Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove Adchoices and unknown scripts running


  • This topic is locked This topic is locked
14 replies to this topic

#1 pgangar

pgangar

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 24 September 2014 - 10:55 PM

Hi,

I have been getting these Adchoices pop-ups off-late while talking on Yahoo Messenger and Skype. Can you please help me to remove them?

 

Thanks,

Parin

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7601.18487  BrowserJavaVersion: 10.67.2
Run by 299985 at 20:52:56 on 2014-09-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.91.1033.18.3170.1200 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\program files\BMC Software\BBCA\Tuner\Tuner.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\dwrcs\DWRCS.EXE
C:\Program Files\HP\HPBDSService\HPBDSService.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Program Files\Reliance 3G\AssistantServices.exe
C:\Windows\System32\vds.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\program files\BMC Software\BBCA\Tuner\.marimba\BBCA\ch.2\data\sum.exe
C:\Windows\dwrcs\DWRCST.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Lync\communicator.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Reliance 3G\UIExec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\299985\AppData\Local\Citrix\ICA Client\concentr.exe
C:\Program Files\Interwise\Participant\pull.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\299985\AppData\Roaming\Qlock\qlock.exe
C:\Users\299985\AppData\Local\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Lync\UcMapi.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Windows\system32\taskhost.exe
C:\program files\BMC Software\BBCA\Tuner\lib\minituner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://insight2.lntinfotech.com
uWindow Title = Microsoft Internet Explorer provided by Larsen & Toubro Infotech Limited
uDefault_Page_URL = hxxps://insight2.lntinfotech.com
uProxyServer = 172.17.24.28:8003
uProxyOverride = 172.*;192.*;10.2.*;*.lntinfotech.com;*.chevrontexaco.com;awnts226.audco6.audcoindia.com;*.cpcorp.net;*.lntinfotech.com;*.infineon.com;businessprocesses.lafarge.com;*.ingrammicro.com;grpsgh*.*;*.ltindia.com;portal.lntena.com;203.161.181.75;*.marathonoil.com;*.mpcconnect.com;access.pbfenergy.com;petdesktop.bhpbilliton.com;*.marathonoil.com;*.crisp.com;*.itl.com;*.larsentoubro.com;lws*.*;*erpcc.lafarge.com;*.ltisap.com;10.7.*;10.9.*;192.168.*;*.lnties.com;*.cbs.*;<local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ConnectionCenter] "c:\users\299985\appdata\local\citrix\ica client\concentr.exe" /startup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg_Dolby] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE4 
mRun: [UIExec] "c:\program files\reliance 3g\UIExec.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DameWare MRC Agent] c:\windows\dwrcs\DWRCST.exe
StartupFolder: c:\users\299985\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\299985\appdata\roaming\micros~1\windows\startm~1\programs\startup\qlock.lnk - c:\users\299985\appdata\roaming\qlock\qlock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pushcl~1.lnk - c:\program files\interwise\participant\pull.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
uPolicies-Explorer: ForceActiveDesktopOn = dword:1
uPolicies-Explorer: NoActiveDesktopChanges = dword:1
uPolicies-Explorer: NoDrives = dword:3
uPolicies-Explorer: RecycleBinSize = dword:1
uPolicies-System: Wallpaper = \\172.17.24.137\wallpaper\Desktop.jpg
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: legalnoticecaption = Warning: This is a monitored computer system!
mPolicies-System: legalnoticetext = This system is for the use of authorized personnel only. All activities performed by any individual using this computer system will be monitored. Anyone using this system expressly consents to such monitoring. All Users are advised that evidence of such monitoring will be made available to the relevant authorities in case of any suspected malpractise.
mPolicies-System: disablecad = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
TCP: NameServer = 198.153.192.100 198.153.194.100
TCP: Interfaces\{20CC574A-59CA-48CC-B724-69BE52BFD9B6} : DHCPNameServer = 198.153.192.100 198.153.194.100
TCP: Interfaces\{20CC574A-59CA-48CC-B724-69BE52BFD9B6}\3474038303130383 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{20CC574A-59CA-48CC-B724-69BE52BFD9B6}\76F6563786 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{20CC574A-59CA-48CC-B724-69BE52BFD9B6}\84F4D454D203138323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{20CC574A-59CA-48CC-B724-69BE52BFD9B6}\84F4D454D244130383 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{20CC574A-59CA-48CC-B724-69BE52BFD9B6}\C4E445F534F42505F425144554 : DHCPNameServer = 172.29.16.38 172.25.8.25
TCP: Interfaces\{940D02F6-EAB6-4651-A79D-EE7883603071} : DHCPNameServer = 146.27.66.36 146.27.66.35 146.36.80.34 146.36.82.34
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Notify: igfxcui - igfxdev.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll
AppInit_DLLs= ,,
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2013-11-26 13592]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymDS.sys [2014-5-26 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymEFA.sys [2014-5-26 935512]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\bashdefs\20140913.012\BHDrvx86.sys [2014-9-13 1101616]
R1 ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\ccSetx86.sys [2014-3-6 134744]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2008-3-13 26624]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\ipsdefs\20140922.011\IDSvix86.sys [2014-9-23 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\Ironx86.sys [2014-5-26 175192]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\symnets.sys [2014-5-26 341080]
R2 BBCA;BBCA;c:\program files\bmc software\bbca\tuner\Tuner.exe [2013-9-26 36962]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 HP DS Service;HP DS Service;c:\program files\hp\hpbdsservice\HPBDSService.exe [2010-10-27 13824]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-26 145920]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\ccSvcHst.exe [2014-5-26 144368]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
R2 UI Assistant Service;UI Assistant Service;c:\program files\reliance 3g\AssistantServices.exe [2014-3-21 275784]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2013-11-26 168232]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2008-3-14 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-11 111408]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-4-23 280576]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2014-3-12 348440]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2013-11-26 792856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-4-23 46080]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192Ce.sys [2013-11-26 760936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2013-4-17 268968]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2013-11-26 246096]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2014-4-28 20504]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2014-3-21 9216]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\drivers\RtsP2Stor.sys [2013-11-26 195176]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\SyDvCtrl32.sys [2014-5-26 28576]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2014-09-19 03:16:47 -------- d-----w- c:\users\299985\appdata\local\WebEx
2014-09-12 09:43:10 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-09-12 04:41:34 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-12 04:41:34 -------- d-----w- c:\program files\iTunes
2014-09-12 04:41:34 -------- d-----w- c:\program files\iPod
2014-09-12 04:38:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-09-12 04:38:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-09-12 04:38:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-09-12 04:38:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-09-12 04:38:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-09-03 16:44:08 -------- d-----w- c:\users\299985\appdata\local\Downloaded Installations
2014-08-31 21:14:17 -------- d-----w- c:\users\299985\appdata\local\Adobe
.
==================== Find3M  ====================
.
2014-09-12 04:18:39 60 ----a-w- c:\windows\wpd99.drv
2014-09-09 20:47:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 20:47:13 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-12 18:13:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-28 21:52:00 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-28 21:52:00 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2014-05-26 07:48:23 302 ----a-w- c:\program files\temp995.bat
.
============= FINISH: 20:53:26.51 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 25 September 2014 - 09:43 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 pgangar

pgangar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 25 September 2014 - 11:44 PM

Hi,

Thanks for your reply. Here are all the logs in the order mentioned above. 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by 299985 (administrator) on INFVA1271 on 25-09-2014 21:05:44
Running from C:\Users\299985\Downloads
Loaded Profile: 299985 (Available profiles: lntinfotech & vshadmin & 299985)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BMC Software, Inc.) C:\Program Files\BMC Software\BBCA\Tuner\Tuner.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DameWare Development LLC) C:\Windows\dwrcs\DWRCS.EXE
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
() C:\Program Files\Reliance 3G\AssistantServices.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(BMC Software) C:\Program Files\BMC Software\BBCA\Tuner\.marimba\BBCA\ch.2\data\sum.exe
(DameWare Development) C:\Windows\dwrcs\DWRCST.EXE
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Lync\communicator.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
() C:\Program Files\Reliance 3G\UIExec.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Users\299985\AppData\Local\Citrix\ICA Client\concentr.exe
(AT&T Inc.) C:\Program Files\Interwise\Participant\pull.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Users\299985\AppData\Roaming\Qlock\qlock.exe
(Citrix Systems, Inc.) C:\Users\299985\AppData\Local\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Lync\UcMapi.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BMC Software, Inc.) C:\Program Files\BMC Software\BBCA\Tuner\lib\minituner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [11937552 2010-10-21] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2193744 2012-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [879208 2012-03-08] (Realtek Semiconductor)
HKLM\...\Run: [UIExec] => C:\Program Files\Reliance 3G\UIExec.exe [157000 2012-11-26] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [276864 2011-09-06] (DameWare Development)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\Run: [ConnectionCenter] => C:\Users\299985\AppData\Local\Citrix\ICA Client\concentr.exe [103768 2009-12-01] (Citrix Systems, Inc.)
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\Policies\system: [Wallpaper] \\172.17.24.137\wallpaper\Desktop.jpg
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\Policies\Explorer: [NoDrives] 3
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\MountPoints2: {9a138bbe-af21-11e3-8573-f82fa8e39c50} - F:\Windows/AutoRun.exe
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\MountPoints2: {bc55d93a-af1a-11e3-b3e7-f82fa8e39c50} - F:\Windows/AutoRun.exe
HKU\S-1-5-21-484763869-343818398-682003330-46072\...\MountPoints2: {e2810e8b-ca05-11e3-a8da-f82fa8e39c50} - F:\Autorun.exe
AppInit_DLLs: ,, => , File Not Found
Startup: C:\Users\299985\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\299985\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk
ShortcutTarget: qlock.lnk -> C:\Users\299985\AppData\Roaming\Qlock\qlock.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Push Client.LNK
ShortcutTarget: Push Client.LNK -> C:\Program Files\Interwise\Participant\pull.exe (AT&T Inc.)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 172.17.24.28:8003
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://insight2.lntinfotech.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://insight2.lntinfotech.com
SearchScopes: HKCU - DefaultScope {F14DC395-52DD-4984-9555-BA566BBCEE09} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {F14DC395-52DD-4984-9555-BA566BBCEE09} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.153.192.100 198.153.194.100

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\299985\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2014-05-26]

