFDD219259023C6EDD54282B4C14753EDA2B0C54DFF690 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:15:58.0917 0x0a7c  ebdrv - ok
13:15:58.0961 0x0a7c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
13:15:59.0016 0x0a7c  EFS - ok
13:15:59.0154 0x0a7c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:15:59.0273 0x0a7c  ehRecvr - ok
13:15:59.0283 0x0a7c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:15:59.0350 0x0a7c  ehSched - ok
13:15:59.0489 0x0a7c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:15:59.0561 0x0a7c  elxstor - ok
13:15:59.0583 0x0a7c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:15:59.0608 0x0a7c  ErrDev - ok
13:15:59.0688 0x0a7c  [ 3DBC10CBC436288801FAEE66DE91AE47, CE50732C43AEB8ACF977DF7CF609C88CB022E596EBE0C0AA9DDBC4D6BB25B804 ] EtronHub3       C:\Windows\System32\Drivers\EtronHub3.sys
13:15:59.0788 0x0a7c  EtronHub3 - ok
13:15:59.0817 0x0a7c  [ 1EDF0CF390B84266FD7FFED38AB7DCAC, E0C34BFC031006195B6943DFEC32963675FBAC2A440F651AF3125ED98381E035 ] EtronSTOR       C:\Windows\System32\Drivers\EtronSTOR.sys
13:15:59.0868 0x0a7c  EtronSTOR - ok
13:15:59.0894 0x0a7c  [ DE261095A2220D400D9603E1E42D4185, F5C4493EDCE92EC46BC7940764F719131FE27AE695201EDF143D678881CD239D ] EtronXHCI       C:\Windows\System32\Drivers\EtronXHCI.sys
13:15:59.0942 0x0a7c  EtronXHCI - ok
13:16:00.0015 0x0a7c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:16:00.0103 0x0a7c  EventSystem - ok
13:16:00.0129 0x0a7c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:16:00.0181 0x0a7c  exfat - ok
13:16:00.0202 0x0a7c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:16:00.0266 0x0a7c  fastfat - ok
13:16:00.0314 0x0a7c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:16:00.0404 0x0a7c  Fax - ok
13:16:00.0412 0x0a7c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
13:16:00.0454 0x0a7c  fdc - ok
13:16:00.0484 0x0a7c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:16:00.0532 0x0a7c  fdPHost - ok
13:16:00.0542 0x0a7c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:16:00.0607 0x0a7c  FDResPub - ok
13:16:00.0621 0x0a7c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:16:00.0640 0x0a7c  FileInfo - ok
13:16:00.0651 0x0a7c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:16:00.0771 0x0a7c  Filetrace - ok
13:16:00.0799 0x0a7c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:16:00.0820 0x0a7c  flpydisk - ok
13:16:00.0834 0x0a7c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:16:00.0859 0x0a7c  FltMgr - ok
13:16:00.0945 0x0a7c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:16:01.0031 0x0a7c  FontCache - ok
13:16:01.0160 0x0a7c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:16:01.0174 0x0a7c  FontCache3.0.0.0 - ok
13:16:01.0249 0x0a7c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:16:01.0266 0x0a7c  FsDepends - ok
13:16:01.0329 0x0a7c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:16:01.0354 0x0a7c  Fs_Rec - ok
13:16:01.0368 0x0a7c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:16:01.0395 0x0a7c  fvevol - ok
13:16:01.0404 0x0a7c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:16:01.0422 0x0a7c  gagp30kx - ok
13:16:01.0519 0x0a7c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:16:01.0623 0x0a7c  gpsvc - ok
13:16:01.0632 0x0a7c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:16:01.0684 0x0a7c  hcw85cir - ok
13:16:01.0814 0x0a7c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:16:01.0899 0x0a7c  HdAudAddService - ok
13:16:01.0998 0x0a7c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:16:02.0068 0x0a7c  HDAudBus - ok
13:16:02.0076 0x0a7c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:16:02.0159 0x0a7c  HidBatt - ok
13:16:02.0168 0x0a7c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:16:02.0238 0x0a7c  HidBth - ok
13:16:02.0245 0x0a7c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:16:02.0270 0x0a7c  HidIr - ok
13:16:02.0317 0x0a7c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:16:02.0417 0x0a7c  hidserv - ok
13:16:02.0472 0x0a7c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:16:02.0490 0x0a7c  HidUsb - ok
13:16:02.0529 0x0a7c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:16:02.0597 0x0a7c  hkmsvc - ok
13:16:02.0634 0x0a7c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:16:02.0727 0x0a7c  HomeGroupListener - ok
13:16:02.0811 0x0a7c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:16:02.0891 0x0a7c  HomeGroupProvider - ok
13:16:02.0935 0x0a7c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:16:02.0953 0x0a7c  HpSAMD - ok
13:16:03.0003 0x0a7c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:16:03.0131 0x0a7c  HTTP - ok
13:16:03.0162 0x0a7c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:16:03.0180 0x0a7c  hwpolicy - ok
13:16:03.0235 0x0a7c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:16:03.0258 0x0a7c  i8042prt - ok
13:16:03.0303 0x0a7c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:16:03.0342 0x0a7c  iaStorV - ok
13:16:03.0506 0x0a7c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:16:03.0580 0x0a7c  idsvc - ok
13:16:03.0664 0x0a7c  IEEtwCollectorService - ok
13:16:04.0159 0x0a7c  [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:16:04.0710 0x0a7c  igfx - ok
13:16:04.0772 0x0a7c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:16:04.0790 0x0a7c  iirsp - ok
13:16:04.0929 0x0a7c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:16:05.0070 0x0a7c  IKEEXT - ok
13:16:05.0195 0x0a7c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:16:05.0211 0x0a7c  intelide - ok
13:16:05.0218 0x0a7c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:16:05.0264 0x0a7c  intelppm - ok
13:16:05.0312 0x0a7c  [ E45575812630B049CE0F679D87561A4D, 2645B87960DAA51295530ECF5518E5872B17520293068E7DEA064FEAE3884E87 ] ioatdma1        C:\Windows\System32\Drivers\qd162x64.sys
13:16:05.0329 0x0a7c  ioatdma1 - ok
13:16:05.0440 0x0a7c  [ 2C23820DD9E81199E60F553EB50BC449, AF3847AD90A79E9D22DC67F4ED52B1D3FAF7C6420D60F2044C1FB49FD338BB70 ] ioatdma2        C:\Windows\System32\Drivers\qd262x64.sys
13:16:05.0468 0x0a7c  ioatdma2 - ok
13:16:05.0533 0x0a7c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:16:05.0612 0x0a7c  IPBusEnum - ok
13:16:05.0633 0x0a7c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:16:05.0702 0x0a7c  IpFilterDriver - ok
13:16:05.0790 0x0a7c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:16:05.0907 0x0a7c  iphlpsvc - ok
13:16:05.0917 0x0a7c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:16:06.0103 0x0a7c  IPMIDRV - ok
13:16:06.0192 0x0a7c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:16:06.0288 0x0a7c  IPNAT - ok
13:16:06.0312 0x0a7c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:16:06.0367 0x0a7c  IRENUM - ok
13:16:06.0374 0x0a7c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:16:06.0390 0x0a7c  isapnp - ok
13:16:06.0452 0x0a7c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:16:06.0494 0x0a7c  iScsiPrt - ok
13:16:06.0525 0x0a7c  [ 2D15CEDF619796002E8640F73A4BF920, FCC0137CB5AE32266A550EE46106B80F431F0B55342599951B9D032F8EA10649 ] iusb3hub        C:\Windows\system32\drivers\iusb3hub.sys
13:16:06.0563 0x0a7c  iusb3hub - ok
13:16:06.0609 0x0a7c  [ F1E93FE111924D0BC853155AADF8048B, 2DFD5B3D042286A0FD5E482C81FAE339E4F05C0A6DFF43061D8502C4551125F7 ] iusb3xhc        C:\Windows\system32\drivers\iusb3xhc.sys
13:16:06.0659 0x0a7c  iusb3xhc - ok
13:16:06.0670 0x0a7c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:16:06.0691 0x0a7c  kbdclass - ok
13:16:06.0713 0x0a7c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:16:06.0814 0x0a7c  kbdhid - ok
13:16:06.0911 0x0a7c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
13:16:06.0932 0x0a7c  KeyIso - ok
13:16:06.0967 0x0a7c  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:16:06.0987 0x0a7c  KSecDD - ok
13:16:07.0003 0x0a7c  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E, 94F1382291BD748BAE7EDBCB56F43B8564A1EE22E2DBEB37066559EE3D065FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:16:07.0024 0x0a7c  KSecPkg - ok
13:16:07.0050 0x0a7c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:16:07.0158 0x0a7c  ksthunk - ok
13:16:07.0203 0x0a7c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:16:07.0339 0x0a7c  KtmRm - ok
13:16:07.0387 0x0a7c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:16:07.0504 0x0a7c  LanmanServer - ok
13:16:07.0542 0x0a7c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:16:07.0690 0x0a7c  LanmanWorkstation - ok
13:16:07.0720 0x0a7c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:16:07.0871 0x0a7c  lltdio - ok
13:16:07.0918 0x0a7c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:16:08.0069 0x0a7c  lltdsvc - ok
13:16:08.0089 0x0a7c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:16:08.0219 0x0a7c  lmhosts - ok
13:16:08.0261 0x0a7c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:16:08.0280 0x0a7c  LSI_FC - ok
13:16:08.0289 0x0a7c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:16:08.0308 0x0a7c  LSI_SAS - ok
13:16:08.0316 0x0a7c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:16:08.0361 0x0a7c  LSI_SAS2 - ok
13:16:08.0373 0x0a7c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:16:08.0392 0x0a7c  LSI_SCSI - ok
13:16:08.0418 0x0a7c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:16:08.0529 0x0a7c  luafv - ok
13:16:08.0710 0x0a7c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:16:08.0806 0x0a7c  Mcx2Svc - ok
13:16:08.0844 0x0a7c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:16:08.0863 0x0a7c  megasas - ok
13:16:08.0908 0x0a7c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:16:09.0023 0x0a7c  MegaSR - ok
13:16:09.0081 0x0a7c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:16:09.0151 0x0a7c  MMCSS - ok
13:16:09.0158 0x0a7c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:16:09.0224 0x0a7c  Modem - ok
13:16:09.0231 0x0a7c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:16:09.0274 0x0a7c  monitor - ok
13:16:09.0281 0x0a7c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:16:09.0298 0x0a7c  mouclass - ok
13:16:09.0306 0x0a7c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:16:09.0342 0x0a7c  mouhid - ok
13:16:09.0361 0x0a7c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:16:09.0380 0x0a7c  mountmgr - ok
13:16:09.0490 0x0a7c  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:16:09.0509 0x0a7c  MozillaMaintenance - ok
13:16:09.0520 0x0a7c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:16:09.0563 0x0a7c  mpio - ok
13:16:09.0571 0x0a7c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:16:09.0683 0x0a7c  mpsdrv - ok
13:16:09.0753 0x0a7c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:16:09.0862 0x0a7c  MpsSvc - ok
