Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with unknown malware


  • This topic is locked This topic is locked
22 replies to this topic

#1 niado

niado

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 11 November 2014 - 03:34 PM

I hope this request is appropriate for this board, if not I apologize in advance.

 

History:

Machine resides in an unmanaged lab environment with access to the internet. This machine was infected with various malware over the preceding 6 months.

 

Following adware applications were noted as being installed before I became involved:

APPLICATION    VENDOR                 INSTALL DATE
Assistant            Verified Publisher    3/25/2014
BItSaVVeir          BItSaver                  7/2/2014
RoboSSaver      RoboSavEru            6/12/2014

 

Recently (10-24-2014), the machine began causing a DNS flood, making DNS requests to an assortment of websites (thousands of DNS requests per second). Based on DNS logs, the machine constantly attempts to access various websites, periodically bursting to a large enough number to trigger DNS flood detection mechanisms.

 

This is the activity that caught my attention. I discovered and disconnected this machine from LAN and internet on 11-3-2014.

 

Before the machine was discovered by me, malwarebytes and Avast! free antivirus were ran on it, removing some malware. The periodic DNS floods continued after this attempted "fix". I did run malwarebytes on the machine again after discovering it, and it did not detect anything. There are currently no readily apparrant signs of infection, aside from the DNS queries.

 

I considered wiping the machine, but I would very much like to determine the root cause of this infection for future reference.

 

DDS logs are pasted below and attached per board instructions. I also attached a list of the websites that were queried in 1 second during one of the detected DNS floods.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by tubbs-diag at 14:05:19 on 2014-11-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16338.13519 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\lkads.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\lkcitdl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
mSearch Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIERRO~2.LNK - C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIERRO~1.LNK - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{ADC568AF-BC50-47E6-97A1-17C5FD192834} : NameServer = 10.96.15.40
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 10.112.15.41    MRTSRV2        mrtsrv2
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-10-24 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-10-24 267632]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-6-13 20464]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2012-12-18 16984]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-10-24 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-10-24 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-10-24 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2014-10-24 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-10-24 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-10-24 50344]
R2 bh560eth;Blackhawk 560 Ethernet JTAG Emulator Driver;C:\Windows\System32\drivers\bh560eth.sys [2013-9-19 105072]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-22 1148744]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-14 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-12-14 189608]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-14 169432]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2014-6-10 57184]
R2 niauth;NI Authentication Service;C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [2014-6-20 569152]
R2 niLXIDiscovery;NI LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2013-11-22 236768]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2014-6-6 320368]
R2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2014-6-19 177536]
R2 NISystemWebServer;NI System Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2014-6-10 57168]
R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\System32\drivers\NiViPxiKl.sys [2013-12-11 15200]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-13 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-24 19439944]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-10-2 145448]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-10-24 270728]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-9-19 1616048]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-10-24 4012248]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-6-13 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-6-13 792560]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-13 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-22 38048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BazisPortableCDBus;Portable WinCDEmu driver;C:\Windows\System32\drivers\BazisPortableCDBus.sys [2014-10-2 268896]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe --> C:\cygwin\bin\cygrunsrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-27 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 jlink;J-Link driver;C:\Windows\System32\drivers\jlinkx64.sys [2013-10-9 24448]
S3 MCHPUSB;MCHPUSB;C:\Windows\System32\drivers\mchpusb64.sys [2008-5-12 64512]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2013-9-14 15200]
S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2012-12-19 13624]
S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2012-12-19 13624]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\System32\drivers\NiViPciKl.sys [2013-12-11 15200]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-15 19456]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-1-15 29696]
S3 TPDIBUS;TPDIBUS.SYS Total Phase Aardvark Driver;C:\Windows\System32\drivers\tpdibus.sys [2012-9-25 74376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-15 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-11 1255736]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
S3 XilinxFirmwareLpLoader;XilinxFirmwareLpLoader;C:\Windows\System32\drivers\xusb_xlp.sys [2013-3-27 19200]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2014-6-10 80736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-10 17:20:31    --------    d-----w-    C:\Users\tubbs-diag\AppData\Roaming\Intel Corporation
2014-10-31 20:12:58    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E75F3C47-223A-430D-8973-8C1CC62F1E10}\mpengine.dll
2014-10-27 21:43:45    --------    d-----w-    C:\ProgramData\AVG SafeGuard toolbar
2014-10-27 19:12:06    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2014-10-27 18:44:37    --------    d-----w-    C:\Program Files\GIMP 2
2014-10-27 15:52:07    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-27 15:51:49    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-27 15:51:49    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-27 15:51:49    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-10-27 15:51:49    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-10-27 15:51:49    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 15:45:51    --------    d-----w-    C:\Program Files\Adblock Plus for IE
2014-10-27 15:37:20    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-24 19:38:32    --------    d-----w-    C:\Windows\SysWow64\vbox
2014-10-24 19:38:32    --------    d-----w-    C:\Windows\System32\vbox
2014-10-24 16:24:05    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-10-24 16:24:05    83280    ----a-w-    C:\Windows\System32\drivers\aswmonflt.sys
2014-10-24 16:24:05    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-10-24 16:24:05    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-10-24 16:24:05    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-10-24 16:24:05    116728    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-10-24 16:24:05    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-10-24 16:24:03    43152    ----a-w-    C:\Windows\avastSS.scr
2014-10-24 16:23:33    --------    d-----w-    C:\Program Files\AVAST Software
2014-10-24 16:23:08    --------    d-----w-    C:\ProgramData\AVAST Software
2014-10-22 21:02:22    38048    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-10-22 21:02:22    32416    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-10-22 20:59:47    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 08:05:20    --------    d-----w-    C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 02:26:20    81560    ----a-w-    C:\Windows\SysWow64\mscories.dll
2014-10-16 02:26:20    73880    ----a-w-    C:\Windows\System32\mscories.dll
2014-10-16 02:26:20    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-16 02:26:20    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2014-10-16 02:26:20    156824    ----a-w-    C:\Windows\SysWow64\mscorier.dll
2014-10-16 02:26:20    156312    ----a-w-    C:\Windows\System32\mscorier.dll
2014-10-16 02:26:20    1131664    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2014-10-16 02:26:04    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-10-16 02:26:04    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-16 02:26:03    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
.
==================== Find3M  ====================
.
2014-10-28 11:34:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-27 15:16:57    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-27 15:16:57    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-03 15:28:50    268896    ----a-w-    C:\Windows\System32\drivers\BazisPortableCDBus.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:18:02    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-17 02:13:36    2193560    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-09-17 02:13:36    1291280    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-09-17 02:12:40    2799784    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-09-17 02:12:39    1715224    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-09-13 01:58:18    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-09-13 01:40:05    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-09-04 19:14:38    34976    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 14:06:04.50 ===============
 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 16 November 2014 - 03:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555736 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 20 November 2014 - 03:19 PM

Greetings niado and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 niado

niado
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 20 November 2014 - 06:38 PM

Hi Gary, thank you for looking into this for me. See logs pasted below and attached.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by tubbs-diag (administrator) on TAZ on 20-11-2014 16:34:38
Running from C:\Users\tubbs-diag\Desktop
Loaded Profile: tubbs-diag (Available profiles: pmcorr & gerced & mloker & hjroder & jbrajo & dlgna & hceller & clorbit & tubbs-diag)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2908888 2013-08-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2285232 2013-09-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-31] (AVAST Software)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting (64-bit).lnk
ShortcutTarget: NI Error Reporting (64-bit).lnk -> C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=odc179
SearchScopes: HKLM -> DefaultScope {8D6E89F1-1202-4F25-919D-4EC1A43B78FC} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8D6E89F1-1202-4F25-919D-4EC1A43B78FC} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {8D6E89F1-1202-4F25-919D-4EC1A43B78FC} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Hosts: 192.168.112.41    proctest        proctest
Tcpip\..\Interfaces\{ADC568AF-BC50-47E6-97A1-17C5FD192834}: [NameServer] 192.168.112.40

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-24]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\hjroder\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx []
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-24]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2014-10-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-10-24] (Avast Software)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2013-09-19] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-01-14] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84280 2014-06-07] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-06-10] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-06-10] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-06-20] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [236768 2013-11-22] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177536 2014-06-19] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-06-10] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-09-19] (AVG Secure Search)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
S3 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-24] ()
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2014-10-03] (SysProgs.org)
R2 bh560eth; C:\Windows\System32\Drivers\bh560eth.sys [105072 2010-11-17] (Blackhawk)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2191832 2013-08-15] (Realtek Semiconductor Corp.)
S3 jlink; C:\Windows\System32\Drivers\jlinkx64.sys [24448 2013-10-04] (SEGGER Microcontroller Systeme GmbH)
S3 MCHPUSB; C:\Windows\System32\DRIVERS\mchpusb64.sys [64512 2008-05-12] (Microchip Technology, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
S3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [15200 2013-09-14] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [12992 2012-06-28] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [926992 2012-12-19] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [16984 2012-12-18] (National Instruments Corporation)
S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15200 2013-12-11] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15200 2013-12-11] (National Instruments Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 TPDIBUS; C:\Windows\System32\drivers\tpdibus.sys [74376 2012-09-25] (FTDI Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-10-24] (Avast Software)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-12-05] (Jungo)
S3 XilinxFirmwareLpLoader; C:\Windows\System32\Drivers\xusb_xlp.sys [19200 2012-12-05] (Xilinx, Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-12-05] (Xilinx, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 16:34 - 2014-11-20 16:34 - 00027746 _____ () C:\Users\tubbs-diag\Desktop\FRST.txt
2014-11-20 16:34 - 2014-11-20 16:34 - 00000000 ____D () C:\FRST
2014-11-20 16:34 - 2014-11-20 16:32 - 01108992 _____ (Farbar) C:\Users\tubbs-diag\Desktop\FRST.exe
2014-11-20 16:34 - 2014-11-20 16:31 - 02117632 _____ (Farbar) C:\Users\tubbs-diag\Desktop\FRST64.exe
2014-11-20 16:30 - 2014-08-08 15:09 - 00562368 _____ (Sysinternals - www.sysinternals.com) C:\Users\tubbs-diag\Desktop\RAMMap.exe
2014-11-20 16:30 - 2014-08-08 15:09 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\tubbs-diag\Desktop\RootkitRevealer.exe
2014-11-20 16:30 - 2014-08-08 15:09 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\tubbs-diag\Desktop\Tcpview.exe
2014-11-20 16:29 - 2014-08-08 15:09 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\tubbs-diag\Desktop\Procmon.exe
2014-11-20 16:29 - 2014-08-08 15:09 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\tubbs-diag\Desktop\ProcExp.exe
2014-11-11 14:06 - 2014-11-11 14:06 - 00023871 _____ () C:\Users\tubbs-diag\Desktop\dds.txt
2014-11-11 14:06 - 2014-11-11 14:06 - 00020326 _____ () C:\Users\tubbs-diag\Desktop\attach.txt
2014-11-10 11:20 - 2014-11-10 11:20 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Roaming\Intel Corporation
2014-11-10 11:19 - 2014-11-20 16:28 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Local\TSVNCache
2014-11-10 11:19 - 2014-11-10 11:20 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Local\NVIDIA Corporation
2014-11-10 11:19 - 2014-11-10 11:19 - 00001419 _____ () C:\Users\tubbs-diag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-10 11:19 - 2014-11-10 11:19 - 00000884 __RSH () C:\Users\tubbs-diag\ntuser.pol
2014-11-10 11:19 - 2014-11-10 11:19 - 00000020 ___SH () C:\Users\tubbs-diag\ntuser.ini
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ___RD () C:\Users\tubbs-diag\Virtual Machines
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Roaming\Subversion
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Roaming\AVAST Software
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Roaming\Adobe
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Local\NVIDIA
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Local\National Instruments
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Local\Google
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Local\AVG Secure Search
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Local\AVG SafeGuard toolbar
2014-11-10 11:19 - 2014-11-10 11:19 - 00000000 ____D () C:\Users\tubbs-diag
2014-11-10 11:19 - 2013-06-26 13:42 - 00109672 _____ () C:\Users\tubbs-diag\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 11:19 - 2013-03-30 02:01 - 00000000 ____D () C:\Users\tubbs-diag\Documents\Visual Studio 2012
2014-11-10 11:19 - 2013-03-14 02:02 - 00000000 ____D () C:\Users\tubbs-diag\AppData\Local\Microsoft Help
2014-11-10 11:19 - 2013-02-13 03:01 - 00000000 ____D () C:\Users\tubbs-diag\Documents\Visual Studio 2010
2014-11-10 11:19 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\tubbs-diag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-10 11:19 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\tubbs-diag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-10 11:17 - 2014-11-10 11:17 - 00000000 ____D () C:\Users\jbrajo\AppData\Roaming\AVAST Software
2014-11-10 11:17 - 2014-11-10 11:17 - 00000000 ____D () C:\Users\jbrajo\AppData\Local\AVG Secure Search
2014-11-10 11:17 - 2014-11-10 11:17 - 00000000 ____D () C:\Users\jbrajo\AppData\Local\AVG SafeGuard toolbar
2014-11-03 14:23 - 2014-11-03 14:23 - 00020558 _____ () C:\Users\hjroder\Desktop\Taz_software.txt
2014-10-31 22:28 - 2014-10-31 22:28 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-28-56.067-AvastVBoxSVC.exe-7584.log
2014-10-31 22:26 - 2014-10-31 22:26 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-26-54.077-AvastVBoxSVC.exe-4432.log
2014-10-31 22:24 - 2014-10-31 22:24 - 00000197 _____ () C:\Windows\system32\2014-11-01-04-24-55.023-AvastVBoxSVC.exe-6856.log
2014-10-29 11:28 - 2014-10-29 11:28 - 00000280 _____ () C:\Windows\system32\2014-10-29-17-28-54.032-aswFe.exe-6692.log
2014-10-29 11:24 - 2014-10-29 11:25 - 00000197 _____ () C:\Windows\system32\2014-10-29-17-24-54.006-AvastVBoxSVC.exe-4824.log
2014-10-29 11:09 - 2014-10-29 11:09 - 00000197 _____ () C:\Windows\system32\2014-10-29-17-09-31.025-AvastVBoxSVC.exe-1624.log
2014-10-29 11:04 - 2014-10-29 11:04 - 00000197 _____ () C:\Windows\system32\2014-10-29-17-04-36.006-AvastVBoxSVC.exe-4316.log
2014-10-29 10:55 - 2014-10-29 10:55 - 00000280 _____ () C:\Windows\system32\2014-10-29-16-55-31.064-aswFe.exe-6880.log
2014-10-27 15:43 - 2014-10-27 15:43 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-10-27 13:31 - 2014-10-27 13:31 - 00000197 _____ () C:\Windows\system32\2014-10-27-19-31-21.060-AvastVBoxSVC.exe-4496.log
2014-10-27 13:21 - 2014-10-27 13:21 - 00000000 ____D () C:\Users\hjroder\AppData\Local\Google
2014-10-27 13:20 - 2014-10-27 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-27 13:20 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-27 13:18 - 2014-10-27 13:18 - 00000197 _____ () C:\Windows\system32\2014-10-27-19-18-25.059-AvastVBoxSVC.exe-4160.log
2014-10-27 13:15 - 2014-11-20 16:33 - 00002768 _____ () C:\Windows\setupact.log
2014-10-27 13:15 - 2014-10-27 13:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 13:13 - 2014-10-27 13:13 - 00007605 _____ () C:\Users\hjroder\AppData\Local\Resmon.ResmonCfg
2014-10-27 13:12 - 2014-10-27 13:12 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-27 13:12 - 2014-10-27 13:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-27 13:12 - 2014-10-27 13:12 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-27 13:12 - 2014-10-27 13:12 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-27 13:12 - 2014-10-27 13:12 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-27 13:12 - 2014-10-27 13:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-27 13:12 - 2014-10-27 13:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-27 13:12 - 2014-10-27 13:12 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-27 13:12 - 2014-10-27 13:12 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-27 13:12 - 2014-10-27 13:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-27 13:12 - 2014-10-27 13:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-27 13:12 - 2014-10-27 13:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-27 13:12 - 2014-10-27 13:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-27 13:11 - 2014-10-27 13:13 - 00007505 _____ () C:\Windows\IE11_main.log
2014-10-27 13:10 - 2014-10-27 13:11 - 00003249 _____ () C:\Windows\IE9_main.log
2014-10-27 13:08 - 2014-10-27 13:10 - 00007020 _____ () C:\Windows\IE10_main.log
2014-10-27 13:03 - 2014-10-27 13:03 - 00000197 _____ () C:\Windows\system32\2014-10-27-19-03-47.066-AvastVBoxSVC.exe-5912.log
2014-10-27 12:58 - 2014-10-27 12:58 - 00000000 ____D () C:\Users\hjroder\AppData\Local\gegl-0.2
2014-10-27 12:58 - 2014-10-27 12:58 - 00000000 ____D () C:\Users\hjroder\.gimp-2.8
2014-10-27 12:44 - 2014-10-27 12:44 - 00000896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-10-27 12:44 - 2014-10-27 12:44 - 00000000 ____D () C:\Program Files\GIMP 2
2014-10-27 12:38 - 2014-10-27 12:38 - 00000280 _____ () C:\Windows\system32\2014-10-27-18-38-35.072-aswFe.exe-1040.log
2014-10-27 12:37 - 2014-10-27 12:37 - 00109672 _____ () C:\Users\hjroder\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-27 12:36 - 2014-10-27 12:36 - 00000197 _____ () C:\Windows\system32\2014-10-27-18-36-57.063-AvastVBoxSVC.exe-4772.log
2014-10-27 12:36 - 2014-10-27 12:36 - 00000000 ____D () C:\Users\hjroder\AppData\Local\AVG Secure Search
2014-10-27 12:36 - 2014-10-27 12:36 - 00000000 ____D () C:\Users\hjroder\AppData\Local\AVG SafeGuard toolbar
2014-10-27 10:19 - 2014-10-30 14:56 - 00000000 ____D () C:\Users\hjroder\AppData\Local\TSVNCache
2014-10-27 10:07 - 2014-10-27 10:07 - 00000000 ____D () C:\Users\hjroder\AppData\Roaming\Macromedia
2014-10-27 09:52 - 2014-11-03 13:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 09:51 - 2014-10-27 09:51 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 09:51 - 2014-10-27 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 09:51 - 2014-10-27 09:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 09:51 - 2014-10-27 09:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 09:51 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-27 09:51 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 09:51 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-27 09:50 - 2014-10-27 09:50 - 00000197 _____ () C:\Windows\system32\2014-10-27-15-50-39.025-AvastVBoxSVC.exe-5660.log
2014-10-27 09:45 - 2014-10-27 09:45 - 00000197 _____ () C:\Windows\system32\2014-10-27-15-45-33.049-AvastVBoxSVC.exe-6044.log
2014-10-27 09:45 - 2014-10-27 09:45 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-10-27 09:37 - 2014-10-27 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-27 09:37 - 2014-10-27 09:37 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-27 09:37 - 2014-10-27 09:37 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-27 09:34 - 2014-11-20 16:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 09:34 - 2014-11-12 13:39 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 09:34 - 2014-10-27 13:27 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 09:34 - 2014-10-27 09:34 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-27 09:34 - 2014-10-27 09:34 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-27 09:34 - 2014-10-27 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-27 09:34 - 2014-10-27 09:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 09:19 - 2014-10-27 09:19 - 00000197 _____ () C:\Windows\system32\2014-10-27-15-19-55.062-AvastVBoxSVC.exe-4568.log
2014-10-27 09:16 - 2014-10-27 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-27 09:16 - 2014-10-27 09:16 - 00000000 ____D () C:\Program Files\7-Zip
2014-10-27 09:05 - 2014-10-27 09:05 - 00000000 __SHD () C:\Users\hjroder\AppData\Local\EmieUserList
2014-10-27 09:05 - 2014-10-27 09:05 - 00000000 __SHD () C:\Users\hjroder\AppData\Local\EmieSiteList
2014-10-27 08:56 - 2014-10-27 08:56 - 00000000 ____D () C:\Users\hjroder\AppData\Roaming\AVAST Software
2014-10-27 08:55 - 2014-10-27 08:56 - 00000197 _____ () C:\Windows\system32\2014-10-27-14-55-54.056-AvastVBoxSVC.exe-4948.log
2014-10-24 13:49 - 2014-10-24 13:49 - 00000247 _____ () C:\Windows\system32\2014-10-24-19-49-25.060-aswFe.exe-3176.log
2014-10-24 13:43 - 2014-10-24 13:49 - 00000247 _____ () C:\Windows\system32\2014-10-24-19-43-52.031-aswFe.exe-3504.log
2014-10-24 13:43 - 2014-10-24 13:43 - 00000197 _____ () C:\Windows\system32\2014-10-24-19-43-47.099-AvastVBoxSVC.exe-6424.log
2014-10-24 13:38 - 2014-10-24 13:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-10-24 13:38 - 2014-10-24 13:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-10-24 13:37 - 2014-10-24 13:37 - 00000000 ____D () C:\Users\pmcorr\AppData\Roaming\AVAST Software
2014-10-24 10:24 - 2014-10-31 22:24 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-10-24 10:24 - 2014-10-31 22:24 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-10-24 10:24 - 2014-10-29 11:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-24 10:24 - 2014-10-24 10:24 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-10-24 10:24 - 2014-10-24 10:24 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-24 10:24 - 2014-10-24 10:24 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-24 10:24 - 2014-10-24 10:24 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-24 10:24 - 2014-10-24 10:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-24 10:24 - 2014-10-24 10:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-24 10:24 - 2014-10-24 10:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-24 10:24 - 2014-10-24 10:24 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-24 10:24 - 2014-10-24 10:24 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-10-24 10:24 - 2014-10-24 10:24 - 00000000 ____D () C:\Users\clorbit\AppData\Roaming\AVAST Software
2014-10-24 10:24 - 2014-10-24 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-10-24 10:23 - 2014-10-24 10:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-24 10:23 - 2014-10-24 10:23 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-24 10:21 - 2014-10-24 10:21 - 00000004 _____ () C:\Users\clorbit\AppData\Roaming\appdataFr2.bin
2014-10-23 15:16 - 2014-10-23 15:16 - 00000000 ____D () C:\Users\clorbit\Desktop\old code
2014-10-22 15:02 - 2014-09-04 13:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-10-22 15:02 - 2014-09-04 13:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-10-22 15:00 - 2014-10-22 15:00 - 00000000 ____D () C:\Users\hjroder\AppData\Roaming\Oracle
2014-10-22 14:59 - 2014-10-22 14:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-22 14:59 - 2014-10-22 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-22 14:59 - 2014-10-22 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-22 14:59 - 2014-10-22 14:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-22 14:59 - 2014-10-22 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 16:32 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 16:32 - 2009-07-13 22:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 16:32 - 2009-07-13 22:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 16:29 - 2012-12-14 00:06 - 01790211 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 16:25 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 13:07 - 2012-12-14 00:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 11:19 - 2013-03-26 11:50 - 00000000 ____D () C:\Users\jbrajo\AppData\Local\TSVNCache
2014-11-10 11:19 - 2009-07-13 22:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-30 16:18 - 2013-09-25 16:31 - 00024071 ____H () C:\Users\hjroder\_viminfo
2014-10-30 16:18 - 2013-01-16 09:17 - 00000000 ____D () C:\Users\hjroder
2014-10-30 14:54 - 2014-10-03 09:11 - 00000000 ____D () C:\Users\clorbit\Desktop\falling around
2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 14:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-27 13:16 - 2013-01-16 09:18 - 00001419 _____ () C:\Users\hjroder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-27 13:16 - 2011-02-10 08:46 - 00000000 ____D () C:\Windows\panther
2014-10-27 13:14 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-27 10:20 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\Performance
2014-10-27 09:33 - 2013-02-01 07:59 - 00000000 ____D () C:\Users\hjroder\AppData\Local\Apps\2.0
2014-10-27 09:16 - 2012-12-14 00:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-27 09:16 - 2012-12-14 00:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-27 09:16 - 2012-12-14 00:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-27 09:15 - 2013-06-26 13:01 - 00000000 ____D () C:\Windows\Minidump
2014-10-24 13:37 - 2013-03-14 15:12 - 00000000 ____D () C:\Users\pmcorr\AppData\Local\TSVNCache
2014-10-24 08:39 - 2014-10-02 15:10 - 00000000 ____D () C:\Users\clorbit\AppData\Local\TSVNCache
2014-10-22 15:02 - 2012-12-14 00:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-22 15:01 - 2014-05-13 10:09 - 00000000 ____D () C:\Users\pmcorr\AppData\Local\NVIDIA Corporation
2014-10-22 14:59 - 2014-01-15 15:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 14:59 - 2013-06-26 13:08 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\jbrajo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\jbrajo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\jbrajo\AppData\Local\Temp\nvStInst.exe
C:\Users\pmcorr\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\pmcorr\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\pmcorr\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\pmcorr\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-10 09:50