Chrome: 
=======
CHR HomePage: Default -> 67DA573F7C9892CBBD96D368A068ABB314234AA77931EAFB0FAB4E331B6DEBFB
CHR DefaultSearchKeyword: Default -> 055B1E58E8D10F5715EB7B992F8477A051A4B1FAE6923B81A38E0DF72E6915CC
CHR DefaultSearchProvider: Default -> 5C02EBADCE1F6EC75E4F95104F100247A607BC4DA0CC4B9324586B7C6A488DCA
CHR DefaultSearchURL: Default -> 0D2929C44C2A7EAFA599BD315B2FDD895328659CAE2C6C4236802FD2949FF85D
CHR CustomProfile: C:\Users\299985\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\299985\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (Google Wallet) - C:\Users\299985\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-31]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BBCA; C:\program files\BMC Software\BBCA\Tuner\Tuner.exe [36962 2013-09-26] (BMC Software, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-03-21] (Intel Corporation)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [588160 2011-09-06] (DameWare Development LLC)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-26] (HP) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-05] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-05] (Hewlett-Packard) [File not signed]
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2014-05-26] (Symantec Corporation)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe [1746576 2014-05-26] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\snac.exe [288656 2014-05-26] (Symantec Corporation)
R2 UI Assistant Service; C:\Program Files\Reliance 3G\AssistantServices.exe [275784 2012-11-26] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [168232 2012-03-31] (Broadcom Corporation.)
R1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140913.012\BHDrvx86.sys [1101616 2014-09-13] (Symantec Corporation)
R1 ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\ccSetx86.sys [134744 2014-03-06] (Symantec Corporation)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2008-03-14] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2008-03-13] (DameWare)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
S3 ETD; C:\Windows\system32\drivers\ETD.sys [246096 2012-05-22] (ELAN Microelectronics Corp.)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2011-10-10] (Hewlett Packard)
R1 IDSVix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140925.012\IDSvix86.sys [395992 2014-06-18] (Symantec Corporation)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [13592 2012-02-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-27] (Intel Corporation)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-08-28] (MBB Incorporated)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-08] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140925.009\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140925.009\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [195176 2012-01-30] (Realtek Semiconductor Corp.)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [760936 2012-03-08] (Realtek Semiconductor Corporation                           )
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSP.SYS [603224 2014-05-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSPX.SYS [32344 2014-05-26] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SyDvCtrl32.sys [28576 2014-05-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMDS.SYS [367704 2014-05-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMEFA.SYS [935512 2014-05-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-05-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\Ironx86.SYS [175192 2014-05-26] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMNETS.SYS [341080 2014-05-26] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [126440 2014-05-26] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [72880 2014-05-26] (Symantec Corporation)
S3 5U877; system32\DRIVERS\5U877.sys [X]
U3 mbr; \??\C:\Users\299985\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 21:05 - 2014-09-25 21:06 - 00022128 _____ () C:\Users\299985\Downloads\FRST.txt
2014-09-25 21:05 - 2014-09-25 21:05 - 00000000 ____D () C:\FRST
2014-09-25 21:03 - 2014-09-25 21:03 - 01100288 _____ (Farbar) C:\Users\299985\Downloads\FRST.exe
2014-09-24 20:55 - 2014-09-24 20:55 - 00002849 _____ () C:\Users\299985\Desktop\attach.zip
2014-09-24 20:49 - 2014-09-24 20:49 - 00688992 ____R (Swearware) C:\Users\299985\Downloads\dds.com
2014-09-24 10:43 - 2014-09-24 10:43 - 00001317 _____ () C:\Users\299985\Downloads\32663791US6.vcs
2014-09-18 20:16 - 2014-09-18 20:16 - 00000000 ____D () C:\Users\299985\AppData\Local\WebEx
2014-09-11 21:41 - 2014-09-11 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 21:41 - 2014-09-11 21:41 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-11 21:41 - 2014-09-11 21:41 - 00000000 ____D () C:\Program Files\iTunes
2014-09-11 21:41 - 2014-09-11 21:41 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 21:38 - 2014-09-11 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-11 21:38 - 2014-09-11 21:38 - 00000000 ____D () C:\Program Files\QuickTime
2014-09-04 11:23 - 2014-09-04 11:23 - 00001352 _____ () C:\Users\299985\Downloads\30726541US6.vcs
2014-09-03 09:44 - 2014-09-03 09:44 - 00000000 ____D () C:\Users\299985\AppData\Local\Downloaded Installations
2014-09-03 09:39 - 2014-09-03 09:39 - 04087952 _____ (The Weather Channel) C:\Users\299985\Downloads\twcsetup.exe
2014-09-02 16:43 - 2014-09-02 16:43 - 00003926 _____ () C:\Users\299985\Downloads\Flight_455_0600AM_09Sep2014.ics
2014-09-02 16:43 - 2014-09-02 16:43 - 00003733 _____ () C:\Users\299985\Downloads\Flight_2847_0405PM_03Sep2014.ics
2014-08-31 14:14 - 2014-08-31 14:14 - 00000000 ____D () C:\Users\299985\AppData\Local\Adobe
2014-08-31 14:12 - 2014-09-18 18:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-31 14:12 - 2014-08-31 14:12 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-31 14:12 - 2014-08-31 14:12 - 00000000 ____D () C:\Program Files\Adobe
2014-08-30 14:23 - 2014-08-30 14:23 - 00134520 _____ (Premium Installer ) C:\Users\299985\Downloads\Setup.exe
2014-08-30 13:11 - 2014-08-30 13:11 - 00003924 _____ () C:\Users\299985\Downloads\Flight_646_0600AM_07Sep2014.ics
2014-08-30 13:11 - 2014-08-30 13:11 - 00003924 _____ () C:\Users\299985\Downloads\Flight_582_0815AM_09Sep2014.ics

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 21:06 - 2014-03-12 13:47 - 01864191 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 20:49 - 2014-05-31 20:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 20:47 - 2014-07-17 22:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 20:30 - 2014-08-05 15:25 - 00000000 ____D () C:\Users\299985\AppData\Roaming\Skype
2014-09-25 19:30 - 2009-07-13 21:39 - 00070352 _____ () C:\Windows\setupact.log
2014-09-25 14:48 - 2014-05-31 20:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 07:29 - 2014-05-15 10:57 - 00000000 ____D () C:\ProgramData\WebEx
2014-09-19 18:19 - 2009-07-13 21:34 - 00029712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 18:19 - 2009-07-13 21:34 - 00029712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 07:04 - 2013-04-17 21:24 - 00000000 ____D () C:\ProgramData\Symantec
2014-09-18 18:11 - 2013-04-17 21:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-18 17:49 - 2010-11-20 14:01 - 00730144 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 15:55 - 2014-03-18 06:18 - 00000000 ____D () C:\Users\299985\AppData\Local\TSVNCache
2014-09-12 15:54 - 2014-03-18 04:06 - 00000000 ____D () C:\Users\299985\Tracing
2014-09-12 15:26 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 11:07 - 2014-05-16 23:55 - 00000000 ____D () C:\Users\299985\AppData\Roaming\vlc
2014-09-12 07:04 - 2010-11-20 14:48 - 00706620 _____ () C:\Windows\PFRO.log
2014-09-11 21:41 - 2014-08-12 08:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-11 21:18 - 2014-05-05 18:47 - 00000060 _____ () C:\Windows\wpd99.drv
2014-09-11 21:18 - 2014-05-05 18:47 - 00000000 ____D () C:\ProgramData\pdf995
2014-09-09 13:47 - 2013-04-17 23:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-09 13:47 - 2013-04-17 23:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-03 09:57 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-03 09:42 - 2013-04-17 21:36 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-31 14:12 - 2013-04-17 23:01 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-26 21:04 - 2014-04-01 02:23 - 00000000 ____D () C:\Users\299985\Documents\My Received Files

Some content of TEMP:
====================
C:\Users\299985\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\299985\AppData\Local\Temp\lowproc.exe
C:\Users\299985\AppData\Local\Temp\stubhelper.dll
C:\Users\299985\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-18 22:39

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by 299985 at 2014-09-25 21:06:27
Running from C:\Users\299985\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Connect Participant (HKLM\...\AT&T Connect Participant) (Version:  - )
AT&T Connect Participant Application v8.9.35 (HKLM\...\{CDD4495B-0424-42F0-8D89-70D47E21BD69}) (Version: 8.9.35 - AT&T Inc.)
BBCA (HKLM\...\{53CF3721-4F99-0B22-A60C-50C879205900}) (Version: 8.2.02.001b - BMC Software, Inc)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix online plug-in - web (HKCU\...\CitrixOnlinePluginPackWeb) (Version: 11.2.5.2 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 11.2.5.2 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 11.2.5.2 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 11.2.5.2 - Citrix Systems, Inc.) Hidden
ExpensePoint WEB (HKLM\...\ExpensePoint WEB) (Version:  - GlobalPoint Technologies)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP FWUpdateEDO3 (HKLM\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP LaserJet 100 color MFP M175 (HKLM\...\{965D0289-10E1-45ec-B11F-A60AC9AE8D4D}) (Version:  - Hewlett-Packard)
HP LJ100 M175 HP Scan (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM175DSService (Version: 001.001.05133 - Hewlett-Packard) Hidden
HPLaserJet100ColorMFPM175_HelpLearnCenter_SI (HKLM\...\{19542156-285B-458C-994D-2A21889001DF}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUT (Version: 1.00.0012 - HP) Hidden
hppLaserJetService (Version: 002.015.00602 - Hewlett-Packard) Hidden
hppM175LaserJetService (Version: 001.014.00480 - Hewlett-Packard) Hidden
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
InstanceFinder (Version: 1.00.0001 - HP) Hidden
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Pdf995 (HKLM\...\Pdf995) (Version: 14.2s - )
Qlock Free (HKCU\...\Qlock) (Version: 1.91 - Vitei inc)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Reliance 3G (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Symantec Endpoint Protection (HKLM\...\{A84E6630-FE81-4D1F-BBA0-4BFBCC1D9493}) (Version: 12.1.4013.4013 - Symantec Corporation)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\Elantech) (Version: 10.4.8.3 - ELAN Microelectronic Corp.)
ToolboxProxy (Version: 1.00.0001 - HP) Hidden
TortoiseSVN 1.7.11.23600 (32 bit) (HKLM\...\{4255CB85-BD13-48F4-B19F-CEE148C25814}) (Version: 1.7.23600 - TortoiseSVN)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-484763869-343818398-682003330-46072_Classes\CLSID\{1EFF7739-9BDA-4295-BC07-383554CAAC84}\InprocServer32 -> C:\Users\299985\AppData\Local\Citrix\ICA Client\CCMProxy.dll (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-343818398-682003330-46072_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\299985\AppData\Local\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-343818398-682003330-46072_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\299985\AppData\Local\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-343818398-682003330-46072_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-484763869-343818398-682003330-46072_Classes\CLSID\{D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}\localserver32 -> C:\Users\299985\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

==================== Restore Points  =========================

19-09-2014 19:07:55 Scheduled Checkpoint
26-09-2014 03:59:54 Before Clean-up

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C3126AE-5FA9-4662-8AEC-03DCDFE9F6DC} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-21] (Hewlett Packard)
Task: {1239903A-218A-4DFC-8CCD-48C71B3F0352} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-31] (Google Inc.)
Task: {20DDCEB0-6F07-42B7-9AF6-1CD6E8840C8C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-484763869-343818398-682003330-46072 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {245BB0F6-270F-4965-8311-DBC15FCBB7ED} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-484763869-343818398-682003330-46072 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {3F6327EF-ED2A-47C2-A218-250642ED49BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {7AF53C45-84F7-41A0-8FE4-5725DC730BAA} - System32\Tasks\BBCA_Service_Check => C:\Windows\BBCA_Service.bat [2014-03-26] ()
Task: {C11D0D75-7194-4708-8A4B-606152DBEB4C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-484763869-343818398-682003330-46072
Task: {E4F6E471-DFA6-48D5-980C-E49141BE586A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-31] (Google Inc.)
Task: {E7835EBA-27FE-4D26-9E35-6687BBD2D22D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-05 18:47 - 2014-05-05 18:47 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-21 03:59 - 2012-11-26 08:03 - 00275784 _____ () C:\Program Files\Reliance 3G\AssistantServices.exe
2012-12-12 08:00 - 2012-12-12 08:00 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2010-01-29 14:11 - 2010-01-29 14:11 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 08:47 - 2010-03-24 08:47 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-17 00:21 - 2011-08-08 19:14 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-03-18 21:32 - 2012-11-26 08:04 - 00157000 _____ () C:\Program Files\Reliance 3G\UIExec.exe
2013-11-26 22:26 - 2010-10-25 21:39 - 00049568 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-07-18 02:36 - 2008-03-10 05:49 - 00024576 _____ () C:\Program Files\Interwise\Participant\IwReg.dll
2014-07-18 02:36 - 2002-12-06 08:45 - 00418304 _____ () C:\Program Files\Interwise\Participant\exchndl.dll
2012-04-02 20:06 - 2012-04-02 20:06 - 04142080 _____ () C:\Users\299985\AppData\Roaming\Qlock\qlock.exe
2010-01-29 14:11 - 2010-01-29 14:11 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-09-24 19:55 - 2014-09-22 21:06 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 19:55 - 2014-09-22 21:06 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 19:55 - 2014-09-22 21:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 19:55 - 2014-09-22 21:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 19:55 - 2014-09-22 21:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

lntinfotech (S-1-5-21-2392295557-2760654139-1619377669-1004 -> Administrator - Enabled - Status: OK) => C:\Users\lntinfotech
vshadmin (S-1-5-21-2392295557-2760654139-1619377669-500 -> Administrator - Enabled - Status: OK) => C:\Users\Administrator
vshguest (S-1-5-21-2392295557-2760654139-1619377669-501 -> Limited - Disabled - Status: Degraded)

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2014 02:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 746589

Error: (09/25/2014 02:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 746589

Error: (09/25/2014 02:42:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/25/2014 02:28:30 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error: 
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)

System Error: 10049
System Message: The requested address is not valid in its context.