13:16:09.0902 0x0a7c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:16:09.0932 0x0a7c  MRxDAV - ok
13:16:09.0976 0x0a7c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:16:10.0016 0x0a7c  mrxsmb - ok
13:16:10.0030 0x0a7c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:16:10.0061 0x0a7c  mrxsmb10 - ok
13:16:10.0071 0x0a7c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:16:10.0096 0x0a7c  mrxsmb20 - ok
13:16:10.0142 0x0a7c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:16:10.0161 0x0a7c  msahci - ok
13:16:10.0172 0x0a7c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:16:10.0194 0x0a7c  msdsm - ok
13:16:10.0217 0x0a7c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:16:10.0262 0x0a7c  MSDTC - ok
13:16:10.0276 0x0a7c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:16:10.0320 0x0a7c  Msfs - ok
13:16:10.0339 0x0a7c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:16:10.0396 0x0a7c  mshidkmdf - ok
13:16:10.0404 0x0a7c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:16:10.0420 0x0a7c  msisadrv - ok
13:16:10.0465 0x0a7c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:16:10.0538 0x0a7c  MSiSCSI - ok
13:16:10.0544 0x0a7c  msiserver - ok
13:16:10.0585 0x0a7c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:16:10.0638 0x0a7c  MSKSSRV - ok
13:16:10.0657 0x0a7c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:16:10.0701 0x0a7c  MSPCLOCK - ok
13:16:10.0707 0x0a7c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:16:10.0760 0x0a7c  MSPQM - ok
13:16:10.0784 0x0a7c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:16:10.0821 0x0a7c  MsRPC - ok
13:16:10.0832 0x0a7c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:16:10.0849 0x0a7c  mssmbios - ok
13:16:10.0868 0x0a7c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:16:10.0921 0x0a7c  MSTEE - ok
13:16:10.0927 0x0a7c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:16:10.0948 0x0a7c  MTConfig - ok
13:16:10.0957 0x0a7c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:16:10.0974 0x0a7c  Mup - ok
13:16:11.0022 0x0a7c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:16:11.0116 0x0a7c  napagent - ok
13:16:11.0172 0x0a7c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:16:11.0235 0x0a7c  NativeWifiP - ok
13:16:11.0349 0x0a7c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:16:11.0414 0x0a7c  NDIS - ok
13:16:11.0423 0x0a7c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:16:11.0473 0x0a7c  NdisCap - ok
13:16:11.0479 0x0a7c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:16:11.0525 0x0a7c  NdisTapi - ok
13:16:11.0533 0x0a7c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:16:11.0591 0x0a7c  Ndisuio - ok
13:16:11.0602 0x0a7c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:16:11.0656 0x0a7c  NdisWan - ok
13:16:11.0664 0x0a7c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:16:11.0708 0x0a7c  NDProxy - ok
13:16:11.0715 0x0a7c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:16:11.0769 0x0a7c  NetBIOS - ok
13:16:11.0794 0x0a7c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:16:11.0847 0x0a7c  NetBT - ok
13:16:11.0859 0x0a7c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
13:16:11.0884 0x0a7c  Netlogon - ok
13:16:11.0943 0x0a7c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:16:12.0029 0x0a7c  Netman - ok
13:16:12.0090 0x0a7c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:16:12.0114 0x0a7c  NetMsmqActivator - ok
13:16:12.0157 0x0a7c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:16:12.0178 0x0a7c  NetPipeActivator - ok
13:16:12.0201 0x0a7c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:16:12.0282 0x0a7c  netprofm - ok
13:16:12.0294 0x0a7c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:16:12.0317 0x0a7c  NetTcpActivator - ok
13:16:12.0327 0x0a7c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:16:12.0348 0x0a7c  NetTcpPortSharing - ok
13:16:12.0357 0x0a7c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:16:12.0375 0x0a7c  nfrd960 - ok
13:16:12.0420 0x0a7c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:16:12.0468 0x0a7c  NlaSvc - ok
13:16:12.0480 0x0a7c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:16:12.0527 0x0a7c  Npfs - ok
13:16:12.0573 0x0a7c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:16:12.0636 0x0a7c  nsi - ok
13:16:12.0643 0x0a7c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:16:12.0700 0x0a7c  nsiproxy - ok
13:16:12.0800 0x0a7c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:16:12.0897 0x0a7c  Ntfs - ok
13:16:12.0924 0x0a7c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:16:12.0969 0x0a7c  Null - ok
13:16:12.0982 0x0a7c  [ B227E75AD10A142DD326B4CC8D73A6D9, CA76D73381ADAB04E86D417788D4EDAAE8343B90DCC9690ED5FFB1C0B1F09057 ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
13:16:13.0018 0x0a7c  nusb3hub - ok
13:16:13.0087 0x0a7c  [ 55959DB860E4E484681586824D09E52C, EEA42F7DF194A84F207A8DC3BA9BF9ACDBFFFA9C611DA9289528C7F64599563F ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
13:16:13.0146 0x0a7c  nusb3xhc - ok
13:16:13.0231 0x0a7c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:16:13.0252 0x0a7c  nvraid - ok
13:16:13.0358 0x0a7c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:16:13.0381 0x0a7c  nvstor - ok
13:16:13.0407 0x0a7c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:16:13.0430 0x0a7c  nv_agp - ok
13:16:13.0444 0x0a7c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:16:13.0470 0x0a7c  ohci1394 - ok
13:16:13.0519 0x0a7c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:16:13.0572 0x0a7c  p2pimsvc - ok
13:16:13.0622 0x0a7c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:16:13.0667 0x0a7c  p2psvc - ok
13:16:13.0705 0x0a7c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
13:16:13.0730 0x0a7c  Parport - ok
13:16:13.0738 0x0a7c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:16:13.0756 0x0a7c  partmgr - ok
13:16:13.0767 0x0a7c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:16:13.0815 0x0a7c  PcaSvc - ok
13:16:13.0828 0x0a7c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:16:13.0851 0x0a7c  pci - ok
13:16:13.0858 0x0a7c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:16:13.0876 0x0a7c  pciide - ok
13:16:13.0888 0x0a7c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:16:13.0912 0x0a7c  pcmcia - ok
13:16:13.0935 0x0a7c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:16:13.0952 0x0a7c  pcw - ok
13:16:13.0990 0x0a7c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:16:14.0081 0x0a7c  PEAUTH - ok
13:16:14.0165 0x0a7c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:16:14.0265 0x0a7c  PeerDistSvc - ok
13:16:14.0370 0x0a7c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:16:14.0412 0x0a7c  PerfHost - ok
13:16:14.0524 0x0a7c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:16:14.0669 0x0a7c  pla - ok
13:16:14.0729 0x0a7c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:16:14.0780 0x0a7c  PlugPlay - ok
13:16:14.0803 0x0a7c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:16:14.0842 0x0a7c  PNRPAutoReg - ok
13:16:14.0864 0x0a7c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:16:14.0893 0x0a7c  PNRPsvc - ok
13:16:14.0948 0x0a7c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:16:15.0046 0x0a7c  PolicyAgent - ok
13:16:15.0093 0x0a7c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:16:15.0153 0x0a7c  Power - ok
13:16:15.0190 0x0a7c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:16:15.0252 0x0a7c  PptpMiniport - ok
13:16:15.0269 0x0a7c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
13:16:15.0297 0x0a7c  Processor - ok
13:16:15.0335 0x0a7c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:16:15.0396 0x0a7c  ProfSvc - ok
13:16:15.0417 0x0a7c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:16:15.0439 0x0a7c  ProtectedStorage - ok
13:16:15.0461 0x0a7c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:16:15.0509 0x0a7c  Psched - ok
13:16:15.0604 0x0a7c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:16:15.0683 0x0a7c  ql2300 - ok
13:16:15.0696 0x0a7c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:16:15.0716 0x0a7c  ql40xx - ok
13:16:15.0769 0x0a7c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:16:15.0815 0x0a7c  QWAVE - ok
13:16:15.0822 0x0a7c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:16:15.0870 0x0a7c  QWAVEdrv - ok
13:16:15.0876 0x0a7c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:16:15.0931 0x0a7c  RasAcd - ok
13:16:15.0967 0x0a7c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:16:16.0019 0x0a7c  RasAgileVpn - ok
13:16:16.0049 0x0a7c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:16:16.0126 0x0a7c  RasAuto - ok
13:16:16.0135 0x0a7c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:16:16.0191 0x0a7c  Rasl2tp - ok
13:16:16.0241 0x0a7c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:16:16.0307 0x0a7c  RasMan - ok
13:16:16.0317 0x0a7c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:16:16.0389 0x0a7c  RasPppoe - ok
13:16:16.0412 0x0a7c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:16:16.0474 0x0a7c  RasSstp - ok
13:16:16.0489 0x0a7c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:16:16.0544 0x0a7c  rdbss - ok
13:16:16.0566 0x0a7c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:16:16.0618 0x0a7c  rdpbus - ok
13:16:16.0631 0x0a7c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:16:16.0675 0x0a7c  RDPCDD - ok
13:16:16.0718 0x0a7c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:16:16.0743 0x0a7c  RDPDR - ok
13:16:16.0749 0x0a7c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:16:16.0800 0x0a7c  RDPENCDD - ok
13:16:16.0821 0x0a7c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:16:16.0867 0x0a7c  RDPREFMP - ok
13:16:16.0891 0x0a7c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:16:16.0919 0x0a7c  RdpVideoMiniport - ok
13:16:16.0950 0x0a7c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:16:16.0977 0x0a7c  RDPWD - ok
13:16:17.0001 0x0a7c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:16:17.0026 0x0a7c  rdyboost - ok
13:16:17.0061 0x0a7c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:16:17.0132 0x0a7c  RemoteAccess - ok
13:16:17.0173 0x0a7c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:16:17.0272 0x0a7c  RemoteRegistry - ok
13:16:17.0307 0x0a7c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:16:17.0357 0x0a7c  RpcEptMapper - ok
13:16:17.0401 0x0a7c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:16:17.0439 0x0a7c  RpcLocator - ok
13:16:17.0469 0x0a7c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:16:17.0533 0x0a7c  RpcSs - ok
13:16:17.0558 0x0a7c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:16:17.0605 0x0a7c  rspndr - ok