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by tubbs-diag at 2014-11-20 16:35:08
Running from C:\Users\tubbs-diag\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Blackhawk Emulation Device Drivers for Windows - v1.13.03.25 (HKLM-x32\...\D1130325-1130-4000-9C10-A4F62C0C66D4) (Version: 1.13.03.25 - Blackhawk)
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Code Composer Studio 5.5.0 (HKLM-x32\...\Code Composer Studio 5.5.0) (Version: 5.5.0.00077 - Texas Instruments)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00001.001 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.203 - Digilent, Inc.)
doxygen 1.8.3.1 (HKLM\...\doxygen_is1) (Version: 1.8.3.1 - Dimitri van Heesch)
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
Flash Magic 7.66 (HKLM-x32\...\Flash Magic_is1) (Version:  - Embedded Systems Academy, Inc.)
Flip 3.4.7 (HKLM-x32\...\flip.exe) (Version: 3.4.7 - Atmel)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
grepWin x64 (HKLM\...\{142215C5-C416-4F34-BF3A-B28BA105BBD1}) (Version: 1.6.546 - Stefans Tools)
grepWin x64 (HKLM\...\{7CADA0A0-5C14-474F-B504-0F292EC517A7}) (Version: 1.6.466 - Stefans Tools)
IAR Embedded Workbench for ARM (HKLM-x32\...\{C55EFC5F-780D-4945-AC06-ED5D71FB74A6}) (Version: 6.60.2 - IAR Systems)
IDE (HKLM-x32\...\{C4A59CBD-89C1-42DB-9748-CFA79293E1A1}) (Version: 4.50 - Silicon Laboratories, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
J-Link ARM V4.78a (HKLM-x32\...\J-Link ARM V4.78a) (Version: V4.78a - SEGGER Microcontroller Systeme GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version:  - )
LM Flash Programmer (HKLM-x32\...\{4035F84D-F6C5-4350-BBFE-32BADC91F874}) (Version: 1.0.1470 - Texas Instruments)
Logic (HKLM\...\{37625E89-27D1-4E6B-9F11-835FB518332D}) (Version: 1.1.15 - Saleae LLC)
LPCXpresso (HKLM-x32\...\LPCXpressoNG_is1) (Version: 6.1.0 - NXP Semiconductors USA, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Math Kernel Libraries (64-bit) (Version: 1.0.33.0 - National Instruments) Hidden
Math Kernel Libraries (64-bit) (Version: 13.0.13 - National Instruments) Hidden
Math Kernel Libraries (64-bit) (Version: 14.0.6 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 1.0.33.0 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 13.0.13 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 14.0.6 - National Instruments) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 33.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.1 (x86 en-US)) (Version: 33.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MPLAB Tools v8.90 (HKLM-x32\...\InstallShield_{4BFBFE90-75A0-4728-8625-9776B82C99B3}) (Version: 8.90 - Microchip Technology Inc.)
MPLAB Tools v8.90 (x32 Version: 8.90 - Microchip Technology Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NI .NET Framework 4.0 (x32 Version: 4.01.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (Version: 14.0.5 - National Instruments) Hidden
NI ActiveX Container (x32 Version: 14.0.5 - National Instruments) Hidden
NI Assistant Framework (x32 Version: 14.0.40 - National Instruments) Hidden
NI Assistant Framework 64-bit (Version: 14.0.49 - National Instruments) Hidden
NI Assistant Framework LabVIEW 2014 Support (x32 Version: 14.0.34 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2014 (64-bit) (Version: 14.0.40 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2014 (x32 Version: 14.0.40 - National Instruments) Hidden
NI Authentication 2014 (64-bit) (Version: 14.0.344 - National Instruments) Hidden
NI Authentication 2014 (x32 Version: 14.0.344 - National Instruments) Hidden
NI Certificates Deployment Support (x32 Version: 1.04.49153 - National Instruments) Hidden
NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden
NI Curl 14.0.0 (64-bit) (Version: 14.0.294 - National Instruments) Hidden
NI Curl 2014 (x32 Version: 14.0.295 - National Instruments) Hidden
NI Customer Experience Improvement Program (64-bit) (Version: 2.1.15 - National Instruments) Hidden
NI Customer Experience Improvement Program (x32 Version: 2.1.27 - National Instruments) Hidden
NI DataSocket 5.2 (64-bit) (Version: 5.2.218 - National Instruments) Hidden
NI DataSocket 5.2 (x32 Version: 5.2.218 - National Instruments) Hidden
NI Distributed System Manager 2014 (x32 Version: 14.0.382 - National Instruments) Hidden
NI Error Reporting 2014 (64-bit) (Version: 14.0.373 - National Instruments) Hidden
NI Error Reporting 2014 (x32 Version: 14.0.379 - National Instruments) Hidden
NI Error Reporting Interface 14.0 (x32 Version: 14.0.241 - National Instruments) Hidden
NI Error Reporting Interface 14.0 for Windows (64-bit) (Version: 14.0.241 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.30.268 - National Instruments) Hidden
NI Example Finder 14.0 (Version: 14.0.130 - National Instruments) Hidden
NI Example Finder 14.0 (x32 Version: 14.0.133 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 13.5.0 (x32 Version: 13.50.15 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 13.5.0 (Version: 13.50.15 - National Instruments) Hidden
NI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) Hidden
NI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 2014 32-bit (x32 Version: 14.0.12 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 2014 64-bit (Version: 14.0.12 - National Instruments) Hidden
NI JSON Map Files (x32 Version: 14.0.14 - National Instruments) Hidden
NI LabVIEW (64 bit) Merge Utility 2014 (Version: 14.0.371 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 13.0.336 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 14.0.386 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.5.198.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Run-Time Engine Non-English Support. (x32 Version: 12.1.52.0 - National Instruments) Hidden
NI LabVIEW 2013 Real-Time Error Dialog (x32 Version: 13.0.123 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Web Server (x32 Version: 13.5.27 - National Instruments) Hidden
NI LabVIEW 2013 SP1 Run-Time Engine Non-English Support. (x32 Version: 13.1.99 - National Instruments) Hidden
NI LabVIEW 2014 (32-bit) (Version: 14.0.654 - National Instruments) Hidden
NI LabVIEW 2014 (32-bit) (x32 Version: 14.0.383 - National Instruments) Hidden
NI LabVIEW 2014 (64 bit) MeasAppChm File (Version: 14.0.374 - National Instruments) Hidden
NI LabVIEW 2014 (64-bit) (Version: 14.0.374 - National Instruments) Hidden
NI LabVIEW 2014 (64-bit) (Version: 14.0.375 - National Instruments) Hidden
NI LabVIEW 2014 (64-bit) Scripting Code Generator (Version: 14.0.304 - National Instruments) Hidden
NI LabVIEW 2014 (64-bit) Search (Version: 14.0.5 - National Instruments) Hidden
NI LabVIEW 2014 Compare Utility (Version: 14.0.374 - National Instruments) Hidden
NI LabVIEW 2014 Compare Utility (x32 Version: 14.0.380 - National Instruments) Hidden
NI LabVIEW 2014 Database Connectivity Toolkit (x32 Version: 14.0.259 - National Instruments) Hidden
NI LabVIEW 2014 Database Connectivity Toolkit License (x32 Version: 14.0.260 - National Instruments) Hidden
NI LabVIEW 2014 Deployable License (x32 Version: 14.0.381 - National Instruments) Hidden
NI LabVIEW 2014 Deployment Framework (x32 Version: 14.0.390 - National Instruments) Hidden
NI LabVIEW 2014 f1 (x32 Version: 14.0.386 - National Instruments) Hidden
NI LabVIEW 2014 Help (Version: 14.0.371 - National Instruments) Hidden
NI LabVIEW 2014 Help (x32 Version: 14.0.380 - National Instruments) Hidden
NI LabVIEW 2014 Help File (Version: 14.0.374 - National Instruments) Hidden
NI LabVIEW 2014 Help File (x32 Version: 14.0.378 - National Instruments) Hidden
NI LabVIEW 2014 License (x32 Version: 14.0.381 - National Instruments) Hidden
NI LabVIEW 2014 License 64-bit (Version: 14.0.140 - National Instruments) Hidden
NI LabVIEW 2014 Manuals (Version: 14.0.375 - National Instruments) Hidden
NI LabVIEW 2014 Manuals (x32 Version: 14.0.380 - National Instruments) Hidden
NI LabVIEW 2014 MeasAppChm File (x32 Version: 14.0.377 - National Instruments) Hidden
NI LabVIEW 2014 Merge Utility (x32 Version: 14.0.380 - National Instruments) Hidden
NI LabVIEW 2014 Report Generation Toolkit for Microsoft Office (x32 Version: 14.0.239 - National Instruments) Hidden
NI LabVIEW 2014 Report Generation Toolkit License (x32 Version: 14.0.239 - National Instruments) Hidden
NI LabVIEW 2014 Run-Time Engine Web Server (x32 Version: 14.0.442 - National Instruments) Hidden
NI LabVIEW 2014 Scripting Code Generator (x32 Version: 14.0.313 - National Instruments) Hidden
NI LabVIEW 2014 Search (x32 Version: 14.0.5 - National Instruments) Hidden
NI LabVIEW 2014 Simulation (Version: 14.0.374 - National Instruments) Hidden
NI LabVIEW 2014 Simulation (x32 Version: 14.0.380 - National Instruments) Hidden
NI LabVIEW 2014 Touch Panel (x32 Version: 14.0.123 - National Instruments) Hidden
NI LabVIEW 2014 Touch Panel for English (x32 Version: 14.0.123 - National Instruments) Hidden
NI LabVIEW 2014 Variable Web Service (x32 Version: 14.0.379 - National Instruments) Hidden
NI LabVIEW 2014 Web Server (x32 Version: 14.0.462 - National Instruments) Hidden
NI LabVIEW 2014 Web Server 64-Bit (Version: 14.0.436 - National Instruments) Hidden
NI LabVIEW 2014 Web Services Runtime (64-bit) (Version: 14.0.334 - National Instruments) Hidden
NI LabVIEW Broker (64 bit) (Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW Broker (x32 Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden
NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 SP1 f9 (x32 Version: 12.1.72.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2013 SP1 f2 (x32 Version: 13.1.109 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2014 (64-bit) (Version: 14.0.381 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2014 f1 (x32 Version: 14.0.400 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2014 Non-English Support. (x32 Version: 14.0.381 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 SP1 (x32 Version: 12.1.72.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2013 (x32 Version: 13.1.109 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2014 (64-bit) (Version: 14.0.381 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2014 (x32 Version: 14.0.403 - National Instruments) Hidden
NI LabVIEW Web Server 64-Bit for Run-Time Engine (Version: 14.0.406 - National Instruments) Hidden
NI LabVIEW Web Services Runtime (x32 Version: 14.0.363 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2012 SP1 LabVIEW DLL Builder (x32 Version: 12.0.1133 - National Instruments) Hidden
NI LabWindows/CVI 2013 SP1 Code Generator (x32 Version: 13.0.1201 - National Instruments) Hidden
NI LabWindows/CVI 2013 SP1 Low-Level Driver (Original) (x32 Version: 13.0.1201 - National Instruments) Hidden
NI LabWindows/CVI 2013 SP1 Low-Level Driver (Updated) (x32 Version: 13.0.1201 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden
NI Launcher (x32 Version: 3.30.268 - National Instruments) Hidden
NI License Manager (x32 Version: 3.7.73 - National Instruments) Hidden
NI Logos 5.6 (64-bit) (Version: 5.6.254 - National Instruments) Hidden
NI Logos 5.6 (x32 Version: 5.6.254 - National Instruments) Hidden
NI Logos LabVIEW 2014 Support (Version: 14.0.374 - National Instruments) Hidden
NI Logos LabVIEW 2014 Support (x32 Version: 14.0.380 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.6.253 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.6.253 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.5.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.5.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 14.0 (Version: 14.00.49152 - National Instruments) Hidden
NI MAX Remote Configuration Installer 14.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI MAX Support for 64 Bit Windows (Version: 14.00.49152 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.30.268 - National Instruments) Hidden
NI mDNS Responder 14.0 for Windows 64-bit (Version: 14.00.49152 - National Instruments) Hidden
NI mDNS Responder 14.0.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI Measurement & Automation Explorer 14.0.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio ComponentWorks UI (x32 Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden
NI MetaSuite Installer (x32 Version: 3.30.268 - National Instruments) Hidden
NI MXS 14.0.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI MXS 14.0.0 for 64 Bit Windows (Version: 14.00.49152 - National Instruments) Hidden
NI Network Discovery 14.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI Network Discovery 14.0 for Windows 64-bit (Version: 14.00.49152 - National Instruments) Hidden
NI OPC Support (x32 Version: 14.0.281 - National Instruments) Hidden
NI OPCEnum Shared (x32 Version: 5.5.2018 - National Instruments) Hidden
NI Portable Configuration 14.0.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI Portable Configuration for 64 Bit Windows 14.0.0 (Version: 14.00.49152 - National Instruments) Hidden
NI Registration Wizard (x32 Version: 1.3.97.0 - National Instruments) Hidden
NI Remote Provider for MAX 14.0.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI Remote PXI Provider for MAX 14.0.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI Search Shared (x32 Version: 14.0.5 - National Instruments) Hidden
NI Search Shared 64-bit (Version: 14.0.5 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Service Locator 2014 (x32 Version: 14.0.217 - National Instruments) Hidden
NI SLCP 2.1 (64-bit) (Version: 2.1.14 - National Instruments) Hidden
NI SLCP 2.1 (x32 Version: 2.1.16 - National Instruments) Hidden
NI Software Provider for MAX 14.0.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI SSL LabVIEW 2014 RTE Support (64-bit) (Version: 14.0.373 - National Instruments) Hidden
NI SSL LabVIEW 2014 Support (64-bit) (Version: 14.0.378 - National Instruments) Hidden
NI SSL LabVIEW 2014 Support (x32 Version: 14.0.389 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 SP1 Support (x32 Version: 12.5.8.0 - National Instruments) Hidden
NI SSL LabVIEW RTE 2013 SP1 Support (x32 Version: 13.5.27 - National Instruments) Hidden
NI SSL LabVIEW RTE 2014 Support (x32 Version: 14.0.376 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 14.0.303 - National Instruments) Hidden
NI SSL Support (x32 Version: 14.0.303 - National Instruments) Hidden
NI System API .NET 14.0.0 (x32 Version: 14.0.310 - National Instruments) Hidden
NI System API Client for WIF 14.0.0 (x32 Version: 14.0.289 - National Instruments) Hidden
NI System API Web-Service 32-bit 14.0.0 (x32 Version: 14.0.291 - National Instruments) Hidden
NI System API Windows 32-bit 14.0.0 (x32 Version: 14.0.302 - National Instruments) Hidden
NI System API Windows 64-bit 14.0.0 (Version: 14.0.302 - National Instruments) Hidden
NI System Configuration 14.0.0 LabVIEW Support (x32 Version: 14.0.140 - National Instruments) Hidden
NI System Configuration LV2014 64-bit Support 14.0.0 (Version: 14.0.122 - National Instruments) Hidden
NI System Configuration LV2014 Support 14.0.0 (x32 Version: 14.0.124 - National Instruments) Hidden
NI System Configuration Runtime 14.0.0 (x32 Version: 14.0.142 - National Instruments) Hidden
NI System Configuration Runtime 14.0.0 for Windows 64-bit (Version: 14.0.142 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 14.0.380 - National Instruments) Hidden
NI System State Publisher (x32 Version: 14.0.383 - National Instruments) Hidden
NI System Web Server 2014 (x32 Version: 14.0.303 - National Instruments) Hidden
NI System Web Server Base 2014 (64-bit) (Version: 14.0.249 - National Instruments) Hidden
NI System Web Server Base 2014 (x32 Version: 14.0.249 - National Instruments) Hidden
NI TDM Excel Add-In 14.0 (x32 Version: 14.0.23 - National Instruments) Hidden
NI TDM Excel Add-In 14.0 64-bit (Version: 14.0.23 - National Instruments) Hidden
NI TDM Streaming 14.0 (64-bit) (Version: 14.0.43 - National Instruments) Hidden
NI TDM Streaming 14.0 (x32 Version: 14.0.43 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 14.0.177 - National Instruments) Hidden
NI Trace Engine (x32 Version: 14.0.177 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.30.268 - National Instruments) Hidden
NI Update Service 2014 (64-bit) (Version: 14.0.34 - National Instruments) Hidden
NI Update Service 2014 (x32 Version: 14.0.34 - National Instruments) Hidden
NI USI 14.0.0 (x32 Version: 14.0.05640 - National Instruments) Hidden
NI USI 14.0.0 64-bit (Version: 14.0.05640 - National Instruments) Hidden
NI Variable Engine (64-bit) (Version: 2.8.282 - National Instruments) Hidden
NI Variable Engine 2.8.0 (x32 Version: 2.8.282 - National Instruments) Hidden
NI Variable Engine LabVIEW 2014 Support (Version: 14.0.374 - National Instruments) Hidden
NI Variable Engine LabVIEW 2014 Support (x32 Version: 14.0.380 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden
NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden
NI VIPM Helper 2014 (x32 Version: 14.0.194 - National Instruments) Hidden
NI Web Application Server 2014 (64-bit) (Version: 14.0.308 - National Instruments) Hidden
NI Web Application Server 2014 (x32 Version: 14.0.308 - National Instruments) Hidden
NI Web Pipeline 2014 (64-bit) (Version: 14.0.16 - National Instruments) Hidden
NI Web Pipeline 2014 (x32 Version: 14.0.16 - National Instruments) Hidden
NI Web-Based Configuration and Monitoring 14.0 (x32 Version: 14.0.410 - National Instruments) Hidden
NI Xalan Delay Load 1.10.3 (x32 Version: 1.10.85 - National Instruments) Hidden
NI Xalan Delay Load 1.10.3 64-bit (Version: 1.10.86 - National Instruments) Hidden
NI Xerces Delay Load 2.7.6 (x32 Version: 2.7.218 - National Instruments) Hidden
NI Xerces Delay Load 2.7.6 64-bit (Version: 2.7.228 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation 14.0.0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 14.0.0 (Version: 14.00.49152 - National Instruments) Hidden
NI-DIM 3.0.1f0 (x32 Version: 3.01.49152 - National Instruments) Hidden
NI-DIM 3.0.1f0 for 64 Bit Windows (Version: 3.01.49152 - National Instruments) Hidden
NI-Mesa (Version: 12.0.7.0 - National Instruments) Hidden
NI-Mesa (x32 Version: 12.0.7.0 - National Instruments) Hidden
NI-ORB 3.0 (x32 Version: 3.00.49152 - National Instruments) Hidden
NI-ORB 3.0 for 64-bit Windows (Version: 3.00.49152 - National Instruments) Hidden
NI-PAL 2.9.1 64-Bit Error Files (Version: 2.91.49152 - National Instruments) Hidden
NI-PAL 2.9.1 Error Files (x32 Version: 2.91.49152 - National Instruments) Hidden
NI-PAL 2.9.1f0 (x32 Version: 10.101.49152 - National Instruments) Hidden
NI-PAL 2.9.1f0 for 64 Bit Windows (Version: 10.101.49152 - National Instruments) Hidden
NI-RPC 14.0.0f0 (x32 Version: 14.00.49152 - National Instruments) Hidden
NI-RPC 14.0.0f0 for 64 Bit Windows (Version: 14.00.49152 - National Instruments) Hidden
NI-RPC 14.0.0f0 for Phar Lap ETS (x32 Version: 14.00.49152 - National Instruments) Hidden
NI-VISA Runtime 5.4.1 (x32 Version: 5.41.49152 - National Instruments) Hidden
NI-VISA x64 support 5.4.1 (Version: 5.41.49152 - National Instruments) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.1 - )
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5985 - Realtek Semiconductor Corp.)
Realterm 2.0.0.70 (HKLM-x32\...\Realterm) (Version: 2.0.0.70 - Broadcast Equipment)
Reset NI Config 14.0.0 (x32 Version: 14.0.177 - National Instruments) Hidden
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Silicon Laboratories C8051Fxxx uVision Driver (HKLM-x32\...\{A0FBFD70-0F42-4BD2-A65B-9716B63D2D5D}) (Version: 3.80 - Silicon Laboratories, Inc.)
Silicon Laboratories Configuration Wizard 2 (HKLM-x32\...\{BC2F9B20-6693-40E1-BE59-7E5A58075734}) (Version: 4.10 - Silicon Laboratories, Inc.)
Silicon Laboratories FLASH Programming Utilities (HKLM-x32\...\{48FCEA7D-F383-4A12-ABF7-3F33638182FC}) (Version: 4.10 - Silicon Laboratories, Inc.)
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
Tera Term 4.76 (HKLM-x32\...\Tera Term_is1) (Version:  - )
TI Emulators (HKLM-x32\...\TI Emulators 5.1.232.0) (Version: 5.1.232.0 - Texas Instruments)
TivaWare Windows64 USB Examples (HKLM\...\{FEB5EBF7-D5A2-4944-8A94-30D3EE3BEB4B}) (Version: 1.0.1 - Texas Instruments)
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
TortoiseSVN 1.8.7.25475 (64 bit) (HKLM\...\{A8573F59-C080-4495-A9A8-EC32D8A4ECFF}) (Version: 1.8.25475 - TortoiseSVN)
Total Phase USB Driver v2.11 (HKLM-x32\...\TotalPhase) (Version:  - )
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
ULinx USB Driver (HKLM-x32\...\{01F41214-12C3-4118-AF55-5A4605CAEB6A}) (Version: 1.0.0 - B&B Electronics)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VI Package Manager 2014 (HKLM-x32\...\{612BE9C7-DEE4-4F13-AC87-C6A7C1B721FB}) (Version: 14.0.1941 - JKI)
VI Package Manager 2014 (x32 Version: 14.0.0 - National Instruments) Hidden
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version:  - )
VISA Shared Components 64-Bit (HKLM-x32\...\VISASharedComponents) (Version: 1.6 - IVI Foundation)
VISA Shared Components 64-Bit (Version: 1.6.0 - IVI Foundation) Hidden
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
WIF Core Dependencies Windows 14.0.0 (x32 Version: 14.0.119 - National Instruments) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - EWA Technologies, Inc. (XDS560) TI_Emulators  (11/02/2011 3.0.0.1) (HKLM\...\493E55AC2C50E157B700A12975E4532D3E246F44) (Version: 11/02/2011 3.0.0.1 - EWA Technologies, Inc.)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (03/18/2011 2.08.14) (HKLM\...\ACBD450607B9A261AF1F694FAE00A92218E1F94B) (Version: 03/18/2011 2.08.14 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (03/18/2011 2.08.14) (HKLM\...\6DBBE862580281438868BCDD37A84E63A0FBB067) (Version: 03/18/2011 2.08.14 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3B093C44CA19A7D5324F4A3CEB666DD4EBB257D6) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\5AB23CC5A2E8D3A0AA129214C6F9CE8D7F4874B9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - IAR Systems (IJET) IARUSB  (05/23/2012 2.05) (HKLM\...\1C43F1704FCDAEB095E591CCD332A2EEE6D1B03B) (Version: 05/23/2012 2.05 - IAR Systems)
Windows Driver Package - Saleae LLC (WinUSB) USB  (11/02/2006 6.0.6000.16388) (HKLM\...\0649E5DCF5B329AE9E03ABBF3EA5ECA015760803) (Version: 11/02/2006 6.0.6000.16388 - Saleae LLC)
Windows Driver Package - Spectrum Digital (sdusb2em) SDUSBEmulators  (03/25/2011 6.0.999.2) (HKLM\...\65A7887924E47D0EA3E2A212B2247E7E9FA1F9EB) (Version: 03/25/2011 6.0.999.2 - Spectrum Digital)
Windows Driver Package - Texas Instruments CDM Driver Package (03/18/2011 2.08.14) (HKLM\...\0BDF85E56A265712467599C1BB6297100A196F83) (Version: 03/18/2011 2.08.14 - Texas Instruments)
Windows Driver Package - Texas Instruments CDM Driver Package (03/18/2011 2.08.14) (HKLM\...\75CE7050FCC4D8267A3BD5D3253B1AF44CB375B9) (Version: 03/18/2011 2.08.14 - Texas Instruments)
Windows Driver Package - Texas Instruments Inc. (WinUSB) StellarisDFUDeviceClass  (08/03/2012 1.2.9270) (HKLM\...\A0AA8F842A8763D58C48062D95A9CB19C452DF57) (Version: 08/03/2012 1.2.9270 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Incorporated (usbser) Ports  (04/21/2009 5.1.2600.0) (HKLM\...\95395462375D9A29E54B3082BE6D3CAA7CEFD7BA) (Version: 04/21/2009 5.1.2600.0 - Texas Instruments Incorporated)
Windows Driver Package - Texas Instruments, Inc. (usbser) Ports  (08/03/2012 2.0.9270) (HKLM\...\8A1FDB05EC5DC94785A88769D4A9AF2F496970A1) (Version: 08/03/2012 2.0.9270 - Texas Instruments, Inc.)
Windows Driver Package - Texas Instruments, Inc. (WinUSB) StellarisICDIDeviceClass  (08/03/2012 2.0.9270) (HKLM\...\811EE677BA910AF18E88222F81F2AA6F083E3C53) (Version: 08/03/2012 2.0.9270 - Texas Instruments, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
Xilinx Design Tools  Lab Tools - Standalone Installation 14.4 (C:\Xilinx\14.4\LabTools) (HKLM\...\Xilinx Design Tools Lab Tools - Standalone Installation 14.4) (Version:  - Xilinx, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-10-2014 18:53:24 Windows Update
27-10-2014 19:07:37 Windows Update
27-10-2014 19:20:59 Windows Update
31-10-2014 20:12:48 Windows Update
10-11-2014 15:57:39 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-01-08 12:00 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.112.41    proctest        proctest