 (srv 32 bit)

Error: (09/25/2014 02:27:59 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error: 
DameWare Mini Remote Control
Error setsockopt (IP_ADD_MEMBERSHIP)

System Error: 10065
System Message: A socket operation was attempted to an unreachable host.

 (srv 32 bit)

Error: (09/25/2014 02:27:59 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error: 
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)

System Error: 10049
System Message: The requested address is not valid in its context.

 (srv 32 bit)

Error: (09/25/2014 02:27:59 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error: 
DameWare Mini Remote Control
Error setsockopt (IP_ADD_MEMBERSHIP)

System Error: 10065
System Message: A socket operation was attempted to an unreachable host.

 (srv 32 bit)

Error: (09/25/2014 02:27:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34373088

Error: (09/25/2014 02:27:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34373088

Error: (09/25/2014 02:27:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/25/2014 07:38:01 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain VSHODC due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/25/2014 07:23:23 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{20CC574A-59CA-48CC-B724-69BE52BFD9B6} because another computer on the network has the same name.  The server could not start.

Error: (09/25/2014 02:27:49 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/25/2014 02:27:49 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: VSHODC)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/25/2014 02:27:47 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain VSHODC due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/24/2014 07:24:38 PM) (Source: Schannel) (EventID: 4116) (User: VSHODC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is sipexternal.lntinfotech.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (09/24/2014 07:24:38 PM) (Source: Schannel) (EventID: 4120) (User: VSHODC)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (09/24/2014 07:24:16 PM) (Source: Schannel) (EventID: 4116) (User: VSHODC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is sipexternal.lntinfotech.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (09/24/2014 07:24:16 PM) (Source: Schannel) (EventID: 4120) (User: VSHODC)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (09/24/2014 07:21:10 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain VSHODC due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (09/25/2014 02:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 746589

Error: (09/25/2014 02:42:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 746589

Error: (09/25/2014 02:42:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/25/2014 02:28:30 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)

System Error: 10049
System Message: The requested address is not valid in its context.

 (srv 32 bit)

Error: (09/25/2014 02:27:59 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: DameWare Mini Remote Control
Error setsockopt (IP_ADD_MEMBERSHIP)

System Error: 10065
System Message: A socket operation was attempted to an unreachable host.

 (srv 32 bit)

Error: (09/25/2014 02:27:59 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)

System Error: 10049
System Message: The requested address is not valid in its context.

 (srv 32 bit)

Error: (09/25/2014 02:27:59 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: DameWare Mini Remote Control
Error setsockopt (IP_ADD_MEMBERSHIP)

System Error: 10065
System Message: A socket operation was attempted to an unreachable host.

 (srv 32 bit)

Error: (09/25/2014 02:27:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34373088

Error: (09/25/2014 02:27:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34373088

Error: (09/25/2014 02:27:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-09-25 19:29:23.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-25 19:29:23.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-25 19:28:53.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-25 19:28:53.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-25 19:24:50.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-25 19:24:50.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-25 19:24:41.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-25 19:24:41.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-24 20:19:47.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-24 20:19:47.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-25 21:35:55
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HGST_HTS725050A7E630 rev.GH2ZB550 465.76GB
Running: cd3wq47q.exe; Driver: C:\Users\299985\AppData\Local\Temp\uwlyqpob.sys


---- System - GMER 2.1 ----

SSDT    87AB3DC8                                                                                                                                                                          ZwAlertResumeThread
SSDT    87AB3E60                                                                                                                                                                          ZwAlertThread
SSDT    875FD8F8                                                                                                                                                                          ZwAllocateVirtualMemory
SSDT    870B9980                                                                                                                                                                          ZwAlpcConnectPort
SSDT    87AB3840                                                                                                                                                                          ZwAssignProcessToJobObject
SSDT    87AB3BF0                                                                                                                                                                          ZwCreateMutant
SSDT    87AB3638                                                                                                                                                                          ZwCreateSymbolicLinkObject
SSDT    875F9280                                                                                                                                                                          ZwCreateThread
SSDT    87AB36E0                                                                                                                                                                          ZwCreateThreadEx
SSDT    87AB38D8                                                                                                                                                                          ZwDebugActiveProcess
SSDT    875FDA38                                                                                                                                                                          ZwDuplicateObject
SSDT    875FD788                                                                                                                                                                          ZwFreeVirtualMemory
SSDT    87AB3C98                                                                                                                                                                          ZwImpersonateAnonymousToken
SSDT    87AB3D30                                                                                                                                                                          ZwImpersonateThread
SSDT    870B9908                                                                                                                                                                          ZwLoadDriver
SSDT    875FD6D0                                                                                                                                                                          ZwMapViewOfSection
SSDT    87AB3B58                                                                                                                                                                          ZwOpenEvent
SSDT    875FDB88                                                                                                                                                                          ZwOpenProcess
SSDT    875FD9A0                                                                                                                                                                          ZwOpenProcessToken
SSDT    87AB3A28                                                                                                                                                                          ZwOpenSection
SSDT    875FDAE0                                                                                                                                                                          ZwOpenThread
SSDT    87AB3798                                                                                                                                                                          ZwProtectVirtualMemory
SSDT    8AE459D8                                                                                                                                                                          ZwQueueApcThread
SSDT    8B444D80                                                                                                                                                                          ZwQueueApcThreadEx
SSDT    87AB3EF8                                                                                                                                                                          ZwResumeThread
SSDT    875FD4F8                                                                                                                                                                          ZwSetContextThread
SSDT    875FD590                                                                                                                                                                          ZwSetInformationProcess
SSDT    87AB3970                                                                                                                                                                          ZwSetSystemInformation
SSDT    87AB3AC0                                                                                                                                                                          ZwSuspendProcess
SSDT    87AB3F90                                                                                                                                                                          ZwSuspendThread
SSDT    875FC428                                                                                                                                                                          ZwTerminateProcess
SSDT    875FD460                                                                                                                                                                          ZwTerminateThread
SSDT    875FD638                                                                                                                                                                          ZwUnmapViewOfSection
SSDT    875FD830                                                                                                                                                                          ZwWriteVirtualMemory

---- Devices - GMER 2.1 ----

Device  \Driver\BTHUSB \Device\000000fb                                                                                                                                                   bthport.sys
Device  \Driver\BTHUSB \Device\000000fd                                                                                                                                                   bthport.sys
Device  \Driver\mountmgr \Device\MountPointManager                                                                                                                                        SysPlant.sys

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f82fa8e39c50                                                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f82fa8e39c50@f437b796e856                                                                                          0x73 0xCE 0xBF 0x02 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f82fa8e39c52                                                                                                       
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f82fa8e39c50 (not active ControlSet)                                                                                   
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f82fa8e39c50@f437b796e856                                                                                              0x73 0xCE 0xBF 0x02 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f82fa8e39c52 (not active ControlSet)                                                                                   
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-484763869-343818398-682003330-46072\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo  -903224403
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-484763869-343818398-682003330-46072\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi  30398768
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-484763869-343818398-682003330-46072\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo    -884192370
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-484763869-343818398-682003330-46072\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi    30398768
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109110000000000000000F01FEC\Usage@ProductFiles                                           1161375540