13:16:17.0641 0x0a7c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:16:17.0672 0x0a7c  s3cap - ok
13:16:17.0685 0x0a7c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
13:16:17.0708 0x0a7c  SamSs - ok
13:16:17.0717 0x0a7c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:16:17.0737 0x0a7c  sbp2port - ok
13:16:17.0784 0x0a7c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:16:17.0837 0x0a7c  SCardSvr - ok
13:16:17.0853 0x0a7c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:16:17.0920 0x0a7c  scfilter - ok
13:16:17.0978 0x0a7c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:16:18.0089 0x0a7c  Schedule - ok
13:16:18.0128 0x0a7c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:16:18.0174 0x0a7c  SCPolicySvc - ok
13:16:18.0223 0x0a7c  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:16:18.0257 0x0a7c  sdbus - ok
13:16:18.0289 0x0a7c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:16:18.0321 0x0a7c  SDRSVC - ok
13:16:18.0456 0x0a7c  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
13:16:18.0519 0x0a7c  SDScannerService - ok
13:16:18.0611 0x0a7c  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:16:18.0682 0x0a7c  SDUpdateService - ok
13:16:18.0712 0x0a7c  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
13:16:18.0734 0x0a7c  SDWSCService - ok
13:16:18.0768 0x0a7c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:16:18.0821 0x0a7c  secdrv - ok
13:16:18.0849 0x0a7c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:16:18.0899 0x0a7c  seclogon - ok
13:16:18.0926 0x0a7c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:16:18.0980 0x0a7c  SENS - ok
13:16:18.0986 0x0a7c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:16:19.0012 0x0a7c  SensrSvc - ok
13:16:19.0038 0x0a7c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:16:19.0154 0x0a7c  Serenum - ok
13:16:19.0184 0x0a7c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
13:16:19.0348 0x0a7c  Serial - ok
13:16:19.0377 0x0a7c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:16:19.0424 0x0a7c  sermouse - ok
13:16:19.0478 0x0a7c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:16:19.0544 0x0a7c  SessionEnv - ok
13:16:19.0599 0x0a7c  [ 70F9C476B62DE4F2823E918A6C181ADE, E1A641418A6CB4FA38BB29B86934838B28D8909B8066E5089D85BF72FD61F4C4 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
13:16:19.0643 0x0a7c  SFEP - ok
13:16:19.0649 0x0a7c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:16:19.0705 0x0a7c  sffdisk - ok
13:16:19.0711 0x0a7c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:16:19.0739 0x0a7c  sffp_mmc - ok
13:16:19.0747 0x0a7c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:16:19.0778 0x0a7c  sffp_sd - ok
13:16:19.0784 0x0a7c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:16:19.0814 0x0a7c  sfloppy - ok
13:16:19.0876 0x0a7c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:16:19.0962 0x0a7c  SharedAccess - ok
13:16:20.0003 0x0a7c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:16:20.0080 0x0a7c  ShellHWDetection - ok
13:16:20.0088 0x0a7c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:16:20.0106 0x0a7c  SiSRaid2 - ok
13:16:20.0115 0x0a7c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:16:20.0133 0x0a7c  SiSRaid4 - ok
13:16:20.0167 0x0a7c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:16:20.0234 0x0a7c  Smb - ok
13:16:20.0271 0x0a7c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:16:20.0311 0x0a7c  SNMPTRAP - ok
13:16:20.0326 0x0a7c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:16:20.0342 0x0a7c  spldr - ok
13:16:20.0400 0x0a7c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:16:20.0456 0x0a7c  Spooler - ok
13:16:20.0603 0x0a7c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:16:20.0825 0x0a7c  sppsvc - ok
13:16:20.0862 0x0a7c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:16:20.0913 0x0a7c  sppuinotify - ok
13:16:20.0958 0x0a7c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:16:21.0010 0x0a7c  srv - ok
13:16:21.0029 0x0a7c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:16:21.0077 0x0a7c  srv2 - ok
13:16:21.0107 0x0a7c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:16:21.0132 0x0a7c  srvnet - ok
13:16:21.0155 0x0a7c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:16:21.0230 0x0a7c  SSDPSRV - ok
13:16:21.0240 0x0a7c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:16:21.0291 0x0a7c  SstpSvc - ok
13:16:21.0346 0x0a7c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:16:21.0363 0x0a7c  stexstor - ok
13:16:21.0528 0x0a7c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:16:21.0591 0x0a7c  stisvc - ok
13:16:21.0636 0x0a7c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:16:21.0653 0x0a7c  storflt - ok
13:16:21.0689 0x0a7c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:16:21.0707 0x0a7c  storvsc - ok
13:16:21.0756 0x0a7c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:16:21.0774 0x0a7c  swenum - ok
13:16:21.0840 0x0a7c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:16:21.0978 0x0a7c  swprv - ok
13:16:22.0025 0x0a7c  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
13:16:22.0045 0x0a7c  Synth3dVsc - ok
13:16:22.0141 0x0a7c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:16:22.0364 0x0a7c  SysMain - ok
13:16:22.0377 0x0a7c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:16:22.0428 0x0a7c  TabletInputService - ok
13:16:22.0467 0x0a7c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:16:22.0548 0x0a7c  TapiSrv - ok
13:16:22.0575 0x0a7c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:16:22.0626 0x0a7c  TBS - ok
13:16:22.0732 0x0a7c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:16:22.0837 0x0a7c  Tcpip - ok
13:16:22.0917 0x0a7c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:16:22.0984 0x0a7c  TCPIP6 - ok
13:16:23.0085 0x0a7c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:16:23.0105 0x0a7c  tcpipreg - ok
13:16:23.0141 0x0a7c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:16:23.0181 0x0a7c  TDPIPE - ok
13:16:23.0217 0x0a7c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:16:23.0338 0x0a7c  TDTCP - ok
13:16:23.0428 0x0a7c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:16:23.0475 0x0a7c  tdx - ok
13:16:23.0550 0x0a7c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:16:23.0567 0x0a7c  TermDD - ok
13:16:23.0608 0x0a7c  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
13:16:23.0645 0x0a7c  terminpt - ok
13:16:23.0725 0x0a7c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:16:23.0862 0x0a7c  TermService - ok
13:16:23.0889 0x0a7c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:16:23.0919 0x0a7c  Themes - ok
13:16:23.0947 0x0a7c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:16:23.0999 0x0a7c  THREADORDER - ok
13:16:24.0025 0x0a7c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:16:24.0093 0x0a7c  TrkWks - ok
13:16:24.0160 0x0a7c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:16:24.0209 0x0a7c  TrustedInstaller - ok
13:16:24.0238 0x0a7c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:16:24.0318 0x0a7c  tssecsrv - ok
13:16:24.0458 0x0a7c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:16:24.0539 0x0a7c  TsUsbFlt - ok
13:16:24.0545 0x0a7c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:16:24.0566 0x0a7c  TsUsbGD - ok
13:16:24.0694 0x0a7c  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
13:16:24.0765 0x0a7c  tsusbhub - ok
13:16:24.0799 0x0a7c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:16:24.0855 0x0a7c  tunnel - ok
13:16:24.0882 0x0a7c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:16:24.0900 0x0a7c  uagp35 - ok
13:16:24.0920 0x0a7c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:16:24.0997 0x0a7c  udfs - ok
13:16:25.0035 0x0a7c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:16:25.0059 0x0a7c  UI0Detect - ok
13:16:25.0067 0x0a7c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:16:25.0085 0x0a7c  uliagpkx - ok
13:16:25.0092 0x0a7c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:16:25.0128 0x0a7c  umbus - ok
13:16:25.0135 0x0a7c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:16:25.0160 0x0a7c  UmPass - ok
13:16:25.0210 0x0a7c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:16:25.0302 0x0a7c  UmRdpService - ok
13:16:25.0388 0x0a7c  [ EBAEB578FC50DB989F568030E46822B7, 299D6D5929D773725A10161BD748FAA6E9E2E036C4AED5A9121A941D5A420568 ] Update focusbase C:\Program Files (x86)\focusbase\updatefocusbase.exe
13:16:25.0506 0x0a7c  Update focusbase - detected UnsignedFile.Multi.Generic ( 1 )
13:16:28.0644 0x0a7c  Update focusbase ( UnsignedFile.Multi.Generic ) - warning
13:16:28.0644 0x0a7c  Force sending object to P2P due to detect: Update focusbase
13:16:31.0732 0x0a7c  Object send P2P result: true
13:16:34.0852 0x0a7c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:16:34.0992 0x0a7c  upnphost - ok
13:16:35.0054 0x0a7c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:16:35.0117 0x0a7c  usbccgp - ok
13:16:35.0148 0x0a7c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:16:35.0164 0x0a7c  usbcir - ok
13:16:35.0179 0x0a7c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:16:35.0210 0x0a7c  usbehci - ok
13:16:35.0242 0x0a7c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:16:35.0304 0x0a7c  usbhub - ok
13:16:35.0351 0x0a7c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:16:35.0382 0x0a7c  usbohci - ok
13:16:35.0429 0x0a7c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:16:35.0460 0x0a7c  usbprint - ok
13:16:35.0507 0x0a7c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:16:35.0554 0x0a7c  USBSTOR - ok
13:16:35.0569 0x0a7c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:16:35.0600 0x0a7c  usbuhci - ok
13:16:35.0647 0x0a7c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:16:35.0678 0x0a7c  usbvideo - ok
13:16:35.0741 0x0a7c  [ EBAEB578FC50DB989F568030E46822B7, 299D6D5929D773725A10161BD748FAA6E9E2E036C4AED5A9121A941D5A420568 ] Util focusbase  C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe
13:16:35.0756 0x0a7c  Util focusbase - detected UnsignedFile.Multi.Generic ( 1 )
13:16:35.0756 0x0a7c  Util focusbase ( UnsignedFile.Multi.Generic ) - warning
13:16:38.0611 0x0a7c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:16:38.0674 0x0a7c  UxSms - ok
13:16:38.0705 0x0a7c  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
13:16:38.0720 0x0a7c  VaultSvc - ok
13:16:38.0861 0x0a7c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:16:38.0876 0x0a7c  vdrvroot - ok
13:16:39.0032 0x0a7c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:16:39.0157 0x0a7c  vds - ok
13:16:39.0188 0x0a7c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:16:39.0204 0x0a7c  vga - ok
13:16:39.0220 0x0a7c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:16:39.0266 0x0a7c  VgaSave - ok
