Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access the internet, software shuts down


  • This topic is locked This topic is locked
88 replies to this topic

#1 billmo

billmo

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 28 August 2014 - 10:16 AM

Moving over from the Am I Infected Forum.
 
Problem surfaced after overnight stay at motel.  When trying to open IE, get message that IE has stopped working and to close program.  Get same message when trying to open MS Outlook. Can open Outlook in safe mode and receive and send emails as long as no internet content.  Any software that trys to link to the internet when opening also stops working and close program message appears.
 
Verified Use a proxy LAN setting was not checked and ran winsockfix.bat with no change. Have run MiniToolBox, TDSSKiller, RKill, Malwarebytes Anti-Malware, Hitman Pro, ADWCleaner and Junkware Removal Tool. No change.
 
Ran DDS Tool. Here is the log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239
Run by Bill at 10:08:47 on 2014-08-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.2787 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\taskhost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uProxyOverride = *.*.*.*;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40302.7021990741
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8595CC34-384C-48A5-A944-5B7183E4EB3F} : DHCPNameServer = 162.150.8.16 68.87.66.234
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\2656C6B696E6E2936316 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\2696C6C6D6F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\34963736F65363530323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\34F6D666F6274794E6E6 : DHCPNameServer = 66.109.229.5 66.109.229.6
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\65562796A7F6E6D2D496649653531303C4D293542303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\F63666C6F5075726C69636F577966696 : DHCPNameServer = 65.32.1.65 65.32.1.70
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mWindow Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nlem64nt;nlem64nt;C:\windows\System32\drivers\nlem64nt.sys [2009-10-13 72808]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-2-2 13824]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12:40];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-19 146928]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-3 151936]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-2-3 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2010-2-2 35104]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-5-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-8-26 122584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-14 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-5-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-2-2 311296]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\MICROS~2\Office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-08-27 00:19:46 241248 ----a-w- C:\windows\System32\drivers\20945614.sys
2014-08-27 00:09:50 -------- d-----w- C:\EEK
2014-08-27 00:08:27 -------- d-----w- C:\Program Files (x86)\ESET
2014-08-26 23:44:55 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-26 21:29:05 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-26 21:28:51 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-26 21:28:51 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-26 21:28:51 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-26 21:28:51 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-26 21:28:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 21:16:35 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA6C7FEE-A4CC-44C7-A13D-21E21FBB15A0}\mpengine.dll
2014-08-26 17:20:59 -------- d-----w- C:\AdwCleaner
2014-08-22 02:19:18 -------- d-----w- C:\windows\ERUNT
2014-08-22 02:18:26 241248 ----a-w- C:\windows\System32\drivers\53770523.sys
2014-08-17 14:14:22 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-17 14:14:12 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-17 14:14:12 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-17 14:14:12 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-17 14:14:11 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-17 14:14:11 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-17 14:13:58 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-17 14:13:58 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-16 00:33:56 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-16 00:33:55 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-08-08 11:20:45 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-07 17:55:30 -------- d-----w- C:\Users\Bill\AppData\Local\Proxure
2014-08-07 17:55:03 -------- d-----w- C:\ProgramData\ClubSanDisk
2014-08-07 13:39:51 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-08-03 20:50:30 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-08-03 20:49:42 61216 ----a-w- C:\windows\System32\OpenCL.dll
2014-08-03 20:49:42 53024 ----a-w- C:\windows\SysWow64\OpenCL.dll
2014-08-03 20:48:32 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-08-03 20:48:15 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-07-31 18:47:01 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-07-31 18:46:33 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-07-31 18:46:33 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-07-31 18:46:17 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-07-31 18:46:17 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-07-31 18:46:17 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-07-31 18:46:17 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-07-30 03:13:01 -------- d-----w- C:\Users\Bill\AppData\Local\Intuit
.
==================== Find3M  ====================
.
2014-08-05 13:20:00 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-16 03:23:41 2048 ----a-w- C:\windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-07-09 13:24:54 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 13:24:53 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-16 02:10:19 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\windows\SysWow64\authui.dll
.
============= FINISH: 10:08:59.09 ===============
 
Thank you for any help and actions you can recommend.

Attached Files


Edited by Oh My!, 03 September 2014 - 04:03 PM.
Posted Attach.txt


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 02 September 2014 - 10:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546050 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 billmo

billmo
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 02 September 2014 - 02:49 PM

Still having the same issue.  Any software or link to the internet immediately generates a Software has stopped working and closes the program.  IE, Outlook, Norton, Ancestry, etc.  Home network is fine, all other devices work.  Do not have my Windows CD available.

 

Here's the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239
Run by Bill at 15:39:24 on 2014-09-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.2933 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uProxyOverride = *.*.*.*;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40302.7021990741
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8595CC34-384C-48A5-A944-5B7183E4EB3F} : DHCPNameServer = 162.150.8.16 68.87.66.234
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\2656C6B696E6E2936316 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\2696C6C6D6F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\34963736F65363530323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\34F6D666F6274794E6E6 : DHCPNameServer = 66.109.229.5 66.109.229.6
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\65562796A7F6E6D2D496649653531303C4D293542303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F7973623-B1FB-435C-A392-FCF38A07472E}\F63666C6F5075726C69636F577966696 : DHCPNameServer = 65.32.1.65 65.32.1.70
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mWindow Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nlem64nt;nlem64nt;C:\windows\System32\drivers\nlem64nt.sys [2009-10-13 72808]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-2-2 13824]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12:40];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-19 146928]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-3 151936]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-2-3 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2010-2-2 35104]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-5-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-8-26 122584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-14 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-5-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-2-2 311296]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\MICROS~2\Office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-08-27 00:19:46 241248 ----a-w- C:\windows\System32\drivers\20945614.sys
2014-08-27 00:09:50 -------- d-----w- C:\EEK
2014-08-27 00:08:27 -------- d-----w- C:\Program Files (x86)\ESET
2014-08-26 23:44:55 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-26 21:29:05 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-26 21:28:51 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-26 21:28:51 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-26 21:28:51 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-26 21:28:51 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-26 21:28:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 21:16:35 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA6C7FEE-A4CC-44C7-A13D-21E21FBB15A0}\mpengine.dll
2014-08-26 17:20:59 -------- d-----w- C:\AdwCleaner
2014-08-22 02:19:18 -------- d-----w- C:\windows\ERUNT
2014-08-22 02:18:26 241248 ----a-w- C:\windows\System32\drivers\53770523.sys
2014-08-17 14:14:22 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-17 14:14:12 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-17 14:14:12 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-17 14:14:12 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-17 14:14:11 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-17 14:14:11 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-17 14:13:58 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-17 14:13:58 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-16 00:33:56 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-16 00:33:55 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-08-08 11:20:45 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-07 17:55:30 -------- d-----w- C:\Users\Bill\AppData\Local\Proxure
2014-08-07 17:55:03 -------- d-----w- C:\ProgramData\ClubSanDisk
2014-08-07 13:39:51 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-08-03 20:50:30 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-08-03 20:49:42 61216 ----a-w- C:\windows\System32\OpenCL.dll
2014-08-03 20:49:42 53024 ----a-w- C:\windows\SysWow64\OpenCL.dll
2014-08-03 20:48:32 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-08-03 20:48:15 -------- d-----w- C:\Program Files\NVIDIA Corporation
.
==================== Find3M  ====================
.
2014-08-05 13:20:00 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-16 03:23:41 2048 ----a-w- C:\windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-07-09 13:24:54 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 13:24:53 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-16 02:10:19 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 15:41:20.33 ===============
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 03 September 2014 - 04:07 PM

Greetings billmo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me. Whenever necessary download programs onto a flash drive on a clean computer and transfer the program to the desktop of your infected machine.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log
List devices >>(Problem only)<<
List Minidump Files

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • MiniToolBox log
  • FSS log
  • System Summary Information

Edited by Oh My!, 03 September 2014 - 06:41 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 billmo

billmo
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 05 September 2014 - 05:20 PM

Hi Gary.

Thanks for your assistance.

Here are the logs:

FRST Results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Bill (administrator) on BILL-PC on 05-09-2014 17:50:10
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(DoctorSoft) C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1025616775-32965946-2427245248-1001\...\MountPoints2: {45c3e14b-4a23-11df-b155-00245462bbe7} - F:\EasySuite.exe bootup
HKU\S-1-5-21-1025616775-32965946-2427245248-1001\...\MountPoints2: {68027415-495f-11df-9816-00245462bbe7} - F:\EasySuite.exe bootup
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x988CB9B756AFCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: HKLM-x32 {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40302.7021990741
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
S4 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 HPSLPSVC; C:\Users\Bill\AppData\Local\Temp\7zS18B4\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [79052 2012-04-28] (Oak Technology Inc.) [File not signed]
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-26] (Malwarebytes Corporation)
R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [72808 2009-10-13] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-11-19] (CyberLink Corp.)
S2 BrPar; \SystemRoot\System32\drivers\BrPar.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 17:49 - 2014-09-05 17:50 - 00000000 ____D () C:\FRST
2014-08-28 10:06 - 2014-09-02 15:41 - 00016465 _____ () C:\Users\Bill\Desktop\attach.txt
2014-08-28 10:06 - 2014-09-02 15:41 - 00016049 _____ () C:\Users\Bill\Desktop\dds.txt
2014-08-26 20:19 - 2014-08-26 20:19 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\20945614.sys
2014-08-26 20:10 - 2014-08-26 20:10 - 00000743 _____ () C:\Users\Bill\Desktop\Start Emsisoft Emergency Kit.lnk
2014-08-26 20:09 - 2014-08-26 20:10 - 00000000 ____D () C:\EEK
2014-08-26 20:08 - 2014-08-26 20:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 19:44 - 2014-08-26 20:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-26 19:34 - 2014-08-26 19:37 - 00002590 _____ () C:\Users\Bill\Desktop\Rkill.txt
2014-08-26 17:29 - 2014-08-26 19:43 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 17:28 - 2014-08-26 17:28 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 17:28 - 2014-08-26 17:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 17:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-26 17:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-26 17:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-26 13:20 - 2014-08-26 13:22 - 00000000 ____D () C:\AdwCleaner
2014-08-21 22:37 - 2014-08-21 22:37 - 00000632 _____ () C:\Users\Bill\Desktop\JRT.txt
2014-08-21 22:19 - 2014-08-21 22:19 - 00000000 ____D () C:\windows\ERUNT
2014-08-21 22:18 - 2014-08-21 22:18 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\53770523.sys
2014-08-17 10:14 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-17 10:14 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-17 10:14 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-17 10:14 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-17 10:14 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-17 10:14 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-17 10:13 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-17 10:13 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 20:34 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 20:34 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 20:34 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 20:34 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 20:34 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 20:34 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 20:34 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 20:34 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 20:34 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 20:34 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 20:34 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 20:34 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 20:34 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 20:34 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 20:34 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 20:34 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 20:34 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 20:34 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 20:34 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 20:34 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 20:34 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 20:34 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 20:34 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 20:34 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 20:34 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 20:34 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 20:34 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 20:34 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 20:34 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 20:34 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 20:34 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 20:34 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 20:34 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 20:34 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 20:34 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 20:34 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 20:34 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 20:34 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 20:34 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 20:34 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 20:34 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 20:34 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 20:34 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 20:34 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 20:34 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 20:34 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 20:34 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 20:34 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 20:34 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 20:34 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 20:34 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 20:34 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 20:34 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 20:34 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 20:34 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 20:34 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 20:34 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 20:34 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 20:34 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 20:34 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-15 20:34 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 20:34 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 20:34 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 20:34 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 20:34 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 20:34 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 20:34 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 20:34 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 20:34 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 20:34 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 20:33 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 20:33 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-07 13:55 - 2014-08-07 13:55 - 00000000 ____D () C:\Users\Bill\AppData\Local\Proxure
2014-08-07 13:55 - 2014-08-07 13:55 - 00000000 ____D () C:\ProgramData\ClubSanDisk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 17:50 - 2014-09-05 17:49 - 00000000 ____D () C:\FRST
2014-09-05 17:48 - 2012-01-01 11:32 - 00000000 ____D () C:\Users\Bill\AppData\Local\CrashDumps
2014-09-05 17:43 - 2012-01-27 11:25 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{76191EC2-0BDE-4FEA-90A8-74D7AC89C83C}
2014-09-05 17:33 - 2010-02-02 23:02 - 01643659 _____ () C:\windows\WindowsUpdate.log
2014-09-05 17:31 - 2010-04-10 14:09 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 17:30 - 2009-07-14 00:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 17:30 - 2009-07-14 00:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 17:28 - 2009-07-14 01:13 - 00807192 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-05 17:24 - 2013-01-06 09:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 17:23 - 2014-02-07 13:04 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-09-05 17:23 - 2013-11-04 17:20 - 00020054 _____ () C:\windows\setupact.log
2014-09-05 17:23 - 2010-04-10 14:09 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 17:23 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-03 15:57 - 2014-07-03 13:38 - 00000000 ____D () C:\Users\Bill\Documents\Golf
2014-09-03 09:04 - 2013-11-14 23:12 - 00000000 ____D () C:\Users\Bill\AppData\Local\0E7F0CF8-0CAA-4510-9FC5-251239121AF4.aplzod
2014-09-02 15:45 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\tracing
2014-09-02 15:41 - 2014-08-28 10:06 - 00016465 _____ () C:\Users\Bill\Desktop\attach.txt
2014-09-02 15:41 - 2014-08-28 10:06 - 00016049 _____ () C:\Users\Bill\Desktop\dds.txt
2014-08-26 20:19 - 2014-08-26 20:19 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\20945614.sys
2014-08-26 20:10 - 2014-08-26 20:10 - 00000743 _____ () C:\Users\Bill\Desktop\Start Emsisoft Emergency Kit.lnk
2014-08-26 20:10 - 2014-08-26 20:09 - 00000000 ____D () C:\EEK
2014-08-26 20:08 - 2014-08-26 20:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 20:06 - 2014-08-26 19:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-26 19:43 - 2014-08-26 17:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 19:37 - 2014-08-26 19:34 - 00002590 _____ () C:\Users\Bill\Desktop\Rkill.txt
2014-08-26 18:39 - 2013-11-04 17:19 - 00594330 _____ () C:\windows\PFRO.log
2014-08-26 18:00 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Branding
2014-08-26 17:28 - 2014-08-26 17:28 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 17:28 - 2014-08-26 17:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 16:45 - 2009-07-14 01:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-26 13:22 - 2014-08-26 13:20 - 00000000 ____D () C:\AdwCleaner
2014-08-25 20:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-08-21 22:37 - 2014-08-21 22:37 - 00000632 _____ () C:\Users\Bill\Desktop\JRT.txt
2014-08-21 22:19 - 2014-08-21 22:19 - 00000000 ____D () C:\windows\ERUNT
2014-08-21 22:18 - 2014-08-21 22:18 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\53770523.sys
2014-08-19 11:34 - 2013-11-04 17:04 - 00000975 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-19 11:09 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-19 11:08 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-17 10:26 - 2010-02-02 23:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 10:20 - 2013-08-18 03:19 - 00000000 ____D () C:\windows\system32\MRT
2014-08-17 10:18 - 2010-04-10 10:26 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-17 10:13 - 2014-04-29 23:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-07 13:55 - 2014-08-07 13:55 - 00000000 ____D () C:\Users\Bill\AppData\Local\Proxure
2014-08-07 13:55 - 2014-08-07 13:55 - 00000000 ____D () C:\ProgramData\ClubSanDisk
2014-08-07 09:54 - 2011-01-26 12:26 - 00001945 _____ () C:\windows\epplauncher.mif
2014-08-07 09:50 - 2011-11-14 20:53 - 00000000 ____D () C:\ProgramData\Norton
2014-08-06 22:06 - 2014-08-15 20:33 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 20:33 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqujze8.dll
C:\Users\Bill\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-28 11:27

==================== End Of Log ============================

Additon.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Bill at 2014-09-05 17:51:12
Running from F:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
23_24_2500Tour (x32 Version: 5.31.0.156 -  Hewlett-Packard) Hidden
2400 (x32 Version: 5.31.0.156 - Hewlett-Packard) Hidden
2400_2500Help (x32 Version: 5.31.0.156 -  Hewlett-Packard) Hidden
2400_2500trb (x32 Version: 5.31.0.156 -  Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AiO_Scan (x32 Version: 5.31.0.156 - Hewlett-Packard) Hidden
AiOSoftware (x32 Version: 5.31.0.156 - Hewlett-Packard) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyPC Client (HKLM-x32\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.25 - Doctorsoft)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
BatteryLifeExtender (HKLM-x32\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Best Buy Software Installer (HKLM-x32\...\Best Buy Software Installer) (Version: 2.1.0.30 - Best Buy)
Best Buy Software Installer (Version: 2.1.0.30 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother 1450 (HKLM-x32\...\Brother 1450) (Version:  - )
Brother HL-5250DN (HKLM-x32\...\{7A75FE7F-CA7C-4C0B-8988-2012B8754E37}) (Version: 1.00 - Brother)
Brownie (HKLM-x32\...\BROWNIE) (Version:  - )
CA Pest Patrol Realtime Protection (HKLM-x32\...\{F05A5232-CE5E-4274-AB27-44EB8105898D}) (Version: 001.001.0034 - Computer Associates Inc.)
Canon Direct Print User Guide (HKLM-x32\...\DirectPrintUserGuide) (Version: 1.0.0.1 - Canon Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Canon MG5200 series User Registration (HKLM-x32\...\Canon MG5200 series User Registration) (Version:  - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon PowerShot A470 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSA470) (Version: 1.0.0.1 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Convert to PDF ( Try ) 6.2 (HKLM-x32\...\Convert to PDF ( Try ) 6.2) (Version:  - )
Copy (x32 Version: 5.31.0.150 - Hewlett-Packard) Hidden
CreativeProjects (x32 Version: 5.31.0.150 - Hewlett-Packard) Hidden
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.3226 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2511 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2511 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3604b - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.3604b - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3227 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.3227 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228e - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.3228e - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2429 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3304 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Director (x32 Version: 5.31.0.154 - Hewlett-Packard) Hidden
DocProc (x32 Version: 3.1.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DSA Car & ADI Theory Test (HKLM-x32\...\InstallShield_{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}) (Version: 1.00.0000 - Driving Standards Agency)
DSA Car & ADI Theory Test (x32 Version: 1.00.0000 - Driving Standards Agency) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
Fax (x32 Version: 5.31.0.156 - Hewlett-Packard) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 4.5.0.457 (HKCU\...\GoToMeeting) (Version:  - )
HP Photo & Imaging 3.1 (HKLM-x32\...\HP Photo & Imaging) (Version: 3.1 - HP)
HP PSC & OfficeJet 3.0 (HKLM-x32\...\{6CF9C6C0-54E5-4668-85C1-C10F63C40155}) (Version: 3.0 - HP)
HP Software Update (HKLM-x32\...\{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}) (Version: 1.0.18.20030625 - Hewlett-Packard)
hpmdtab (x32 Version: 2.0.468.1596 - Hewlett-Packard) Hidden
HPSystemDiagnostics (x32 Version: 1.5.0.0 - Your Company Name) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InstantShare (x32 Version: 3.1.0.13 - Hewlett-Packard) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1003 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Memories Disc Creator 2.0 (HKLM-x32\...\{2E132061-C78A-48D4-A899-1D13B9D189FA}) (Version: 2.0.468.1596 - Memories Disc Creator 2.0)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetLib Encryptionizer (HKLM\...\{FD0E376F-D30A-477C-AA84-2F4F5B51D713}) (Version: 1.00.0000 - CCH Small Firm Services)
NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Overland (x32 Version: 1.76.0 - Hewlett-Packard) Hidden
PhotoGallery (x32 Version: 5.31.0.150 - Hewlett-Packard) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrintScreen (x32 Version: 5.31.0.147 - Hewlett-Packard) Hidden
QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickProjects (x32 Version: 5.31.0.147 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Readme (x32 Version: 5.31.0.156 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM-x32\...\{0A353130-D22C-41DD-8C67-1B02A05F2CE0}) (Version: 1.1.0 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 3.1.0.0 - Hewlett-Packard) Hidden
SkinsHP1 (x32 Version: 5.31.0.147 - Hewlett-Packard) Hidden
SkinsHP2 (x32 Version: 5.31.0.147 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TaxWise 2010 (HKLM-x32\...\{86A54B15-CDCC-40DF-AA5E-6BEDEE81736B}) (Version: 25.00.00 - CCH Small Firm Services)
TaxWise 2011 (HKLM-x32\...\{2EB7670F-9944-40C1-B3D3-0FC646CE2543}) (Version: 26.00.00 - CCH Small Firm Services)
TaxWise 2011 (HKLM-x32\...\{5B518CDC-D6E7-4A06-A514-BEB822603AE6}) (Version: 26.00.00 - CCH Small Firm Services)
TaxWise 2012 (HKLM-x32\...\{285960CC-9263-4761-90D5-E3BD5690A744}) (Version: 27.00.00 - CCH Small Firm Services)
TaxWise 2013 (HKLM-x32\...\{CAF71211-7E4A-4FE1-9B9B-C3BB65584515}) (Version: 28.00.00 - CCH Small Firm Services)
TrayApp (x32 Version: 5.31.0.147 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wmiiper (x32 Version: 010.000.1790 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
Unload (x32 Version: 3.1.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebReg (x32 Version: 5.31.0.147 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Password Breaker Professional Trial (HKLM-x32\...\{F4312A17-7DBF-4E10-BC9B-19380A99AAFF}_is1) (Version:  - Advanced Password Breaker Inc.)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\457\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1025616775-32965946-2427245248-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-08-2014 21:15:54 Windows Update
05-09-2014 21:26:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0908FD2D-7D7C-4385-BF2F-B2396FBA3041} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10] (Google Inc.)
Task: {0BCE0B86-54E5-41F7-B89C-F5B31B31F882} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.2.3 => C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\SymErr.exe
Task: {24E104E6-5DCA-4FA7-A245-2FD1758613AB} - System32\Tasks\{AFA136B4-F705-4D40-9858-E25490C715EA} => C:\Program Files (x86)\Microsoft Office\Office\OUTLOOK.EXE
Task: {2CED63FA-9FAF-4C19-863D-5F770C484708} - System32\Tasks\{EC60718D-96CD-4B83-8263-AF2430F8EF81} => C:\Program Files (x86)\Microsoft Office\Office\OUTLOOK.EXE
Task: {32DD5C95-3C09-47CB-9658-9E762A0B22FC} - System32\Tasks\Symantec\Norton Error Processor 5.2.2.3 => C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\SymErr.exe
Task: {4ABF3B11-7421-44BE-BC9B-D6BA1384F1BB} - System32\Tasks\{120B2854-CC5F-41B2-AF04-5734CA1FE379} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {4C88286E-ECDA-42F7-A066-EAEAD14F8AB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-10] (Google Inc.)
Task: {56658561-F04C-4303-BFA4-06049E44779C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {56828BAB-2C2F-476F-BE58-0CE627AB7F81} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-18] (SEC)
Task: {68F89948-D12A-40B8-B47F-A368D3ABBE99} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {6B445E90-629C-4119-B274-D231A97410B1} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
Task: {8118FAA4-9259-4804-85DE-690C643BBCE6} - System32\Tasks\APSchedulerC => C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: {94C7FB6E-2DA6-4092-B6CE-79E7EBE92020} - System32\Tasks\{1E9558FC-C4E5-407B-8ADA-F875BDEF1856} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: {983580BB-9787-4B7E-8CDA-B60A2708794C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {A8CCF143-7BF1-44D6-8064-DBCFD823C78E} - System32\Tasks\{D936ABD9-9D78-4739-AD12-8EED9128E551} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
Task: {A9C7A759-CCF3-4565-864A-EC7D5ED1C56A} - System32\Tasks\{A26780EF-909F-4DCC-B862-E9CBD6DA0114} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.105/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {AF0ECF4F-CCB4-477B-BF03-376865EFEEE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C011793D-4FB1-44CA-8058-FC6CAD89981F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {D9AD9109-3147-4F59-B0C8-DB4BAC3BCD5D} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {E0521E90-44FD-469D-8788-623FF4B52D99} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-18] (Samsung Electronics. Co. Ltd.)
Task: {E8C38CDC-EA28-4613-8F9E-5F500E0F0803} - System32\Tasks\{E61C7449-BF53-4D6C-AB19-CDAE38D39731} => C:\Program Files (x86)\Microsoft Office\Office\OUTLOOK.EXE
Task: {EB94BBCA-18BC-4815-9ACD-004F93E09E8E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-02 23:15 - 2006-08-11 23:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AntiSpywareService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IntuitUpdateService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ITMRTSVC => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: Rezip => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: VideoDownloadConverter_4zService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bill^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APLangApp => "C:\Program Files (x86)\AnyPC Client\APLangApp.exe"
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: ComcastAntispyClient => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: HP Software Update => "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: VideoDownloadConverter Home Page Guard 64 bit => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: VideoDownloadConverter Search Scope Monitor => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: VideoDownloadConverter_4z Browser Plugin Loader => C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2014 05:49:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2014 05:42:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2014 05:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SoftwareUpdate.exe, version: 2.1.3.127, time stamp: 0x4de6dd5a
Faulting module name: dhcpcsvc.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x00001b2d
Faulting process id: 0xacc
Faulting application start time: 0xSoftwareUpdate.exe0
Faulting application path: SoftwareUpdate.exe1
Faulting module path: SoftwareUpdate.exe2
Report Id: SoftwareUpdate.exe3