---- EOF - GMER 2.1 ----

21:36:11.0540 0x1dcc  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:36:17.0655 0x1dcc  ============================================================
21:36:17.0655 0x1dcc  Current date / time: 2014/09/25 21:36:17.0655
21:36:17.0655 0x1dcc  SystemInfo:
21:36:17.0655 0x1dcc  
21:36:17.0655 0x1dcc  OS Version: 6.1.7601 ServicePack: 1.0
21:36:17.0655 0x1dcc  Product type: Workstation
21:36:17.0655 0x1dcc  ComputerName: INFVA1271
21:36:17.0655 0x1dcc  UserName: 299985
21:36:17.0655 0x1dcc  Windows directory: C:\Windows
21:36:17.0655 0x1dcc  System windows directory: C:\Windows
21:36:17.0655 0x1dcc  Processor architecture: Intel x86
21:36:17.0655 0x1dcc  Number of processors: 4
21:36:17.0655 0x1dcc  Page size: 0x1000
21:36:17.0655 0x1dcc  Boot type: Normal boot
21:36:17.0655 0x1dcc  ============================================================
21:36:19.0698 0x1dcc  KLMD registered as C:\Windows\system32\drivers\98749183.sys
21:36:20.0026 0x1dcc  System UUID: {F30CE6F6-E6A3-6795-BF2A-EB509DDBCC88}
21:36:20.0432 0x1dcc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:36:20.0432 0x1dcc  ============================================================
21:36:20.0432 0x1dcc  \Device\Harddisk0\DR0:
21:36:20.0432 0x1dcc  MBR partitions:
21:36:20.0432 0x1dcc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
21:36:20.0432 0x1dcc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x2DB85000
21:36:20.0432 0x1dcc  ============================================================
21:36:20.0463 0x1dcc  C: <-> \Device\Harddisk0\DR0\Partition1
21:36:20.0494 0x1dcc  D: <-> \Device\Harddisk0\DR0\Partition2
21:36:20.0494 0x1dcc  ============================================================
21:36:20.0494 0x1dcc  Initialize success
21:36:20.0494 0x1dcc  ============================================================
21:36:25.0283 0x208c  ============================================================
21:36:25.0283 0x208c  Scan started
21:36:25.0283 0x208c  Mode: Manual; 
21:36:25.0283 0x208c  ============================================================
21:36:25.0283 0x208c  KSN ping started
21:36:28.0622 0x208c  KSN ping finished: true
21:36:29.0870 0x208c  ================ Scan system memory ========================
21:36:29.0870 0x208c  System memory - ok
21:36:29.0870 0x208c  ================ Scan services =============================
21:36:30.0041 0x208c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:36:30.0041 0x208c  1394ohci - ok
21:36:30.0072 0x208c  5U877 - ok
21:36:30.0119 0x208c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:36:30.0119 0x208c  ACPI - ok
21:36:30.0135 0x208c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:36:30.0135 0x208c  AcpiPmi - ok
21:36:30.0228 0x208c  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:36:30.0228 0x208c  AdobeARMservice - ok
21:36:30.0291 0x208c  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:30.0306 0x208c  AdobeFlashPlayerUpdateSvc - ok
21:36:30.0384 0x208c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:36:30.0400 0x208c  adp94xx - ok
21:36:30.0431 0x208c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:36:30.0447 0x208c  adpahci - ok
21:36:30.0462 0x208c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:36:30.0462 0x208c  adpu320 - ok
21:36:30.0494 0x208c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:36:30.0494 0x208c  AeLookupSvc - ok
21:36:30.0540 0x208c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
21:36:30.0556 0x208c  AFD - ok
21:36:30.0572 0x208c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:36:30.0587 0x208c  agp440 - ok
21:36:30.0618 0x208c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:36:30.0634 0x208c  aic78xx - ok
21:36:30.0650 0x208c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
21:36:30.0650 0x208c  ALG - ok
21:36:30.0681 0x208c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:36:30.0681 0x208c  aliide - ok
21:36:30.0696 0x208c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:36:30.0712 0x208c  amdagp - ok
21:36:30.0728 0x208c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:36:30.0728 0x208c  amdide - ok
21:36:30.0743 0x208c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:36:30.0759 0x208c  AmdK8 - ok
21:36:30.0759 0x208c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:36:30.0759 0x208c  AmdPPM - ok
21:36:30.0790 0x208c  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:36:30.0790 0x208c  amdsata - ok
21:36:30.0821 0x208c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:36:30.0837 0x208c  amdsbs - ok
21:36:30.0852 0x208c  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:36:30.0852 0x208c  amdxata - ok
21:36:30.0884 0x208c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
21:36:30.0899 0x208c  AppID - ok
21:36:30.0915 0x208c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:36:30.0915 0x208c  AppIDSvc - ok
21:36:30.0962 0x208c  [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo         C:\Windows\System32\appinfo.dll
21:36:30.0962 0x208c  Appinfo - ok
21:36:31.0008 0x208c  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:36:31.0008 0x208c  Apple Mobile Device - ok
21:36:31.0040 0x208c  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:36:31.0055 0x208c  AppMgmt - ok
21:36:31.0071 0x208c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
21:36:31.0086 0x208c  arc - ok
21:36:31.0086 0x208c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:36:31.0086 0x208c  arcsas - ok
21:36:31.0118 0x208c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:36:31.0118 0x208c  AsyncMac - ok
21:36:31.0133 0x208c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:36:31.0133 0x208c  atapi - ok
21:36:31.0164 0x208c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:36:31.0180 0x208c  AudioEndpointBuilder - ok
21:36:31.0211 0x208c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:36:31.0211 0x208c  Audiosrv - ok
21:36:31.0227 0x208c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:36:31.0227 0x208c  AxInstSV - ok
21:36:31.0258 0x208c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
21:36:31.0274 0x208c  b06bdrv - ok
21:36:31.0289 0x208c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:36:31.0305 0x208c  b57nd60x - ok
21:36:31.0367 0x208c  [ 038162DE8FB0F14826857F003681D555, 74E8D904D77D08F33FF97EB6D2AD43287F7CA030EA09F3C1082BAB25FA29DEC5 ] BBCA            C:\program files\BMC Software\BBCA\Tuner\Tuner.exe
21:36:31.0367 0x208c  BBCA - ok
21:36:31.0414 0x208c  [ A74B3F041F293946CFB8D5D1F15D031E, E14792CED8773505729E823BAD601942C4C9A610DA2E73BFD95FD9AC318859F1 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
21:36:31.0414 0x208c  bcbtums - ok
21:36:31.0461 0x208c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
21:36:31.0476 0x208c  BDESVC - ok
21:36:31.0492 0x208c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:36:31.0492 0x208c  Beep - ok
21:36:31.0523 0x208c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
21:36:31.0554 0x208c  BFE - ok
21:36:31.0804 0x208c  [ 5A55D8D9340A00B3BD2CC3413B4CB0C0, 438BB95072EC14AD597CFEF040CA7FDE8D46E4AAEE9145AC1014522F1842F713 ] BHDrvx86        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140913.012\BHDrvx86.sys
21:36:31.0835 0x208c  BHDrvx86 - ok
21:36:31.0866 0x208c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
21:36:31.0882 0x208c  BITS - ok
21:36:31.0898 0x208c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:36:31.0898 0x208c  blbdrive - ok
21:36:31.0960 0x208c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:36:31.0960 0x208c  Bonjour Service - ok
21:36:31.0991 0x208c  [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:36:31.0991 0x208c  bowser - ok
21:36:32.0022 0x208c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:36:32.0022 0x208c  BrFiltLo - ok
21:36:32.0038 0x208c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:36:32.0038 0x208c  BrFiltUp - ok
21:36:32.0085 0x208c  [ 6E11F33D14D020F58D5E02E4D67DFA19, 9563E4E8CE769B7619745F6F6DE618389A1595785023BF1F295AD8301B27F0AF ] Browser         C:\Windows\System32\browser.dll
21:36:32.0085 0x208c  Browser - ok
21:36:32.0116 0x208c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:36:32.0116 0x208c  Brserid - ok
21:36:32.0132 0x208c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:36:32.0147 0x208c  BrSerWdm - ok
21:36:32.0163 0x208c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:36:32.0163 0x208c  BrUsbMdm - ok
21:36:32.0178 0x208c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:36:32.0178 0x208c  BrUsbSer - ok
21:36:32.0210 0x208c  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:36:32.0210 0x208c  BthEnum - ok
21:36:32.0225 0x208c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:36:32.0225 0x208c  BTHMODEM - ok
21:36:32.0241 0x208c  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:36:32.0241 0x208c  BthPan - ok
21:36:32.0272 0x208c  [ 195C41CC67E9E1CEDD960CCB74925920, 28F6032E75D24A01A0E9932618CC50D14716DDF2954EB1112F10AEC904FB4E39 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:36:32.0288 0x208c  BTHPORT - ok
21:36:32.0303 0x208c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
21:36:32.0303 0x208c  bthserv - ok
21:36:32.0319 0x208c  [ 43B3206DD654E783AA7E4EAD340A43B8, 34D3B4F7FA872F1071F0CB8B4DCC00F1779AEBA74583D21FA7502A165D9209F5 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:36:32.0319 0x208c  BTHUSB - ok
21:36:32.0444 0x208c  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
21:36:32.0475 0x208c  c2cautoupdatesvc - ok
21:36:32.0537 0x208c  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
21:36:32.0584 0x208c  c2cpnrsvc - ok
21:36:32.0646 0x208c  [ 0D38EFACCEE90AD18740D28D1AE765CC, 6DFD6968F005F18D9E81AAE0729C91B2862010706A9FBB9A54809A87A632958A ] ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450} C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\ccSetx86.sys
21:36:32.0646 0x208c  ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450} - ok
21:36:32.0678 0x208c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:36:32.0678 0x208c  cdfs - ok
21:36:32.0724 0x208c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:36:32.0740 0x208c  cdrom - ok
21:36:32.0787 0x208c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:36:32.0787 0x208c  CertPropSvc - ok
21:36:32.0802 0x208c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:36:32.0802 0x208c  circlass - ok
21:36:32.0834 0x208c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
21:36:32.0849 0x208c  CLFS - ok
21:36:32.0912 0x208c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:32.0912 0x208c  clr_optimization_v2.0.50727_32 - ok
21:36:32.0990 0x208c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:36:32.0990 0x208c  clr_optimization_v4.0.30319_32 - ok
21:36:33.0021 0x208c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:36:33.0021 0x208c  CmBatt - ok
21:36:33.0036 0x208c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:36:33.0036 0x208c  cmdide - ok
21:36:33.0099 0x208c  [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG             C:\Windows\system32\Drivers\cng.sys
21:36:33.0114 0x208c  CNG - ok
21:36:33.0130 0x208c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:36:33.0146 0x208c  Compbatt - ok
21:36:33.0161 0x208c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:36:33.0161 0x208c  CompositeBus - ok
21:36:33.0177 0x208c  COMSysApp - ok
21:36:33.0224 0x208c  [ 3BF0FAC17248EA47CF94B26565D8046F, 3C45994273AA18821262A247C4DB6ADDE07D140D096A2E40616F857B4D63C22E ] cphs            C:\Windows\system32\IntelCpHeciSvc.exe
21:36:33.0239 0x208c  cphs - ok
21:36:33.0255 0x208c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:36:33.0255 0x208c  crcdisk - ok
21:36:33.0302 0x208c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:36:33.0302 0x208c  CryptSvc - ok
21:36:33.0333 0x208c  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
21:36:33.0348 0x208c  CSC - ok
21:36:33.0395 0x208c  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
21:36:33.0426 0x208c  CscService - ok
21:36:33.0458 0x208c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:36:33.0473 0x208c  DcomLaunch - ok
21:36:33.0504 0x208c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
21:36:33.0504 0x208c  defragsvc - ok
21:36:33.0536 0x208c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:36:33.0536 0x208c  DfsC - ok
21:36:33.0582 0x208c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:36:33.0598 0x208c  Dhcp - ok
21:36:33.0614 0x208c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
21:36:33.0614 0x208c  discache - ok
21:36:33.0645 0x208c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
21:36:33.0645 0x208c  Disk - ok
21:36:33.0660 0x208c  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:36:33.0660 0x208c  dmvsc - ok
21:36:33.0692 0x208c  [ 2FE30D71919C51131405797620E0A714, 16060DDC32EF95EB6E37B91D50A96AB53CB0DEBB3DFDCB31975D16361092ABA5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:36:33.0707 0x208c  Dnscache - ok
21:36:33.0738 0x208c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:36:33.0738 0x208c  dot3svc - ok
21:36:33.0770 0x208c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
21:36:33.0770 0x208c  DPS - ok
21:36:33.0816 0x208c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:36:33.0816 0x208c  drmkaud - ok
21:36:33.0848 0x208c  [ 383182215A2C238E76B86E3B5EDE40EB, 432898D8F122C269723D1612202C6B639F03FAACD65B41A6873A6477B6F4F3D2 ] DwMirror        C:\Windows\system32\DRIVERS\DamewareMini.sys
21:36:33.0848 0x208c  DwMirror - ok
21:36:33.0879 0x208c  dwmrcs - ok
21:36:33.0894 0x208c  [ 5A402C57F621114C99F813C6AE7BC37A, F4F8FD392EFCD544DA9D2945AF780986CD231E27CAFDB9BC0E5ADA2EBA21E628 ] dwvkbd          C:\Windows\system32\DRIVERS\dwvkbd.sys
21:36:33.0894 0x208c  dwvkbd - ok
21:36:33.0957 0x208c  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:36:33.0972 0x208c  DXGKrnl - ok
21:36:34.0004 0x208c  [ 341F236953B2ABBE8C9DBEFA1215ECD4, 5AF12066E14A9CBA5A2071DE76F00FD7ECE271289EFA78FFA3D7B5F259438276 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
21:36:34.0019 0x208c  e1kexpress - ok
21:36:34.0066 0x208c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
21:36:34.0066 0x208c  EapHost - ok
21:36:34.0191 0x208c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
21:36:34.0238 0x208c  ebdrv - ok
21:36:34.0300 0x208c  [ 8CEAC32AD17E06113DB87150C214E237, 2ECEB4216E7874E3240161B26D983B3D1202D30DDD2E524B1FA8A11690B0E239 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:36:34.0316 0x208c  eeCtrl - ok
21:36:34.0362 0x208c  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\Windows\System32\lsass.exe
21:36:34.0362 0x208c  EFS - ok
21:36:34.0425 0x208c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:36:34.0440 0x208c  ehRecvr - ok
21:36:34.0456 0x208c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
21:36:34.0472 0x208c  ehSched - ok
21:36:34.0518 0x208c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:36:34.0534 0x208c  elxstor - ok
21:36:34.0581 0x208c  [ 54BDBCA093814E7002723C424C0FA3F6, 677237F6898D0B96ADBB3C2BEFB6B15DF560005E31DC09799C0948C92497D58B ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:36:34.0581 0x208c  EraserUtilRebootDrv - ok
21:36:34.0596 0x208c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:36:34.0596 0x208c  ErrDev - ok
21:36:34.0643 0x208c  [ F7EB58B87A3FD309A25240EC09C8FA56, 426808F2EE1B77DB939472B5CB1931AB67C61B65C96F7F63BE42094F90FBE6E6 ] ETD             C:\Windows\system32\drivers\ETD.sys
21:36:34.0659 0x208c  ETD - ok
21:36:34.0690 0x208c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
21:36:34.0706 0x208c  EventSystem - ok
21:36:34.0737 0x208c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:36:34.0752 0x208c  exfat - ok
21:36:34.0768 0x208c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:36:34.0784 0x208c  fastfat - ok
21:36:34.0830 0x208c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
21:36:34.0846 0x208c  Fax - ok
21:36:34.0877 0x208c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
21:36:34.0877 0x208c  fdc - ok
21:36:34.0893 0x208c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