13:16:39.0282 0x0a7c  VGPU - ok
13:16:39.0282 0x0a7c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:16:39.0313 0x0a7c  vhdmp - ok
13:16:39.0313 0x0a7c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:16:39.0329 0x0a7c  viaide - ok
13:16:39.0360 0x0a7c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:16:39.0391 0x0a7c  vmbus - ok
13:16:39.0422 0x0a7c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:16:39.0454 0x0a7c  VMBusHID - ok
13:16:39.0454 0x0a7c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:16:39.0469 0x0a7c  volmgr - ok
13:16:39.0500 0x0a7c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:16:39.0547 0x0a7c  volmgrx - ok
13:16:39.0563 0x0a7c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:16:39.0625 0x0a7c  volsnap - ok
13:16:39.0656 0x0a7c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:16:39.0672 0x0a7c  vsmraid - ok
13:16:39.0797 0x0a7c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:16:39.0984 0x0a7c  VSS - ok
13:16:40.0000 0x0a7c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:16:40.0031 0x0a7c  vwifibus - ok
13:16:40.0062 0x0a7c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:16:40.0218 0x0a7c  vwififlt - ok
13:16:40.0358 0x0a7c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:16:40.0421 0x0a7c  W32Time - ok
13:16:40.0686 0x0a7c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:16:40.0748 0x0a7c  WacomPen - ok
13:16:40.0764 0x0a7c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:16:40.0826 0x0a7c  WANARP - ok
13:16:40.0826 0x0a7c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:16:40.0873 0x0a7c  Wanarpv6 - ok
13:16:40.0967 0x0a7c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:16:41.0060 0x0a7c  WatAdminSvc - ok
13:16:41.0170 0x0a7c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:16:41.0294 0x0a7c  wbengine - ok
13:16:41.0310 0x0a7c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:16:41.0341 0x0a7c  WbioSrvc - ok
13:16:41.0388 0x0a7c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:16:41.0450 0x0a7c  wcncsvc - ok
13:16:41.0482 0x0a7c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:16:41.0544 0x0a7c  WcsPlugInService - ok
13:16:41.0591 0x0a7c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
13:16:41.0606 0x0a7c  Wd - ok
13:16:41.0700 0x0a7c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:16:41.0747 0x0a7c  Wdf01000 - ok
13:16:41.0794 0x0a7c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:16:41.0825 0x0a7c  WdiServiceHost - ok
13:16:41.0840 0x0a7c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:16:41.0856 0x0a7c  WdiSystemHost - ok
13:16:42.0121 0x0a7c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:16:42.0168 0x0a7c  WebClient - ok
13:16:42.0199 0x0a7c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:16:42.0277 0x0a7c  Wecsvc - ok
13:16:42.0308 0x0a7c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:16:42.0355 0x0a7c  wercplsupport - ok
13:16:42.0402 0x0a7c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:16:42.0449 0x0a7c  WerSvc - ok
13:16:42.0480 0x0a7c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:16:42.0511 0x0a7c  WfpLwf - ok
13:16:42.0558 0x0a7c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:16:42.0574 0x0a7c  WIMMount - ok
13:16:42.0605 0x0a7c  WinDefend - ok
13:16:42.0620 0x0a7c  WinHttpAutoProxySvc - ok
13:16:42.0714 0x0a7c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:16:42.0792 0x0a7c  Winmgmt - ok
13:16:42.0964 0x0a7c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:16:43.0120 0x0a7c  WinRM - ok
13:16:43.0307 0x0a7c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:16:43.0494 0x0a7c  Wlansvc - ok
13:16:43.0619 0x0a7c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:16:43.0712 0x0a7c  WmiAcpi - ok
13:16:43.0790 0x0a7c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:16:43.0853 0x0a7c  wmiApSrv - ok
13:16:43.0900 0x0a7c  WMPNetworkSvc - ok
13:16:43.0946 0x0a7c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:16:43.0962 0x0a7c  WPCSvc - ok
13:16:43.0978 0x0a7c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:16:44.0009 0x0a7c  WPDBusEnum - ok
13:16:44.0040 0x0a7c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:16:44.0102 0x0a7c  ws2ifsl - ok
13:16:44.0149 0x0a7c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:16:44.0212 0x0a7c  wscsvc - ok
13:16:44.0212 0x0a7c  WSearch - ok
13:16:44.0352 0x0a7c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:16:44.0492 0x0a7c  wuauserv - ok
13:16:44.0539 0x0a7c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:16:44.0586 0x0a7c  WudfPf - ok
13:16:44.0617 0x0a7c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:16:44.0648 0x0a7c  WUDFRd - ok
13:16:44.0695 0x0a7c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:16:44.0726 0x0a7c  wudfsvc - ok
13:16:44.0773 0x0a7c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:16:44.0820 0x0a7c  WwanSvc - ok
13:16:44.0882 0x0a7c  [ E1E858AEF2ED420CBB7605D3ECCEC69A, 2AFF336AA0F1F8B19290951114CCB91810ED4914F732ED6FA40DA729323CEF20 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
13:16:44.0898 0x0a7c  yukonw7 - ok
13:16:44.0960 0x0a7c  [ 06FC86AE11EB06E90AFBEB1F6F049C05, FF1B6AAC2BBACCC6D0F9EAA5630E3E2C9DB8D85D3283CA7EECBFA2E9EA818FF5 ] {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64 C:\Windows\system32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
13:16:44.0976 0x0a7c  {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64 - ok
13:16:44.0992 0x0a7c  ================ Scan global ===============================
13:16:45.0038 0x0a7c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:16:45.0116 0x0a7c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:16:45.0148 0x0a7c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:16:45.0179 0x0a7c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:16:45.0226 0x0a7c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:16:45.0397 0x0a7c  [ Global ] - ok
13:16:45.0413 0x0a7c  ================ Scan MBR ==================================
13:16:45.0444 0x0a7c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:16:45.0959 0x0a7c  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
13:16:45.0959 0x0a7c  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:16:48.0798 0x0a7c  ================ Scan VBR ==================================
13:16:48.0814 0x0a7c  [ 2F8EF858FE244B450A54ED3B7696CFF6 ] \Device\Harddisk0\DR0\Partition1
13:16:48.0814 0x0a7c  \Device\Harddisk0\DR0\Partition1 - ok
13:16:48.0876 0x0a7c  [ 5E35D4DDE65D8B2E7201C043FC1A6AAB ] \Device\Harddisk0\DR0\Partition2
13:16:48.0876 0x0a7c  \Device\Harddisk0\DR0\Partition2 - ok
13:16:48.0876 0x0a7c  ================ Scan generic autorun ======================
13:16:49.0048 0x0a7c  [ 87A4570E9D15A2821015B7FB6B821654, BDF5266905DC3F9ED0DBE41798D9907FC9E8D030DD5C28975BBF9BFD8BD9DA71 ] C:\Windows\system32\igfxtray.exe
13:16:49.0063 0x0a7c  IgfxTray - ok
13:16:49.0079 0x0a7c  [ 842683D8F1A58A76E5A03DA35B4962EE, 7D1B1918D69566694D7D0E82A8A1C7537A5C3A1533DC80F60FE212DD2DBC6099 ] C:\Windows\system32\hkcmd.exe
13:16:49.0110 0x0a7c  HotKeysCmds - ok
13:16:49.0157 0x0a7c  [ 99F8C1060BFB20D2039716BBF741D6C2, 8C578E288D88697E88AB9BEAE79D33AF23AD6176D830D5916BD2DD42EC6FADC5 ] C:\Windows\system32\igfxpers.exe
13:16:49.0188 0x0a7c  Persistence - ok
13:16:49.0438 0x0a7c  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
13:16:49.0562 0x0a7c  SDTray - ok
13:16:50.0062 0x0a7c  [ 26AFC1F16494FFE66F2197153B342A27, 817436E38F832500E120F196941F2F8392B192262E16D5E52CD5DFAC34749C15 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:16:50.0202 0x0a7c  AvastUI.exe - ok
13:16:50.0545 0x0a7c  [ 561881F0147AEAAD24061B629EEB072E, 44D58719286720B0793DDF7B39FC1DCDDEC36DA2F55ABDF932369E6A28F8A218 ] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe
13:16:50.0623 0x0a7c  CorelDRAW Graphics Suite 11b - detected UnsignedFile.Multi.Generic ( 1 )
13:16:53.0681 0x0a7c  Detect skipped due to KSN trusted
13:16:53.0681 0x0a7c  CorelDRAW Graphics Suite 11b - ok
13:16:53.0806 0x0a7c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:16:53.0915 0x0a7c  Sidebar - ok
13:16:53.0962 0x0a7c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:16:54.0024 0x0a7c  mctadmin - ok
13:16:54.0102 0x0a7c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:16:54.0149 0x0a7c  Sidebar - ok
13:16:54.0164 0x0a7c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:16:54.0196 0x0a7c  mctadmin - ok
13:16:54.0196 0x0a7c  Waiting for KSN requests completion. In queue: 9
13:16:55.0210 0x0a7c  Waiting for KSN requests completion. In queue: 9
13:16:56.0224 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:16:57.0238 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:16:58.0252 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:16:59.0266 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:00.0280 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:01.0294 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:02.0308 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:03.0322 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:04.0336 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:05.0350 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:06.0364 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:07.0378 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:08.0392 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:09.0406 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:10.0420 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:11.0434 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:12.0448 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:13.0462 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:14.0476 0x0a7c  Waiting for KSN requests completion. In queue: 4
13:17:15.0505 0x0a7c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
13:17:15.0552 0x0a7c  Win FW state via NFP2: enabled
13:17:18.0391 0x0a7c  ============================================================
13:17:18.0391 0x0a7c  Scan finished
13:17:18.0391 0x0a7c  ============================================================
13:17:18.0407 0x0f44  Detected object count: 3
13:17:18.0407 0x0f44  Actual detected object count: 3
13:18:36.0172 0x0f44  Update focusbase ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:36.0172 0x0f44  Update focusbase ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:36.0172 0x0f44  Util focusbase ( UnsignedFile.Multi.Generic ) - skipped by user
13:18:36.0172 0x0f44  Util focusbase ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:18:36.0187 0x0f44  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:18:36.0187 0x0f44  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 