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2850EFB8-FA77-42F3-97DC-486AAF30CCC1} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)
Task: {3CA1BCA4-780D-48BC-82BE-554CF48777BA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-24] (AVAST Software)
Task: {49ED2155-9F88-4C54-B285-2764A526D7A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-27] (Adobe Systems Incorporated)
Task: {4C3B22E8-20AD-4EB1-842D-BA0189EBF18E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {4D2EA4DC-6909-4395-8634-23499E2AFDEE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4D98398D-51FD-469C-8E6F-8D72F8DF65C4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {898AD867-ADFA-4730-9A42-32B85F3093C2} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [2014-04-22] (JKI)
Task: {9D5F61F6-ECB9-4354-8D4E-7BFF99266E66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {D7F327DB-907F-4454-AB35-8C105791C83A} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2014-06-10] (National Instruments)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 00:26 - 2014-07-02 12:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 07:45 - 2012-01-17 07:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 07:45 - 2012-01-17 07:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-08 22:56 - 2011-10-08 22:56 - 00003072 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2011-11-07 07:55 - 2011-11-07 07:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2006-12-08 15:42 - 2012-12-14 00:18 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-08 15:41 - 2012-12-14 00:18 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
2013-09-19 09:04 - 2013-09-19 09:04 - 00161968 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
2014-10-24 10:24 - 2014-10-24 10:24 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-10-24 10:24 - 2014-10-24 10:24 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-05-06 19:37 - 2014-05-06 19:37 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-05-06 19:37 - 2014-05-06 19:37 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-18 09:24 - 2012-06-18 09:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-09-19 09:07 - 2013-09-19 09:07 - 02285232 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-11-03 11:42 - 2014-11-03 11:42 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110302\algo.dll
2014-10-24 10:24 - 2014-10-24 10:24 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2013-09-19 09:04 - 2013-09-19 09:04 - 00521904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
2012-01-26 09:36 - 2012-01-26 09:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
2014-10-16 02:35 - 2014-10-16 02:35 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
2012-12-14 00:22 - 2012-05-30 13:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-06-13 04:04 - 2013-09-12 12:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-19 09:04 - 2013-09-19 09:04 - 00145072 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
2014-10-24 10:24 - 2014-10-24 10:24 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3178223043-2507271863-3996395147-500 - Administrator - Disabled)
jbrajo (S-1-5-21-3178223043-2507271863-3996395147-1008 - Administrator - Enabled) => C:\Users\jbrajo
gerced (S-1-5-21-3178223043-2507271863-3996395147-1005 - Administrator - Enabled) => C:\Users\gerced
Guest (S-1-5-21-3178223043-2507271863-3996395147-501 - Limited - Disabled)
hceller (S-1-5-21-3178223043-2507271863-3996395147-1006 - Administrator - Enabled) => C:\Users\hceller
hjroder (S-1-5-21-3178223043-2507271863-3996395147-1001 - Administrator - Enabled) => C:\Users\hjroder
mloker (S-1-5-21-3178223043-2507271863-3996395147-1004 - Administrator - Enabled) => C:\Users\mloker
jkormac (S-1-5-21-3178223043-2507271863-3996395147-1002 - Administrator - Enabled)
dlgna (S-1-5-21-3178223043-2507271863-3996395147-1007 - Limited - Enabled) => C:\Users\dlgna
pmcorr (S-1-5-21-3178223043-2507271863-3996395147-1000 - Administrator - Enabled) => C:\Users\pmcorr
clorbit (S-1-5-21-3178223043-2507271863-3996395147-1010 - Administrator - Enabled) => C:\Users\clorbit
tubbs-diag (S-1-5-21-3178223043-2507271863-3996395147-1011 - Administrator - Enabled) => C:\Users\tubbs-diag