Error: (09/05/2014 05:32:11 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\7d4315d5-54c1-45aa-a726-e912275a7622.dmp

Error: (09/05/2014 05:24:51 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\df9d2e20-5396-4b22-86c4-f64085ed5e92.dmp

Error: (09/05/2014 05:24:51 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\17410964-9347-4dd8-a4bf-f0984a58a260.dmp

Error: (09/02/2014 03:42:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc60f
Faulting module name: dhcpcsvc.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x00001b2d
Faulting process id: 0xccc
Faulting application start time: 0xNOTEPAD.EXE0
Faulting application path: NOTEPAD.EXE1
Faulting module path: NOTEPAD.EXE2
Report Id: NOTEPAD.EXE3

Error: (09/02/2014 03:42:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc60f
Faulting module name: dhcpcsvc.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x00001b2d
Faulting process id: 0xcdc
Faulting application start time: 0xNOTEPAD.EXE0
Faulting application path: NOTEPAD.EXE1
Faulting module path: NOTEPAD.EXE2
Report Id: NOTEPAD.EXE3

Error: (09/02/2014 03:39:35 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\e8ce3120-f281-4c39-801a-c4e815834ee5.dmp

Error: (09/02/2014 03:39:28 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\d210023e-7f86-4f40-9f6e-5bad6c62c311.dmp

System errors:
=============
Error: (09/05/2014 05:31:09 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer YOUR-4F1261A8E5
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7973623-B1FB-435C-A392-FCF38A07472E}.
The master browser is stopping or an election is being forced.

Error: (09/05/2014 05:25:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (09/05/2014 05:23:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (09/05/2014 05:23:18 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (08/26/2014 04:49:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/26/2014 04:48:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 81 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 10:39:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 10:39:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/20/2014 10:21:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/14/2014 11:19:36 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 102 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/08/2014 07:25:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/08/2014 07:21:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/07/2014 06:51:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 313 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (08/05/2014 01:04:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 103 seconds with 60 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 33%
Total physical RAM: 3956.55 MB
Available physical RAM: 2613.72 MB
Total Pagefile: 7911.28 MB
Available Pagefile: 6525.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:30.12 GB) NTFS
Drive d: () (Fixed) (Total:350.66 GB) (Free:338.96 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:11.14 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8C4416FD)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=350.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

MiniTool Box Log:

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Bill (administrator) on 05-09-2014 at 17:53:34
Running from "F:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Bill-PC
   Primary Dns Suffix  . . . . . . . :

Pinging google.com [173.194.43.33] with 32 bytes of data:
Reply from 173.194.43.33: bytes=32 time=40ms TTL=54
Reply from 173.194.43.33: bytes=32 time=41ms TTL=54

Ping statistics for 173.194.43.33:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 41ms, Average = 40ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=51ms TTL=51
Reply from 98.139.183.24: bytes=32 time=52ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 51ms, Maximum = 52ms, Average = 51ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/05/2014 05:55:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: ROUTE.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc964
Faulting module name: dhcpcsvc.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x00001b2d
Faulting process id: 0x838
Faulting application start time: 0xROUTE.EXE0
Faulting application path: ROUTE.EXE1
Faulting module path: ROUTE.EXE2
Report Id: ROUTE.EXE3

Error: (09/05/2014 05:54:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: nslookup.exe, version: 6.1.7601.17514, time stamp: 0x4ce79620
Faulting module name: dhcpcsvc.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x00001b2d
Faulting process id: 0x9e8
Faulting application start time: 0xnslookup.exe0
Faulting application path: nslookup.exe1
Faulting module path: nslookup.exe2
Report Id: nslookup.exe3

Error: (09/05/2014 05:54:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: nslookup.exe, version: 6.1.7601.17514, time stamp: 0x4ce79620
Faulting module name: dhcpcsvc.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x00001b2d
Faulting process id: 0xbbc
Faulting application start time: 0xnslookup.exe0
Faulting application path: nslookup.exe1
Faulting module path: nslookup.exe2
Report Id: nslookup.exe3

Error: (09/05/2014 05:53:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: ipconfig.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc96a
Faulting module name: dhcpcsvc.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x00001b2d
Faulting process id: 0xfa4
Faulting application start time: 0xipconfig.exe0
Faulting application path: ipconfig.exe1
Faulting module path: ipconfig.exe2
Report Id: ipconfig.exe3

Error: (09/05/2014 05:49:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2014 05:42:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2014 05:33:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: SoftwareUpdate.exe, version: 2.1.3.127, time stamp: 0x4de6dd5a
Faulting module name: dhcpcsvc.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bd9b5
Exception code: 0xc0000005
Fault offset: 0x00001b2d
Faulting process id: 0xacc
Faulting application start time: 0xSoftwareUpdate.exe0
Faulting application path: SoftwareUpdate.exe1
Faulting module path: SoftwareUpdate.exe2
Report Id: SoftwareUpdate.exe3

Error: (09/05/2014 05:32:11 PM) (Source: Google Update) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\7d4315d5-54c1-45aa-a726-e912275a7622.dmp

Error: (09/05/2014 05:24:51 PM) (Source: Google Update) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\df9d2e20-5396-4b22-86c4-f64085ed5e92.dmp

Error: (09/05/2014 05:24:51 PM) (Source: Google Update) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\17410964-9347-4dd8-a4bf-f0984a58a260.dmp

System errors:
=============
Error: (09/05/2014 05:31:09 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer YOUR-4F1261A8E5
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F7973623-B1FB-435C-A392-FCF38A07472E}.
The master browser is stopping or an election is being forced.

Error: (09/05/2014 05:25:46 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (09/05/2014 05:23:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (09/05/2014 05:23:18 PM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2014 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (08/26/2014 04:49:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/26/2014 04:48:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 81 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 10:39:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 10:39:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/20/2014 10:21:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/14/2014 11:19:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 102 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/08/2014 07:25:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/08/2014 07:21:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/07/2014 06:51:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 313 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (08/05/2014 01:04:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 103 seconds with 60 seconds of active time.  This session ended with a crash.

========================= Devices: ================================

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

In running the MiniToolBox got the following messages:

IP Configuration Utility has stopped working. Close program.

nslookup has stopped working. Close program. 2 messages.

TCP/IP route command has stopped working.  Close program.

 

Farbar Service Scanner log:

Farbar Service Scanner Version: 21-07-2014
Ran by Bill (administrator) on 05-09-2014 at 17:57:05
Running from "F:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ***

 

Not sure how to attache the System Summary Zip file.

 

Hope the info helps!