Edited by moreasy, 09 July 2014 - 01:33 PM.


#4 moreasy

moreasy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 09 July 2014 - 01:33 PM

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by moreazy (administrator) on MOREAZY-PC on 09-07-2014 13:19:57
Running from C:\Users\moreazy\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Users\moreazy\Desktop\tdsskiller.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-07] (AVAST Software)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe [729088 2003-11-25] (Corel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33C44DC7289ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: focusbase - {8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4} - C:\Program Files (x86)\focusbase\focusbasebho.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\moreazy\AppData\Roaming\Mozilla\Firefox\Profiles\varlnbwo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07]
FF Extension: No Name - C:\Users\moreazy\AppData\Roaming\Mozilla\Firefox\Profiles\varlnbwo.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi []

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Update focusbase; C:\Program Files (x86)\focusbase\updatefocusbase.exe [318752 2014-07-07] () [File not signed]
S2 Util focusbase; C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe [318752 2014-07-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-07] ()
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64; C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys [61120 2014-07-04] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 13:19 - 2014-07-09 13:20 - 00006704 _____ () C:\Users\moreazy\Desktop\FRST.txt
2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\FRST
2014-07-09 13:15 - 2014-07-09 13:15 - 02084352 _____ (Farbar) C:\Users\moreazy\Desktop\FRST64.exe
2014-07-09 13:14 - 2014-07-09 13:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\moreazy\Desktop\tdsskiller.exe
2014-07-09 13:14 - 2014-07-09 13:14 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\57644979.sys
2014-07-09 09:52 - 2014-07-09 09:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-09 09:22 - 2014-07-09 09:29 - 00014925 _____ () C:\Users\moreazy\Desktop\dds.txt
2014-07-09 09:22 - 2014-07-09 09:22 - 00005692 _____ () C:\Users\moreazy\Desktop\attach.txt
2014-07-08 10:53 - 2014-07-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-08 10:17 - 2014-07-09 16:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 10:17 - 2014-07-08 10:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 00:34 - 2014-07-08 00:34 - 00000000 ____D () C:\Users\moreazy\Documents\Corel User Files
2014-07-08 00:20 - 2014-07-08 00:20 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Corel
2014-07-08 00:19 - 2014-07-08 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
2014-07-08 00:19 - 2014-07-08 00:19 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 00:15 - 2014-07-08 00:15 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-07-07 22:00 - 2014-07-09 13:13 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-07 19:40 - 2014-07-07 19:40 - 00276424 _____ () C:\Windows\Minidump\070714-33259-01.dmp
2014-07-07 18:50 - 2014-07-08 10:55 - 00000000 ____D () C:\Windows\Panther
2014-07-07 18:34 - 2014-07-07 18:34 - 00000000 ____D () C:\Windows.old.000
2014-07-07 18:17 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140707-181745.backup
2014-07-07 18:16 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140707-181626.backup
2014-07-07 18:13 - 2014-07-07 18:13 - 00000000 ____D () C:\Windows.old
2014-07-07 18:09 - 2014-07-07 18:09 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\AVAST Software
2014-07-07 18:08 - 2014-07-09 13:12 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-07 18:08 - 2014-07-09 13:12 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-07 18:08 - 2014-07-07 18:08 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-07 18:08 - 2014-07-07 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-07 18:08 - 2014-07-07 18:07 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-07 18:08 - 2014-07-07 18:07 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-07 18:08 - 2014-07-07 18:07 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-07 18:08 - 2014-07-07 18:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-07 18:07 - 2014-07-07 18:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-07 18:07 - 2014-07-07 18:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-07 18:00 - 2014-07-08 08:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-07 18:00 - 2014-07-07 18:00 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-07 18:00 - 2014-07-07 18:00 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-07 18:00 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-07-07 17:59 - 2014-07-07 18:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-07 17:56 - 2014-07-07 17:56 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-07-07 17:56 - 2014-07-07 17:56 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-07-07 17:55 - 2014-07-07 17:55 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-07-07 17:54 - 2014-07-09 13:17 - 01372986 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 17:53 - 2014-07-09 16:08 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-07 17:51 - 2014-07-09 16:08 - 00000000 ____D () C:\Windows\Minidump
2014-07-07 17:51 - 2014-07-07 19:40 - 483612481 _____ () C:\Windows\MEMORY.DMP
2014-07-07 17:51 - 2014-07-07 17:51 - 00275928 _____ () C:\Windows\Minidump\070714-50310-01.dmp
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-07-07 17:35 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-07-07 17:35 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-07-07 17:35 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-07-07 17:35 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-07-07 17:30 - 2014-07-07 17:30 - 00758128 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-07 17:27 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-07-07 17:24 - 2014-07-07 17:24 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-07 17:24 - 2014-07-07 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-07 17:24 - 2014-07-07 17:24 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-07 17:24 - 2014-07-07 17:24 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-07 17:24 - 2014-07-07 17:24 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-07 17:24 - 2014-07-07 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-07 17:24 - 2014-07-07 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-07 17:24 - 2014-07-07 17:24 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-07 17:24 - 2014-07-07 17:24 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00266456 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00240856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-07 17:24 - 2014-07-07 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-07 17:24 - 2014-07-07 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-07 17:22 - 2014-07-07 17:27 - 00008247 _____ () C:\Windows\IE11_main.log
2014-07-07 17:22 - 2014-07-07 17:22 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-07-07 17:21 - 2014-07-07 17:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-07 17:21 - 2014-07-04 05:35 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
2014-07-07 17:19 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-07 17:19 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-07 17:19 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-07 17:19 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-07 17:19 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-07 17:19 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-07 17:19 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-07 17:19 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-07 17:19 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-07 17:19 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-07 17:19 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-07 17:19 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-07 17:19 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-07 17:19 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-07 17:19 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-07 17:19 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-07 17:19 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-07 17:19 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-07 17:05 - 2014-07-07 17:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-07 17:05 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Macromedia
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\moreazy\AppData\Local\Macromedia
2014-07-07 16:36 - 2014-07-07 17:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\moreazy\Downloads\spybot-2.4.exe
2014-07-07 16:35 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-07-07 16:35 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-07-07 16:35 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-07-07 16:35 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-07-07 16:35 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-07-07 16:35 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-07-07 16:35 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-07-07 16:35 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-07-07 16:35 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-07-07 16:35 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-07-07 16:35 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-07-07 16:35 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-07-07 16:35 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-07-07 16:35 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-07-07 16:35 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-07-07 16:35 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-07-07 16:35 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-07-07 16:35 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-07-07 16:35 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-07-07 16:35 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-07-07 16:35 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-07-07 16:35 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-07-07 16:35 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-07-07 16:35 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-07-07 16:35 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-07-07 16:35 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-07-07 16:34 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-07 16:34 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-07 16:34 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-07 16:34 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-07 16:34 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-07 16:34 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-07 16:34 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-07 16:34 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-07 16:34 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-07 16:34 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-07 16:34 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-07-07 16:34 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-07-07 16:34 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-07-07 16:34 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-07-07 16:34 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-07-07 16:34 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-07-07 16:34 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-07-07 16:34 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-07-07 16:34 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-07-07 16:34 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-07-07 16:34 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-07-07 16:34 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-07-07 16:34 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-07 16:34 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-07 16:34 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-07-07 16:34 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-07-07 16:34 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-07-07 16:34 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-07-07 16:34 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-07-07 16:34 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-07-07 16:34 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-07-07 16:33 - 2014-07-08 08:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 16:33 - 2014-07-07 16:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 16:33 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-07 16:33 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-07 16:33 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-07 16:33 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-07 16:33 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-07 16:33 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-07 16:33 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-07 16:33 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-07-07 16:33 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-07-07 16:33 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-07-07 16:33 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-07-07 16:33 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-07-07 16:33 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-07-07 16:33 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-07-07 16:33 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-07-07 16:33 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-07-07 16:33 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-07-07 16:33 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-07-07 16:33 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-07-07 16:33 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-07-07 16:33 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-07-07 16:33 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-07-07 16:33 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-07-07 16:33 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-07 16:33 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-07-07 16:33 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-07-07 16:33 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-07-07 16:33 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-07-07 16:33 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-07-07 16:33 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-07-07 16:33 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-07-07 16:33 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-07-07 16:33 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-07-07 16:33 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-07-07 16:33 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-07-07 16:33 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-07-07 16:33 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-07-07 16:33 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-07-07 16:32 - 2014-07-09 16:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-07 16:32 - 2014-07-07 16:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 16:32 - 2014-07-07 16:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 16:32 - 2014-07-07 16:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-07-07 16:32 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-07-07 16:32 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-07-07 16:32 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-07-07 16:30 - 2014-07-07 16:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-07 16:30 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-07-07 16:30 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-07-07 16:28 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-07 16:28 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-07 16:27 - 2014-07-08 00:20 - 00058800 _____ () C:\Users\moreazy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-07 16:27 - 2014-07-07 16:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-07 16:26 - 2014-07-07 16:26 - 04862664 _____ (AVAST Software) C:\Users\moreazy\Downloads\avast_free_antivirus_setup_online.exe
2014-07-07 16:25 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-07-07 16:25 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-07-07 16:25 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-07-07 16:25 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-07-07 16:25 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-07-07 16:25 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-07-07 16:25 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-07-07 16:25 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-07-07 16:25 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-07-07 16:25 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-07-07 16:25 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-07-07 16:25 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-07 16:25 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-07 16:25 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-07-07 16:25 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-07-07 16:25 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-07-07 16:25 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-07-07 16:25 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-07-07 16:25 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-07-07 16:25 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-07-07 16:25 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-07-07 16:25 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-07-07 16:25 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-07-07 16:24 - 2014-07-07 16:25 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Mozilla
2014-07-07 16:24 - 2014-07-07 16:25 - 00000000 ____D () C:\Users\moreazy\AppData\Local\Mozilla
2014-07-07 16:24 - 2014-07-07 16:24 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-07 16:24 - 2014-07-07 16:24 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-07 16:22 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-07-07 16:21 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-07-07 16:21 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-07-07 16:21 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-07-07 16:21 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-07-07 16:21 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-07-07 16:19 - 2014-07-09 16:08 - 00000000 ____D () C:\Program Files (x86)\focusbase
2014-07-07 16:14 - 2014-07-07 16:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-07 16:11 - 2014-07-08 00:07 - 00000000 ____D () C:\Users\moreazy\AppData\Local\VirtualStore
2014-07-07 16:11 - 2014-07-07 17:41 - 00001417 _____ () C:\Users\moreazy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-07 16:11 - 2014-07-07 16:11 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Adobe
2014-07-07 16:10 - 2014-07-09 16:08 - 00000000 ____D () C:\Users\moreazy
2014-07-07 16:10 - 2014-07-07 16:10 - 00000020 ___SH () C:\Users\moreazy\ntuser.ini
2014-07-07 16:10 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\moreazy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-07 16:10 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\moreazy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-07 16:07 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-07-07 16:07 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-07-07 16:06 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-07 16:06 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-07 16:06 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-07 16:06 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-07 16:06 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-07 16:06 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-07 16:06 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-07 16:06 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-07 16:06 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-07 16:05 - 2014-07-07 16:05 - 00000000 __SHD () C:\Recovery