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2014 04:25:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 10:47:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.25.5, time stamp: 0x542a053d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x348
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (11/10/2014 09:20:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 10:53:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.25.5, time stamp: 0x542a053d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x4f4
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (11/02/2014 10:51:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.25.5, time stamp: 0x542a053d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x39c
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (10/30/2014 09:50:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.25.5, time stamp: 0x542a053d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x1b28
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (10/29/2014 11:22:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 11:07:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 11:04:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 01:29:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/20/2014 04:25:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (11/10/2014 09:20:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/29/2014 11:22:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/29/2014 11:07:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/29/2014 11:04:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/27/2014 01:29:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/27/2014 01:17:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

Error: (10/27/2014 01:16:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/27/2014 01:00:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/27/2014 00:34:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NI Application Web Server service to connect.


Microsoft Office Sessions:
=========================
Error: (11/20/2014 04:25:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 10:47:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.25.5542a053dntdll.dll6.1.7601.18247521ea8e7c0000005000223e034801cffdcdfec57736C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll7ddcc2a0-69c2-11e4-bfd4-90b11c5f5c97

Error: (11/10/2014 09:20:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 10:53:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.25.5542a053dntdll.dll6.1.7601.18247521ea8e7c0000005000223e04f401cff784ab76baebC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlle34b6111-6379-11e4-b875-90b11c5f5c97

Error: (11/02/2014 10:51:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.25.5542a053dntdll.dll6.1.7601.18247521ea8e7c0000005000223e039c01cff6bb810e144aC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll7d5457a1-62b0-11e4-b875-90b11c5f5c97

Error: (10/30/2014 09:50:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.25.5542a053dntdll.dll6.1.7601.18247521ea8e7c0000005000223e01b2801cff457a00b4f1cC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll6909d66b-604c-11e4-b875-90b11c5f5c97

Error: (10/29/2014 11:22:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 11:07:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 11:04:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 01:29:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-22 17:20:07.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 14:08:51.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU E3-1270 V2 @ 3.50GHz
Percentage of memory in use: 13%
Total physical RAM: 16338.49 MB
Available physical RAM: 14138.91 MB
Total Pagefile: 32675.16 MB
Available Pagefile: 30391.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.74 GB) (Free:772.45 GB) NTFS
Drive d: (data) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 089230EB)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Attached File  summary.zip   90.16KB   1 downloads

 


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 21 November 2014 - 09:55 AM

Greetings,

Sorry about the delay in responding. I was not notified you replied.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
S3 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\jbrajo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\jbrajo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\jbrajo\AppData\Local\Temp\nvStInst.exe
C:\Users\pmcorr\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\pmcorr\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\pmcorr\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\pmcorr\AppData\Local\Temp\nvStInst.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • TDSSKiller report
  • aswMBR report
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 niado

niado
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 21 November 2014 - 11:15 AM

See the following pasted below, as requested.

  • Fixlog
  • TDSSKiller report
  • aswMBR report
  • Result.txt

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
Ran by tubbs-diag at 2014-11-21 09:49:40 Run:1
Running from C:\Users\tubbs-diag\Desktop
Loaded Profile: tubbs-diag (Available profiles: pmcorr & gerced & mloker & hjroder & jbrajo & dlgna & hceller & clorbit & tubbs-diag)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
S3 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\jbrajo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\jbrajo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\jbrajo\AppData\Local\Temp\nvStInst.exe
C:\Users\pmcorr\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\pmcorr\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\pmcorr\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\pmcorr\AppData\Local\Temp\nvStInst.exe
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
BrlAPI => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\jbrajo\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\jbrajo\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\jbrajo\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\pmcorr\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\pmcorr\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\pmcorr\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\pmcorr\AppData\Local\Temp\nvStInst.exe => Moved successfully.

==== End of Fixlog ====

 

 