 

Bill



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 05 September 2014 - 06:27 PM

Greetings Bill,

I need you to move FRST.exe onto your desktop otherwise the below fix won't work. When necessary, download programs from a clean computer onto a USB device and transfer it to the desktop of your infected computer.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
S2 BrPar; \SystemRoot\System32\drivers\BrPar.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
C:\Users\Bill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqujze8.dll
C:\Users\Bill\AppData\Local\Temp\Quarantine.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are done with your message and hit Reply the file will automatically be attached to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log

Edited by Oh My!, 05 September 2014 - 06:29 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 billmo

billmo
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 05 September 2014 - 09:36 PM

Hi Gary.

Here's the Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Bill at 2014-09-05 22:18:41 Run:1
Running from C:\Users\Bill\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
S2 BrPar; \SystemRoot\System32\drivers\BrPar.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
C:\Users\Bill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqujze8.dll
C:\Users\Bill\AppData\Local\Temp\Quarantine.exe
*****************

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\gcf" => Key deleted successfully.
"HKCR\CLSID\{9875BFAF-B04D-445E-8A69-BE36838CDE3E}" => Key not found.
"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully.
"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.
BrPar => Service deleted successfully.
Ser2pl => Service deleted successfully.
C:\Users\Bill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqujze8.dll => Moved successfully.
C:\Users\Bill\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

 

Tried to run RogueKiller from the desktop but no luck.  Renamed to winlogon.exe and winlogon.com but blocked.  Will try in safe mode.

 

Also attached the System Summary file.

 

Thanks,

Bill

Attached Files



#8 billmo

billmo
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2014 - 01:05 PM

Gary,

Not sure if this helps but can access some software when in safe mode, Adobe Reader for saved documents and Tax Wise for tax returns. If I go to safe mode with networking or normal windows get the same message that software has stopped working and close program.

Bill

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 06 September 2014 - 01:30 PM

Hi Bill,

Thanks for the information and your patience. Please attempt to run this and if necessary try it in Safe Mode.

===================================================

Run TDSSKiller by Kaspersky on Windows 8/7/Vista

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 billmo

billmo
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2014 - 01:59 PM

Gary,

 

Tried TDSSKiller in normal mode but after starting scan got message that software had stopped working and close program.  Ran it again in Safe Mode and completed scan with no threats found.

 

Here is the log:

14:46:55.0573 0x0568  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
14:46:59.0645 0x0568  ============================================================
14:46:59.0645 0x0568  Current date / time: 2014/09/06 14:46:59.0645
14:46:59.0645 0x0568  SystemInfo:
14:46:59.0645 0x0568 
14:46:59.0645 0x0568  OS Version: 6.1.7601 ServicePack: 1.0
14:46:59.0645 0x0568  Product type: Workstation
14:46:59.0645 0x0568  ComputerName: BILL-PC
14:46:59.0645 0x0568  UserName: Bill
14:46:59.0645 0x0568  Windows directory: C:\windows
14:46:59.0645 0x0568  System windows directory: C:\windows
14:46:59.0645 0x0568  Running under WOW64
14:46:59.0645 0x0568  Processor architecture: Intel x64
14:46:59.0645 0x0568  Number of processors: 4
14:46:59.0645 0x0568  Page size: 0x1000
14:46:59.0645 0x0568  Boot type: Safe boot
14:46:59.0645 0x0568  ============================================================
14:47:00.0004 0x0568  KLMD registered as C:\windows\system32\drivers\00202480.sys
14:47:00.0706 0x0568  System UUID: {A3AF6672-3A95-A8B2-0B24-A586D8CE3739}
14:47:01.0127 0x0568  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:47:01.0127 0x0568  ============================================================
14:47:01.0127 0x0568  \Device\Harddisk0\DR0:
14:47:01.0127 0x0568  MBR partitions:
14:47:01.0127 0x0568  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
14:47:01.0127 0x0568  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xC800000
14:47:01.0127 0x0568  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE632800, BlocksNum 0x2BD52800
14:47:01.0127 0x0568  ============================================================
14:47:01.0174 0x0568  C: <-> \Device\Harddisk0\DR0\Partition2
14:47:01.0205 0x0568  D: <-> \Device\Harddisk0\DR0\Partition3
14:47:01.0205 0x0568  ============================================================
14:47:01.0205 0x0568  Initialize success
14:47:01.0205 0x0568  ============================================================
14:47:03.0872 0x05a0  ============================================================
14:47:03.0872 0x05a0  Scan started
14:47:03.0872 0x05a0  Mode: Manual;
14:47:03.0872 0x05a0  ============================================================
14:47:03.0872 0x05a0  KSN ping started
14:47:04.0122 0x05a0  KSN ping finished: false
14:47:04.0746 0x05a0  ================ Scan system memory ========================
14:47:04.0746 0x05a0  System memory - ok
14:47:04.0746 0x05a0  ================ Scan services =============================
14:47:05.0089 0x05a0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
14:47:05.0089 0x05a0  1394ohci - ok
14:47:05.0152 0x05a0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
14:47:05.0167 0x05a0  ACPI - ok
14:47:05.0214 0x05a0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
14:47:05.0214 0x05a0  AcpiPmi - ok
14:47:05.0370 0x05a0  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:47:05.0370 0x05a0  AdobeARMservice - ok
14:47:05.0526 0x05a0  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:47:05.0542 0x05a0  AdobeFlashPlayerUpdateSvc - ok
14:47:05.0604 0x05a0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
14:47:05.0620 0x05a0  adp94xx - ok
14:47:05.0666 0x05a0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
14:47:05.0666 0x05a0  adpahci - ok
14:47:05.0713 0x05a0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
14:47:05.0713 0x05a0  adpu320 - ok
14:47:05.0744 0x05a0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
14:47:05.0760 0x05a0  AeLookupSvc - ok
14:47:05.0807 0x05a0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
14:47:05.0822 0x05a0  AFD - ok
14:47:05.0854 0x05a0  AFS - ok
14:47:05.0900 0x05a0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
14:47:05.0900 0x05a0  agp440 - ok
14:47:05.0932 0x05a0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
14:47:05.0932 0x05a0  ALG - ok
14:47:05.0994 0x05a0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
14:47:06.0010 0x05a0  aliide - ok
14:47:06.0041 0x05a0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
14:47:06.0041 0x05a0  amdide - ok
14:47:06.0088 0x05a0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
14:47:06.0088 0x05a0  AmdK8 - ok
14:47:06.0103 0x05a0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
14:47:06.0119 0x05a0  AmdPPM - ok
14:47:06.0150 0x05a0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
14:47:06.0166 0x05a0  amdsata - ok
14:47:06.0228 0x05a0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
14:47:06.0228 0x05a0  amdsbs - ok
14:47:06.0244 0x05a0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
14:47:06.0244 0x05a0  amdxata - ok
14:47:06.0306 0x05a0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
14:47:06.0306 0x05a0  AppID - ok
14:47:06.0353 0x05a0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
14:47:06.0353 0x05a0  AppIDSvc - ok
14:47:06.0400 0x05a0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
14:47:06.0400 0x05a0  Appinfo - ok
14:47:06.0571 0x05a0  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:47:06.0680 0x05a0  Apple Mobile Device - ok
14:47:06.0712 0x05a0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
14:47:06.0712 0x05a0  arc - ok
14:47:06.0727 0x05a0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
14:47:06.0727 0x05a0  arcsas - ok
14:47:06.0930 0x05a0  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:47:07.0039 0x05a0  aspnet_state - ok
14:47:07.0070 0x05a0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
14:47:07.0070 0x05a0  AsyncMac - ok
14:47:07.0117 0x05a0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
14:47:07.0117 0x05a0  atapi - ok
14:47:07.0242 0x05a0  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
14:47:07.0336 0x05a0  athr - ok
14:47:07.0445 0x05a0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:47:07.0460 0x05a0  AudioEndpointBuilder - ok
14:47:07.0476 0x05a0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
14:47:07.0492 0x05a0  AudioSrv - ok
14:47:07.0538 0x05a0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
14:47:07.0554 0x05a0  AxInstSV - ok
14:47:07.0601 0x05a0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
14:47:07.0601 0x05a0  b06bdrv - ok
14:47:07.0632 0x05a0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
14:47:07.0648 0x05a0  b57nd60a - ok
14:47:07.0694 0x05a0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
14:47:07.0694 0x05a0  BDESVC - ok
14:47:07.0710 0x05a0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
14:47:07.0710 0x05a0  Beep - ok
14:47:07.0804 0x05a0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
14:47:07.0819 0x05a0  BFE - ok
14:47:07.0866 0x05a0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
14:47:07.0882 0x05a0  BITS - ok
14:47:07.0913 0x05a0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
14:47:07.0913 0x05a0  blbdrive - ok
14:47:08.0069 0x05a0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:47:08.0084 0x05a0  Bonjour Service - ok
14:47:08.0147 0x05a0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
14:47:08.0147 0x05a0  bowser - ok
14:47:08.0178 0x05a0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
14:47:08.0178 0x05a0  BrFiltLo - ok
14:47:08.0225 0x05a0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
14:47:08.0225 0x05a0  BrFiltUp - ok
14:47:08.0256 0x05a0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
14:47:08.0256 0x05a0  Browser - ok
14:47:08.0287 0x05a0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
14:47:08.0303 0x05a0  Brserid - ok
14:47:08.0318 0x05a0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
14:47:08.0334 0x05a0  BrSerWdm - ok
14:47:08.0365 0x05a0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
14:47:08.0381 0x05a0  BrUsbMdm - ok
14:47:08.0396 0x05a0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
14:47:08.0396 0x05a0  BrUsbSer - ok
14:47:08.0459 0x05a0  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
14:47:08.0459 0x05a0  BthEnum - ok
14:47:08.0490 0x05a0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
14:47:08.0490 0x05a0  BTHMODEM - ok
14:47:08.0537 0x05a0  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
14:47:08.0537 0x05a0  BthPan - ok
14:47:08.0630 0x05a0  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
14:47:08.0646 0x05a0  BTHPORT - ok
14:47:08.0693 0x05a0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
14:47:08.0693 0x05a0  bthserv - ok
14:47:08.0740 0x05a0  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
14:47:08.0740 0x05a0  BTHUSB - ok
14:47:08.0786 0x05a0  [ 6E04458E98DAF28826482E41A7A62DF5, 995B371E7384CC05D3A0B462B31A3EA56D8715A93D15B45DB3A78C7F7CF13A40 ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
14:47:08.0802 0x05a0  btusbflt - ok
14:47:08.0818 0x05a0  [ AF838D8029AE7C27470862D63FA54D24, 96247094D2446CEE594AD765B98DE8583762A96FE83223CB18B4CDB3A4958376 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
14:47:08.0833 0x05a0  btwaudio - ok
14:47:08.0864 0x05a0  [ 5C849BD7C78791C5CEE9F4651D7FE38D, BC93A1B911FB4A44EC4DB64AF9AFC6F2013CD76BFB6FA9E4834CFDAAAF4BCD9F ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
14:47:08.0864 0x05a0  btwavdt - ok
14:47:08.0942 0x05a0  [ DCF8D8F1F87743509D9C0207CB28637D, A1867ECBF0B0A6BE15090BF7A70E38BB6D07973C368CBB678AF796E83687E3DE ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:47:08.0974 0x05a0  btwdins - ok
14:47:09.0036 0x05a0  [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
14:47:09.0036 0x05a0  btwl2cap - ok
14:47:09.0067 0x05a0  [ 3E1991AFA851A36DC978B0A1B0535C8B, F55F7FDDD2A71532F163E4F14B26A09DCDB7C970E806D803418D4CE0DFF09FB6 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
14:47:09.0067 0x05a0  btwrchid - ok
14:47:09.0083 0x05a0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
14:47:09.0098 0x05a0  cdfs - ok
14:47:09.0161 0x05a0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
14:47:09.0161 0x05a0  cdrom - ok
14:47:09.0223 0x05a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
14:47:09.0239 0x05a0  CertPropSvc - ok
14:47:09.0254 0x05a0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
14:47:09.0254 0x05a0  circlass - ok
14:47:09.0348 0x05a0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
14:47:09.0364 0x05a0  CLFS - ok
14:47:09.0426 0x05a0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:47:09.0426 0x05a0  clr_optimization_v2.0.50727_32 - ok
14:47:09.0488 0x05a0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:47:09.0504 0x05a0  clr_optimization_v2.0.50727_64 - ok
14:47:09.0629 0x05a0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:47:09.0832 0x05a0  clr_optimization_v4.0.30319_32 - ok
14:47:09.0894 0x05a0  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:47:10.0019 0x05a0  clr_optimization_v4.0.30319_64 - ok
14:47:10.0050 0x05a0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
14:47:10.0050 0x05a0  CmBatt - ok
14:47:10.0097 0x05a0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
14:47:10.0112 0x05a0  cmdide - ok
14:47:10.0144 0x05a0  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
14:47:10.0159 0x05a0  CNG - ok
14:47:10.0206 0x05a0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
14:47:10.0206 0x05a0  Compbatt - ok
14:47:10.0284 0x05a0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
14:47:10.0284 0x05a0  CompositeBus - ok
14:47:10.0300 0x05a0  COMSysApp - ok
14:47:10.0346 0x05a0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
14:47:10.0346 0x05a0  crcdisk - ok
14:47:10.0393 0x05a0  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
14:47:10.0393 0x05a0  CryptSvc - ok
14:47:10.0471 0x05a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
14:47:10.0487 0x05a0  DcomLaunch - ok
14:47:10.0534 0x05a0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
14:47:10.0534 0x05a0  defragsvc - ok
14:47:10.0596 0x05a0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
14:47:10.0596 0x05a0  DfsC - ok
14:47:10.0658 0x05a0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
14:47:10.0674 0x05a0  Dhcp - ok
14:47:10.0705 0x05a0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
14:47:10.0705 0x05a0  discache - ok
14:47:10.0736 0x05a0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
14:47:10.0736 0x05a0  Disk - ok
14:47:10.0783 0x05a0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
14:47:10.0799 0x05a0  Dnscache - ok
14:47:10.0861 0x05a0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
14:47:10.0877 0x05a0  dot3svc - ok
14:47:10.0908 0x05a0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
14:47:10.0908 0x05a0  DPS - ok
14:47:10.0970 0x05a0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
14:47:10.0970 0x05a0  drmkaud - ok
14:47:11.0048 0x05a0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
14:47:11.0064 0x05a0  DXGKrnl - ok
14:47:11.0111 0x05a0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
14:47:11.0111 0x05a0  EapHost - ok
14:47:11.0282 0x05a0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
14:47:11.0423 0x05a0  ebdrv - ok
14:47:11.0485 0x05a0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
14:47:11.0485 0x05a0  EFS - ok
14:47:11.0610 0x05a0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
14:47:11.0641 0x05a0  ehRecvr - ok
14:47:11.0688 0x05a0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
14:47:11.0688 0x05a0  ehSched - ok
14:47:11.0735 0x05a0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
14:47:11.0750 0x05a0  elxstor - ok
14:47:11.0782 0x05a0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
14:47:11.0797 0x05a0  ErrDev - ok
14:47:11.0844 0x05a0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
14:47:11.0860 0x05a0  EventSystem - ok
14:47:11.0875 0x05a0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
14:47:11.0875 0x05a0  exfat - ok
14:47:11.0906 0x05a0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
14:47:11.0922 0x05a0  fastfat - ok