==================== One Month Modified Files and Folders =======

2014-07-09 16:08 - 2014-07-08 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-09 16:08 - 2014-07-08 10:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 16:08 - 2014-07-07 17:53 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-09 16:08 - 2014-07-07 17:51 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 16:08 - 2014-07-07 16:32 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-09 16:08 - 2014-07-07 16:19 - 00000000 ____D () C:\Program Files (x86)\focusbase
2014-07-09 16:08 - 2014-07-07 16:10 - 00000000 ____D () C:\Users\moreazy
2014-07-09 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-09 13:20 - 2014-07-09 13:19 - 00006704 _____ () C:\Users\moreazy\Desktop\FRST.txt
2014-07-09 13:19 - 2014-07-09 13:19 - 00000000 ____D () C:\FRST
2014-07-09 13:18 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 13:18 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 13:17 - 2014-07-07 17:54 - 01372986 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 13:16 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 13:15 - 2014-07-09 13:15 - 02084352 _____ (Farbar) C:\Users\moreazy\Desktop\FRST64.exe
2014-07-09 13:14 - 2014-07-09 13:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\moreazy\Desktop\tdsskiller.exe
2014-07-09 13:14 - 2014-07-09 13:14 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\57644979.sys
2014-07-09 13:13 - 2014-07-07 22:00 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-09 13:12 - 2014-07-07 18:08 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-09 13:12 - 2014-07-07 18:08 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-09 13:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 13:10 - 2009-07-13 23:51 - 00028117 _____ () C:\Windows\setupact.log
2014-07-09 09:52 - 2014-07-09 09:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-09 09:29 - 2014-07-09 09:22 - 00014925 _____ () C:\Users\moreazy\Desktop\dds.txt
2014-07-09 09:22 - 2014-07-09 09:22 - 00005692 _____ () C:\Users\moreazy\Desktop\attach.txt
2014-07-08 10:55 - 2014-07-07 18:50 - 00000000 ____D () C:\Windows\Panther
2014-07-08 10:17 - 2014-07-08 10:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 08:40 - 2014-07-07 18:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-08 08:28 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2014-07-08 08:10 - 2014-07-07 16:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 02:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-08 01:25 - 2009-07-13 23:45 - 00277136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 00:34 - 2014-07-08 00:34 - 00000000 ____D () C:\Users\moreazy\Documents\Corel User Files
2014-07-08 00:31 - 2014-05-13 19:54 - 00000000 ____D () C:\MoreazyFolder
2014-07-08 00:26 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-08 00:20 - 2014-07-08 00:20 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Corel
2014-07-08 00:20 - 2014-07-07 16:27 - 00058800 _____ () C:\Users\moreazy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 00:19 - 2014-07-08 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
2014-07-08 00:19 - 2014-07-08 00:19 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 00:15 - 2014-07-08 00:15 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-07-08 00:07 - 2014-07-07 16:11 - 00000000 ____D () C:\Users\moreazy\AppData\Local\VirtualStore
2014-07-07 19:40 - 2014-07-07 19:40 - 00276424 _____ () C:\Windows\Minidump\070714-33259-01.dmp
2014-07-07 19:40 - 2014-07-07 17:51 - 483612481 _____ () C:\Windows\MEMORY.DMP
2014-07-07 19:40 - 2010-11-20 22:47 - 00004898 _____ () C:\Windows\PFRO.log
2014-07-07 18:50 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-07-07 18:50 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-07-07 18:34 - 2014-07-07 18:34 - 00000000 ____D () C:\Windows.old.000
2014-07-07 18:13 - 2014-07-07 18:13 - 00000000 ____D () C:\Windows.old
2014-07-07 18:09 - 2014-07-07 18:09 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\AVAST Software
2014-07-07 18:08 - 2014-07-07 18:08 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-07 18:08 - 2014-07-07 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-07 18:07 - 2014-07-07 18:08 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-07 18:07 - 2014-07-07 18:08 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-07 18:07 - 2014-07-07 18:08 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-07 18:07 - 2014-07-07 18:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-07 18:07 - 2014-07-07 18:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-07 18:07 - 2014-07-07 18:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-07 18:04 - 2014-07-07 17:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-07 18:00 - 2014-07-07 18:00 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-07 18:00 - 2014-07-07 18:00 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-07 17:56 - 2014-07-07 17:56 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-07-07 17:56 - 2014-07-07 17:56 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-07-07 17:56 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 17:56 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-07 17:55 - 2014-07-07 17:55 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-07-07 17:55 - 2009-07-13 23:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-07-07 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-07-07 17:52 - 2011-04-12 03:28 - 00000000 ____D () C:\Windows\CSC
2014-07-07 17:51 - 2014-07-07 17:51 - 00275928 _____ () C:\Windows\Minidump\070714-50310-01.dmp
2014-07-07 17:48 - 2014-07-07 16:36 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\moreazy\Downloads\spybot-2.4.exe
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-07-07 17:41 - 2014-07-07 16:11 - 00001417 _____ () C:\Users\moreazy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-07 17:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-07 17:30 - 2014-07-07 17:30 - 00758128 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-07 17:27 - 2014-07-07 17:22 - 00008247 _____ () C:\Windows\IE11_main.log
2014-07-07 17:24 - 2014-07-07 17:24 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-07 17:24 - 2014-07-07 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-07 17:24 - 2014-07-07 17:24 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-07 17:24 - 2014-07-07 17:24 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-07 17:24 - 2014-07-07 17:24 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-07 17:24 - 2014-07-07 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-07 17:24 - 2014-07-07 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-07 17:24 - 2014-07-07 17:24 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-07 17:24 - 2014-07-07 17:24 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00266456 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00240856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-07 17:24 - 2014-07-07 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-07 17:24 - 2014-07-07 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-07-07 17:21 - 2014-07-07 17:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-07 17:15 - 2014-07-07 17:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Macromedia
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\moreazy\AppData\Local\Macromedia
2014-07-07 16:33 - 2014-07-07 16:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 16:32 - 2014-07-07 16:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 16:32 - 2014-07-07 16:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 16:32 - 2014-07-07 16:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-07-07 16:30 - 2014-07-07 16:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-07 16:30 - 2014-07-07 16:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-07 16:26 - 2014-07-07 16:26 - 04862664 _____ (AVAST Software) C:\Users\moreazy\Downloads\avast_free_antivirus_setup_online.exe
2014-07-07 16:25 - 2014-07-07 16:24 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Mozilla
2014-07-07 16:25 - 2014-07-07 16:24 - 00000000 ____D () C:\Users\moreazy\AppData\Local\Mozilla
2014-07-07 16:24 - 2014-07-07 16:24 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-07 16:24 - 2014-07-07 16:24 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-07 16:14 - 2014-07-07 16:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-07 16:11 - 2014-07-07 16:11 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Adobe
2014-07-07 16:10 - 2014-07-07 16:10 - 00000020 ___SH () C:\Users\moreazy\ntuser.ini
2014-07-07 16:09 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-07-07 16:05 - 2014-07-07 16:05 - 00000000 __SHD () C:\Recovery
2014-07-07 16:05 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-07-04 05:35 - 2014-07-07 17:21 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
2014-06-13 12:23 - 2010-11-04 11:33 - 00137998 _____ () C:\test.xml

Some content of TEMP:
====================
C:\Users\moreazy\AppData\Local\Temp\1_Offer_6.exe
C:\Users\moreazy\AppData\Local\Temp\1_Offer_8.exe
C:\Users\moreazy\AppData\Local\Temp\1_Offer_9.exe
C:\Users\moreazy\AppData\Local\Temp\nsg5A34.exe
C:\Users\moreazy\AppData\Local\Temp\nsn43B7.exe
C:\Users\moreazy\AppData\Local\Temp\nsn71BB.exe
C:\Users\moreazy\AppData\Local\Temp\PidGenX.dll
C:\Users\moreazy\AppData\Local\Temp\SearchProtectINT.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 02:46

==================== End Of Log ============================



#5 moreasy

moreasy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 09 July 2014 - 01:35 PM

ADDITIONS

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by moreazy at 2014-07-09 13:20:53
Running from C:\Users\moreazy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
focusbase (HKLM\...\focusbase) (Version: 2014.07.07.183950 - focusbase)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

==================== Restore Points  =========================

07-07-2014 21:05:44 Windows Update
07-07-2014 21:07:13 Windows Update
07-07-2014 21:29:29 avast! antivirus system restore point
07-07-2014 21:48:51 Windows Update
07-07-2014 22:16:41 Windows Update
07-07-2014 22:44:56 Windows Update
07-07-2014 23:05:11 avast! antivirus system restore point
08-07-2014 05:15:26 Installed CorelDRAW Graphics Suite 12
08-07-2014 08:00:19 Windows Update
08-07-2014 13:47:55 Windows Update
09-07-2014 18:10:56 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-07-07 18:17 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1CC91E25-1352-4C05-9B72-9EEED2657ABD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-07-07] ()
Task: {530C92F6-CDD8-416C-9FF5-9387B803D96C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {73B80B4C-BD66-46EB-863F-58B41061ECE2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-07] (AVAST Software)
Task: {7CF9778C-14E4-4CA6-89EC-E13816008F22} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {D70150CD-7AE4-4148-950B-20C62186BCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-07] (Adobe Systems Incorporated)
Task: {DF9BFE3A-EE15-4084-B529-C58C8EBC0962} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-07 18:07 - 2014-07-07 18:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-08 03:05 - 2014-07-08 03:05 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070800\algo.dll
2014-07-09 13:13 - 2014-07-09 13:13 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070900\algo.dll
2014-07-07 17:59 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-07 17:59 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-07 17:59 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-07 17:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-07 17:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-07 18:07 - 2014-07-07 18:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-07 16:24 - 2014-06-05 23:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2014 01:10:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 00:55:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 09:54:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 09:02:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2014 05:53:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (07/09/2014 01:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util focusbase service failed to start due to the following error:
%%216

Error: (07/09/2014 01:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update focusbase service failed to start due to the following error:
%%216

Error: (07/08/2014 11:39:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/08/2014 11:38:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/08/2014 11:38:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (07/08/2014 10:48:39 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/08/2014 10:48:39 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/08/2014 10:48:37 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/08/2014 10:48:31 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/08/2014 10:48:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6


Microsoft Office Sessions:
=========================
Error: (07/09/2014 01:10:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 00:55:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 09:54:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 09:02:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2014 05:53:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/08/2014 11:38:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3935.02 MB
Available physical RAM: 2260.8 MB
Total Pagefile: 7868.22 MB
Available Pagefile: 5955.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:290.09 GB) (Free:200.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6A0A9DBD)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 09 July 2014 - 02:32 PM

Start TDSSKiller.exe again with administrator privileges.
  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat TDSS File System (and only for that) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.


#7 moreasy

moreasy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 09 July 2014 - 03:12 PM

I tried to paste this but it says it's too long.

 

Linked to pastebin

 

http://pastebin.com/04r8x0hC



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 09 July 2014 - 04:09 PM

Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 moreasy

moreasy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 09 July 2014 - 04:19 PM

Here are the logs. Thank you so much for your patience and diligence!

 

# AdwCleaner v3.215 - Report created 09/07/2014 at 16:14:41
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : moreazy - MOREAZY-PC
# Running from : C:\Users\moreazy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\SearchProtectINT

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\moreazy\AppData\Roaming\Mozilla\Firefox\Profiles\varlnbwo.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1482 octets] - [09/07/2014 16:13:36]
AdwCleaner[S0].txt - [1363 octets] - [09/07/2014 16:14:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1423 octets] ##########
 