21:36:34.0893 0x208c  fdPHost - ok
21:36:34.0908 0x208c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:36:34.0908 0x208c  FDResPub - ok
21:36:34.0924 0x208c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:36:34.0924 0x208c  FileInfo - ok
21:36:34.0940 0x208c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:36:34.0940 0x208c  Filetrace - ok
21:36:34.0955 0x208c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:36:34.0955 0x208c  flpydisk - ok
21:36:34.0971 0x208c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:36:34.0986 0x208c  FltMgr - ok
21:36:35.0033 0x208c  [ AE4A64971268FAC8AEA0D0EFCE06BBE8, C1528A25FA771AE2866890AC03DF520739C6580F7DF0083B50D221C60BD0EE50 ] FontCache       C:\Windows\system32\FntCache.dll
21:36:35.0064 0x208c  FontCache - ok
21:36:35.0111 0x208c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:36:35.0111 0x208c  FontCache3.0.0.0 - ok
21:36:35.0127 0x208c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:36:35.0142 0x208c  FsDepends - ok
21:36:35.0158 0x208c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:36:35.0158 0x208c  Fs_Rec - ok
21:36:35.0174 0x208c  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:36:35.0174 0x208c  fvevol - ok
21:36:35.0205 0x208c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:36:35.0205 0x208c  gagp30kx - ok
21:36:35.0236 0x208c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:36:35.0236 0x208c  GEARAspiWDM - ok
21:36:35.0283 0x208c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:36:35.0298 0x208c  gpsvc - ok
21:36:35.0345 0x208c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:36:35.0361 0x208c  gupdate - ok
21:36:35.0361 0x208c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:36:35.0376 0x208c  gupdatem - ok
21:36:35.0392 0x208c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:36:35.0392 0x208c  hcw85cir - ok
21:36:35.0439 0x208c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:36:35.0454 0x208c  HdAudAddService - ok
21:36:35.0470 0x208c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:36:35.0486 0x208c  HDAudBus - ok
21:36:35.0501 0x208c  [ 240D715CFE4FB8F4CDA76F6863E62334, B410C88F0D4749AB843E03BB8BA215A8E3F291404C1B68824A5963A2381188FB ] HECI            C:\Windows\system32\drivers\HECI.sys
21:36:35.0517 0x208c  HECI - ok
21:36:35.0532 0x208c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:36:35.0532 0x208c  HidBatt - ok
21:36:35.0548 0x208c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:36:35.0564 0x208c  HidBth - ok
21:36:35.0579 0x208c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:36:35.0595 0x208c  HidIr - ok
21:36:35.0610 0x208c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
21:36:35.0626 0x208c  hidserv - ok
21:36:35.0657 0x208c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:36:35.0657 0x208c  HidUsb - ok
21:36:35.0688 0x208c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:36:35.0688 0x208c  hkmsvc - ok
21:36:35.0704 0x208c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:36:35.0720 0x208c  HomeGroupListener - ok
21:36:35.0735 0x208c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:36:35.0751 0x208c  HomeGroupProvider - ok
21:36:35.0813 0x208c  [ F5F4818A15AF6128A2BADD1B1F102413, E566CA6097502EE411756CD5BE6504B229BB5EAF78E0DA7C485B75E5BE9B0773 ] HP DS Service   C:\Program Files\HP\HPBDSService\HPBDSService.exe
21:36:35.0813 0x208c  HP DS Service - ok
21:36:35.0844 0x208c  [ 3BF3B2F977115DD06475983790032BA7, 47C374EF12C01C7E2A881CD78C874B09F1563F96028289AFF7DB40E3C4BE9CFC ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
21:36:35.0860 0x208c  HP LaserJet Service - ok
21:36:35.0876 0x208c  [ 6F98A555ACF3C1B68FCC1F50E0FD2091, 2A37C2B9BD4B38A6D832CE847B8B65B7AA1E8B38D3463A3502DD4C5E12E5D7EC ] HPFXBULKLEDM    C:\Windows\system32\drivers\hppcbulkio.sys
21:36:35.0876 0x208c  HPFXBULKLEDM - ok
21:36:35.0922 0x208c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:36:35.0922 0x208c  HpSAMD - ok
21:36:35.0954 0x208c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:36:35.0969 0x208c  HTTP - ok
21:36:35.0985 0x208c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:36:35.0985 0x208c  hwpolicy - ok
21:36:36.0000 0x208c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:36:36.0000 0x208c  i8042prt - ok
21:36:36.0016 0x208c  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:36:36.0032 0x208c  iaStorV - ok
21:36:36.0047 0x208c  [ 4817B7C1B4530AE23EABF6B759D766A5, FC67D35FD85D1654B009E6B39DCB377155280822C0DC09B6AB1CE6A15FF579BD ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:36:36.0047 0x208c  IBMPMDRV - ok
21:36:36.0078 0x208c  [ B1EA8FF2601A72BC6A177463FA70B8B3, 9232C43757405B3C390018DA47EB0025DB11B50097AE5FCC2960F81D150584DB ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
21:36:36.0078 0x208c  IBMPMSVC - ok
21:36:36.0141 0x208c  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:36:36.0172 0x208c  idsvc - ok
21:36:36.0250 0x208c  [ FFBDBF55501225FA6D2679FEB4BCD664, C99EC87E08EACEBAAD82428B7B3A31701F44558EB65A36777E1E2C23CD6A7086 ] IDSVix86        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140925.012\IDSvix86.sys
21:36:36.0266 0x208c  IDSVix86 - ok
21:36:36.0640 0x208c  [ 0FEB90F92A8AB77A7E5E6BA052138351, B8AC4EDB2EDA4D0DF1890AEDD53C593630B364B72CE71019EEE824AFBA20885B ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:36:36.0968 0x208c  igfx - ok
21:36:37.0014 0x208c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:36:37.0014 0x208c  iirsp - ok
21:36:37.0061 0x208c  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:36:37.0092 0x208c  IKEEXT - ok
21:36:37.0186 0x208c  [ B35F19AFF279E08B567B281FB2E94291, C29425085182E5E1E8407B29E3449BF1122CC191F1D0AF72A694E8A1B7949F18 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:36:37.0233 0x208c  IntcAzAudAddService - ok
21:36:37.0280 0x208c  [ 7081EFE4EBF9CBBFF4EB5A3AC478DDC5, 014B53477E77FDE4A9B1254EED710658F8BAC2FADE423D13F5141F98EBA3A048 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:36:37.0295 0x208c  IntcDAud - ok
21:36:37.0311 0x208c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:36:37.0326 0x208c  intelide - ok
21:36:37.0358 0x208c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:36:37.0358 0x208c  intelppm - ok
21:36:37.0373 0x208c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:36:37.0389 0x208c  IPBusEnum - ok
21:36:37.0404 0x208c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:36:37.0404 0x208c  IpFilterDriver - ok
21:36:37.0451 0x208c  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:36:37.0467 0x208c  iphlpsvc - ok
21:36:37.0482 0x208c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:36:37.0498 0x208c  IPMIDRV - ok
21:36:37.0514 0x208c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:36:37.0514 0x208c  IPNAT - ok
21:36:37.0592 0x208c  [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:36:37.0607 0x208c  iPod Service - ok
21:36:37.0638 0x208c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:36:37.0638 0x208c  IRENUM - ok
21:36:37.0654 0x208c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:36:37.0654 0x208c  isapnp - ok
21:36:37.0670 0x208c  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:36:37.0685 0x208c  iScsiPrt - ok
21:36:37.0716 0x208c  [ B5170AD27CD5AEA07BF763FED91D2E07, A7A3CDC495CAED49FD99C63589D1D8A7ECFAEB581C28BBD20D65D0777F0C0A02 ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
21:36:37.0716 0x208c  iusb3hcs - ok
21:36:37.0763 0x208c  [ E2602F2D429F24E61EF77233A3FB0286, 39957F80876725BF89CEC8932C83C0FC25B73C6F1BCD725C6DB4360F421C9BD0 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:36:37.0779 0x208c  iusb3hub - ok
21:36:37.0841 0x208c  [ A228090BC88479270279C93DB791EFE9, BACB767408E21D5EC491A857469B86D8337657C7144348486AE5BF069C7E7B32 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:36:37.0857 0x208c  iusb3xhc - ok
21:36:37.0888 0x208c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:36:37.0888 0x208c  kbdclass - ok
21:36:37.0919 0x208c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:36:37.0919 0x208c  kbdhid - ok
21:36:37.0950 0x208c  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\Windows\system32\lsass.exe
21:36:37.0950 0x208c  KeyIso - ok
21:36:37.0982 0x208c  [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:36:37.0982 0x208c  KSecDD - ok
21:36:38.0013 0x208c  [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:36:38.0013 0x208c  KSecPkg - ok
21:36:38.0060 0x208c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:36:38.0075 0x208c  KtmRm - ok
21:36:38.0091 0x208c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:36:38.0106 0x208c  LanmanServer - ok
21:36:38.0138 0x208c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:36:38.0138 0x208c  LanmanWorkstation - ok
21:36:38.0184 0x208c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:36:38.0184 0x208c  lltdio - ok
21:36:38.0216 0x208c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:36:38.0231 0x208c  lltdsvc - ok
21:36:38.0262 0x208c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:36:38.0262 0x208c  lmhosts - ok
21:36:38.0294 0x208c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:36:38.0294 0x208c  LSI_FC - ok
21:36:38.0309 0x208c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:36:38.0309 0x208c  LSI_SAS - ok
21:36:38.0325 0x208c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:36:38.0340 0x208c  LSI_SAS2 - ok
21:36:38.0356 0x208c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:36:38.0356 0x208c  LSI_SCSI - ok
21:36:38.0387 0x208c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:36:38.0387 0x208c  luafv - ok
21:36:38.0418 0x208c  [ 79EC6C0033776F89DD5131241F0170E1, EA958F114DAC06D184735FF8308F0DAA953CA7C0077AF1BBEDC440AAEC2D07A6 ] massfilter      C:\Windows\system32\drivers\massfilter.sys
21:36:38.0418 0x208c  massfilter - ok
21:36:38.0450 0x208c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:36:38.0450 0x208c  Mcx2Svc - ok
21:36:38.0481 0x208c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:36:38.0481 0x208c  megasas - ok
21:36:38.0496 0x208c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:36:38.0512 0x208c  MegaSR - ok
21:36:38.0528 0x208c  [ 240D715CFE4FB8F4CDA76F6863E62334, B410C88F0D4749AB843E03BB8BA215A8E3F291404C1B68824A5963A2381188FB ] MEI             C:\Windows\system32\DRIVERS\HECI.sys
21:36:38.0528 0x208c  MEI - ok
21:36:38.0590 0x208c  Microsoft SharePoint Workspace Audit Service - ok
21:36:38.0606 0x208c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
21:36:38.0621 0x208c  MMCSS - ok
21:36:38.0637 0x208c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
21:36:38.0637 0x208c  Modem - ok
21:36:38.0668 0x208c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:36:38.0668 0x208c  monitor - ok
21:36:38.0684 0x208c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:36:38.0699 0x208c  mouclass - ok
21:36:38.0715 0x208c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:36:38.0715 0x208c  mouhid - ok
21:36:38.0746 0x208c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:36:38.0746 0x208c  mountmgr - ok
21:36:38.0777 0x208c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:36:38.0777 0x208c  mpio - ok
21:36:38.0808 0x208c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:36:38.0824 0x208c  mpsdrv - ok
21:36:38.0871 0x208c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:36:38.0902 0x208c  MpsSvc - ok
21:36:38.0918 0x208c  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:36:38.0918 0x208c  MRxDAV - ok
21:36:38.0933 0x208c  [ B272B4C3E085EA860C12F2E4FAF2FFA2, DA99D8223D9FB7BFA52E66B73D1E1AA47B76B45A649400F7898E8D65D8672E52 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:36:38.0933 0x208c  mrxsmb - ok
21:36:38.0949 0x208c  [ 9AC33EF26C8A3AD0F117D00EB7301D03, 403445B07DC55F9DF98CA11AC87D4231187A2472A4E107786A5845B213355F0A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:36:38.0949 0x208c  mrxsmb10 - ok
21:36:38.0949 0x208c  [ E0ABDB5ED7E199E242A7D028E76C1D3A, 4014A1F0720F6D15A2FB0CF4F1F970595BC29929F92F461CDD68E4513F49563E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:36:38.0964 0x208c  mrxsmb20 - ok
21:36:38.0980 0x208c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:36:38.0980 0x208c  msahci - ok
21:36:38.0996 0x208c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:36:38.0996 0x208c  msdsm - ok
21:36:39.0011 0x208c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\system32\msdtc.exe
21:36:39.0027 0x208c  MSDTC - ok
21:36:39.0027 0x208c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:36:39.0042 0x208c  Msfs - ok
21:36:39.0042 0x208c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:36:39.0042 0x208c  mshidkmdf - ok
21:36:39.0074 0x208c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:36:39.0074 0x208c  msisadrv - ok
21:36:39.0105 0x208c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:36:39.0105 0x208c  MSiSCSI - ok
21:36:39.0120 0x208c  msiserver - ok
21:36:39.0136 0x208c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:36:39.0136 0x208c  MSKSSRV - ok
21:36:39.0152 0x208c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:36:39.0152 0x208c  MSPCLOCK - ok
21:36:39.0167 0x208c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:36:39.0167 0x208c  MSPQM - ok
21:36:39.0183 0x208c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:36:39.0183 0x208c  MsRPC - ok
21:36:39.0198 0x208c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:36:39.0198 0x208c  mssmbios - ok
21:36:39.0214 0x208c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:36:39.0214 0x208c  MSTEE - ok
21:36:39.0230 0x208c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:36:39.0230 0x208c  MTConfig - ok
21:36:39.0261 0x208c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:36:39.0261 0x208c  Mup - ok
21:36:39.0308 0x208c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
21:36:39.0323 0x208c  napagent - ok
21:36:39.0370 0x208c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:36:39.0370 0x208c  NativeWifiP - ok
21:36:39.0464 0x208c  [ 339D6CD79DFCB48EF125A89949ED54B4, D3C6F56363F0FA9A45C3560816DD7533C7D15D7DCC78346A4A48C29EA86D9439 ] NAVENG          C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140925.009\NAVENG.SYS
21:36:39.0464 0x208c  NAVENG - ok
21:36:39.0542 0x208c  [ 2061D3961C053AA0C55A20F6184DA4CF, 4D50107E7245ED58B943BA536B6B69A6C7465202DCE78135BB0FD5EF2EF02FB3 ] NAVEX15         C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140925.009\NAVEX15.SYS
21:36:39.0588 0x208c  NAVEX15 - ok
21:36:39.0620 0x208c  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:36:39.0635 0x208c  NDIS - ok
21:36:39.0651 0x208c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:36:39.0651 0x208c  NdisCap - ok
21:36:39.0682 0x208c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:36:39.0682 0x208c  NdisTapi - ok
21:36:39.0698 0x208c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:36:39.0698 0x208c  Ndisuio - ok
21:36:39.0713 0x208c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:39.0729 0x208c  NdisWan - ok
21:36:39.0744 0x208c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:36:39.0744 0x208c  NDProxy - ok
21:36:39.0776 0x208c  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:36:39.0776 0x208c  Net Driver HPZ12 - ok
21:36:39.0807 0x208c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:36:39.0807 0x208c  NetBIOS - ok
21:36:39.0822 0x208c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:36:39.0838 0x208c  NetBT - ok
21:36:39.0854 0x208c  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\Windows\system32\lsass.exe
21:36:39.0854 0x208c  Netlogon - ok
21:36:39.0885 0x208c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
21:36:39.0900 0x208c  Netman - ok
21:36:39.0932 0x208c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
21:36:39.0947 0x208c  netprofm - ok
21:36:39.0978 0x208c  [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:36:39.0978 0x208c  NetTcpPortSharing - ok
21:36:40.0025 0x208c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:36:40.0025 0x208c  nfrd960 - ok