09:53:13.0483 0x1a78  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
09:54:24.0093 0x1a78  ============================================================
09:54:24.0093 0x1a78  Current date / time: 2014/11/21 09:54:24.0093
09:54:24.0093 0x1a78  SystemInfo:
09:54:24.0093 0x1a78 
09:54:24.0093 0x1a78  OS Version: 6.1.7601 ServicePack: 1.0
09:54:24.0093 0x1a78  Product type: Workstation
09:54:24.0093 0x1a78  ComputerName: TAZ
09:54:24.0093 0x1a78  UserName: tubbs-diag
09:54:24.0093 0x1a78  Windows directory: C:\Windows
09:54:24.0093 0x1a78  System windows directory: C:\Windows
09:54:24.0093 0x1a78  Running under WOW64
09:54:24.0093 0x1a78  Processor architecture: Intel x64
09:54:24.0093 0x1a78  Number of processors: 8
09:54:24.0093 0x1a78  Page size: 0x1000
09:54:24.0093 0x1a78  Boot type: Normal boot
09:54:24.0093 0x1a78  ============================================================
09:54:24.0161 0x1a78  KLMD registered as C:\Windows\system32\drivers\15513193.sys
09:54:24.0410 0x1a78  System UUID: {D3A420BA-7A47-DD0B-B52A-5F1CA82E0A6D}
09:54:24.0644 0x1a78  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:54:24.0650 0x1a78  ============================================================
09:54:24.0650 0x1a78  \Device\Harddisk0\DR0:
09:54:24.0650 0x1a78  MBR partitions:
09:54:24.0650 0x1a78  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x178000
09:54:24.0650 0x1a78  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18C000, BlocksNum 0x7457A000
09:54:24.0650 0x1a78  ============================================================
09:54:24.0719 0x1a78  C: <-> \Device\Harddisk0\DR0\Partition2
09:54:24.0719 0x1a78  ============================================================
09:54:24.0719 0x1a78  Initialize success
09:54:24.0719 0x1a78  ============================================================
09:54:32.0462 0x1d74  ============================================================
09:54:32.0462 0x1d74  Scan started
09:54:32.0462 0x1d74  Mode: Manual;
09:54:32.0462 0x1d74  ============================================================
09:54:32.0462 0x1d74  KSN ping started
09:54:35.0835 0x1d74  KSN ping finished: true
09:54:36.0544 0x1d74  ================ Scan system memory ========================
09:54:36.0544 0x1d74  System memory - ok
09:54:36.0544 0x1d74  ================ Scan services =============================
09:54:36.0646 0x1d74  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:54:36.0652 0x1d74  1394ohci - ok
09:54:36.0681 0x1d74  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:54:36.0685 0x1d74  ACPI - ok
09:54:36.0687 0x1d74  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:54:36.0687 0x1d74  AcpiPmi - ok
09:54:36.0737 0x1d74  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:54:36.0739 0x1d74  AdobeARMservice - ok
09:54:36.0829 0x1d74  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:54:36.0836 0x1d74  AdobeFlashPlayerUpdateSvc - ok
09:54:36.0872 0x1d74  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:54:36.0884 0x1d74  adp94xx - ok
09:54:36.0903 0x1d74  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:54:36.0911 0x1d74  adpahci - ok
09:54:36.0915 0x1d74  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:54:36.0917 0x1d74  adpu320 - ok
09:54:36.0935 0x1d74  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:54:36.0936 0x1d74  AeLookupSvc - ok
09:54:36.0984 0x1d74  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
09:54:36.0997 0x1d74  AFD - ok
09:54:37.0001 0x1d74  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:54:37.0002 0x1d74  agp440 - ok
09:54:37.0013 0x1d74  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:54:37.0015 0x1d74  ALG - ok
09:54:37.0036 0x1d74  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:54:37.0037 0x1d74  aliide - ok
09:54:37.0049 0x1d74  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:54:37.0050 0x1d74  amdide - ok
09:54:37.0061 0x1d74  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:54:37.0063 0x1d74  AmdK8 - ok
09:54:37.0073 0x1d74  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
09:54:37.0075 0x1d74  AmdPPM - ok
09:54:37.0086 0x1d74  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:54:37.0090 0x1d74  amdsata - ok
09:54:37.0097 0x1d74  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:54:37.0102 0x1d74  amdsbs - ok
09:54:37.0115 0x1d74  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:54:37.0116 0x1d74  amdxata - ok
09:54:37.0120 0x1d74  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
09:54:37.0121 0x1d74  AppID - ok
09:54:37.0125 0x1d74  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:54:37.0125 0x1d74  AppIDSvc - ok
09:54:37.0155 0x1d74  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:54:37.0158 0x1d74  Appinfo - ok
09:54:37.0185 0x1d74  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:54:37.0187 0x1d74  AppMgmt - ok
09:54:37.0190 0x1d74  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
09:54:37.0192 0x1d74  arc - ok
09:54:37.0194 0x1d74  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:54:37.0196 0x1d74  arcsas - ok
09:54:37.0268 0x1d74  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:54:37.0270 0x1d74  aspnet_state - ok
09:54:37.0313 0x1d74  [ 001CFE1AE7A6377D70F654305ED10458, 02319F42082DD01715521BB01C63D93A783890F5EEF4F97E34401D6BF2537075 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
09:54:37.0315 0x1d74  aswHwid - ok
09:54:37.0345 0x1d74  [ CDE120D6279DD61B341CB871C48E5374, D9A5845F405D14268D5DCD54F88DB87FC4071042D65ED08F0F1687740F3E2657 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
09:54:37.0348 0x1d74  aswMonFlt - ok
09:54:37.0359 0x1d74  [ 6669541A3566F5B2F64A87ACC9B8821F, DD99968B1D78B55A6A19C8D494B7FB39ADF5175BD223B01E4C833AE10BBD019A ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
09:54:37.0361 0x1d74  aswRdr - ok
09:54:37.0368 0x1d74  [ 60FED5EA7F14315C319E7FFB3679CC24, 19774A9C0DB86ED99434A194C9138682982EEFEA43CE33AB38985445C72B4C03 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
09:54:37.0369 0x1d74  aswRvrt - ok
09:54:37.0421 0x1d74  [ 56098BE0C735ED563C466CD835937993, D160FF497CF24B8302D4DDE8C91C9D298B4173B7250015D7E765D7E3FCB4E538 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
09:54:37.0433 0x1d74  aswSnx - ok
09:54:37.0449 0x1d74  [ 6FC940A01C53BC874F531349E991F2BC, C7D84127217D556D7722B0EBC38057C8DFA173265A6E1DBF89CA47379F061ED7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
09:54:37.0454 0x1d74  aswSP - ok
09:54:37.0466 0x1d74  [ 7250DFE069F4CB68F736A12F51AC083E, 7422A030786F777E914E1D6C10BC9B94B03B4AA2A8F888FE948004B91C60CD07 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
09:54:37.0467 0x1d74  aswStm - ok
09:54:37.0481 0x1d74  [ 5EA98C99B780EE215401658BE5E217CA, A778F2E2414BD0C9C572BEAC1DD0A805ED1827A25D6208D650AEBCCEED4D6994 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
09:54:37.0484 0x1d74  aswVmm - ok
09:54:37.0499 0x1d74  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:54:37.0500 0x1d74  AsyncMac - ok
09:54:37.0538 0x1d74  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:54:37.0540 0x1d74  atapi - ok
09:54:37.0611 0x1d74  [ EA0AF9B866DF07E8FE6C2342585788B0, BE8E799C1ED36B9DC6BEAB40E8B460464C01014DEC021760FB19626C77550792 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
09:54:37.0632 0x1d74  athur - ok
09:54:37.0662 0x1d74  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:54:37.0669 0x1d74  AudioEndpointBuilder - ok
09:54:37.0687 0x1d74  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:54:37.0694 0x1d74  AudioSrv - ok
09:54:37.0751 0x1d74  [ 5CE4F1E7D1BF789919DC7F2E7603C638, 604D4D824B9FE183B82637D212D7804DC88D6475383C1E6EE4269CAAD82E7C13 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:54:37.0753 0x1d74  avast! Antivirus - ok
09:54:37.0873 0x1d74  [ 780C1694218C375A06864E555C14BDB6, 3DEB07026ED978757706EE5D457AF6126580773C77F90DDFCCE258E5F916483F ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
09:54:37.0915 0x1d74  AvastVBoxSvc - ok
09:54:37.0932 0x1d74  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:54:37.0934 0x1d74  AxInstSV - ok
09:54:37.0958 0x1d74  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:54:37.0963 0x1d74  b06bdrv - ok
09:54:37.0977 0x1d74  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:54:37.0981 0x1d74  b57nd60a - ok
09:54:38.0020 0x1d74  [ 0700AFC7B35E2C39506A14C0988247D5, 033962625DC195B4D60C8C4B222F647354F10D3567844E6F4BB1659D4C085B5C ] BazisPortableCDBus C:\Windows\system32\drivers\BazisPortableCDBus.sys
09:54:38.0026 0x1d74  BazisPortableCDBus - ok
09:54:38.0041 0x1d74  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:54:38.0045 0x1d74  BDESVC - ok
09:54:38.0056 0x1d74  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:54:38.0057 0x1d74  Beep - ok
09:54:38.0101 0x1d74  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:54:38.0115 0x1d74  BFE - ok
09:54:38.0151 0x1d74  [ FBF56651A60E58C9F9BAB24F8C2146D1, C970C327AD45E62260C85A546504B603C03CCB6B50F212C3A8CDFA7D7A2ACE70 ] bh560eth        C:\Windows\system32\Drivers\bh560eth.sys
09:54:38.0155 0x1d74  bh560eth - ok
09:54:38.0199 0x1d74  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:54:38.0211 0x1d74  BITS - ok
09:54:38.0217 0x1d74  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:54:38.0218 0x1d74  blbdrive - ok
09:54:38.0246 0x1d74  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:54:38.0247 0x1d74  bowser - ok
09:54:38.0249 0x1d74  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:54:38.0249 0x1d74  BrFiltLo - ok
09:54:38.0251 0x1d74  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:54:38.0252 0x1d74  BrFiltUp - ok
09:54:38.0272 0x1d74  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:54:38.0277 0x1d74  Browser - ok
09:54:38.0288 0x1d74  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:54:38.0296 0x1d74  Brserid - ok
09:54:38.0308 0x1d74  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:54:38.0310 0x1d74  BrSerWdm - ok
09:54:38.0314 0x1d74  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:54:38.0315 0x1d74  BrUsbMdm - ok
09:54:38.0318 0x1d74  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:54:38.0319 0x1d74  BrUsbSer - ok
09:54:38.0322 0x1d74  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:54:38.0324 0x1d74  BTHMODEM - ok
09:54:38.0332 0x1d74  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:54:38.0333 0x1d74  bthserv - ok
09:54:38.0336 0x1d74  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:54:38.0337 0x1d74  cdfs - ok
09:54:38.0346 0x1d74  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:54:38.0348 0x1d74  cdrom - ok
09:54:38.0358 0x1d74  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:54:38.0359 0x1d74  CertPropSvc - ok
09:54:38.0362 0x1d74  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:54:38.0363 0x1d74  circlass - ok
09:54:38.0371 0x1d74  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:54:38.0376 0x1d74  CLFS - ok
09:54:38.0426 0x1d74  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:54:38.0429 0x1d74  clr_optimization_v2.0.50727_32 - ok
09:54:38.0468 0x1d74  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:54:38.0471 0x1d74  clr_optimization_v2.0.50727_64 - ok
09:54:38.0513 0x1d74  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:54:38.0517 0x1d74  clr_optimization_v4.0.30319_32 - ok
09:54:38.0532 0x1d74  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:54:38.0536 0x1d74  clr_optimization_v4.0.30319_64 - ok
09:54:38.0540 0x1d74  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:54:38.0541 0x1d74  CmBatt - ok
09:54:38.0573 0x1d74  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:54:38.0574 0x1d74  cmdide - ok
09:54:38.0620 0x1d74  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:54:38.0632 0x1d74  CNG - ok
09:54:38.0636 0x1d74  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:54:38.0638 0x1d74  Compbatt - ok
09:54:38.0648 0x1d74  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:54:38.0650 0x1d74  CompositeBus - ok
09:54:38.0652 0x1d74  COMSysApp - ok
09:54:38.0654 0x1d74  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:54:38.0655 0x1d74  crcdisk - ok
09:54:38.0688 0x1d74  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:54:38.0694 0x1d74  CryptSvc - ok
09:54:38.0721 0x1d74  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
09:54:38.0730 0x1d74  CSC - ok
09:54:38.0746 0x1d74  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
09:54:38.0754 0x1d74  CscService - ok
09:54:38.0791 0x1d74  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:54:38.0798 0x1d74  DcomLaunch - ok
09:54:38.0818 0x1d74  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:54:38.0822 0x1d74  defragsvc - ok
09:54:38.0837 0x1d74  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:54:38.0840 0x1d74  DfsC - ok
09:54:38.0866 0x1d74  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:54:38.0876 0x1d74  Dhcp - ok
09:54:38.0890 0x1d74  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:54:38.0891 0x1d74  discache - ok
09:54:38.0901 0x1d74  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
09:54:38.0903 0x1d74  Disk - ok
09:54:38.0925 0x1d74  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
09:54:38.0928 0x1d74  dmvsc - ok
09:54:38.0952 0x1d74  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:54:38.0959 0x1d74  Dnscache - ok
09:54:38.0971 0x1d74  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:54:38.0979 0x1d74  dot3svc - ok
09:54:38.0989 0x1d74  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:54:38.0992 0x1d74  DPS - ok
09:54:39.0031 0x1d74  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:54:39.0032 0x1d74  drmkaud - ok
09:54:39.0094 0x1d74  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:54:39.0108 0x1d74  DXGKrnl - ok
09:54:39.0151 0x1d74  [ 1BEF2C2E229452EC49FFE5A27283341D, 7010273570BD38E578FCF1DD2EB00C21E8FA3504CE2342AEE3755F6EFC4581E9 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
09:54:39.0156 0x1d74  e1cexpress - ok
09:54:39.0163 0x1d74  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:54:39.0165 0x1d74  EapHost - ok
09:54:39.0243 0x1d74  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:54:39.0279 0x1d74  ebdrv - ok
09:54:39.0309 0x1d74  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
09:54:39.0310 0x1d74  EFS - ok
09:54:39.0360 0x1d74  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:54:39.0374 0x1d74  ehRecvr - ok
09:54:39.0387 0x1d74  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:54:39.0389 0x1d74  ehSched - ok
09:54:39.0407 0x1d74  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:54:39.0413 0x1d74  elxstor - ok
09:54:39.0455 0x1d74  [ DD072DBC1F625A62CE32E4B78597E222, 7BE33808AA76658101BE5AD0C3D337D32B13FAEA3FCA4FE40F97D9392BD6218B ] EmbassyService  C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
09:54:39.0457 0x1d74  EmbassyService - ok
09:54:39.0459 0x1d74  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:54:39.0460 0x1d74  ErrDev - ok
09:54:39.0489 0x1d74  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:54:39.0501 0x1d74  EventSystem - ok
09:54:39.0510 0x1d74  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:54:39.0515 0x1d74  exfat - ok
09:54:39.0536 0x1d74  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:54:39.0539 0x1d74  fastfat - ok
09:54:39.0576 0x1d74  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:54:39.0587 0x1d74  Fax - ok
09:54:39.0589 0x1d74  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
09:54:39.0590 0x1d74  fdc - ok
09:54:39.0604 0x1d74  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:54:39.0605 0x1d74  fdPHost - ok
09:54:39.0616 0x1d74  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:54:39.0617 0x1d74  FDResPub - ok
09:54:39.0625 0x1d74  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:54:39.0626 0x1d74  FileInfo - ok
09:54:39.0632 0x1d74  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:54:39.0632 0x1d74  Filetrace - ok
09:54:39.0698 0x1d74  [ 3D9B36631032FDE0FFEA0DC0260E4E35, 48B574A67D3FA015EBD078715CEC3E2B63B939D379CD4B40BFBB80397A2C58B3 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:54:39.0707 0x1d74  FLEXnet Licensing Service - ok
09:54:39.0710 0x1d74  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:54:39.0710 0x1d74  flpydisk - ok
09:54:39.0722 0x1d74  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:54:39.0725 0x1d74  FltMgr - ok
09:54:39.0771 0x1d74  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:54:39.0785 0x1d74  FontCache - ok
09:54:39.0817 0x1d74  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:54:39.0818 0x1d74  FontCache3.0.0.0 - ok
09:54:39.0832 0x1d74  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:54:39.0834 0x1d74  FsDepends - ok
09:54:39.0857 0x1d74  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:54:39.0859 0x1d74  Fs_Rec - ok
09:54:39.0897 0x1d74  [ 0B0E36E669B47E256BE7BDB66D76CCCF, EE52E6EB6F4E41429687124246CF988CAFC4D7FF26EDAD5EAB762239E6DF8FBB ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
09:54:39.0900 0x1d74  FTDIBUS - ok
09:54:39.0930 0x1d74  [ D35D8310AA13DC851EC2319D1640A17B, 300E1D23C113C8A5BACC07552FA62E5F14257C8593D575A7FB4C5A879B850F5F ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
09:54:39.0933 0x1d74  FTSER2K - ok
09:54:39.0971 0x1d74  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:54:39.0977 0x1d74  fvevol - ok
09:54:39.0986 0x1d74  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:54:39.0988 0x1d74  gagp30kx - ok
09:54:40.0089 0x1d74  [ A27A06D8359BC5202F2F8E3240DE205F, C2BB64106D6894E6CF45121FE3ECCDE2A00CAE9268CF5ECA11F436C10DBFC6F0 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
09:54:40.0102 0x1d74  GfExperienceService - ok
09:54:40.0119 0x1d74  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:54:40.0128 0x1d74  gpsvc - ok
09:54:40.0160 0x1d74  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:54:40.0162 0x1d74  gupdate - ok
09:54:40.0165 0x1d74  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:54:40.0166 0x1d74  gupdatem - ok
09:54:40.0179 0x1d74  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:54:40.0179 0x1d74  hcw85cir - ok
09:54:40.0216 0x1d74  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:54:40.0226 0x1d74  HdAudAddService - ok
09:54:40.0239 0x1d74  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:54:40.0242 0x1d74  HDAudBus - ok
09:54:40.0244 0x1d74  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:54:40.0245 0x1d74  HidBatt - ok
09:54:40.0258 0x1d74  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:54:40.0259 0x1d74  HidBth - ok
09:54:40.0272 0x1d74  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:54:40.0273 0x1d74  HidIr - ok
09:54:40.0279 0x1d74  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:54:40.0280 0x1d74  hidserv - ok
09:54:40.0310 0x1d74  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:54:40.0311 0x1d74  HidUsb - ok
09:54:40.0328 0x1d74  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:54:40.0333 0x1d74  hkmsvc - ok
09:54:40.0347 0x1d74  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:54:40.0355 0x1d74  HomeGroupListener - ok
09:54:40.0386 0x1d74  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:54:40.0394 0x1d74  HomeGroupProvider - ok
09:54:40.0400 0x1d74  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:54:40.0403 0x1d74  HpSAMD - ok
09:54:40.0439 0x1d74  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:54:40.0454 0x1d74  HTTP - ok
09:54:40.0464 0x1d74  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:54:40.0464 0x1d74  hwpolicy - ok
09:54:40.0471 0x1d74  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:54:40.0472 0x1d74  i8042prt - ok
09:54:40.0493 0x1d74  [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
09:54:40.0499 0x1d74  iaStor - ok
09:54:40.0546 0x1d74  [ 1F35EFEC56CD1BF62435EAF97EABC3B3, 0246EB0295D28A33FC4C430117FFEE2B553C007040DB975EFCBB29FF881F2D4B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:54:40.0547 0x1d74  IAStorDataMgrSvc - ok
09:54:40.0571 0x1d74  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:54:40.0582 0x1d74  iaStorV - ok
09:54:40.0648 0x1d74  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:54:40.0665 0x1d74  idsvc - ok
09:54:40.0677 0x1d74  IEEtwCollectorService - ok
09:54:40.0687 0x1d74  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:54:40.0687 0x1d74  iirsp - ok
09:54:40.0730 0x1d74  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:54:40.0752 0x1d74  IKEEXT - ok
09:54:40.0825 0x1d74  [ 561E2397C1F6B7DD01D95D1A7AF22BD3, 3B60A5D2A9485079BCD33F6906B410EA4377ECF3FD9385A22D38D2DBEBFF9B85 ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
09:54:40.0848 0x1d74  IntcAzAudAddService - ok
09:54:40.0899 0x1d74  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:54:40.0907 0x1d74  Intel® Capability Licensing Service Interface - ok
09:54:40.0952 0x1d74  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:54:40.0961 0x1d74  Intel® Capability Licensing Service TCP IP Interface - ok
09:54:40.0980 0x1d74  [ 4A9EB8AC8959C580ADCADDBDBBEBE033, F7386FB51D4A2138A3BA0B76FE0FB6D0F6DF8AC4837345FCBD51308863D46D01 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
09:54:40.0983 0x1d74  Intel® PROSet Monitoring Service - ok
09:54:41.0003 0x1d74  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:54:41.0004 0x1d74  intelide - ok
09:54:41.0021 0x1d74  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:54:41.0023 0x1d74  intelppm - ok
09:54:41.0036 0x1d74  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:54:41.0041 0x1d74  IPBusEnum - ok
09:54:41.0047 0x1d74  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:54:41.0050 0x1d74  IpFilterDriver - ok
09:54:41.0098 0x1d74  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:54:41.0112 0x1d74  iphlpsvc - ok
09:54:41.0116 0x1d74  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:54:41.0117 0x1d74  IPMIDRV - ok
09:54:41.0120 0x1d74  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:54:41.0121 0x1d74  IPNAT - ok
09:54:41.0131 0x1d74  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:54:41.0131 0x1d74  IRENUM - ok
09:54:41.0140 0x1d74  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:54:41.0140 0x1d74  isapnp - ok
09:54:41.0181 0x1d74  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:54:41.0188 0x1d74  iScsiPrt - ok
09:54:41.0234 0x1d74  [ 75779002A6084C1A011E195E421A9C75, 03D84CE7E50EEA1DFB298F4CE3669F478920ECEB33513FE2DC16C8BF90DF3830 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
09:54:41.0236 0x1d74  iusb3hcs - ok
09:54:41.0279 0x1d74  [ F390B641FE6115F536B8B78AA71B8814, 8F26FCEC9B1442224A8DEE3B6459F788DBCEDFB206846BFAA3B26E40B06E2D28 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
09:54:41.0289 0x1d74  iusb3hub - ok
09:54:41.0349 0x1d74  [ 653B86AA174FF7661D00EE1E524B234F, F4598336206097DD3C838F7315D87D989D8AB755F773ED613E984C2CC95D511B ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:54:41.0360 0x1d74  iusb3xhc - ok
09:54:41.0383 0x1d74  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
09:54:41.0386 0x1d74  jhi_service - ok
09:54:41.0416 0x1d74  [ B0327B400A1742393ECF25969E134072, 12C640DA5106D66AFC8731A83736C4881782B4528A4AB27F46B13DE6B70BDD07 ] jlink           C:\Windows\system32\Drivers\jlinkx64.sys
09:54:41.0418 0x1d74  jlink - ok
09:54:41.0437 0x1d74  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:54:41.0439 0x1d74  kbdclass - ok
09:54:41.0454 0x1d74  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:54:41.0456 0x1d74  kbdhid - ok
09:54:41.0467 0x1d74  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
09:54:41.0471 0x1d74  KeyIso - ok
09:54:41.0498 0x1d74  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:54:41.0500 0x1d74  KSecDD - ok
09:54:41.0533 0x1d74  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:54:41.0538 0x1d74  KSecPkg - ok
09:54:41.0546 0x1d74  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:54:41.0547 0x1d74  ksthunk - ok
09:54:41.0573 0x1d74  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:54:41.0586 0x1d74  KtmRm - ok
09:54:41.0611 0x1d74  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:54:41.0616 0x1d74  LanmanServer - ok
09:54:41.0622 0x1d74  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:54:41.0626 0x1d74  LanmanWorkstation - ok
09:54:41.0747 0x1d74  [ 20CDB07017497C94A0BAD253C4BAFCBC, 5633D245525F9B8CAC4E87A95B0E19D1F34839483ED75AC8F7661DA29BC87EE7 ] LkCitadelServer C:\Windows\SysWOW64\lkcitdl.exe
09:54:41.0765 0x1d74  LkCitadelServer - ok
09:54:41.0796 0x1d74  [ 2EF07A0B855E623CA954FE1382B042FF, 5D3B85A3AEC7B80378C02A443ED4BF925282C73B151C95C9C04BBE0BC8A0C1E1 ] lkClassAds      C:\Windows\SysWOW64\lkads.exe
09:54:41.0797 0x1d74  lkClassAds - ok
09:54:41.0807 0x1d74  [ 367795C2C7A902B65AFDFD3D7BDF954D, 431B12FA4C4E42D5D88BA0C344ADE11020A97E4016C9F1A03824DC0DDAF489BA ] lkTimeSync      C:\Windows\SysWOW64\lktsrv.exe
09:54:41.0811 0x1d74  lkTimeSync - ok
09:54:41.0827 0x1d74  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:54:41.0829 0x1d74  lltdio - ok
09:54:41.0849 0x1d74  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:54:41.0859 0x1d74  lltdsvc - ok
09:54:41.0875 0x1d74  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:54:41.0876 0x1d74  lmhosts - ok
09:54:41.0919 0x1d74  [ 90C864827E1722F5BB6EEA8896A4E8EF, 6F9D96B7A65BD79ED5A384025393F36A5DEAC4EE01CA173874906B54F57150EF ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:54:41.0929 0x1d74  LMS - ok
09:54:41.0950 0x1d74  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:54:41.0954 0x1d74  LSI_FC - ok
09:54:41.0960 0x1d74  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:54:41.0964 0x1d74  LSI_SAS - ok
09:54:41.0969 0x1d74  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:54:41.0971 0x1d74  LSI_SAS2 - ok
09:54:41.0978 0x1d74  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:54:41.0981 0x1d74  LSI_SCSI - ok
09:54:41.0991 0x1d74  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:54:41.0992 0x1d74  luafv - ok
09:54:42.0027 0x1d74  [ BA3963A603F0504EB2A1475B335EAB53, 6154B89E29E2C81B018BD91D1F1AA0FE6A4200A7C3DD0136DD774E049E646EEE ] MCHPUSB         C:\Windows\system32\DRIVERS\mchpusb64.sys
09:54:42.0029 0x1d74  MCHPUSB - ok
09:54:42.0051 0x1d74  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:54:42.0056 0x1d74  Mcx2Svc - ok
09:54:42.0060 0x1d74  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:54:42.0062 0x1d74  megasas - ok
09:54:42.0072 0x1d74  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:54:42.0075 0x1d74  MegaSR - ok
09:54:42.0106 0x1d74  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
09:54:42.0109 0x1d74  MEIx64 - ok
09:54:42.0173 0x1d74  Microsoft SharePoint Workspace Audit Service - ok
09:54:42.0191 0x1d74  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:54:42.0196 0x1d74  MMCSS - ok
09:54:42.0200 0x1d74  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:54:42.0202 0x1d74  Modem - ok
09:54:42.0229 0x1d74  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:54:42.0230 0x1d74  monitor - ok
09:54:42.0239 0x1d74  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:54:42.0239 0x1d74  mouclass - ok
09:54:42.0261 0x1d74  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:54:42.0262 0x1d74  mouhid - ok
09:54:42.0272 0x1d74  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:54:42.0273 0x1d74  mountmgr - ok
09:54:42.0312 0x1d74  [ 43A02A9E2F8A84D4C65020960CFB8C37, FA0D47309C371A4E2C35339A9392C45B59942C79103AE362E391FCC924C19295 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:54:42.0315 0x1d74  MozillaMaintenance - ok
09:54:42.0331 0x1d74  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:54:42.0336 0x1d74  mpio - ok
09:54:42.0347 0x1d74  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:54:42.0349 0x1d74  mpsdrv - ok
09:54:42.0369 0x1d74  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:54:42.0391 0x1d74  MpsSvc - ok
09:54:42.0422 0x1d74  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:54:42.0424 0x1d74  MRxDAV - ok
09:54:42.0446 0x1d74  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:54:42.0451 0x1d74  mrxsmb - ok
09:54:42.0471 0x1d74  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:54:42.0479 0x1d74  mrxsmb10 - ok
09:54:42.0502 0x1d74  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:54:42.0506 0x1d74  mrxsmb20 - ok
09:54:42.0534 0x1d74  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:54:42.0535 0x1d74  msahci - ok
09:54:42.0543 0x1d74  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:54:42.0547 0x1d74  msdsm - ok
09:54:42.0565 0x1d74  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:54:42.0572 0x1d74  MSDTC - ok
09:54:42.0583 0x1d74  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:54:42.0584 0x1d74  Msfs - ok
09:54:42.0592 0x1d74  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:54:42.0593 0x1d74  mshidkmdf - ok
09:54:42.0613 0x1d74  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:54:42.0614 0x1d74  msisadrv - ok
09:54:42.0630 0x1d74  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:54:42.0636 0x1d74  MSiSCSI - ok
09:54:42.0640 0x1d74  msiserver - ok
09:54:42.0654 0x1d74  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:54:42.0655 0x1d74  MSKSSRV - ok
09:54:42.0663 0x1d74  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:54:42.0664 0x1d74  MSPCLOCK - ok
09:54:42.0671 0x1d74  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:54:42.0672 0x1d74  MSPQM - ok
09:54:42.0696 0x1d74  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:54:42.0703 0x1d74  MsRPC - ok
09:54:42.0712 0x1d74  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:54:42.0713 0x1d74  mssmbios - ok
09:54:42.0718 0x1d74  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:54:42.0719 0x1d74  MSTEE - ok
09:54:42.0725 0x1d74  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:54:42.0726 0x1d74  MTConfig - ok
09:54:42.0739 0x1d74  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:54:42.0740 0x1d74  Mup - ok
09:54:42.0809 0x1d74  [ 43F6A5F32ED163524904CAE7BDE9C84C, 22435F77A50DB18179360DBE352C9C5F81BBCABAC14EBB7356646B4874FBE898 ] mxssvr          C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
09:54:42.0811 0x1d74  mxssvr - ok
09:54:42.0839 0x1d74  [ D22AE9BDB972785CF9D336204C6005B1, 1AE328C88CF49072C125F41B16C2A2063203B21164245E2850CA491BDD4A522E ] NAL             C:\Windows\system32\Drivers\iqvw64e.sys
09:54:42.0841 0x1d74  NAL - ok
09:54:42.0865 0x1d74  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:54:42.0880 0x1d74  napagent - ok
09:54:42.0908 0x1d74  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:54:42.0914 0x1d74  NativeWifiP - ok
09:54:42.0961 0x1d74  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:54:42.0977 0x1d74  NDIS - ok
09:54:42.0986 0x1d74  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:54:42.0987 0x1d74  NdisCap - ok
09:54:43.0002 0x1d74  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:54:43.0003 0x1d74  NdisTapi - ok
09:54:43.0012 0x1d74  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:54:43.0013 0x1d74  Ndisuio - ok
09:54:43.0024 0x1d74  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:54:43.0027 0x1d74  NdisWan - ok
09:54:43.0036 0x1d74  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:54:43.0037 0x1d74  NDProxy - ok
09:54:43.0053 0x1d74  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:54:43.0054 0x1d74  NetBIOS - ok
09:54:43.0071 0x1d74  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:54:43.0078 0x1d74  NetBT - ok
09:54:43.0100 0x1d74  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
09:54:43.0104 0x1d74  Netlogon - ok
09:54:43.0127 0x1d74  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:54:43.0139 0x1d74  Netman - ok
09:54:43.0201 0x1d74  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:43.0206 0x1d74  NetMsmqActivator - ok
09:54:43.0218 0x1d74  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:43.0222 0x1d74  NetPipeActivator - ok
09:54:43.0248 0x1d74  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:54:43.0263 0x1d74  netprofm - ok
09:54:43.0280 0x1d74  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:43.0282 0x1d74  NetTcpActivator - ok
09:54:43.0285 0x1d74  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:43.0287 0x1d74  NetTcpPortSharing - ok
09:54:43.0304 0x1d74  [ 73CE12B8BDD747B0063CB0A7EF44CEA7, F570BB52BE460DBA6203698CC96FFD9674E1903D0E0F5C49375BE3F8D8E89582 ] netvsc          C:\Windows\system32\DRIVERS\netvsc60.sys
09:54:43.0306 0x1d74  netvsc - ok
09:54:43.0322 0x1d74  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:54:43.0323 0x1d74  nfrd960 - ok
09:54:43.0369 0x1d74  [ 996934C62AEEADC0811EFDC76FFAAABD, 14E0C0AE9F1F5F1069DD957F5C960F351F2E825E1AC47181D7C63B7A3E8E41EF ] NIApplicationWebServer C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
09:54:43.0371 0x1d74  NIApplicationWebServer - ok
09:54:43.0434 0x1d74  [ 6B7B6F29DC11EB298ED7C9496EFB41D6, A2C250BA031369F16ABB8311760AA8A77B8996FEEAD58587DF117CBAEF5D2D98 ] NIApplicationWebServer64 C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
09:54:43.0436 0x1d74  NIApplicationWebServer64 - ok
09:54:43.0485 0x1d74  [ EA16446CC5CA22F62E9F2BAE0581C481, 2C980CFAACB2AB1D7F0D2A3AD76A06C12E599451627FE3AA68A12ADAAD79BD97 ] niauth          C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
09:54:43.0499 0x1d74  niauth - ok
09:54:43.0527 0x1d74  [ E961796890B2A69EE4072730C451C7B7, 81199BEF7D5482F838D6F73CE0447C0050A24F0772EDE06B5B41624A48EF326A ] nidimk          C:\Windows\system32\drivers\nidimkl.sys
09:54:43.0528 0x1d74  nidimk - ok
09:54:43.0576 0x1d74  [ A29F837DB8188007CFCF758D2CEDC00E, 5D73F97F791F5166616EE320BF974338CB3A2483D1F5AD7F06E56E4FD7825B69 ] NIDomainService C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
09:54:43.0587 0x1d74  NIDomainService - ok
09:54:43.0689 0x1d74  [ AA8896BCD689851665EFC02DC41181AC, 9860DF5E072F4F3E10CE919767EB755EA5FC35B533886007657A24D864A1CA27 ] NILM License Manager C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
09:54:43.0705 0x1d74  NILM License Manager - ok
09:54:43.0774 0x1d74  [ 2BAFCA12F4B3CA5F6F586BFF7404E116, 412BC5C07705C46EB0D108E1D50FA52616F3695C2531F993EB050FC7464C1808 ] niLXIDiscovery  C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
09:54:43.0781 0x1d74  niLXIDiscovery - ok