14:47:11.0984 0x05a0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
14:47:12.0000 0x05a0  Fax - ok
14:47:12.0031 0x05a0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
14:47:12.0031 0x05a0  fdc - ok
14:47:12.0062 0x05a0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
14:47:12.0062 0x05a0  fdPHost - ok
14:47:12.0078 0x05a0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
14:47:12.0078 0x05a0  FDResPub - ok
14:47:12.0109 0x05a0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
14:47:12.0109 0x05a0  FileInfo - ok
14:47:12.0125 0x05a0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
14:47:12.0125 0x05a0  Filetrace - ok
14:47:12.0156 0x05a0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
14:47:12.0156 0x05a0  flpydisk - ok
14:47:12.0218 0x05a0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
14:47:12.0234 0x05a0  FltMgr - ok
14:47:12.0328 0x05a0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
14:47:12.0359 0x05a0  FontCache - ok
14:47:12.0437 0x05a0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:47:12.0437 0x05a0  FontCache3.0.0.0 - ok
14:47:12.0484 0x05a0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
14:47:12.0484 0x05a0  FsDepends - ok
14:47:12.0546 0x05a0  [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
14:47:12.0546 0x05a0  fssfltr - ok
14:47:12.0764 0x05a0  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:47:12.0827 0x05a0  fsssvc - ok
14:47:12.0858 0x05a0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
14:47:12.0858 0x05a0  Fs_Rec - ok
14:47:12.0905 0x05a0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
14:47:12.0905 0x05a0  fvevol - ok
14:47:12.0936 0x05a0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
14:47:12.0936 0x05a0  gagp30kx - ok
14:47:12.0983 0x05a0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:12.0983 0x05a0  GEARAspiWDM - ok
14:47:13.0030 0x05a0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
14:47:13.0045 0x05a0  gpsvc - ok
14:47:13.0154 0x05a0  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:47:13.0154 0x05a0  gupdate - ok
14:47:13.0232 0x05a0  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:47:13.0232 0x05a0  gupdatem - ok
14:47:13.0326 0x05a0  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:47:13.0326 0x05a0  gusvc - ok
14:47:13.0357 0x05a0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
14:47:13.0357 0x05a0  hcw85cir - ok
14:47:13.0404 0x05a0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:47:13.0420 0x05a0  HdAudAddService - ok
14:47:13.0451 0x05a0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
14:47:13.0451 0x05a0  HDAudBus - ok
14:47:13.0498 0x05a0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
14:47:13.0498 0x05a0  HidBatt - ok
14:47:13.0529 0x05a0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
14:47:13.0529 0x05a0  HidBth - ok
14:47:13.0544 0x05a0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
14:47:13.0560 0x05a0  HidIr - ok
14:47:13.0591 0x05a0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
14:47:13.0591 0x05a0  hidserv - ok
14:47:13.0654 0x05a0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
14:47:13.0654 0x05a0  HidUsb - ok
14:47:13.0700 0x05a0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
14:47:13.0700 0x05a0  hkmsvc - ok
14:47:13.0747 0x05a0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:47:13.0747 0x05a0  HomeGroupListener - ok
14:47:13.0794 0x05a0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:47:13.0810 0x05a0  HomeGroupProvider - ok
14:47:13.0841 0x05a0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
14:47:13.0841 0x05a0  HpSAMD - ok
14:47:13.0919 0x05a0  HPSLPSVC - ok
14:47:14.0012 0x05a0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
14:47:14.0028 0x05a0  HTTP - ok
14:47:14.0059 0x05a0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
14:47:14.0059 0x05a0  hwpolicy - ok
14:47:14.0122 0x05a0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
14:47:14.0122 0x05a0  i8042prt - ok
14:47:14.0184 0x05a0  [ 073A606333B6F7BBF20AA856DF7F0997, 513927CA430511A5B95F6CBE5FBD20F8C2202B609F88C4526C174A4FF7F761FC ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
14:47:14.0184 0x05a0  iaStor - ok
14:47:14.0262 0x05a0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
14:47:14.0278 0x05a0  iaStorV - ok
14:47:14.0387 0x05a0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:47:14.0465 0x05a0  idsvc - ok
14:47:14.0496 0x05a0  IEEtwCollectorService - ok
14:47:14.0792 0x05a0  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
14:47:15.0042 0x05a0  igfx - ok
14:47:15.0073 0x05a0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
14:47:15.0073 0x05a0  iirsp - ok
14:47:15.0182 0x05a0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
14:47:15.0214 0x05a0  IKEEXT - ok
14:47:15.0260 0x05a0  [ 42AB9EB7A48B173F32743FBBB4B85626, 297A0A540836CFB3CF9B2C8CE9E6F1592489B4ED0D334D7432C5B4226EFAAE7D ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
14:47:15.0260 0x05a0  Impcd - ok
14:47:15.0401 0x05a0  [ 801946CE25DD2179FE68599826B0BB88, 4C9D10303DF1EC005693DD28220A9C5B87DD32244112BA1F09D8AD0CF7D311DC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
14:47:15.0479 0x05a0  IntcAzAudAddService - ok
14:47:15.0510 0x05a0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
14:47:15.0510 0x05a0  intelide - ok
14:47:15.0557 0x05a0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
14:47:15.0557 0x05a0  intelppm - ok
14:47:15.0713 0x05a0  [ 3DC635B66DD7412E1C9C3A77B8D78F25, D3894065DA2D08744863ECC5EE9027A0E39711A6A56AAB599F1CAF4BB996F42A ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
14:47:15.0713 0x05a0  IntuitUpdateService - ok
14:47:15.0744 0x05a0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
14:47:15.0744 0x05a0  IPBusEnum - ok
14:47:15.0806 0x05a0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
14:47:15.0806 0x05a0  IpFilterDriver - ok
14:47:15.0853 0x05a0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
14:47:15.0869 0x05a0  iphlpsvc - ok
14:47:15.0916 0x05a0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
14:47:15.0916 0x05a0  IPMIDRV - ok
14:47:15.0947 0x05a0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
14:47:15.0947 0x05a0  IPNAT - ok
14:47:16.0087 0x05a0  [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:47:16.0165 0x05a0  iPod Service - ok
14:47:16.0196 0x05a0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
14:47:16.0196 0x05a0  IRENUM - ok
14:47:16.0228 0x05a0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
14:47:16.0228 0x05a0  isapnp - ok
14:47:16.0259 0x05a0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
14:47:16.0259 0x05a0  iScsiPrt - ok
14:47:16.0337 0x05a0  [ 54F694C6CD3A1149BA3A8BDACC83BADC, 2CB02C1EFE0F625BA346546452874491D2DEB4CE982BC647759822F7AB455C95 ] ITMRTSVC        C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
14:47:16.0368 0x05a0  ITMRTSVC - ok
14:47:16.0399 0x05a0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
14:47:16.0399 0x05a0  kbdclass - ok
14:47:16.0446 0x05a0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
14:47:16.0446 0x05a0  kbdhid - ok
14:47:16.0477 0x05a0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
14:47:16.0493 0x05a0  KeyIso - ok
14:47:16.0493 0x05a0  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
14:47:16.0493 0x05a0  KSecDD - ok
14:47:16.0524 0x05a0  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
14:47:16.0524 0x05a0  KSecPkg - ok
14:47:16.0555 0x05a0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
14:47:16.0555 0x05a0  ksthunk - ok
14:47:16.0586 0x05a0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
14:47:16.0602 0x05a0  KtmRm - ok
14:47:16.0664 0x05a0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
14:47:16.0664 0x05a0  LanmanServer - ok
14:47:16.0696 0x05a0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:47:16.0711 0x05a0  LanmanWorkstation - ok
14:47:16.0742 0x05a0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
14:47:16.0742 0x05a0  lltdio - ok
14:47:16.0789 0x05a0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
14:47:16.0789 0x05a0  lltdsvc - ok
14:47:16.0805 0x05a0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
14:47:16.0805 0x05a0  lmhosts - ok
14:47:16.0852 0x05a0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
14:47:16.0867 0x05a0  LSI_FC - ok
14:47:16.0883 0x05a0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
14:47:16.0883 0x05a0  LSI_SAS - ok
14:47:16.0930 0x05a0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
14:47:16.0930 0x05a0  LSI_SAS2 - ok
14:47:16.0945 0x05a0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
14:47:16.0945 0x05a0  LSI_SCSI - ok
14:47:16.0992 0x05a0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
14:47:17.0008 0x05a0  luafv - ok
14:47:17.0070 0x05a0  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\windows\system32\drivers\MBAMSwissArmy.sys
14:47:17.0070 0x05a0  MBAMSwissArmy - ok
14:47:17.0117 0x05a0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
14:47:17.0132 0x05a0  Mcx2Svc - ok
14:47:17.0132 0x05a0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
14:47:17.0148 0x05a0  megasas - ok
14:47:17.0195 0x05a0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
14:47:17.0210 0x05a0  MegaSR - ok
14:47:17.0242 0x05a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
14:47:17.0242 0x05a0  MMCSS - ok
14:47:17.0257 0x05a0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
14:47:17.0257 0x05a0  Modem - ok
14:47:17.0288 0x05a0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
14:47:17.0288 0x05a0  monitor - ok
14:47:17.0335 0x05a0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
14:47:17.0335 0x05a0  mouclass - ok
14:47:17.0366 0x05a0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
14:47:17.0366 0x05a0  mouhid - ok
14:47:17.0398 0x05a0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
14:47:17.0413 0x05a0  mountmgr - ok
14:47:17.0444 0x05a0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
14:47:17.0444 0x05a0  mpio - ok
14:47:17.0491 0x05a0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
14:47:17.0491 0x05a0  mpsdrv - ok
14:47:17.0554 0x05a0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
14:47:17.0569 0x05a0  MpsSvc - ok
14:47:17.0616 0x05a0  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
14:47:17.0616 0x05a0  MRxDAV - ok
14:47:17.0663 0x05a0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
14:47:17.0663 0x05a0  mrxsmb - ok
14:47:17.0725 0x05a0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
14:47:17.0741 0x05a0  mrxsmb10 - ok
14:47:17.0788 0x05a0  [ 953F769F8D2AB6F854BEE5A5C7AACA6C, 0FA1EFBD684F5BC54EAAAE689703FA11BE6D1EF49A1159EA396425D57940ABC9 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
14:47:17.0788 0x05a0  mrxsmb20 - ok
14:47:17.0834 0x05a0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
14:47:17.0834 0x05a0  msahci - ok
14:47:17.0866 0x05a0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
14:47:17.0866 0x05a0  msdsm - ok
14:47:17.0881 0x05a0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
14:47:17.0881 0x05a0  MSDTC - ok
14:47:17.0928 0x05a0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
14:47:17.0928 0x05a0  Msfs - ok
14:47:17.0944 0x05a0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
14:47:17.0944 0x05a0  mshidkmdf - ok
14:47:17.0975 0x05a0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
14:47:17.0975 0x05a0  msisadrv - ok
14:47:18.0053 0x05a0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
14:47:18.0053 0x05a0  MSiSCSI - ok
14:47:18.0053 0x05a0  msiserver - ok
14:47:18.0100 0x05a0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
14:47:18.0100 0x05a0  MSKSSRV - ok
14:47:18.0115 0x05a0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
14:47:18.0115 0x05a0  MSPCLOCK - ok
14:47:18.0131 0x05a0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
14:47:18.0131 0x05a0  MSPQM - ok
14:47:18.0193 0x05a0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
14:47:18.0209 0x05a0  MsRPC - ok
14:47:18.0256 0x05a0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
14:47:18.0256 0x05a0  mssmbios - ok
14:47:18.0287 0x05a0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
14:47:18.0302 0x05a0  MSTEE - ok
14:47:18.0302 0x05a0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
14:47:18.0302 0x05a0  MTConfig - ok
14:47:18.0334 0x05a0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
14:47:18.0334 0x05a0  Mup - ok
14:47:18.0396 0x05a0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
14:47:18.0412 0x05a0  napagent - ok
14:47:18.0474 0x05a0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
14:47:18.0474 0x05a0  NativeWifiP - ok
14:47:18.0536 0x05a0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
14:47:18.0568 0x05a0  NDIS - ok
14:47:18.0599 0x05a0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
14:47:18.0599 0x05a0  NdisCap - ok
14:47:18.0614 0x05a0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
14:47:18.0614 0x05a0  NdisTapi - ok
14:47:18.0661 0x05a0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
14:47:18.0661 0x05a0  Ndisuio - ok
14:47:18.0708 0x05a0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
14:47:18.0708 0x05a0  NdisWan - ok
14:47:18.0755 0x05a0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
14:47:18.0770 0x05a0  NDProxy - ok
14:47:18.0817 0x05a0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
14:47:18.0817 0x05a0  NetBIOS - ok
14:47:18.0864 0x05a0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
14:47:18.0864 0x05a0  NetBT - ok
14:47:18.0880 0x05a0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
14:47:18.0880 0x05a0  Netlogon - ok
14:47:18.0942 0x05a0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
14:47:18.0958 0x05a0  Netman - ok
14:47:19.0067 0x05a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:47:19.0082 0x05a0  NetMsmqActivator - ok