21:36:40.0056 0x208c  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:36:40.0056 0x208c  NlaSvc - ok
21:36:40.0072 0x208c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:36:40.0072 0x208c  Npfs - ok
21:36:40.0088 0x208c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
21:36:40.0103 0x208c  nsi - ok
21:36:40.0103 0x208c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:36:40.0119 0x208c  nsiproxy - ok
21:36:40.0181 0x208c  [ 33C3093D09017CFE2E219F2472BFF6EB, DE46C7A53C3606F036DED1EE8A81B79CAF3171A7E97DA2F71712E2DA046A262E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:36:40.0228 0x208c  Ntfs - ok
21:36:40.0244 0x208c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
21:36:40.0244 0x208c  Null - ok
21:36:40.0275 0x208c  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:36:40.0275 0x208c  nvraid - ok
21:36:40.0306 0x208c  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:36:40.0322 0x208c  nvstor - ok
21:36:40.0337 0x208c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:36:40.0337 0x208c  nv_agp - ok
21:36:40.0353 0x208c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:36:40.0353 0x208c  ohci1394 - ok
21:36:40.0415 0x208c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:40.0431 0x208c  ose - ok
21:36:40.0602 0x208c  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:36:40.0680 0x208c  osppsvc - ok
21:36:40.0712 0x208c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:36:40.0727 0x208c  p2pimsvc - ok
21:36:40.0758 0x208c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:36:40.0774 0x208c  p2psvc - ok
21:36:40.0805 0x208c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
21:36:40.0805 0x208c  Parport - ok
21:36:40.0836 0x208c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:36:40.0852 0x208c  partmgr - ok
21:36:40.0852 0x208c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:36:40.0868 0x208c  Parvdm - ok
21:36:40.0883 0x208c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:36:40.0883 0x208c  PcaSvc - ok
21:36:40.0914 0x208c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
21:36:40.0930 0x208c  pci - ok
21:36:40.0930 0x208c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:36:40.0946 0x208c  pciide - ok
21:36:40.0961 0x208c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:36:40.0961 0x208c  pcmcia - ok
21:36:40.0977 0x208c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:36:40.0992 0x208c  pcw - ok
21:36:41.0024 0x208c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:36:41.0039 0x208c  PEAUTH - ok
21:36:41.0102 0x208c  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:36:41.0148 0x208c  PeerDistSvc - ok
21:36:41.0211 0x208c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
21:36:41.0242 0x208c  pla - ok
21:36:41.0304 0x208c  [ 92DC6E68D2C856C5C2F21AE9E22112B8, EFAA27886A05E57E629A9EFC3671D9D64144795EDF55438A676F5B43E59BE3FC ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:36:41.0320 0x208c  PlugPlay - ok
21:36:41.0320 0x208c  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:36:41.0336 0x208c  Pml Driver HPZ12 - ok
21:36:41.0351 0x208c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:36:41.0367 0x208c  PNRPAutoReg - ok
21:36:41.0382 0x208c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:36:41.0398 0x208c  PNRPsvc - ok
21:36:41.0460 0x208c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:36:41.0476 0x208c  PolicyAgent - ok
21:36:41.0507 0x208c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
21:36:41.0507 0x208c  Power - ok
21:36:41.0554 0x208c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:36:41.0554 0x208c  PptpMiniport - ok
21:36:41.0570 0x208c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
21:36:41.0570 0x208c  Processor - ok
21:36:41.0601 0x208c  [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:36:41.0601 0x208c  ProfSvc - ok
21:36:41.0616 0x208c  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
21:36:41.0632 0x208c  ProtectedStorage - ok
21:36:41.0648 0x208c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:36:41.0663 0x208c  Psched - ok
21:36:41.0726 0x208c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:36:41.0772 0x208c  ql2300 - ok
21:36:41.0788 0x208c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:36:41.0788 0x208c  ql40xx - ok
21:36:41.0835 0x208c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
21:36:41.0850 0x208c  QWAVE - ok
21:36:41.0866 0x208c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:36:41.0866 0x208c  QWAVEdrv - ok
21:36:41.0866 0x208c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:36:41.0882 0x208c  RasAcd - ok
21:36:41.0913 0x208c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:41.0913 0x208c  RasAgileVpn - ok
21:36:41.0928 0x208c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
21:36:41.0928 0x208c  RasAuto - ok
21:36:41.0944 0x208c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:41.0944 0x208c  Rasl2tp - ok
21:36:41.0991 0x208c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
21:36:42.0006 0x208c  RasMan - ok
21:36:42.0022 0x208c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:42.0022 0x208c  RasPppoe - ok
21:36:42.0038 0x208c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:36:42.0038 0x208c  RasSstp - ok
21:36:42.0053 0x208c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:36:42.0069 0x208c  rdbss - ok
21:36:42.0084 0x208c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:36:42.0084 0x208c  rdpbus - ok
21:36:42.0084 0x208c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:36:42.0084 0x208c  RDPCDD - ok
21:36:42.0116 0x208c  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:36:42.0116 0x208c  RDPDR - ok
21:36:42.0162 0x208c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:36:42.0162 0x208c  RDPENCDD - ok
21:36:42.0178 0x208c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:36:42.0178 0x208c  RDPREFMP - ok
21:36:42.0194 0x208c  [ 288B06960D78428FF89E811632684E20, 82FB13C2749637E172381C9C205080921A45453191B6246C5D3FE946A06D17F5 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:36:42.0209 0x208c  RDPWD - ok
21:36:42.0240 0x208c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:36:42.0240 0x208c  rdyboost - ok
21:36:42.0272 0x208c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:36:42.0272 0x208c  RemoteAccess - ok
21:36:42.0318 0x208c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:36:42.0318 0x208c  RemoteRegistry - ok
21:36:42.0350 0x208c  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:36:42.0350 0x208c  RFCOMM - ok
21:36:42.0365 0x208c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:36:42.0365 0x208c  RpcEptMapper - ok
21:36:42.0381 0x208c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
21:36:42.0381 0x208c  RpcLocator - ok
21:36:42.0412 0x208c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
21:36:42.0428 0x208c  RpcSs - ok
21:36:42.0459 0x208c  [ FB8911952B0BD7990F29B7CF8D6BD67B, D855D3AA5648EFB6DCF27B3B39177C7AEB6349A114E29CA68F64835D40A2222C ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
21:36:42.0474 0x208c  RSP2STOR - ok
21:36:42.0490 0x208c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:36:42.0506 0x208c  rspndr - ok
21:36:42.0521 0x208c  [ C7E3AE2266BFD4E8A7E10C6C5D11A9AD, 6F5547D049A2803EA31BE2D12F9DFD122A37A17AD915FF3B8C3642C71D8DD239 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
21:36:42.0537 0x208c  RTL8169 - ok
21:36:42.0584 0x208c  [ 2F6C88E7ECB49CAF59843A8A941D6E70, 236BE48ACE1D9E0812955E74B65D6C725C0092084DCE1BABFDDCB60EDC507F8E ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
21:36:42.0599 0x208c  RTL8192Ce - ok
21:36:42.0615 0x208c  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:36:42.0615 0x208c  s3cap - ok
21:36:42.0630 0x208c  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\Windows\system32\lsass.exe
21:36:42.0630 0x208c  SamSs - ok
21:36:42.0662 0x208c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:36:42.0662 0x208c  sbp2port - ok
21:36:42.0693 0x208c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:36:42.0708 0x208c  SCardSvr - ok
21:36:42.0740 0x208c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:36:42.0740 0x208c  scfilter - ok
21:36:42.0802 0x208c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
21:36:42.0833 0x208c  Schedule - ok
21:36:42.0849 0x208c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:36:42.0849 0x208c  SCPolicySvc - ok
21:36:42.0864 0x208c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:36:42.0880 0x208c  SDRSVC - ok
21:36:42.0896 0x208c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:36:42.0896 0x208c  secdrv - ok
21:36:42.0896 0x208c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
21:36:42.0896 0x208c  seclogon - ok
21:36:42.0911 0x208c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
21:36:42.0927 0x208c  SENS - ok
21:36:42.0942 0x208c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:36:42.0942 0x208c  SensrSvc - ok
21:36:43.0036 0x208c  [ 18E1127C5341E2F037439033EE0D0D4B, 74ABC4EC09F7050A35C353D2367900CBD92ADD4785CF379CBD46DFAADAFE8844 ] SepMasterService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
21:36:43.0036 0x208c  SepMasterService - ok
21:36:43.0052 0x208c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:36:43.0052 0x208c  Serenum - ok
21:36:43.0083 0x208c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
21:36:43.0083 0x208c  Serial - ok
21:36:43.0114 0x208c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:36:43.0114 0x208c  sermouse - ok
21:36:43.0161 0x208c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:36:43.0161 0x208c  SessionEnv - ok
21:36:43.0176 0x208c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:36:43.0192 0x208c  sffdisk - ok
21:36:43.0208 0x208c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:36:43.0208 0x208c  sffp_mmc - ok
21:36:43.0223 0x208c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:36:43.0223 0x208c  sffp_sd - ok
21:36:43.0223 0x208c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:36:43.0239 0x208c  sfloppy - ok
21:36:43.0286 0x208c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:36:43.0301 0x208c  SharedAccess - ok
21:36:43.0317 0x208c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:36:43.0332 0x208c  ShellHWDetection - ok
21:36:43.0364 0x208c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:36:43.0364 0x208c  sisagp - ok
21:36:43.0395 0x208c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:36:43.0395 0x208c  SiSRaid2 - ok
21:36:43.0410 0x208c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:36:43.0426 0x208c  SiSRaid4 - ok
21:36:43.0488 0x208c  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:36:43.0504 0x208c  SkypeUpdate - ok
21:36:43.0520 0x208c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:36:43.0535 0x208c  Smb - ok
21:36:43.0644 0x208c  [ 274D13E3AA30BD8F86165FC0B662894E, B15577BD69C8D4014D61EA04E8E4A4EE84F8FFB0F5E888CB4130C2014E9A146C ] SmcService      C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
21:36:43.0676 0x208c  SmcService - ok
21:36:43.0691 0x208c  [ 7C6085C72FE7415B2E643990FB484CCB, 560E89AABD456F4EA48AA9E157BF3846530281BED206D4D6DDF7341B31CBC226 ] SNAC            C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\snac.exe
21:36:43.0707 0x208c  SNAC - ok
21:36:43.0738 0x208c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:36:43.0738 0x208c  SNMPTRAP - ok
21:36:43.0754 0x208c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:36:43.0754 0x208c  spldr - ok
21:36:43.0769 0x208c  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
21:36:43.0785 0x208c  Spooler - ok
21:36:43.0878 0x208c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
21:36:43.0925 0x208c  sppsvc - ok
21:36:43.0941 0x208c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:36:43.0941 0x208c  sppuinotify - ok
21:36:44.0034 0x208c  [ D52D335CEF10FA933141863100226610, 40A545972E5D8B58DD7746D7BFEE7829F7061B70BA214381ECA5A324EC3655F1 ] SRTSP           C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSP.SYS
21:36:44.0050 0x208c  SRTSP - ok
21:36:44.0081 0x208c  [ FE9BD381778A344F0E39AE2D5E607D7F, 04F7EEE5ADF802BE120CFC730D5D5B97AF561278ABDE3C094E43174886C3867B ] SRTSPX          C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSPX.SYS
21:36:44.0081 0x208c  SRTSPX - ok
21:36:44.0097 0x208c  [ 112127C3B2E64D7680CC39CD0A39DD7E, ABE8B868CFE0EF4DAF886517047DBFD5A9C964983FAA499AC086CCD45BA46366 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:36:44.0112 0x208c  srv - ok
21:36:44.0128 0x208c  [ E5DD784A4EE5EBC72A86C677C988FCDB, 5D54C9AF291F8047DD66C31671F279A5D7EE8BCB5E55640F5F976E16211F59DD ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:36:44.0144 0x208c  srv2 - ok
21:36:44.0159 0x208c  [ CDBE627E16CC9E98F343D73F8E81D258, 25A68A6F943FCBA79A0D97ABC5B2EAEEB65C268F1CB2DD445ABF7E2758DF2802 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:36:44.0159 0x208c  srvnet - ok
21:36:44.0190 0x208c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:36:44.0190 0x208c  SSDPSRV - ok
21:36:44.0222 0x208c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:36:44.0222 0x208c  SstpSvc - ok
21:36:44.0237 0x208c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:36:44.0237 0x208c  stexstor - ok
21:36:44.0284 0x208c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:36:44.0300 0x208c  StiSvc - ok
21:36:44.0315 0x208c  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:36:44.0331 0x208c  storflt - ok
21:36:44.0331 0x208c  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
21:36:44.0331 0x208c  StorSvc - ok
21:36:44.0362 0x208c  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:36:44.0362 0x208c  storvsc - ok
21:36:44.0378 0x208c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:36:44.0378 0x208c  swenum - ok
21:36:44.0393 0x208c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
21:36:44.0409 0x208c  swprv - ok
21:36:44.0440 0x208c  [ FBB45518D08A7010E804234188D8CB3F, CB8AD5BB61F1952029ACD43BD90AC2F2E2D5FDA5217EDC1D65E61A53990052B1 ] SyDvCtrl        C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SyDvCtrl32.sys
21:36:44.0440 0x208c  SyDvCtrl - ok
21:36:44.0471 0x208c  [ 5A193E5E0F0A776430E5D62A051C1E16, A65E927581CD92F9769F540D3292EF12299273F9EEE99DECAE01E2B52B8DB465 ] SymDS           C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMDS.SYS
21:36:44.0487 0x208c  SymDS - ok
21:36:44.0549 0x208c  [ 68762EF9ED8A8D4A07112B3E3590EA29, 1D07F12351F5CC0D296841D7084159BB547CB76209F10E7117E851750B66497A ] SymEFA          C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMEFA.SYS
21:36:44.0580 0x208c  SymEFA - ok
21:36:44.0596 0x208c  [ E987A9CB539147527F56943BB34B7375, 4627C3E237549587B53CBD0D89AC2CEFF03C04F7624E2868936BCE5D70496AFD ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
21:36:44.0596 0x208c  SymEvent - ok
21:36:44.0643 0x208c  [ 34A34E3E3B37E36DA570489ABE7A9AE0, E72E6F8EE1194FDE4750CFFAF1817B2F277845F41FABD56B4C2B8F0F50C6B2D3 ] SymIRON         C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\Ironx86.SYS
21:36:44.0643 0x208c  SymIRON - ok
21:36:44.0674 0x208c  [ 51165F9280509289CE1B1959275240F4, 51F7ACE923D94A4C8D01729177577560C8E86523F7E6BA3717F8C722FB7A241C ] SYMNETS         C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMNETS.SYS
21:36:44.0674 0x208c  SYMNETS - ok
21:36:44.0752 0x208c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
21:36:44.0799 0x208c  SysMain - ok
21:36:44.0830 0x208c  [ 5A9A5CE08168E6D23BED96B97E002DF9, 498B5CDCEFFC49AB20FF8A82B5D621F2A55776EFAFA1A025BDDDBBBE991063E0 ] SysPlant        C:\Windows\system32\Drivers\SysPlant.sys
21:36:44.0830 0x208c  SysPlant - ok
21:36:44.0846 0x208c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
21:36:44.0861 0x208c  TabletInputService - ok
21:36:44.0892 0x208c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:36:44.0908 0x208c  TapiSrv - ok
21:36:44.0924 0x208c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
21:36:44.0924 0x208c  TBS - ok
21:36:45.0002 0x208c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:36:45.0048 0x208c  Tcpip - ok
21:36:45.0080 0x208c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:36:45.0111 0x208c  TCPIP6 - ok