__________________

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by moreazy (administrator) on MOREAZY-PC on 09-07-2014 16:17:30
Running from C:\Users\moreazy\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-07] (AVAST Software)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe [729088 2003-11-25] (Corel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33C44DC7289ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: focusbase - {8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4} - C:\Program Files (x86)\focusbase\focusbasebho.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\moreazy\AppData\Roaming\Mozilla\Firefox\Profiles\varlnbwo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-07] ()
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64; C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys [61120 2014-07-04] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 16:13 - 2014-07-09 16:14 - 00000000 ____D () C:\AdwCleaner
2014-07-09 16:12 - 2014-07-09 16:13 - 01348263 _____ () C:\Users\moreazy\Desktop\AdwCleaner.exe
2014-07-09 13:20 - 2014-07-09 13:21 - 00014806 _____ () C:\Users\moreazy\Desktop\Addition.txt
2014-07-09 13:19 - 2014-07-09 16:17 - 00006230 _____ () C:\Users\moreazy\Desktop\FRST.txt
2014-07-09 13:19 - 2014-07-09 16:17 - 00000000 ____D () C:\FRST
2014-07-09 13:15 - 2014-07-09 13:15 - 02084352 _____ (Farbar) C:\Users\moreazy\Desktop\FRST64.exe
2014-07-09 13:14 - 2014-07-09 13:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\moreazy\Desktop\tdsskiller.exe
2014-07-09 09:52 - 2014-07-09 14:56 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-09 09:22 - 2014-07-09 09:29 - 00014925 _____ () C:\Users\moreazy\Desktop\dds.txt
2014-07-09 09:22 - 2014-07-09 09:22 - 00005692 _____ () C:\Users\moreazy\Desktop\attach.txt
2014-07-08 10:53 - 2014-07-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-08 10:17 - 2014-07-09 16:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 10:17 - 2014-07-08 10:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 00:34 - 2014-07-08 00:34 - 00000000 ____D () C:\Users\moreazy\Documents\Corel User Files
2014-07-08 00:20 - 2014-07-08 00:20 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Corel
2014-07-08 00:19 - 2014-07-08 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
2014-07-08 00:19 - 2014-07-08 00:19 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 00:15 - 2014-07-08 00:15 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-07-07 22:00 - 2014-07-09 16:16 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-07 19:40 - 2014-07-07 19:40 - 00276424 _____ () C:\Windows\Minidump\070714-33259-01.dmp
2014-07-07 18:50 - 2014-07-08 10:55 - 00000000 ____D () C:\Windows\Panther
2014-07-07 18:34 - 2014-07-07 18:34 - 00000000 ____D () C:\Windows.old.000
2014-07-07 18:17 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140707-181745.backup
2014-07-07 18:16 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140707-181626.backup
2014-07-07 18:13 - 2014-07-07 18:13 - 00000000 ____D () C:\Windows.old
2014-07-07 18:09 - 2014-07-07 18:09 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\AVAST Software
2014-07-07 18:08 - 2014-07-09 13:12 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-07 18:08 - 2014-07-09 13:12 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-07 18:08 - 2014-07-07 18:08 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-07 18:08 - 2014-07-07 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-07 18:08 - 2014-07-07 18:07 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-07 18:08 - 2014-07-07 18:07 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-07 18:08 - 2014-07-07 18:07 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-07 18:08 - 2014-07-07 18:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-07 18:07 - 2014-07-07 18:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-07 18:07 - 2014-07-07 18:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-07 18:00 - 2014-07-08 08:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-07 18:00 - 2014-07-07 18:00 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-07 18:00 - 2014-07-07 18:00 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-07 18:00 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-07-07 17:59 - 2014-07-07 18:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-07 17:56 - 2014-07-07 17:56 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-07-07 17:56 - 2014-07-07 17:56 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-07-07 17:55 - 2014-07-07 17:55 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-07-07 17:54 - 2014-07-09 16:14 - 01482475 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 17:53 - 2014-07-09 16:08 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-07 17:51 - 2014-07-09 16:08 - 00000000 ____D () C:\Windows\Minidump
2014-07-07 17:51 - 2014-07-07 19:40 - 483612481 _____ () C:\Windows\MEMORY.DMP
2014-07-07 17:51 - 2014-07-07 17:51 - 00275928 _____ () C:\Windows\Minidump\070714-50310-01.dmp
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-07-07 17:35 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-07-07 17:35 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-07-07 17:35 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-07-07 17:35 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-07-07 17:30 - 2014-07-07 17:30 - 00758128 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-07 17:27 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-07-07 17:24 - 2014-07-07 17:24 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-07 17:24 - 2014-07-07 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-07 17:24 - 2014-07-07 17:24 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-07 17:24 - 2014-07-07 17:24 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-07 17:24 - 2014-07-07 17:24 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-07 17:24 - 2014-07-07 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-07 17:24 - 2014-07-07 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-07 17:24 - 2014-07-07 17:24 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-07 17:24 - 2014-07-07 17:24 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00266456 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00240856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-07 17:24 - 2014-07-07 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-07 17:24 - 2014-07-07 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-07 17:22 - 2014-07-07 17:27 - 00008247 _____ () C:\Windows\IE11_main.log
2014-07-07 17:22 - 2014-07-07 17:22 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-07-07 17:21 - 2014-07-07 17:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-07 17:21 - 2014-07-04 05:35 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
2014-07-07 17:19 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-07 17:19 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-07 17:19 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-07 17:19 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-07 17:19 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-07 17:19 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-07 17:19 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-07 17:19 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-07 17:19 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-07 17:19 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-07 17:19 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-07 17:19 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-07 17:19 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-07 17:19 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-07 17:19 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-07 17:19 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-07 17:19 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-07 17:19 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-07 17:05 - 2014-07-07 17:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-07 17:05 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Macromedia
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\moreazy\AppData\Local\Macromedia
2014-07-07 16:36 - 2014-07-07 17:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\moreazy\Downloads\spybot-2.4.exe
2014-07-07 16:35 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-07-07 16:35 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-07-07 16:35 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-07-07 16:35 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-07-07 16:35 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-07-07 16:35 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-07-07 16:35 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-07-07 16:35 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-07-07 16:35 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-07-07 16:35 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-07-07 16:35 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-07-07 16:35 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-07-07 16:35 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-07-07 16:35 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-07-07 16:35 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-07-07 16:35 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-07-07 16:35 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-07-07 16:35 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-07-07 16:35 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-07-07 16:35 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-07-07 16:35 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-07-07 16:35 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-07-07 16:35 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-07-07 16:35 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-07-07 16:35 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-07-07 16:35 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-07-07 16:34 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-07 16:34 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-07 16:34 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-07 16:34 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-07 16:34 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-07 16:34 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-07 16:34 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-07 16:34 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-07 16:34 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-07 16:34 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-07 16:34 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-07-07 16:34 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-07-07 16:34 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-07-07 16:34 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-07-07 16:34 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-07-07 16:34 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-07-07 16:34 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-07-07 16:34 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-07-07 16:34 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-07-07 16:34 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-07-07 16:34 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-07-07 16:34 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-07-07 16:34 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-07 16:34 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-07 16:34 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-07-07 16:34 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-07-07 16:34 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-07-07 16:34 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-07-07 16:34 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-07-07 16:34 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-07-07 16:34 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-07-07 16:33 - 2014-07-09 16:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 16:33 - 2014-07-09 14:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 16:33 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-07 16:33 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-07 16:33 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-07 16:33 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-07 16:33 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-07 16:33 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-07 16:33 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-07 16:33 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-07-07 16:33 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-07-07 16:33 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-07-07 16:33 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-07-07 16:33 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-07-07 16:33 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-07-07 16:33 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-07-07 16:33 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-07-07 16:33 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-07-07 16:33 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-07-07 16:33 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-07-07 16:33 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-07-07 16:33 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-07-07 16:33 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-07-07 16:33 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-07-07 16:33 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-07-07 16:33 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-07 16:33 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-07-07 16:33 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-07-07 16:33 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-07-07 16:33 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-07-07 16:33 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-07-07 16:33 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-07-07 16:33 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-07-07 16:33 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-07-07 16:33 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-07-07 16:33 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-07-07 16:33 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-07-07 16:33 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-07-07 16:33 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-07-07 16:33 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-07-07 16:32 - 2014-07-09 16:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-07 16:32 - 2014-07-09 14:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 16:32 - 2014-07-09 14:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 16:32 - 2014-07-07 16:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-07-07 16:32 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-07-07 16:32 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-07-07 16:32 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-07-07 16:32 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-07-07 16:30 - 2014-07-07 16:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-07 16:30 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-07-07 16:30 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-07-07 16:28 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-07 16:28 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-07 16:27 - 2014-07-08 00:20 - 00058800 _____ () C:\Users\moreazy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-07 16:27 - 2014-07-07 16:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-07 16:26 - 2014-07-07 16:26 - 04862664 _____ (AVAST Software) C:\Users\moreazy\Downloads\avast_free_antivirus_setup_online.exe
2014-07-07 16:25 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-07-07 16:25 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-07-07 16:25 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-07-07 16:25 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-07-07 16:25 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-07-07 16:25 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-07-07 16:25 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-07-07 16:25 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-07-07 16:25 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-07-07 16:25 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-07-07 16:25 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-07-07 16:25 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-07 16:25 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-07 16:25 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-07-07 16:25 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-07-07 16:25 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-07-07 16:25 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-07-07 16:25 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-07-07 16:25 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-07-07 16:25 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-07-07 16:25 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-07-07 16:25 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-07-07 16:25 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-07-07 16:24 - 2014-07-07 16:25 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Mozilla
2014-07-07 16:24 - 2014-07-07 16:25 - 00000000 ____D () C:\Users\moreazy\AppData\Local\Mozilla
2014-07-07 16:24 - 2014-07-07 16:24 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-07 16:24 - 2014-07-07 16:24 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-07 16:22 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-07-07 16:21 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-07-07 16:21 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-07-07 16:21 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-07-07 16:21 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-07-07 16:21 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-07-07 16:19 - 2014-07-09 14:59 - 00000000 ____D () C:\Program Files (x86)\focusbase
2014-07-07 16:14 - 2014-07-07 16:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-07 16:11 - 2014-07-08 00:07 - 00000000 ____D () C:\Users\moreazy\AppData\Local\VirtualStore
2014-07-07 16:11 - 2014-07-07 17:41 - 00001417 _____ () C:\Users\moreazy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-07 16:11 - 2014-07-07 16:11 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Adobe
2014-07-07 16:10 - 2014-07-09 16:08 - 00000000 ____D () C:\Users\moreazy
2014-07-07 16:10 - 2014-07-07 16:10 - 00000020 ___SH () C:\Users\moreazy\ntuser.ini
2014-07-07 16:10 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\moreazy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-07 16:10 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\moreazy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-07 16:07 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-07-07 16:07 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-07-07 16:06 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-07 16:06 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-07 16:06 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-07 16:06 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-07 16:06 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-07 16:06 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-07 16:06 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-07 16:06 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-07 16:06 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-07 16:05 - 2014-07-07 16:05 - 00000000 __SHD () C:\Recovery