14:47:19.0098 0x05a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:47:19.0114 0x05a0  NetPipeActivator - ok
14:47:19.0145 0x05a0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
14:47:19.0160 0x05a0  netprofm - ok
14:47:19.0207 0x05a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:47:19.0207 0x05a0  NetTcpActivator - ok
14:47:19.0223 0x05a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:47:19.0223 0x05a0  NetTcpPortSharing - ok
14:47:19.0254 0x05a0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
14:47:19.0254 0x05a0  nfrd960 - ok
14:47:19.0285 0x05a0  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
14:47:19.0285 0x05a0  NlaSvc - ok
14:47:19.0332 0x05a0  [ 2AA8A3CC6C7CFE5F1EF82A3D25D9D435, CDE468D278794AA66D951F22504951A57440CE869B2F8CDD2A69B506D3A0165B ] nlem64nt        C:\windows\system32\drivers\nlem64nt.sys
14:47:19.0348 0x05a0  nlem64nt - ok
14:47:19.0363 0x05a0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
14:47:19.0363 0x05a0  Npfs - ok
14:47:19.0394 0x05a0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
14:47:19.0394 0x05a0  nsi - ok
14:47:19.0441 0x05a0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
14:47:19.0441 0x05a0  nsiproxy - ok
14:47:19.0628 0x05a0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
14:47:19.0691 0x05a0  Ntfs - ok
14:47:19.0722 0x05a0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
14:47:19.0722 0x05a0  Null - ok
14:47:19.0769 0x05a0  [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
14:47:19.0769 0x05a0  NVHDA - ok
14:47:20.0377 0x05a0  [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
14:47:20.0752 0x05a0  nvlddmkm - ok
14:47:20.0783 0x05a0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
14:47:20.0798 0x05a0  nvraid - ok
14:47:20.0830 0x05a0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
14:47:20.0830 0x05a0  nvstor - ok
14:47:20.0923 0x05a0  [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc           C:\windows\system32\nvvsvc.exe
14:47:20.0939 0x05a0  nvsvc - ok
14:47:21.0032 0x05a0  [ C63E582366EAD77978BFFD959A66DBB8, BBAC11300AFED29291A08EEC8A740DA67C8C003AF89D06F9E0671CCF0E7908A0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:47:21.0064 0x05a0  nvUpdatusService - ok
14:47:21.0095 0x05a0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
14:47:21.0110 0x05a0  nv_agp - ok
14:47:21.0220 0x05a0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:47:21.0235 0x05a0  odserv - ok
14:47:21.0266 0x05a0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
14:47:21.0282 0x05a0  ohci1394 - ok
14:47:21.0344 0x05a0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:47:21.0344 0x05a0  ose - ok
14:47:21.0376 0x05a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
14:47:21.0391 0x05a0  p2pimsvc - ok
14:47:21.0438 0x05a0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
14:47:21.0454 0x05a0  p2psvc - ok
14:47:21.0500 0x05a0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
14:47:21.0500 0x05a0  Parport - ok
14:47:21.0563 0x05a0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
14:47:21.0563 0x05a0  partmgr - ok
14:47:21.0594 0x05a0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
14:47:21.0610 0x05a0  PcaSvc - ok
14:47:21.0641 0x05a0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
14:47:21.0656 0x05a0  pci - ok
14:47:21.0688 0x05a0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
14:47:21.0688 0x05a0  pciide - ok
14:47:21.0719 0x05a0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
14:47:21.0734 0x05a0  pcmcia - ok
14:47:21.0750 0x05a0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
14:47:21.0750 0x05a0  pcw - ok
14:47:21.0781 0x05a0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
14:47:21.0797 0x05a0  PEAUTH - ok
14:47:21.0859 0x05a0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
14:47:21.0859 0x05a0  PerfHost - ok
14:47:21.0968 0x05a0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
14:47:22.0000 0x05a0  pla - ok
14:47:22.0062 0x05a0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
14:47:22.0078 0x05a0  PlugPlay - ok
14:47:22.0093 0x05a0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
14:47:22.0109 0x05a0  PNRPAutoReg - ok
14:47:22.0140 0x05a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
14:47:22.0140 0x05a0  PNRPsvc - ok
14:47:22.0202 0x05a0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
14:47:22.0218 0x05a0  PolicyAgent - ok
14:47:22.0249 0x05a0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
14:47:22.0249 0x05a0  Power - ok
14:47:22.0312 0x05a0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
14:47:22.0312 0x05a0  PptpMiniport - ok
14:47:22.0327 0x05a0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
14:47:22.0327 0x05a0  Processor - ok
14:47:22.0390 0x05a0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
14:47:22.0390 0x05a0  ProfSvc - ok
14:47:22.0405 0x05a0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
14:47:22.0405 0x05a0  ProtectedStorage - ok
14:47:22.0452 0x05a0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
14:47:22.0452 0x05a0  Psched - ok
14:47:22.0530 0x05a0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
14:47:22.0561 0x05a0  ql2300 - ok
14:47:22.0608 0x05a0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
14:47:22.0608 0x05a0  ql40xx - ok
14:47:22.0655 0x05a0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
14:47:22.0655 0x05a0  QWAVE - ok
14:47:22.0670 0x05a0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
14:47:22.0670 0x05a0  QWAVEdrv - ok
14:47:22.0686 0x05a0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
14:47:22.0686 0x05a0  RasAcd - ok
14:47:22.0733 0x05a0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
14:47:22.0733 0x05a0  RasAgileVpn - ok
14:47:22.0748 0x05a0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
14:47:22.0748 0x05a0  RasAuto - ok
14:47:22.0811 0x05a0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
14:47:22.0811 0x05a0  Rasl2tp - ok
14:47:22.0842 0x05a0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
14:47:22.0858 0x05a0  RasMan - ok
14:47:22.0889 0x05a0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
14:47:22.0889 0x05a0  RasPppoe - ok
14:47:22.0904 0x05a0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
14:47:22.0904 0x05a0  RasSstp - ok
14:47:22.0967 0x05a0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
14:47:22.0967 0x05a0  rdbss - ok
14:47:22.0998 0x05a0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
14:47:22.0998 0x05a0  rdpbus - ok
14:47:23.0014 0x05a0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
14:47:23.0014 0x05a0  RDPCDD - ok
14:47:23.0045 0x05a0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
14:47:23.0045 0x05a0  RDPENCDD - ok
14:47:23.0060 0x05a0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
14:47:23.0076 0x05a0  RDPREFMP - ok
14:47:23.0154 0x05a0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
14:47:23.0154 0x05a0  RdpVideoMiniport - ok
14:47:23.0201 0x05a0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
14:47:23.0201 0x05a0  RDPWD - ok
14:47:23.0248 0x05a0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
14:47:23.0263 0x05a0  rdyboost - ok
14:47:23.0294 0x05a0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
14:47:23.0294 0x05a0  RemoteAccess - ok
14:47:23.0326 0x05a0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
14:47:23.0326 0x05a0  RemoteRegistry - ok
14:47:23.0372 0x05a0  [ F85AE59A52885F4B09AADAFB23001A3B, CE722F19C0F916BC9EC1B7B28A479C71504190271B54B4B9ACA82922B484FEA0 ] Rezip           C:\windows\SysWOW64\Rezip.exe
14:47:23.0388 0x05a0  Rezip - ok
14:47:23.0435 0x05a0  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
14:47:23.0450 0x05a0  RFCOMM - ok
14:47:23.0575 0x05a0  [ 7CCAEBCAB6FC1ED0206C07E083E79207, 40BFA1BEDFF093652279494EDD397FC094794B76916C2681D0544D6793314DFE ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:47:23.0575 0x05a0  RichVideo - ok
14:47:23.0606 0x05a0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
14:47:23.0606 0x05a0  RpcEptMapper - ok
14:47:23.0638 0x05a0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
14:47:23.0638 0x05a0  RpcLocator - ok
14:47:23.0684 0x05a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
14:47:23.0700 0x05a0  RpcSs - ok
14:47:23.0731 0x05a0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
14:47:23.0731 0x05a0  rspndr - ok
14:47:23.0778 0x05a0  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
14:47:23.0778 0x05a0  RTL8167 - ok
14:47:23.0825 0x05a0  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
14:47:23.0825 0x05a0  SABI - ok
14:47:23.0840 0x05a0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
14:47:23.0840 0x05a0  SamSs - ok
14:47:23.0887 0x05a0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
14:47:23.0887 0x05a0  sbp2port - ok
14:47:23.0934 0x05a0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
14:47:23.0934 0x05a0  SCardSvr - ok
14:47:23.0965 0x05a0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
14:47:23.0965 0x05a0  scfilter - ok
14:47:24.0043 0x05a0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
14:47:24.0059 0x05a0  Schedule - ok
14:47:24.0121 0x05a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
14:47:24.0121 0x05a0  SCPolicySvc - ok
14:47:24.0152 0x05a0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
14:47:24.0152 0x05a0  SDRSVC - ok
14:47:24.0199 0x05a0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
14:47:24.0199 0x05a0  secdrv - ok
14:47:24.0246 0x05a0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
14:47:24.0246 0x05a0  seclogon - ok
14:47:24.0277 0x05a0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
14:47:24.0277 0x05a0  SENS - ok
14:47:24.0293 0x05a0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
14:47:24.0293 0x05a0  SensrSvc - ok
14:47:24.0340 0x05a0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
14:47:24.0340 0x05a0  Serenum - ok
14:47:24.0355 0x05a0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
14:47:24.0371 0x05a0  Serial - ok
14:47:24.0402 0x05a0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
14:47:24.0402 0x05a0  sermouse - ok
14:47:24.0480 0x05a0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
14:47:24.0480 0x05a0  SessionEnv - ok
14:47:24.0511 0x05a0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
14:47:24.0511 0x05a0  sffdisk - ok
14:47:24.0527 0x05a0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
14:47:24.0527 0x05a0  sffp_mmc - ok
14:47:24.0542 0x05a0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
14:47:24.0542 0x05a0  sffp_sd - ok
14:47:24.0589 0x05a0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
14:47:24.0589 0x05a0  sfloppy - ok
14:47:24.0636 0x05a0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
14:47:24.0636 0x05a0  SharedAccess - ok
14:47:24.0683 0x05a0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:47:24.0698 0x05a0  ShellHWDetection - ok
14:47:24.0714 0x05a0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
14:47:24.0714 0x05a0  SiSRaid2 - ok
14:47:24.0761 0x05a0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
14:47:24.0761 0x05a0  SiSRaid4 - ok
14:47:24.0839 0x05a0  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:47:24.0854 0x05a0  SkypeUpdate - ok
14:47:24.0886 0x05a0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
14:47:24.0886 0x05a0  Smb - ok
14:47:24.0932 0x05a0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
14:47:24.0948 0x05a0  SNMPTRAP - ok
14:47:24.0979 0x05a0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
14:47:24.0979 0x05a0  spldr - ok
14:47:25.0026 0x05a0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
14:47:25.0042 0x05a0  Spooler - ok
14:47:25.0198 0x05a0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
14:47:25.0322 0x05a0  sppsvc - ok
14:47:25.0354 0x05a0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
14:47:25.0354 0x05a0  sppuinotify - ok
14:47:25.0400 0x05a0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
14:47:25.0416 0x05a0  srv - ok
14:47:25.0447 0x05a0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
14:47:25.0463 0x05a0  srv2 - ok
14:47:25.0478 0x05a0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
14:47:25.0478 0x05a0  srvnet - ok
14:47:25.0525 0x05a0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
14:47:25.0525 0x05a0  SSDPSRV - ok
14:47:25.0541 0x05a0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
14:47:25.0541 0x05a0  SstpSvc - ok
14:47:25.0556 0x05a0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
14:47:25.0556 0x05a0  stexstor - ok
14:47:25.0619 0x05a0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
14:47:25.0634 0x05a0  stisvc - ok
14:47:25.0681 0x05a0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
14:47:25.0681 0x05a0  swenum - ok
14:47:25.0712 0x05a0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
14:47:25.0728 0x05a0  swprv - ok
14:47:25.0806 0x05a0  [ 2F827BB08CC7F1A17DF2EAD7B424D731, A4F58318A3439A734425C95A2ABC6D7A8B816BD8563DF272EBB5B7420A7D99BE ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
14:47:25.0806 0x05a0  SynTP - ok
14:47:25.0915 0x05a0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
14:47:25.0962 0x05a0  SysMain - ok
14:47:25.0993 0x05a0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
14:47:25.0993 0x05a0  TabletInputService - ok
14:47:26.0024 0x05a0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
14:47:26.0040 0x05a0  TapiSrv - ok
14:47:26.0071 0x05a0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
14:47:26.0071 0x05a0  TBS - ok
14:47:26.0180 0x05a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
14:47:26.0227 0x05a0  Tcpip - ok
14:47:26.0321 0x05a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
14:47:26.0352 0x05a0  TCPIP6 - ok
14:47:26.0399 0x05a0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