21:36:45.0126 0x208c  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:36:45.0126 0x208c  tcpipreg - ok
21:36:45.0142 0x208c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:36:45.0142 0x208c  TDPIPE - ok
21:36:45.0158 0x208c  [ 2C10395BAA4847F83042813C515CC289, CBC058AE2EB6AA5905F9D2EF52573E1C06330462952E6D6E7083F8DB2C441E3E ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:36:45.0158 0x208c  TDTCP - ok
21:36:45.0173 0x208c  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:36:45.0173 0x208c  tdx - ok
21:36:45.0220 0x208c  [ 1ACE75CCABF098F96ED839C8AB45B9ED, 48CCA0025B42973448B390CCDD8279D021B1A9255B1AF1B0BC0A6EE993CC4E40 ] Teefer2         C:\Windows\system32\DRIVERS\Teefer.sys
21:36:45.0220 0x208c  Teefer2 - ok
21:36:45.0236 0x208c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:36:45.0236 0x208c  TermDD - ok
21:36:45.0298 0x208c  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
21:36:45.0314 0x208c  TermService - ok
21:36:45.0329 0x208c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
21:36:45.0345 0x208c  Themes - ok
21:36:45.0360 0x208c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:36:45.0360 0x208c  THREADORDER - ok
21:36:45.0392 0x208c  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:36:45.0392 0x208c  TPM - ok
21:36:45.0407 0x208c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
21:36:45.0407 0x208c  TrkWks - ok
21:36:45.0454 0x208c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:36:45.0470 0x208c  TrustedInstaller - ok
21:36:45.0485 0x208c  [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:36:45.0485 0x208c  tssecsrv - ok
21:36:45.0501 0x208c  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:36:45.0516 0x208c  TsUsbFlt - ok
21:36:45.0516 0x208c  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:36:45.0532 0x208c  TsUsbGD - ok
21:36:45.0563 0x208c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:36:45.0563 0x208c  tunnel - ok
21:36:45.0579 0x208c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:36:45.0579 0x208c  uagp35 - ok
21:36:45.0610 0x208c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:36:45.0626 0x208c  udfs - ok
21:36:45.0688 0x208c  [ D1D70D3A1AE2282448D7DED10C37F8C9, 915B6F17272365E2A0F7107D28D0631120613F0908D34B351F7B3AAA1955A476 ] UI Assistant Service C:\Program Files\Reliance 3G\AssistantServices.exe
21:36:45.0704 0x208c  UI Assistant Service - ok
21:36:45.0719 0x208c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:36:45.0735 0x208c  UI0Detect - ok
21:36:45.0766 0x208c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:36:45.0766 0x208c  uliagpkx - ok
21:36:45.0782 0x208c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:36:45.0797 0x208c  umbus - ok
21:36:45.0813 0x208c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:36:45.0813 0x208c  UmPass - ok
21:36:45.0828 0x208c  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:36:45.0844 0x208c  UmRdpService - ok
21:36:45.0860 0x208c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
21:36:45.0875 0x208c  upnphost - ok
21:36:45.0922 0x208c  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:36:45.0922 0x208c  USBAAPL - ok
21:36:45.0969 0x208c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:36:45.0969 0x208c  usbccgp - ok
21:36:45.0984 0x208c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:36:46.0000 0x208c  usbcir - ok
21:36:46.0031 0x208c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:36:46.0031 0x208c  usbehci - ok
21:36:46.0062 0x208c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:36:46.0062 0x208c  usbhub - ok
21:36:46.0094 0x208c  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:36:46.0094 0x208c  usbohci - ok
21:36:46.0109 0x208c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:36:46.0109 0x208c  usbprint - ok
21:36:46.0140 0x208c  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:36:46.0140 0x208c  usbscan - ok
21:36:46.0156 0x208c  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:36:46.0172 0x208c  USBSTOR - ok
21:36:46.0172 0x208c  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:36:46.0187 0x208c  usbuhci - ok
21:36:46.0203 0x208c  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:36:46.0218 0x208c  usbvideo - ok
21:36:46.0250 0x208c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
21:36:46.0250 0x208c  UxSms - ok
21:36:46.0265 0x208c  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\Windows\system32\lsass.exe
21:36:46.0265 0x208c  VaultSvc - ok
21:36:46.0296 0x208c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:36:46.0296 0x208c  vdrvroot - ok
21:36:46.0328 0x208c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
21:36:46.0359 0x208c  vds - ok
21:36:46.0390 0x208c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:46.0390 0x208c  vga - ok
21:36:46.0406 0x208c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:36:46.0421 0x208c  VgaSave - ok
21:36:46.0437 0x208c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:36:46.0437 0x208c  vhdmp - ok
21:36:46.0468 0x208c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:36:46.0468 0x208c  viaagp - ok
21:36:46.0484 0x208c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:36:46.0499 0x208c  ViaC7 - ok
21:36:46.0515 0x208c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:36:46.0515 0x208c  viaide - ok
21:36:46.0530 0x208c  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:36:46.0530 0x208c  vmbus - ok
21:36:46.0546 0x208c  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:36:46.0562 0x208c  VMBusHID - ok
21:36:46.0562 0x208c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:36:46.0577 0x208c  volmgr - ok
21:36:46.0593 0x208c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:36:46.0608 0x208c  volmgrx - ok
21:36:46.0624 0x208c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:36:46.0640 0x208c  volsnap - ok
21:36:46.0686 0x208c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:36:46.0702 0x208c  vsmraid - ok
21:36:46.0764 0x208c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
21:36:46.0796 0x208c  VSS - ok
21:36:46.0811 0x208c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:36:46.0811 0x208c  vwifibus - ok
21:36:46.0827 0x208c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:36:46.0827 0x208c  vwififlt - ok
21:36:46.0858 0x208c  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:36:46.0858 0x208c  vwifimp - ok
21:36:46.0889 0x208c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
21:36:46.0905 0x208c  W32Time - ok
21:36:46.0920 0x208c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:36:46.0920 0x208c  WacomPen - ok
21:36:46.0952 0x208c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:36:46.0952 0x208c  WANARP - ok
21:36:46.0952 0x208c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:36:46.0967 0x208c  Wanarpv6 - ok
21:36:47.0030 0x208c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
21:36:47.0061 0x208c  wbengine - ok
21:36:47.0076 0x208c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:36:47.0092 0x208c  WbioSrvc - ok
21:36:47.0108 0x208c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:36:47.0123 0x208c  wcncsvc - ok
21:36:47.0123 0x208c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:36:47.0139 0x208c  WcsPlugInService - ok
21:36:47.0154 0x208c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
21:36:47.0154 0x208c  Wd - ok
21:36:47.0186 0x208c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:36:47.0201 0x208c  Wdf01000 - ok
21:36:47.0217 0x208c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:36:47.0217 0x208c  WdiServiceHost - ok
21:36:47.0217 0x208c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:36:47.0217 0x208c  WdiSystemHost - ok
21:36:47.0232 0x208c  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
21:36:47.0248 0x208c  WebClient - ok
21:36:47.0264 0x208c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:36:47.0264 0x208c  Wecsvc - ok
21:36:47.0279 0x208c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:36:47.0279 0x208c  wercplsupport - ok
21:36:47.0310 0x208c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
21:36:47.0310 0x208c  WerSvc - ok
21:36:47.0342 0x208c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:47.0342 0x208c  WfpLwf - ok
21:36:47.0357 0x208c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:36:47.0357 0x208c  WIMMount - ok
21:36:47.0451 0x208c  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:36:47.0482 0x208c  WinDefend - ok
21:36:47.0482 0x208c  WinHttpAutoProxySvc - ok
21:36:47.0529 0x208c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:36:47.0544 0x208c  Winmgmt - ok
21:36:47.0607 0x208c  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:36:47.0638 0x208c  WinRM - ok
21:36:47.0685 0x208c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:36:47.0685 0x208c  WinUsb - ok
21:36:47.0732 0x208c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:36:47.0763 0x208c  Wlansvc - ok
21:36:47.0794 0x208c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:36:47.0794 0x208c  WmiAcpi - ok
21:36:47.0810 0x208c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:36:47.0825 0x208c  wmiApSrv - ok
21:36:47.0919 0x208c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:36:47.0934 0x208c  WMPNetworkSvc - ok
21:36:47.0966 0x208c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:36:47.0966 0x208c  WPCSvc - ok
21:36:47.0981 0x208c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:36:47.0981 0x208c  WPDBusEnum - ok
21:36:47.0997 0x208c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:36:47.0997 0x208c  ws2ifsl - ok
21:36:48.0012 0x208c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:36:48.0012 0x208c  wscsvc - ok
21:36:48.0012 0x208c  WSearch - ok
21:36:48.0122 0x208c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:36:48.0168 0x208c  wuauserv - ok
21:36:48.0184 0x208c  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:36:48.0184 0x208c  WudfPf - ok
21:36:48.0200 0x208c  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:48.0200 0x208c  WUDFRd - ok
21:36:48.0215 0x208c  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:36:48.0215 0x208c  wudfsvc - ok
21:36:48.0246 0x208c  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:36:48.0246 0x208c  WwanSvc - ok
21:36:48.0340 0x208c  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:36:48.0356 0x208c  YahooAUService - ok
21:36:48.0402 0x208c  [ DF515E1D9B4A510AC60CFD7F77CF466E, EE739777E7A3918D5AA596E4AAAB87C698BD2D8DF1C543E9E14E0253E3FCBFCA ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
21:36:48.0418 0x208c  ZTEusbmdm6k - ok
21:36:48.0449 0x208c  [ DF515E1D9B4A510AC60CFD7F77CF466E, EE739777E7A3918D5AA596E4AAAB87C698BD2D8DF1C543E9E14E0253E3FCBFCA ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
21:36:48.0465 0x208c  ZTEusbnmea - ok
21:36:48.0480 0x208c  [ DF515E1D9B4A510AC60CFD7F77CF466E, EE739777E7A3918D5AA596E4AAAB87C698BD2D8DF1C543E9E14E0253E3FCBFCA ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
21:36:48.0480 0x208c  ZTEusbser6k - ok
21:36:48.0527 0x208c  ================ Scan global ===============================
21:36:48.0558 0x208c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
21:36:48.0605 0x208c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
21:36:48.0621 0x208c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
21:36:48.0668 0x208c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
21:36:48.0699 0x208c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
21:36:48.0714 0x208c  [ Global ] - ok
21:36:48.0714 0x208c  ================ Scan MBR ==================================
21:36:48.0730 0x208c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:36:49.0011 0x208c  \Device\Harddisk0\DR0 - ok
21:36:49.0011 0x208c  ================ Scan VBR ==================================
21:36:49.0011 0x208c  [ F0AE02B48FFD5C5CD147AE7E0CE3D936 ] \Device\Harddisk0\DR0\Partition1
21:36:49.0011 0x208c  \Device\Harddisk0\DR0\Partition1 - ok
21:36:49.0026 0x208c  [ 58AF6936A701D1D063E1A52F26329513 ] \Device\Harddisk0\DR0\Partition2
21:36:49.0026 0x208c  \Device\Harddisk0\DR0\Partition2 - ok
21:36:49.0026 0x208c  ================ Scan generic autorun ======================
21:36:49.0073 0x208c  [ 901AA7A38CE13F14B6BBEC38C0595698, 1E95F2048E2A1782807D52E9816ED267355718E24D01FF07ACE73D965EDE388A ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
21:36:49.0073 0x208c  BCSSync - ok
21:36:49.0401 0x208c  [ 12D1EEAD02D252BDC7ED282CAC2DF789, 26A1A02289F04E63B2C018DA6DDD17C03DFBF3C3B4A95BE2FF2F5A9CAAE8F968 ] C:\Program Files\Microsoft Lync\communicator.exe
21:36:49.0572 0x208c  Communicator - ok
21:36:49.0697 0x208c  [ 2C58B1EB89CC3AD3D3CA9E989EDAD3F0, 14FFAF5FF87011E607A4F08E28382C5157C37B669057098F5EA403EA66585050 ] C:\Program Files\Elantech\ETDCtrl.exe
21:36:49.0744 0x208c  ETDCtrl - ok
21:36:49.0775 0x208c  [ 8AAFC7B494D21A1A366067CA9DC61840, FE7CED748EE2858851C1B10B6EB565C5576B2353D17C34117EC5FB84E78457BA ] C:\Windows\system32\igfxtray.exe
21:36:49.0775 0x208c  IgfxTray - ok
21:36:49.0806 0x208c  [ 691C3ADE4489345BF6775CE61B05187C, E2D9F5B0C3E8BBD2DF7B1FE35891D543CA7B457257CF242AC3EE3D033AD9D140 ] C:\Windows\system32\hkcmd.exe
21:36:49.0822 0x208c  HotKeysCmds - ok
21:36:49.0838 0x208c  [ F744CAB92C6CA7FD93A98AB812742C20, A70CA370CCA7D2ADCB2E68EEEBADED93F53C36A0CD3E9935A37B2BF24BAAF252 ] C:\Windows\system32\igfxpers.exe
21:36:49.0838 0x208c  Persistence - ok
21:36:50.0165 0x208c  [ 92795FA4A2057713ABF46948B5D5D461, B158DB385C76FAD9AFF0E5D5E982423F905B9A683D293B4A6C48B4CF38151C37 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
21:36:50.0321 0x208c  RTHDVCPL - ok
21:36:50.0352 0x208c  [ B2A7E1DC804D2E018BD33DB11225A574, F3D378F76341D9E155A96D1867523E23151650374C909D413D181BF1F34ADF51 ] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
21:36:50.0368 0x208c  RtHDVBg_Dolby - ok
21:36:50.0399 0x208c  [ 7DA47BA3AA5E202B4B6FF113348BF9B7, A4FBE1C557B00C27957D209AC0752ECFEC13C91CFA25B085F5A5A906E51E0D02 ] C:\Program Files\Reliance 3G\UIExec.exe
21:36:50.0399 0x208c  UIExec - ok
21:36:50.0462 0x208c  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
21:36:50.0477 0x208c  SunJavaUpdateSched - ok
21:36:50.0540 0x208c  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
21:36:50.0540 0x208c  HP Software Update - ok
21:36:50.0649 0x208c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:36:50.0664 0x208c  Sidebar - ok
21:36:50.0727 0x208c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:36:50.0727 0x208c  mctadmin - ok
21:36:50.0774 0x208c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:36:50.0805 0x208c  Sidebar - ok
21:36:50.0820 0x208c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:36:50.0820 0x208c  mctadmin - ok
21:36:50.0852 0x208c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:36:50.0867 0x208c  Sidebar - ok
21:36:50.0867 0x208c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:36:50.0867 0x208c  mctadmin - ok
21:36:50.0976 0x208c  [ 97A20CF7C3352915C96ECB7D03E2F4AF, B3F8B80ADC222773A31D467A97797BB46BA668C4BB300BDA31A56DCFC989172E ] C:\Users\299985\AppData\Local\Citrix\ICA Client\concentr.exe
21:36:50.0976 0x208c  ConnectionCenter - ok
21:36:50.0976 0x208c  Waiting for KSN requests completion. In queue: 82
21:36:51.0991 0x208c  Waiting for KSN requests completion. In queue: 82
21:36:53.0005 0x208c  Waiting for KSN requests completion. In queue: 82
21:36:54.0019 0x208c  Waiting for KSN requests completion. In queue: 82
21:36:55.0111 0x208c  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\WSCSavNotifier.exe ( 12.1.4013.4013 ), 0x71000 ( enabled : updated )
21:36:55.0126 0x208c  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe ( 12.1.4013.4013 ), 0x40010 ( disabled )
21:36:55.0126 0x208c  Win FW state via NFP2: enabled
21:36:58.0855 0x208c  ============================================================
21:36:58.0855 0x208c  Scan finished
21:36:58.0855 0x208c  ============================================================
21:36:58.0855 0x0cf8  Detected object count: 0
21:36:58.0855 0x0cf8  Actual detected object count: 0
21:37:06.0842 0x1d2c  Deinitialize success