09:54:43.0847 0x1d74  [ 1B33651642B4E1CF042544F00AAC7090, 192686A85C2EBB69FEC940320B9ACE03A2A2E04F6728EFD1BDACA130BABB9658 ] nimDNSResponder C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
09:54:43.0856 0x1d74  nimDNSResponder - ok
09:54:43.0866 0x1d74  [ F77F2A0DE6304658F3F298569ECDF559, A430E79C5B525CBA2E11D5D21CB937CFBB39A5A38965BE5021BD601181BA0A79 ] NINetworkDiscovery C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
09:54:43.0870 0x1d74  NINetworkDiscovery - ok
09:54:43.0901 0x1d74  [ CA1163CE98AEBD9B4ADAB295E12195C0, C3F4E90DA30898A5B8EBF5338B8701E3828A4D8557A150A9E5B4F988911F372D ] niorbk          C:\Windows\system32\drivers\niorbkl.sys
09:54:43.0902 0x1d74  niorbk - ok
09:54:43.0918 0x1d74  [ 91DF055159885DBA2B6E102B3B902602, 69905DA89EDF1C92CA5AF95788126F51B103E080514B8302B54EAB85A51DE39F ] nipalfwedl      C:\Windows\system32\drivers\nipalfwedl.sys
09:54:43.0920 0x1d74  nipalfwedl - ok
09:54:43.0960 0x1d74  [ 665499D0FC2971919A56B54ACC185923, 4869F436EE76FA989CF688B9F0730CC2C2F46BC829DBF3A6C6599DEA5859E8F4 ] NIPALK          C:\Windows\system32\drivers\nipalk.sys
09:54:43.0971 0x1d74  NIPALK - ok
09:54:43.0977 0x1d74  [ CF7CB7A251282CD90DA67EE6B568ED15, DFA147906B396D3A0AF0A770062712D438EFC63CE2DFB05ECA3D65EDFE0BFAE4 ] nipalusbedl     C:\Windows\system32\drivers\nipalusbedl.sys
09:54:43.0978 0x1d74  nipalusbedl - ok
09:54:43.0983 0x1d74  [ 0AEF3D16A49AB7DBA0C2D96588980F69, E8CCF530712D7378DC8D3D5D459F2AA897E4E33A4C5949C1082537623118BCB4 ] nipbcfk         C:\Windows\system32\drivers\nipbcfk.sys
09:54:43.0983 0x1d74  nipbcfk - ok
09:54:44.0002 0x1d74  NiSvcLoc - ok
09:54:44.0037 0x1d74  [ ACF30AB5D6C3BA92B2D07514C13F3146, 04C7FF6E536E6F8C5EC84A2B093FF236A303AF71F7FD7DF8B604CC0E3359946B ] NISystemWebServer C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
09:54:44.0039 0x1d74  NISystemWebServer - ok
09:54:44.0098 0x1d74  [ 990D0B7C184B8969744E6936AF39A73D, 8A33DCB777EC884ECE73B219B25108B550041659977F70F458D43340FAF83D45 ] NITaggerService C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
09:54:44.0112 0x1d74  NITaggerService - ok
09:54:44.0149 0x1d74  [ A7C494E6B0A437A6D70D6C2D5823D3EB, 86D56D1A76999C8A72DB639341EB22F3D8375F7513D258062BB565834C5387B5 ] NiViPciK        C:\Windows\system32\drivers\NiViPciKl.sys
09:54:44.0151 0x1d74  NiViPciK - ok
09:54:44.0184 0x1d74  [ 3ADC72B5015BD671A7726538C1691D77, 6E308AB6A04EA42167E52C999D25DA2DA74C3BFE650E04500DECCF478F1AAB74 ] NiViPxiK        C:\Windows\system32\drivers\NiViPxiKl.sys
09:54:44.0185 0x1d74  NiViPxiK - ok
09:54:44.0221 0x1d74  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:54:44.0231 0x1d74  NlaSvc - ok
09:54:44.0248 0x1d74  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:54:44.0249 0x1d74  Npfs - ok
09:54:44.0258 0x1d74  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:54:44.0260 0x1d74  nsi - ok
09:54:44.0268 0x1d74  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:54:44.0270 0x1d74  nsiproxy - ok
09:54:44.0345 0x1d74  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:54:44.0366 0x1d74  Ntfs - ok
09:54:44.0374 0x1d74  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:54:44.0375 0x1d74  Null - ok
09:54:44.0405 0x1d74  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
09:54:44.0407 0x1d74  NVHDA - ok
09:54:44.0671 0x1d74  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:54:44.0809 0x1d74  nvlddmkm - ok
09:54:44.0927 0x1d74  [ 507E699BD36530491BA0F95251B22F06, BDE6EB91FADBCB8CE16C31EF43A97DC6CC5D0F4EBAEA7903810556D0D70F54BC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
09:54:44.0946 0x1d74  NvNetworkService - ok
09:54:44.0965 0x1d74  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:54:44.0967 0x1d74  nvraid - ok
09:54:44.0992 0x1d74  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:54:44.0997 0x1d74  nvstor - ok
09:54:45.0030 0x1d74  [ 7E4C1879248629A2C9CC9ADF52CBB9B7, 856FF60FD111C3C80B137BC62B7EF92D3B95FBA462A29F97D65457A5A507506E ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
09:54:45.0031 0x1d74  NvStreamKms - ok
09:54:45.0400 0x1d74  [ C3EB27E4BC00283CA166A9FC42B90FC7, FED7F68D1C6EB442292E40DCFAEE7339AE21D5EF726A9DC9BCB6AB5C5873B3E0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
09:54:45.0606 0x1d74  NvStreamSvc - ok
09:54:45.0644 0x1d74  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:54:45.0655 0x1d74  nvsvc - ok
09:54:45.0678 0x1d74  [ 1AF619620613869C07F9C147BC37520F, 0AD4E100354E201D5E72BA236C1464F5083A7E3B58C4AC6BA712489D258955F5 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
09:54:45.0678 0x1d74  nvvad_WaveExtensible - ok
09:54:45.0696 0x1d74  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:54:45.0698 0x1d74  nv_agp - ok
09:54:45.0702 0x1d74  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:54:45.0704 0x1d74  ohci1394 - ok
09:54:45.0767 0x1d74  [ CBDBE92120FD36AE79B55339D79F6393, 10C2F35D2102156212A5175CE00D1875D8C0D2A970C9078564567FB571284952 ] OpcEnum         C:\Windows\SysWOW64\Opcenum.exe
09:54:45.0775 0x1d74  OpcEnum - ok
09:54:45.0838 0x1d74  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:54:45.0843 0x1d74  ose64 - ok
09:54:45.0981 0x1d74  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:54:46.0033 0x1d74  osppsvc - ok
09:54:46.0061 0x1d74  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:54:46.0067 0x1d74  p2pimsvc - ok
09:54:46.0084 0x1d74  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:54:46.0091 0x1d74  p2psvc - ok
09:54:46.0102 0x1d74  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
09:54:46.0103 0x1d74  Parport - ok
09:54:46.0112 0x1d74  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:54:46.0113 0x1d74  partmgr - ok
09:54:46.0140 0x1d74  [ 363B3F857ABEE85767E01E3044C539CD, F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C ] PBADRV          C:\Windows\system32\DRIVERS\PBADRV.sys
09:54:46.0141 0x1d74  PBADRV - ok
09:54:46.0157 0x1d74  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:54:46.0165 0x1d74  PcaSvc - ok
09:54:46.0184 0x1d74  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:54:46.0187 0x1d74  pci - ok
09:54:46.0217 0x1d74  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:54:46.0219 0x1d74  pciide - ok
09:54:46.0228 0x1d74  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:54:46.0235 0x1d74  pcmcia - ok
09:54:46.0246 0x1d74  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:54:46.0247 0x1d74  pcw - ok
09:54:46.0267 0x1d74  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:54:46.0274 0x1d74  PEAUTH - ok
09:54:46.0335 0x1d74  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:54:46.0351 0x1d74  PeerDistSvc - ok
09:54:46.0375 0x1d74  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:54:46.0377 0x1d74  PerfHost - ok
09:54:46.0422 0x1d74  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:54:46.0438 0x1d74  pla - ok
09:54:46.0468 0x1d74  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:54:46.0474 0x1d74  PlugPlay - ok
09:54:46.0480 0x1d74  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:54:46.0482 0x1d74  PNRPAutoReg - ok
09:54:46.0494 0x1d74  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:54:46.0499 0x1d74  PNRPsvc - ok
09:54:46.0523 0x1d74  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:54:46.0529 0x1d74  PolicyAgent - ok
09:54:46.0549 0x1d74  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
09:54:46.0553 0x1d74  Power - ok
09:54:46.0569 0x1d74  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:54:46.0571 0x1d74  PptpMiniport - ok
09:54:46.0577 0x1d74  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
09:54:46.0578 0x1d74  Processor - ok
09:54:46.0595 0x1d74  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:54:46.0599 0x1d74  ProfSvc - ok
09:54:46.0608 0x1d74  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:54:46.0609 0x1d74  ProtectedStorage - ok
09:54:46.0629 0x1d74  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:54:46.0632 0x1d74  Psched - ok
09:54:46.0692 0x1d74  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:54:46.0709 0x1d74  ql2300 - ok
09:54:46.0714 0x1d74  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:54:46.0716 0x1d74  ql40xx - ok
09:54:46.0731 0x1d74  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:54:46.0735 0x1d74  QWAVE - ok
09:54:46.0737 0x1d74  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:54:46.0738 0x1d74  QWAVEdrv - ok
09:54:46.0740 0x1d74  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:54:46.0741 0x1d74  RasAcd - ok
09:54:46.0766 0x1d74  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:54:46.0767 0x1d74  RasAgileVpn - ok
09:54:46.0776 0x1d74  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:54:46.0778 0x1d74  RasAuto - ok
09:54:46.0786 0x1d74  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:54:46.0788 0x1d74  Rasl2tp - ok
09:54:46.0802 0x1d74  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:54:46.0808 0x1d74  RasMan - ok
09:54:46.0816 0x1d74  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:54:46.0817 0x1d74  RasPppoe - ok
09:54:46.0820 0x1d74  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:54:46.0822 0x1d74  RasSstp - ok
09:54:46.0830 0x1d74  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:54:46.0834 0x1d74  rdbss - ok
09:54:46.0845 0x1d74  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:54:46.0846 0x1d74  rdpbus - ok
09:54:46.0860 0x1d74  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:54:46.0861 0x1d74  RDPCDD - ok
09:54:46.0878 0x1d74  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:54:46.0883 0x1d74  RDPDR - ok
09:54:46.0888 0x1d74  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:54:46.0889 0x1d74  RDPENCDD - ok
09:54:46.0900 0x1d74  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:54:46.0900 0x1d74  RDPREFMP - ok
09:54:46.0930 0x1d74  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:54:46.0932 0x1d74  RdpVideoMiniport - ok
09:54:46.0968 0x1d74  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:54:46.0974 0x1d74  RDPWD - ok
09:54:46.0988 0x1d74  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:54:46.0995 0x1d74  rdyboost - ok
09:54:47.0003 0x1d74  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:54:47.0008 0x1d74  RemoteAccess - ok
09:54:47.0021 0x1d74  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:54:47.0024 0x1d74  RemoteRegistry - ok
09:54:47.0029 0x1d74  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:54:47.0032 0x1d74  RpcEptMapper - ok
09:54:47.0042 0x1d74  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:54:47.0043 0x1d74  RpcLocator - ok
09:54:47.0056 0x1d74  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:54:47.0064 0x1d74  RpcSs - ok
09:54:47.0085 0x1d74  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:54:47.0087 0x1d74  rspndr - ok
09:54:47.0107 0x1d74  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:54:47.0107 0x1d74  s3cap - ok
09:54:47.0116 0x1d74  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
09:54:47.0120 0x1d74  SamSs - ok
09:54:47.0136 0x1d74  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:54:47.0139 0x1d74  sbp2port - ok
09:54:47.0148 0x1d74  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:54:47.0157 0x1d74  SCardSvr - ok
09:54:47.0167 0x1d74  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:54:47.0169 0x1d74  scfilter - ok
09:54:47.0205 0x1d74  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:54:47.0219 0x1d74  Schedule - ok
09:54:47.0248 0x1d74  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:54:47.0250 0x1d74  SCPolicySvc - ok
09:54:47.0260 0x1d74  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:54:47.0264 0x1d74  SDRSVC - ok
09:54:47.0275 0x1d74  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:54:47.0275 0x1d74  secdrv - ok
09:54:47.0283 0x1d74  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:54:47.0285 0x1d74  seclogon - ok
09:54:47.0385 0x1d74  [ 32497AF615494516901D4F1F82E5BD0F, DC933703F6B0B8812C5DA331CDC44DEE04AD835304C3A54748402789B0D790E0 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
09:54:47.0408 0x1d74  SecureStorageService - ok
09:54:47.0413 0x1d74  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:54:47.0415 0x1d74  SENS - ok
09:54:47.0422 0x1d74  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:54:47.0424 0x1d74  SensrSvc - ok
09:54:47.0480 0x1d74  [ 255476B54C82A89416EFDF09FD62F107, 000A6F7F15177A08ED4E22DB1C06F9FF0F8D324541A3E7AF7F35123D9CA4122D ] Sentinel64      C:\Windows\System32\Drivers\Sentinel64.sys
09:54:47.0485 0x1d74  Sentinel64 - ok
09:54:47.0523 0x1d74  [ 2437720D4480523562360B2B6B5864A7, 314725F4786B3E660D6C58AF611ABD41D9938CEF5A7F19762632DF51CB3A52D5 ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl64.sys
09:54:47.0528 0x1d74  Ser2pl - ok
09:54:47.0543 0x1d74  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:54:47.0545 0x1d74  Serenum - ok
09:54:47.0568 0x1d74  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:54:47.0571 0x1d74  Serial - ok
09:54:47.0591 0x1d74  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:54:47.0593 0x1d74  sermouse - ok
09:54:47.0610 0x1d74  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:54:47.0617 0x1d74  SessionEnv - ok
09:54:47.0620 0x1d74  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:54:47.0621 0x1d74  sffdisk - ok
09:54:47.0623 0x1d74  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:54:47.0623 0x1d74  sffp_mmc - ok
09:54:47.0625 0x1d74  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:54:47.0625 0x1d74  sffp_sd - ok
09:54:47.0627 0x1d74  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:54:47.0628 0x1d74  sfloppy - ok
09:54:47.0661 0x1d74  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:54:47.0672 0x1d74  SharedAccess - ok
09:54:47.0691 0x1d74  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:54:47.0697 0x1d74  ShellHWDetection - ok
09:54:47.0699 0x1d74  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:54:47.0700 0x1d74  SiSRaid2 - ok
09:54:47.0703 0x1d74  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:54:47.0704 0x1d74  SiSRaid4 - ok
09:54:47.0713 0x1d74  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:54:47.0714 0x1d74  Smb - ok
09:54:47.0725 0x1d74  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:54:47.0727 0x1d74  SNMPTRAP - ok
09:54:47.0730 0x1d74  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:54:47.0731 0x1d74  spldr - ok
09:54:47.0754 0x1d74  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:54:47.0762 0x1d74  Spooler - ok
09:54:47.0823 0x1d74  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:54:47.0862 0x1d74  sppsvc - ok
09:54:47.0870 0x1d74  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:54:47.0873 0x1d74  sppuinotify - ok
09:54:47.0914 0x1d74  [ EAD5300C93946B0250A309E2BF2BE4CF, 6B9131D94ED31F838B1820EE67F068C4741B69D5C655587C89C9477986BD270F ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:54:47.0918 0x1d74  SQLWriter - ok
09:54:47.0946 0x1d74  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:54:47.0953 0x1d74  srv - ok
09:54:47.0974 0x1d74  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:54:47.0979 0x1d74  srv2 - ok
09:54:47.0989 0x1d74  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:54:47.0992 0x1d74  srvnet - ok
09:54:48.0002 0x1d74  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:54:48.0006 0x1d74  SSDPSRV - ok
09:54:48.0016 0x1d74  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:54:48.0019 0x1d74  SstpSvc - ok
09:54:48.0026 0x1d74  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:54:48.0027 0x1d74  stexstor - ok
09:54:48.0041 0x1d74  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:54:48.0050 0x1d74  stisvc - ok
09:54:48.0069 0x1d74  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:54:48.0070 0x1d74  storvsc - ok
09:54:48.0083 0x1d74  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:54:48.0083 0x1d74  swenum - ok
09:54:48.0109 0x1d74  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:54:48.0126 0x1d74  swprv - ok
09:54:48.0135 0x1d74  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
09:54:48.0137 0x1d74  Synth3dVsc - ok
09:54:48.0145 0x1d74  [ 4CDD7DF58730D23BA9CB5829A6E2ECEA, 89A2A1604C2BF985894000F51D9D376B32F1327197866850B5BF8640272DE828 ] SynthVid        C:\Windows\system32\DRIVERS\VMBusVideoM.sys
09:54:48.0146 0x1d74  SynthVid - ok
09:54:48.0197 0x1d74  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:54:48.0218 0x1d74  SysMain - ok
09:54:48.0232 0x1d74  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:54:48.0235 0x1d74  TabletInputService - ok
09:54:48.0245 0x1d74  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:54:48.0251 0x1d74  TapiSrv - ok
09:54:48.0263 0x1d74  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:54:48.0266 0x1d74  TBS - ok
09:54:48.0342 0x1d74  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:54:48.0363 0x1d74  Tcpip - ok
09:54:48.0405 0x1d74  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:54:48.0426 0x1d74  TCPIP6 - ok
09:54:48.0451 0x1d74  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:54:48.0452 0x1d74  tcpipreg - ok
09:54:48.0507 0x1d74  [ BD7964E9019C6E60CF806922BB4577D0, 5CAE591A1B8CF513DF6F64508E2E8ABAB40314AF286D4EE144C33D3523DC8511 ] tcsd_win32.exe  C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:54:48.0530 0x1d74  tcsd_win32.exe - ok
09:54:48.0632 0x1d74  [ E5DCD1BE2A21FBA5DFBB24238721DD40, 49F15BC824BC081A778A4389BDD6B4F1BC8D49413B4215AA4CA3FF56F4CD3DC1 ] TdmService      C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
09:54:48.0677 0x1d74  TdmService - ok
09:54:48.0690 0x1d74  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:54:48.0691 0x1d74  TDPIPE - ok
09:54:48.0719 0x1d74  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:54:48.0719 0x1d74  TDTCP - ok
09:54:48.0733 0x1d74  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:54:48.0737 0x1d74  tdx - ok
09:54:48.0759 0x1d74  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:54:48.0761 0x1d74  TermDD - ok
09:54:48.0794 0x1d74  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
09:54:48.0796 0x1d74  terminpt - ok
09:54:48.0847 0x1d74  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
09:54:48.0857 0x1d74  TermService - ok
09:54:48.0864 0x1d74  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:54:48.0867 0x1d74  Themes - ok
09:54:48.0881 0x1d74  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:54:48.0883 0x1d74  THREADORDER - ok
09:54:48.0915 0x1d74  [ FA169871D8FADCC6539C4E8726610286, 14BF1C5225BD736C686FAC6393050BCFC5C43BC9557A78901CC98BC446A3894D ] TPDIBUS         C:\Windows\system32\drivers\tpdibus.sys
09:54:48.0918 0x1d74  TPDIBUS - ok
09:54:48.0934 0x1d74  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:54:48.0940 0x1d74  TrkWks - ok
09:54:48.0976 0x1d74  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:54:48.0981 0x1d74  TrustedInstaller - ok
09:54:49.0012 0x1d74  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:54:49.0014 0x1d74  tssecsrv - ok
09:54:49.0049 0x1d74  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:54:49.0051 0x1d74  TsUsbFlt - ok
09:54:49.0081 0x1d74  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:54:49.0083 0x1d74  TsUsbGD - ok
09:54:49.0108 0x1d74  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
09:54:49.0112 0x1d74  tsusbhub - ok
09:54:49.0146 0x1d74  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:54:49.0150 0x1d74  tunnel - ok
09:54:49.0164 0x1d74  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:54:49.0166 0x1d74  uagp35 - ok
09:54:49.0188 0x1d74  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:54:49.0197 0x1d74  udfs - ok
09:54:49.0215 0x1d74  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:54:49.0218 0x1d74  UI0Detect - ok
09:54:49.0225 0x1d74  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:54:49.0226 0x1d74  uliagpkx - ok
09:54:49.0233 0x1d74  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:54:49.0234 0x1d74  umbus - ok
09:54:49.0236 0x1d74  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:54:49.0236 0x1d74  UmPass - ok
09:54:49.0258 0x1d74  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:54:49.0262 0x1d74  UmRdpService - ok
09:54:49.0278 0x1d74  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:54:49.0284 0x1d74  upnphost - ok
09:54:49.0316 0x1d74  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
09:54:49.0320 0x1d74  usbccgp - ok
09:54:49.0348 0x1d74  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:54:49.0351 0x1d74  usbcir - ok
09:54:49.0376 0x1d74  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:54:49.0378 0x1d74  usbehci - ok
09:54:49.0420 0x1d74  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:54:49.0429 0x1d74  usbhub - ok
09:54:49.0470 0x1d74  [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:54:49.0472 0x1d74  usbohci - ok
09:54:49.0479 0x1d74  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
09:54:49.0481 0x1d74  usbprint - ok
09:54:49.0504 0x1d74  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
09:54:49.0506 0x1d74  usbser - ok
09:54:49.0520 0x1d74  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:54:49.0523 0x1d74  USBSTOR - ok
09:54:49.0540 0x1d74  [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:54:49.0542 0x1d74  usbuhci - ok
09:54:49.0552 0x1d74  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:54:49.0558 0x1d74  UxSms - ok
09:54:49.0566 0x1d74  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
09:54:49.0570 0x1d74  VaultSvc - ok
09:54:49.0657 0x1d74  [ C650F6CB1AB3128CFB8A2D1259BA5F1B, 2DE386109AAE4AB55E6FE23454A5A817BA1457E4C4F9B93350EA7983B6BCBB1A ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
09:54:49.0664 0x1d74  VBoxAswDrv - ok
09:54:49.0693 0x1d74  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:54:49.0695 0x1d74  vdrvroot - ok
09:54:49.0721 0x1d74  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:54:49.0739 0x1d74  vds - ok
09:54:49.0744 0x1d74  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:54:49.0745 0x1d74  vga - ok
09:54:49.0750 0x1d74  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:54:49.0751 0x1d74  VgaSave - ok
09:54:49.0755 0x1d74  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:54:49.0758 0x1d74  vhdmp - ok
09:54:49.0790 0x1d74  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:54:49.0791 0x1d74  viaide - ok
09:54:49.0811 0x1d74  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:54:49.0813 0x1d74  VMBusHID - ok
09:54:49.0827 0x1d74  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:54:49.0830 0x1d74  volmgr - ok
09:54:49.0847 0x1d74  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:54:49.0857 0x1d74  volmgrx - ok
09:54:49.0878 0x1d74  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:54:49.0882 0x1d74  volsnap - ok
09:54:49.0891 0x1d74  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
09:54:49.0894 0x1d74  vpcbus - ok
09:54:49.0911 0x1d74  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
09:54:49.0912 0x1d74  vpcnfltr - ok
09:54:49.0929 0x1d74  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
09:54:49.0931 0x1d74  vpcusb - ok
09:54:49.0957 0x1d74  [ 30D4243726A15A14F5C5E45898D14394, 0EED69CACCDEC1260C79B187370E420C12654F0F5F777A1FF27F5C5FF3BAE2E1 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
09:54:49.0963 0x1d74  vpcvmm - ok
09:54:49.0972 0x1d74  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:54:49.0974 0x1d74  vsmraid - ok
09:54:50.0011 0x1d74  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:54:50.0030 0x1d74  VSS - ok
09:54:50.0118 0x1d74  [ 2F208AD0E44992E5FF1CB7C6B699C263, 3CF1E180F3D83D99A216AD0799E7FF83334AF3E3B416C570C85608CF21B77E62 ] vToolbarUpdater15.4.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
09:54:50.0135 0x1d74  vToolbarUpdater15.4.0 - ok
09:54:50.0138 0x1d74  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:54:50.0139 0x1d74  vwifibus - ok
09:54:50.0146 0x1d74  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:54:50.0148 0x1d74  vwififlt - ok
09:54:50.0169 0x1d74  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:54:50.0183 0x1d74  W32Time - ok
09:54:50.0189 0x1d74  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:54:50.0191 0x1d74  WacomPen - ok
09:54:50.0207 0x1d74  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:54:50.0208 0x1d74  WANARP - ok
09:54:50.0211 0x1d74  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:54:50.0212 0x1d74  Wanarpv6 - ok
09:54:50.0288 0x1d74  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:54:50.0302 0x1d74  WatAdminSvc - ok
09:54:50.0349 0x1d74  [ 667B63A2053EBFA0CF6015AE95076F5B, 163E2C0371B7DDA837353769721BBD52379965139DB00FFD709A13CC7AA4BFFE ] Wave Authentication Manager Service C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
09:54:50.0367 0x1d74  Wave Authentication Manager Service - ok
09:54:50.0404 0x1d74  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:54:50.0424 0x1d74  wbengine - ok
09:54:50.0441 0x1d74  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:54:50.0446 0x1d74  WbioSrvc - ok
09:54:50.0460 0x1d74  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:54:50.0467 0x1d74  wcncsvc - ok
09:54:50.0473 0x1d74  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:54:50.0476 0x1d74  WcsPlugInService - ok
09:54:50.0478 0x1d74  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
09:54:50.0478 0x1d74  Wd - ok
09:54:50.0530 0x1d74  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:54:50.0543 0x1d74  Wdf01000 - ok
09:54:50.0551 0x1d74  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:54:50.0556 0x1d74  WdiServiceHost - ok
09:54:50.0560 0x1d74  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:54:50.0564 0x1d74  WdiSystemHost - ok
09:54:50.0598 0x1d74  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:54:50.0609 0x1d74  WebClient - ok
09:54:50.0629 0x1d74  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:54:50.0634 0x1d74  Wecsvc - ok
09:54:50.0645 0x1d74  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:54:50.0648 0x1d74  wercplsupport - ok
09:54:50.0653 0x1d74  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:54:50.0656 0x1d74  WerSvc - ok
09:54:50.0665 0x1d74  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:54:50.0666 0x1d74  WfpLwf - ok
09:54:50.0675 0x1d74  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:54:50.0676 0x1d74  WIMMount - ok
09:54:50.0696 0x1d74  WinDefend - ok
09:54:50.0737 0x1d74  [ 7922583C802203A54CDD47D9ECF028F2, 21645252B686E7074E10AE2C2DD618249FCAA972BDB87559F29E48B50C5ADECF ] WinDriver6      C:\Windows\system32\drivers\windrvr6.sys
09:54:50.0745 0x1d74  WinDriver6 - ok
09:54:50.0748 0x1d74  WinHttpAutoProxySvc - ok
09:54:50.0804 0x1d74  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:54:50.0812 0x1d74  Winmgmt - ok
09:54:50.0853 0x1d74  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:54:50.0876 0x1d74  WinRM - ok
09:54:50.0893 0x1d74  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:54:50.0894 0x1d74  WinUsb - ok
09:54:50.0934 0x1d74  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:54:50.0955 0x1d74  Wlansvc - ok
09:54:50.0982 0x1d74  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:54:50.0984 0x1d74  wlcrasvc - ok
09:54:51.0077 0x1d74  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:54:51.0102 0x1d74  wlidsvc - ok
09:54:51.0105 0x1d74  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:54:51.0106 0x1d74  WmiAcpi - ok
09:54:51.0113 0x1d74  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:54:51.0116 0x1d74  wmiApSrv - ok
09:54:51.0118 0x1d74  WMPNetworkSvc - ok
09:54:51.0120 0x1d74  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:54:51.0122 0x1d74  WPCSvc - ok
09:54:51.0128 0x1d74  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:54:51.0132 0x1d74  WPDBusEnum - ok
09:54:51.0143 0x1d74  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:54:51.0144 0x1d74  ws2ifsl - ok
09:54:51.0152 0x1d74  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
09:54:51.0155 0x1d74  wscsvc - ok
09:54:51.0157 0x1d74  WSearch - ok
09:54:51.0252 0x1d74  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:54:51.0281 0x1d74  wuauserv - ok
09:54:51.0296 0x1d74  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:54:51.0297 0x1d74  WudfPf - ok
09:54:51.0331 0x1d74  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:54:51.0337 0x1d74  WUDFRd - ok
09:54:51.0358 0x1d74  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:54:51.0365 0x1d74  wudfsvc - ok
09:54:51.0400 0x1d74  [ 8A04B12BBEB3A18DCAE1641BC7DFA77C, 48BA42589DE7C1773C7D128D13B4AA698AA4BC50D3DD012263D914586064B238 ] WvPCR           C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe
09:54:51.0406 0x1d74  WvPCR - ok
09:54:51.0433 0x1d74  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:54:51.0444 0x1d74  WwanSvc - ok
09:54:51.0488 0x1d74  [ 23FD8B7C69AAFD6DB4C6DB3618DA96AB, 584951FA18F69581561445DDEAFA015CE8C458FDB9FD57C5CE964E0ED6900308 ] XilinxFirmwareLpLoader C:\Windows\system32\Drivers\xusb_xlp.sys
09:54:51.0490 0x1d74  XilinxFirmwareLpLoader - ok
09:54:51.0513 0x1d74  [ 0D7D5DEF542CF01AD9665F398A0D0C78, FC9B40CD7247057C76F7365BE07D2563FD1826799B7FBCF6D6F3738976427B36 ] XilinxPC4Driver C:\Windows\System32\drivers\xpc4drvr.sys
09:54:51.0515 0x1d74  XilinxPC4Driver - ok
09:54:51.0529 0x1d74  ================ Scan global ===============================
09:54:51.0547 0x1d74  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:54:51.0567 0x1d74  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:54:51.0600 0x1d74  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:54:51.0612 0x1d74  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:54:51.0628 0x1d74  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:54:51.0633 0x1d74  [ Global ] - ok
09:54:51.0633 0x1d74  ================ Scan MBR ==================================
09:54:51.0654 0x1d74  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:54:51.0802 0x1d74  \Device\Harddisk0\DR0 - ok
09:54:51.0802 0x1d74  ================ Scan VBR ==================================
09:54:51.0804 0x1d74  [ 254DE11FB22BB68F31C2A787F1A2D2DC ] \Device\Harddisk0\DR0\Partition1
09:54:51.0857 0x1d74  \Device\Harddisk0\DR0\Partition1 - ok
09:54:51.0859 0x1d74  [ 2CA9F3F4982D1DF132BDDE7080D9FD2C ] \Device\Harddisk0\DR0\Partition2
09:54:51.0891 0x1d74  \Device\Harddisk0\DR0\Partition2 - ok
09:54:51.0891 0x1d74  ================ Scan generic autorun ======================
09:54:51.0990 0x1d74  [ A5CC90E39091FD58ADCB9FEED3EB0112, E55BB4F7F43EC54B91646FC196BFE81E0A53B555E16083978420ED3B89458D4D ] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
09:54:52.0021 0x1d74  RtHDVCpl - ok
09:54:52.0050 0x1d74  [ 4A2D341131E6E12C51C23D0A45E4C698, B41CCA53FC89A3BCA3D3EDA3948FBC148A4035ACBC8DF386E7B5022655E70F40 ] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
09:54:52.0054 0x1d74  TdmNotify - ok
09:54:52.0112 0x1d74  [ 39CF316EB5842AE27CC0D3CC4E2840DE, BC4D4ED926F988B7B70CC87B7EC92D148DA6BC39C5C514751F1B0CA69D0F9081 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
09:54:52.0115 0x1d74  BCSSync - ok
09:54:52.0197 0x1d74  [ 4F011F572DAC7057DF9D6E9064AA77E8, CC05441572740A9996525C3B9382191022E4F918C45C09EC0DE4C11215F81008 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
09:54:52.0223 0x1d74  NvBackend - ok
09:54:52.0232 0x1d74  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
09:54:52.0234 0x1d74  ShadowPlay - ok
09:54:52.0292 0x1d74  [ 796227FCA947A0B8E3D6A097B27F2363, F14B1F8CF253A27554D4C24228911355FA475AABF086B66A498E825E8E3CBFA5 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
09:54:52.0300 0x1d74  USB3MON - ok
09:54:52.0323 0x1d74  [ BB43C092AE2CC1B02E59FB259247D26E, E6AF6F29E9145C317972617284EF2B52C40933C4F1E0936DDDE7567929481408 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
09:54:52.0324 0x1d74  IAStorIcon - ok
09:54:52.0375 0x1d74  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:54:52.0394 0x1d74  Adobe ARM - ok
09:54:52.0517 0x1d74  [ E24B539E8B4F7FBAE1EC785809690C40, 84C967522B5669075DDEC262CAE0B5EB81AA42A7735993F24FB2D067A60B215B ] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
09:54:52.0541 0x1d74  vProt - ok
09:54:52.0588 0x1d74  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:54:52.0595 0x1d74  SunJavaUpdateSched - ok
09:54:52.0729 0x1d74  [ C2D60F6277707014C1C670A4D27F36E8, 9F02C675BCE2BA500E8C1A4EA60BD553C1257836F5868126037E35772E9F251F ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
09:54:52.0816 0x1d74  AvastUI.exe - ok
09:54:52.0864 0x1d74  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:54:52.0890 0x1d74  Sidebar - ok
09:54:52.0914 0x1d74  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:54:52.0916 0x1d74  mctadmin - ok
09:54:52.0935 0x1d74  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:54:52.0947 0x1d74  Sidebar - ok
09:54:52.0951 0x1d74  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:54:52.0953 0x1d74  mctadmin - ok
09:54:52.0999 0x1d74  [ 787FE89968064C31759D411BE5D7FAC0, 4DF48161A7E719086410C07EFB8DA9C3C7AC2E2963E0180BEEF7756528714814 ] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
09:54:53.0025 0x1d74  OfficeSyncProcess - ok
09:54:53.0119 0x1d74  [ 4FC1A7D34C63B53E2F2DF01558589277, E735A5DDC089803BEC562803FBF528757AF9200937659E3BAE9D20682C1B6B24 ] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe
09:54:53.0161 0x1d74  NIRegistrationWizard - ok
09:54:53.0162 0x1d74  Waiting for KSN requests completion. In queue: 380
09:54:54.0163 0x1d74  Waiting for KSN requests completion. In queue: 75
09:54:55.0163 0x1d74  Waiting for KSN requests completion. In queue: 75
09:54:56.0163 0x1d74  Waiting for KSN requests completion. In queue: 75
09:54:57.0163 0x1d74  Waiting for KSN requests completion. In queue: 75
09:54:58.0163 0x1d74  Waiting for KSN requests completion. In queue: 75
09:54:59.0163 0x1d74  Waiting for KSN requests completion. In queue: 75
09:55:00.0163 0x1d74  Waiting for KSN requests completion. In queue: 75
09:55:01.0184 0x1d74  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2206.692 ), 0x40000 ( disabled : updated )
09:55:01.0201 0x1d74  Win FW state via NFP2: enabled
09:55:14.0501 0x1d74  ============================================================
09:55:14.0501 0x1d74  Scan finished
09:55:14.0501 0x1d74  ============================================================
09:55:14.0510 0x1fa4  Detected object count: 0
09:55:14.0510 0x1fa4  Actual detected object count: 0
09:55:59.0938 0x1db0  Deinitialize success