==================== One Month Modified Files and Folders =======

2014-07-09 16:18 - 2014-07-09 13:19 - 00006230 _____ () C:\Users\moreazy\Desktop\FRST.txt
2014-07-09 16:17 - 2014-07-09 13:19 - 00000000 ____D () C:\FRST
2014-07-09 16:16 - 2014-07-07 22:00 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-09 16:15 - 2010-11-20 22:47 - 00005208 _____ () C:\Windows\PFRO.log
2014-07-09 16:15 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 16:15 - 2009-07-13 23:51 - 00028229 _____ () C:\Windows\setupact.log
2014-07-09 16:14 - 2014-07-09 16:13 - 00000000 ____D () C:\AdwCleaner
2014-07-09 16:14 - 2014-07-07 17:54 - 01482475 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 16:13 - 2014-07-09 16:12 - 01348263 _____ () C:\Users\moreazy\Desktop\AdwCleaner.exe
2014-07-09 16:12 - 2014-07-07 16:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-09 16:08 - 2014-07-08 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-09 16:08 - 2014-07-08 10:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 16:08 - 2014-07-07 17:53 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-09 16:08 - 2014-07-07 17:51 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 16:08 - 2014-07-07 16:32 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-09 16:08 - 2014-07-07 16:10 - 00000000 ____D () C:\Users\moreazy
2014-07-09 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-09 15:07 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 15:05 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 15:05 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 14:59 - 2014-07-07 16:19 - 00000000 ____D () C:\Program Files (x86)\focusbase
2014-07-09 14:56 - 2014-07-09 09:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-09 14:10 - 2014-07-07 16:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 14:10 - 2014-07-07 16:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 14:10 - 2014-07-07 16:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 13:21 - 2014-07-09 13:20 - 00014806 _____ () C:\Users\moreazy\Desktop\Addition.txt
2014-07-09 13:15 - 2014-07-09 13:15 - 02084352 _____ (Farbar) C:\Users\moreazy\Desktop\FRST64.exe
2014-07-09 13:14 - 2014-07-09 13:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\moreazy\Desktop\tdsskiller.exe
2014-07-09 13:12 - 2014-07-07 18:08 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-09 13:12 - 2014-07-07 18:08 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-09 09:29 - 2014-07-09 09:22 - 00014925 _____ () C:\Users\moreazy\Desktop\dds.txt
2014-07-09 09:22 - 2014-07-09 09:22 - 00005692 _____ () C:\Users\moreazy\Desktop\attach.txt
2014-07-08 10:55 - 2014-07-07 18:50 - 00000000 ____D () C:\Windows\Panther
2014-07-08 10:17 - 2014-07-08 10:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 08:40 - 2014-07-07 18:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-08 08:28 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2014-07-08 02:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-08 01:25 - 2009-07-13 23:45 - 00277136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 00:34 - 2014-07-08 00:34 - 00000000 ____D () C:\Users\moreazy\Documents\Corel User Files
2014-07-08 00:31 - 2014-05-13 19:54 - 00000000 ____D () C:\MoreazyFolder
2014-07-08 00:26 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-08 00:20 - 2014-07-08 00:20 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Corel
2014-07-08 00:20 - 2014-07-07 16:27 - 00058800 _____ () C:\Users\moreazy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 00:19 - 2014-07-08 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
2014-07-08 00:19 - 2014-07-08 00:19 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 00:15 - 2014-07-08 00:15 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-07-08 00:07 - 2014-07-07 16:11 - 00000000 ____D () C:\Users\moreazy\AppData\Local\VirtualStore
2014-07-07 19:40 - 2014-07-07 19:40 - 00276424 _____ () C:\Windows\Minidump\070714-33259-01.dmp
2014-07-07 19:40 - 2014-07-07 17:51 - 483612481 _____ () C:\Windows\MEMORY.DMP
2014-07-07 18:50 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-07-07 18:50 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-07-07 18:34 - 2014-07-07 18:34 - 00000000 ____D () C:\Windows.old.000
2014-07-07 18:13 - 2014-07-07 18:13 - 00000000 ____D () C:\Windows.old
2014-07-07 18:09 - 2014-07-07 18:09 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\AVAST Software
2014-07-07 18:08 - 2014-07-07 18:08 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-07 18:08 - 2014-07-07 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-07 18:07 - 2014-07-07 18:08 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-07 18:07 - 2014-07-07 18:08 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-07 18:07 - 2014-07-07 18:08 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-07 18:07 - 2014-07-07 18:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-07 18:07 - 2014-07-07 18:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-07 18:07 - 2014-07-07 18:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-07 18:07 - 2014-07-07 18:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-07 18:04 - 2014-07-07 17:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-07 18:00 - 2014-07-07 18:00 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-07 18:00 - 2014-07-07 18:00 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-07 17:56 - 2014-07-07 17:56 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-07-07 17:56 - 2014-07-07 17:56 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-07-07 17:56 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 17:56 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-07 17:55 - 2014-07-07 17:55 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-07-07 17:55 - 2009-07-13 23:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-07-07 17:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-07-07 17:52 - 2011-04-12 03:28 - 00000000 ____D () C:\Windows\CSC
2014-07-07 17:51 - 2014-07-07 17:51 - 00275928 _____ () C:\Windows\Minidump\070714-50310-01.dmp
2014-07-07 17:48 - 2014-07-07 16:36 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\moreazy\Downloads\spybot-2.4.exe
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-07-07 17:41 - 2014-07-07 16:11 - 00001417 _____ () C:\Users\moreazy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-07 17:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-07 17:30 - 2014-07-07 17:30 - 00758128 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-07 17:27 - 2014-07-07 17:22 - 00008247 _____ () C:\Windows\IE11_main.log
2014-07-07 17:24 - 2014-07-07 17:24 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-07 17:24 - 2014-07-07 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-07 17:24 - 2014-07-07 17:24 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-07 17:24 - 2014-07-07 17:24 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-07 17:24 - 2014-07-07 17:24 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-07 17:24 - 2014-07-07 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-07 17:24 - 2014-07-07 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-07 17:24 - 2014-07-07 17:24 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-07 17:24 - 2014-07-07 17:24 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00266456 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00240856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-07 17:24 - 2014-07-07 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-07 17:24 - 2014-07-07 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-07 17:24 - 2014-07-07 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-07 17:24 - 2014-07-07 17:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-07 17:22 - 2014-07-07 17:22 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-07-07 17:22 - 2014-07-07 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-07-07 17:21 - 2014-07-07 17:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-07 17:15 - 2014-07-07 17:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Macromedia
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\moreazy\AppData\Local\Macromedia
2014-07-07 16:32 - 2014-07-07 16:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-07-07 16:30 - 2014-07-07 16:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-07 16:30 - 2014-07-07 16:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-07 16:26 - 2014-07-07 16:26 - 04862664 _____ (AVAST Software) C:\Users\moreazy\Downloads\avast_free_antivirus_setup_online.exe
2014-07-07 16:25 - 2014-07-07 16:24 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Mozilla
2014-07-07 16:25 - 2014-07-07 16:24 - 00000000 ____D () C:\Users\moreazy\AppData\Local\Mozilla
2014-07-07 16:24 - 2014-07-07 16:24 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-07 16:24 - 2014-07-07 16:24 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-07 16:24 - 2014-07-07 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-07 16:14 - 2014-07-07 16:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-07 16:11 - 2014-07-07 16:11 - 00000000 ____D () C:\Users\moreazy\AppData\Roaming\Adobe
2014-07-07 16:10 - 2014-07-07 16:10 - 00000020 ___SH () C:\Users\moreazy\ntuser.ini
2014-07-07 16:09 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-07-07 16:05 - 2014-07-07 16:05 - 00000000 __SHD () C:\Recovery
2014-07-07 16:05 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-07-04 05:35 - 2014-07-07 17:21 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
2014-06-13 12:23 - 2010-11-04 11:33 - 00137998 _____ () C:\test.xml

Some content of TEMP:
====================
C:\Users\moreazy\AppData\Local\Temp\1_Offer_6.exe
C:\Users\moreazy\AppData\Local\Temp\1_Offer_8.exe
C:\Users\moreazy\AppData\Local\Temp\1_Offer_9.exe
C:\Users\moreazy\AppData\Local\Temp\nsg5A34.exe
C:\Users\moreazy\AppData\Local\Temp\nsn43B7.exe
C:\Users\moreazy\AppData\Local\Temp\nsn71BB.exe
C:\Users\moreazy\AppData\Local\Temp\PidGenX.dll
C:\Users\moreazy\AppData\Local\Temp\Quarantine.exe
C:\Users\moreazy\AppData\Local\Temp\SearchProtectINT.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 02:46

==================== End Of Log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 09 July 2014 - 04:24 PM

Do you still get the popups from avast now?


Step 1

Please download this attached Attached File  fixlist.txt   316bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#11 moreasy

moreasy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 10 July 2014 - 01:36 PM

No I have not gotten any popups since I first ran the tdsskiller. Here is the eset log

 

C:\Program Files (x86)\focusbase\bin\focusbase.BrowserAdapter.exe    a variant of Win32/BrowseFox.I potentially unwanted application
C:\Program Files (x86)\focusbase\bin\focusbase.PurBrowse64.exe    a variant of Win64/BrowseFox.A potentially unwanted application
C:\Program Files (x86)\focusbase\bin\focusbaseBAApp.dll    a variant of Win32/BrowseFox.I potentially unwanted application
C:\Program Files (x86)\focusbase\bin\{2b929fe1-284b-4766-afb9-19b0915b99b0}.dll    a variant of Win32/BrowseFox.K potentially unwanted application
C:\TDSSKiller_Quarantine\09.07.2014_09.50.38\mbr0000\tdlfs0000\tsk0001.dta    a variant of Win64/Olmarik.BG trojan
C:\TDSSKiller_Quarantine\09.07.2014_14.54.46\tdlfs0000\tsk0001.dta    a variant of Win64/Olmarik.BG trojan
C:\TDSSKiller_Quarantine\09.07.2014_14.54.46\tdlfs0001\tsk0001.dta    a variant of Win64/Olmarik.BG trojan
C:\Users\moreazy\AppData\Local\Temp\1_Offer_9.exe    Win32/Reporter.A potentially unwanted application
C:\Windows.old\Program Files (x86)\Conduit\Community Alerts\Alert.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows.old\Program Files (x86)\Conduit\Community Alerts\Alert0.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows.old\Program Files (x86)\FriendsChecker\Chrome\common.crx    Win32/ExFriendAlert.A potentially unwanted application
C:\Windows.old\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Windows.old\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe    probably a variant of Win32/WhiteSmoke potentially unwanted application
C:\Windows.old\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\index.html    HTML/WhiteSmoke potentially unwanted application
C:\Windows.old\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\translator.html    HTML/WhiteSmoke potentially unwanted application
C:\Windows.old\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\owner\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Default\aadidcddgfdagddhgfgcdhdbdegbgdgf\background.js    Win32/TrojanDownloader.Tracur.V trojan
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii\10.31.4.510_0\APISupport\APISupport.dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii\10.31.4.510_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.0.526_0\APISupport\APISupport.dll    Win32/Conduit.SearchProtect potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.0.526_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\APISupport\APISupport.dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000    Win32/AdWare.1ClickDownload.AR application
C:\Windows.old\Users\owner\AppData\Local\NativeMessaging\CT3268935\1_0_0_2\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\NativeMessaging\CT3268935\1_0_0_6\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\NativeMessaging\CT3268935\1_0_2_0\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\NativeMessaging\CT3298580\1_0_0_2\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\NativeMessaging\CT3298580\1_0_0_4\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\NativeMessaging\CT3298580\1_0_0_6\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\NativeMessaging\CT3298580\1_0_2_0\TBMessagingHost.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows.old\Users\owner\AppData\Local\Strongvault\StrongVaultApp.exe    a variant of MSIL/Adware.StrongVault.A application
C:\Windows.old\Users\owner\AppData\Local\Temp\tbWhi2.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows.old\Users\owner\AppData\LocalLow\MixiDJ_V44\hk64tbMixi.dll    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Windows.old\Users\owner\AppData\LocalLow\MixiDJ_V44\hktbMixi.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows.old\Users\owner\AppData\LocalLow\MixiDJ_V44\ldrtbMixi.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows.old\Users\owner\AppData\LocalLow\MixiDJ_V44\tbMixi.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Windows.old\Users\owner\AppData\LocalLow\MixiDJ_V44\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll    a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows.old\Users\owner\AppData\Roaming\VisicomToolBar\gamesagogo_en_w3i_toolbar_3.2.0.36.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Windows.old\Windows\System32\rpcss.dll    Win64/Patched.I trojan
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U369G2E\iframe3[1].htm    HTML/Iframe.B.Gen virus
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9ACDEUE\globalpromotions_noraust_com[1].txt    HTML/ScrInject.B.Gen virus
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_Bar\ldrtbWhi0.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_Bar\ldrtbWhi2.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_Bar\ldrtbWhit.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_Bar\tbWhi0.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_Bar\tbWhi1.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_Bar\tbWhi2.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_Bar\tbWhit.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\WhiteSmoke_Bar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll    a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows.old.000\Windows\Setup\Scripts\Windows Loader.exe    Win32/HackTool.WinActivator.I potentially unsafe application
 



#12 moreasy

moreasy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 10 July 2014 - 01:37 PM

The fixit log as well.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-07-2014
Ran by moreazy at 2014-07-09 16:31:00 Run:1
Running from C:\Users\moreazy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
R1 {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64; C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys [61120 2014-07-04] (StdLib)
C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Reboot:
*****************

{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64 => Service stopped successfully.
{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needed a reboot.

==== End of Fixlog ====



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 10 July 2014 - 02:14 PM

One minor thing and then we're done.


Please download this attached Attached File  fixlist.txt   150bytes   0 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log file.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 AM

Posted 03 September 2014 - 06:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users