#4 pgangar

pgangar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 25 September 2014 - 11:49 PM

Hello, 
I am not sure whether you wanted the last log as attachment or posted inline in the response, hence I posted the same inline above and am attaching the same here. Hope it's fine and I didn't cause any trouble to you. 
 
Thanks for your help.

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 26 September 2014 - 06:21 AM

Did you set this proxy?

 

 

172.17.24.28:8003


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 pgangar

pgangar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 27 September 2014 - 01:34 PM

Hi,

Yes, this is my office laptop issued from my home country and over there the IT admin had entered this proxy.

 

Regards,

Parin



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 29 September 2014 - 04:41 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 pgangar

pgangar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 29 September 2014 - 10:17 PM

Here's the first log - 

# AdwCleaner v3.310 - Report created 29/09/2014 at 19:58:14
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : 299985 - INFVA1271
# Running from : C:\Users\299985\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\299985\AppData\Local\Temp\webget

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Bitberry Software
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\InstallCore

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.18487


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\299985\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2715 octets] - [29/09/2014 19:57:06]
AdwCleaner[S0].txt - [2522 octets] - [29/09/2014 19:58:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2582 octets] ##########



#9 pgangar

pgangar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 29 September 2014 - 10:22 PM

Here's the next log - 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Professional x86
Ran by 299985 on 09-29-2014 at 20:17:57.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09-29-2014 at 20:20:32.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 pgangar

pgangar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 29 September 2014 - 10:30 PM

Here's the final log - 

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#11 pgangar

pgangar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 29 September 2014 - 10:31 PM

Please note that I had disabled the AV before running JRT.exe and had forgotten to enable it back before running the third security check file. I have now turned it back ON. 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 30 September 2014 - 09:09 AM

Are any issues left or may I post the last reply?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 pgangar

pgangar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 01 October 2014 - 02:17 PM

Hi,

I logged in to Skype and while testing the audio/video found this adchoice coming in the right. Is this driven by Skype (because of the free account) or is it still in my computer?



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 04 October 2014 - 07:54 AM

These ads are legit and belong to the free Skype, yes. :)

 

 

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 13 October 2014 - 08:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users