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-21 09:57:43
-----------------------------
09:57:43.639    OS Version: Windows x64 6.1.7601 Service Pack 1
09:57:43.639    Number of processors: 8 586 0x3A09
09:57:43.641    ComputerName: TAZ  UserName:
09:57:44.889    Initialize success
09:57:44.892    VM: initialized successfully
09:57:44.893    VM: Intel CPU supported
09:58:03.242    VM: supported disk I/O iaStor.sys
09:58:06.080    AVAST engine defs: 14112100
09:58:31.066    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:58:31.069    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 8
09:58:31.180    VM: Disk 0 MBR read successfully
09:58:31.183    Disk 0 MBR scan
09:58:31.188    Disk 0 Windows VISTA default MBR code
09:58:31.199    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
09:58:31.207    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          752 MB offset 81920
09:58:31.211    Disk 0 default boot code
09:58:31.222    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       953076 MB offset 1622016
09:58:31.258    Disk 0 scanning C:\Windows\system32\drivers
09:58:38.499    Service scanning
09:58:53.442    Modules scanning
09:58:53.448    Disk 0 trace - called modules:
09:58:53.461    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
09:58:53.466    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d7bb790]
09:58:53.470    3 CLASSPNP.SYS[fffff88001c5a43f] -> nt!IofCallDriver -> [0xfffffa800d350670]
09:58:53.472    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d359050]
09:58:54.494    AVAST engine scan C:\Windows
09:58:56.523    AVAST engine scan C:\Windows\system32
10:01:01.730    AVAST engine scan C:\Windows\system32\drivers
10:01:12.303    AVAST engine scan C:\Users\tubbs-diag
10:01:24.745    AVAST engine scan C:\ProgramData
10:02:00.528    Disk 0 statistics 4776766/0/22 @ 17.08 MB/s
10:02:00.537    Scan finished successfully
10:03:24.080    Disk 0 MBR has been saved successfully to "C:\Users\tubbs-diag\Desktop\MBR.dat"
10:03:24.083    The log file has been saved successfully to "C:\Users\tubbs-diag\Desktop\aswMBR.txt"