14:47:26.0399 0x05a0  tcpipreg - ok
14:47:26.0430 0x05a0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
14:47:26.0430 0x05a0  TDPIPE - ok
14:47:26.0461 0x05a0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
14:47:26.0461 0x05a0  TDTCP - ok
14:47:26.0508 0x05a0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
14:47:26.0508 0x05a0  tdx - ok
14:47:26.0524 0x05a0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
14:47:26.0524 0x05a0  TermDD - ok
14:47:26.0570 0x05a0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
14:47:26.0586 0x05a0  TermService - ok
14:47:26.0617 0x05a0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
14:47:26.0617 0x05a0  Themes - ok
14:47:26.0648 0x05a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
14:47:26.0664 0x05a0  THREADORDER - ok
14:47:26.0680 0x05a0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
14:47:26.0680 0x05a0  TrkWks - ok
14:47:26.0742 0x05a0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:47:26.0758 0x05a0  TrustedInstaller - ok
14:47:26.0804 0x05a0  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
14:47:26.0820 0x05a0  tssecsrv - ok
14:47:26.0851 0x05a0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
14:47:26.0851 0x05a0  TsUsbFlt - ok
14:47:26.0898 0x05a0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
14:47:26.0898 0x05a0  tunnel - ok
14:47:26.0929 0x05a0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
14:47:26.0945 0x05a0  uagp35 - ok
14:47:26.0992 0x05a0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
14:47:26.0992 0x05a0  udfs - ok
14:47:27.0023 0x05a0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
14:47:27.0023 0x05a0  UI0Detect - ok
14:47:27.0038 0x05a0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
14:47:27.0038 0x05a0  uliagpkx - ok
14:47:27.0101 0x05a0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\drivers\umbus.sys
14:47:27.0101 0x05a0  umbus - ok
14:47:27.0116 0x05a0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
14:47:27.0116 0x05a0  UmPass - ok
14:47:27.0163 0x05a0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
14:47:27.0163 0x05a0  upnphost - ok
14:47:27.0226 0x05a0  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
14:47:27.0226 0x05a0  USBAAPL64 - ok
14:47:27.0257 0x05a0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
14:47:27.0257 0x05a0  usbccgp - ok
14:47:27.0304 0x05a0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
14:47:27.0319 0x05a0  usbcir - ok
14:47:27.0350 0x05a0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
14:47:27.0350 0x05a0  usbehci - ok
14:47:27.0397 0x05a0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
14:47:27.0413 0x05a0  usbhub - ok
14:47:27.0444 0x05a0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
14:47:27.0444 0x05a0  usbohci - ok
14:47:27.0475 0x05a0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
14:47:27.0475 0x05a0  usbprint - ok
14:47:27.0522 0x05a0  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
14:47:27.0522 0x05a0  usbscan - ok
14:47:27.0538 0x05a0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
14:47:27.0553 0x05a0  USBSTOR - ok
14:47:27.0584 0x05a0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
14:47:27.0584 0x05a0  usbuhci - ok
14:47:27.0631 0x05a0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
14:47:27.0631 0x05a0  usbvideo - ok
14:47:27.0662 0x05a0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
14:47:27.0662 0x05a0  UxSms - ok
14:47:27.0678 0x05a0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
14:47:27.0678 0x05a0  VaultSvc - ok
14:47:27.0725 0x05a0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
14:47:27.0725 0x05a0  vdrvroot - ok
14:47:27.0772 0x05a0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
14:47:27.0787 0x05a0  vds - ok
14:47:27.0834 0x05a0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
14:47:27.0834 0x05a0  vga - ok
14:47:27.0850 0x05a0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
14:47:27.0850 0x05a0  VgaSave - ok
14:47:27.0896 0x05a0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
14:47:27.0896 0x05a0  vhdmp - ok
14:47:27.0943 0x05a0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
14:47:27.0943 0x05a0  viaide - ok
14:47:27.0974 0x05a0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
14:47:27.0990 0x05a0  volmgr - ok
14:47:28.0021 0x05a0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
14:47:28.0037 0x05a0  volmgrx - ok
14:47:28.0084 0x05a0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
14:47:28.0084 0x05a0  volsnap - ok
14:47:28.0115 0x05a0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
14:47:28.0115 0x05a0  vsmraid - ok
14:47:28.0208 0x05a0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
14:47:28.0240 0x05a0  VSS - ok
14:47:28.0271 0x05a0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
14:47:28.0271 0x05a0  vwifibus - ok
14:47:28.0302 0x05a0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
14:47:28.0302 0x05a0  vwififlt - ok
14:47:28.0349 0x05a0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
14:47:28.0349 0x05a0  vwifimp - ok
14:47:28.0380 0x05a0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
14:47:28.0396 0x05a0  W32Time - ok
14:47:28.0411 0x05a0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
14:47:28.0411 0x05a0  WacomPen - ok
14:47:28.0489 0x05a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
14:47:28.0489 0x05a0  WANARP - ok
14:47:28.0489 0x05a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
14:47:28.0489 0x05a0  Wanarpv6 - ok
14:47:28.0614 0x05a0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
14:47:28.0645 0x05a0  WatAdminSvc - ok
14:47:28.0723 0x05a0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
14:47:28.0770 0x05a0  wbengine - ok
14:47:28.0801 0x05a0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
14:47:28.0801 0x05a0  WbioSrvc - ok
14:47:28.0832 0x05a0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
14:47:28.0848 0x05a0  wcncsvc - ok
14:47:28.0848 0x05a0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:47:28.0864 0x05a0  WcsPlugInService - ok
14:47:28.0879 0x05a0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
14:47:28.0879 0x05a0  Wd - ok
14:47:28.0926 0x05a0  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\windows\system32\DRIVERS\wdcsam64.sys
14:47:28.0926 0x05a0  WDC_SAM - ok
14:47:28.0988 0x05a0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
14:47:29.0004 0x05a0  Wdf01000 - ok
14:47:29.0035 0x05a0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
14:47:29.0035 0x05a0  WdiServiceHost - ok
14:47:29.0051 0x05a0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
14:47:29.0051 0x05a0  WdiSystemHost - ok
14:47:29.0082 0x05a0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
14:47:29.0098 0x05a0  WebClient - ok
14:47:29.0129 0x05a0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
14:47:29.0129 0x05a0  Wecsvc - ok
14:47:29.0160 0x05a0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
14:47:29.0160 0x05a0  wercplsupport - ok
14:47:29.0191 0x05a0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
14:47:29.0191 0x05a0  WerSvc - ok
14:47:29.0238 0x05a0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
14:47:29.0238 0x05a0  WfpLwf - ok
14:47:29.0254 0x05a0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
14:47:29.0254 0x05a0  WIMMount - ok
14:47:29.0285 0x05a0  WinDefend - ok
14:47:29.0316 0x05a0  WinHttpAutoProxySvc - ok
14:47:29.0378 0x05a0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
14:47:29.0378 0x05a0  Winmgmt - ok
14:47:29.0472 0x05a0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
14:47:29.0519 0x05a0  WinRM - ok
14:47:29.0612 0x05a0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
14:47:29.0612 0x05a0  WinUsb - ok
14:47:29.0659 0x05a0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
14:47:29.0675 0x05a0  Wlansvc - ok
14:47:29.0831 0x05a0  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:47:29.0893 0x05a0  wlidsvc - ok
14:47:29.0924 0x05a0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
14:47:29.0924 0x05a0  WmiAcpi - ok
14:47:29.0987 0x05a0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
14:47:29.0987 0x05a0  wmiApSrv - ok
14:47:30.0034 0x05a0  WMPNetworkSvc - ok
14:47:30.0065 0x05a0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
14:47:30.0065 0x05a0  WPCSvc - ok
14:47:30.0112 0x05a0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
14:47:30.0127 0x05a0  WPDBusEnum - ok
14:47:30.0158 0x05a0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
14:47:30.0158 0x05a0  ws2ifsl - ok
14:47:30.0190 0x05a0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
14:47:30.0190 0x05a0  wscsvc - ok
14:47:30.0205 0x05a0  WSearch - ok
14:47:30.0299 0x05a0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
14:47:30.0361 0x05a0  wuauserv - ok
14:47:30.0392 0x05a0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
14:47:30.0392 0x05a0  WudfPf - ok
14:47:30.0439 0x05a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
14:47:30.0455 0x05a0  WUDFRd - ok
14:47:30.0486 0x05a0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
14:47:30.0486 0x05a0  wudfsvc - ok
14:47:30.0533 0x05a0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
14:47:30.0533 0x05a0  WwanSvc - ok
14:47:30.0595 0x05a0  [ 64F88AF327AA74E03658AE32B48CCB8B, 52C8941D96F2EF89BBC4A4268DC59E5BC89AE2DAB199C13BBFF11C2606BE7FFA ] yukonw7         C:\windows\system32\DRIVERS\yk62x64.sys
14:47:30.0611 0x05a0  yukonw7 - ok
14:47:30.0720 0x05a0  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
14:47:30.0720 0x05a0  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
14:47:30.0720 0x05a0  ================ Scan global ===============================
14:47:30.0751 0x05a0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
14:47:30.0782 0x05a0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
14:47:30.0798 0x05a0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
14:47:30.0829 0x05a0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
14:47:30.0876 0x05a0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
14:47:30.0892 0x05a0  [ Global ] - ok
14:47:30.0892 0x05a0  ================ Scan MBR ==================================
14:47:30.0892 0x05a0  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
14:47:31.0157 0x05a0  \Device\Harddisk0\DR0 - ok
14:47:31.0157 0x05a0  ================ Scan VBR ==================================
14:47:31.0172 0x05a0  [ 8D1C1D53413A9338BB83BD1792E3461D ] \Device\Harddisk0\DR0\Partition1
14:47:31.0172 0x05a0  \Device\Harddisk0\DR0\Partition1 - ok
14:47:31.0188 0x05a0  [ 320648E8C0B59BD797F01A6A1D235CF3 ] \Device\Harddisk0\DR0\Partition2
14:47:31.0188 0x05a0  \Device\Harddisk0\DR0\Partition2 - ok
14:47:31.0219 0x05a0  [ 68E42B6F8EE78EA5C2F6FDEA1216B2A0 ] \Device\Harddisk0\DR0\Partition3
14:47:31.0219 0x05a0  \Device\Harddisk0\DR0\Partition3 - ok
14:47:31.0219 0x05a0  ================ Scan generic autorun ======================
14:47:31.0313 0x05a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:47:31.0344 0x05a0  Sidebar - ok
14:47:31.0360 0x05a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:47:31.0375 0x05a0  mctadmin - ok
14:47:31.0438 0x05a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:47:31.0453 0x05a0  Sidebar - ok
14:47:31.0469 0x05a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:47:31.0469 0x05a0  mctadmin - ok
14:47:31.0500 0x05a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:47:31.0516 0x05a0  Sidebar - ok
14:47:31.0531 0x05a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:47:31.0531 0x05a0  mctadmin - ok
14:47:31.0640 0x05a0  Win FW state via NFP2: enabled
14:47:31.0640 0x05a0  ============================================================
14:47:31.0640 0x05a0  Scan finished
14:47:31.0640 0x05a0  ============================================================
14:47:31.0640 0x0598  Detected object count: 0
14:47:31.0640 0x0598  Actual detected object count: 0
14:48:25.0383 0x0564  Deinitialize success
 

Bill



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 06 September 2014 - 02:19 PM

Thank you Bill. Please do this.

===================================================

Event Viewer Critical Information Windows 8/7/Vista

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • Click on the arrow to the left of Windows Logs to expand the category
  • Left click on System
  • On the right hand side of the screen click Filter Current Log...
  • Select Critical, then click OK
  • Select Save Filtered Log File As...
  • Under File Name: please type System then save it to your desktop
  • Left click on Application and repeat the above steps saving the file as Application
  • Zip the files and upload them here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uploaded files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 billmo

billmo
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2014 - 10:26 PM

Hi Gary.

 

Sorry, was out when your last message arrived.  Have submitted the two files to the site as shown.

 

Bill



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 06 September 2014 - 10:50 PM

Thank you. Rather than submitting the System Event Viewer log you sent the System Summary file. See if you can find and upload the System log and I will review both of them in the morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 billmo

billmo
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 07 September 2014 - 03:06 PM

Hi Gary.

 

Submitted the System Event Viewer log file this morning but didn't see my reply in the forum, so sent it again.

 

Bill



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 PM

Posted 07 September 2014 - 06:32 PM

Thanks Bill, received both. I will try to review everything a bit later tonight.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users