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by tubbs-diag (administrator) on 21-11-2014 at 10:07:25
Running from "C:\Users\tubbs-diag\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

192.168.112.41    proctest        proctest

========================= IP Configuration: ================================

TP-LINK Wireless USB Adapter = Wireless Network Connection (Connected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.112.1 publish=Yes
add address name="Local Area Connection" address=192.168.112.134 mask=255.0.0.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : taz
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TP-LINK Wireless USB Adapter
   Physical Address. . . . . . . . . : E8-94-F6-24-73-BC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2600:1005:b112:aafd:c9ef:fac3:825:dec4(Preferred)
   Temporary IPv6 Address. . . . . . : 2600:1005:b112:aafd:9cc2:ba38:62d7:8094(Preferred)
   Link-local IPv6 Address . . . . . : fe80::c9ef:fac3:825:dec4%21(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.43.227(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, November 21, 2014 9:31:18 AM
   Lease Expires . . . . . . . . . . : Friday, November 21, 2014 11:01:18 AM
   Default Gateway . . . . . . . . . : fe80::12a5:d0ff:fecc:ab74%21
                                       192.168.43.1
   DHCP Server . . . . . . . . . . . : 192.168.43.1
   DNS Servers . . . . . . . . . . . : 192.168.43.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 90-B1-1C-5F-5C-97
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ADC568AF-BC50-47E6-97A1-17C5FD192834}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:48c:3a8f:3f57:d41c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::48c:3a8f:3f57:d41c%14(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A81A7DA3-B852-40E2-AB7C-7B630D906F6B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.43.1

Name:    google.com
Addresses:  2607:f8b0:4004:807::1009
   74.125.228.228
   74.125.228.224
   74.125.228.232
   74.125.228.226
   74.125.228.225
   74.125.228.229
   74.125.228.238
   74.125.228.230
   74.125.228.227
   74.125.228.233
   74.125.228.231

Pinging google.com [2607:f8b0:4004:807::1009] with 32 bytes of data:
Reply from 2607:f8b0:4004:807::1009: time=157ms
Reply from 2607:f8b0:4004:807::1009: time=125ms

Ping statistics for 2607:f8b0:4004:807::1009:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 125ms, Maximum = 157ms, Average = 141ms
Server:  UnKnown
Address:  192.168.43.1

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=345ms TTL=48
Reply from 206.190.36.45: bytes=32 time=198ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 198ms, Maximum = 345ms, Average = 271ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...e8 94 f6 24 73 bc ......TP-LINK Wireless USB Adapter
 11...90 b1 1c 5f 5c 97 ......Intel® 82579LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1   192.168.43.227     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.43.0    255.255.255.0         On-link    192.168.43.227    281
   192.168.43.227  255.255.255.255         On-link    192.168.43.227    281
   192.168.43.255  255.255.255.255         On-link    192.168.43.227    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.43.227    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.43.227    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.112.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 21    281 ::/0                     fe80::12a5:d0ff:fecc:ab74
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:9d38:6abd:48c:3a8f:3f57:d41c/128
                                    On-link
 21    281 2600:1005:b112:aafd:9cc2:ba38:62d7:8094/128
                                    On-link
 21    281 2600:1005:b112:aafd:c9ef:fac3:825:dec4/128
                                    On-link
 21    281 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::48c:3a8f:3f57:d41c/128
                                    On-link
 21    281 fe80::c9ef:fac3:825:dec4/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 21    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 21 November 2014 - 12:10 PM

Do you recognize this Hosts entry?

 

========================= Hosts content: =================================

192.168.112.41 proctest proctest

 

 

Can you update me on your computer behavior?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 niado

niado
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 21 November 2014 - 12:32 PM

Yes, that is an intentional host file entry.

 

The computer seems fine at the moment, which is not unexpected as it has, unfortunately, not exhibited any sign of infection since I have had my hands on it.

 

The primary symptom was a sporadically occuring flood of DNS requests from this computer while unattended. The computer has been disconnected from the network since shortly after the last such incident so this symptom is unable to occur.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 21 November 2014 - 12:42 PM

OK, thanks.

Please do this.

===================================================

MBR Dump Using Farbar's Recvovery Scan Tool in the Recovery Environment

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
SaveMbr: Drive=0
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (mbrdump.txt) on the flash drive. Please attach it to your reply. If you open the file you will not be able to read it.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached mbrdump.txt file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 niado

niado
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 21 November 2014 - 01:15 PM

MBRDUMP.txt file attached.

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 21 November 2014 - 01:19 PM

Thanks it is clean.

 

I wanted to check everything I could to make sure there was no obvious evidence of malware that would cause the DNS issue.  At this point everything looks normal. Would you like to connect to the Internet and see how we do?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 niado

niado
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 21 November 2014 - 01:51 PM

Okay cool. I will hook it up and see what happens.

 

Do you have any ideas of an infection that would cause this behavior?

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 21 November 2014 - 02:26 PM

Hard to say specifically in your case but generally these are the causes.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 AM

Posted 24 November 2014 - 09:48 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 niado

niado
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 24 November 2014 - 11:44 AM

Hi Gary,

I ran the computer all weekend, connected to a closed LAN (without internet access) and ran wireshark to see if any unusual traffic was originated by the box. Nothing weird seemed to happen. I think I'm going to try setting up a dns server and adding it to the closed lan, to see if another flood occurs.

 

 

One point of note, I recently tracked down a second system that was exhibiting the same behavior as the one that we've been working on. This is obviously concerning.

 

Any thoughts?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users