Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google 302 redirect, did I get it?


  • This topic is locked This topic is locked
18 replies to this topic

#1 Ne Mo

Ne Mo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 14 November 2014 - 07:11 AM

First of all, sorry I only read your advice about ComboFix after I had already run it to remove the threat. I'm attaching the logs for that and DDS.
 
The problem: per the title, google was redirecting on firefox to a "302 page has moved". I googled around the problem and it is a virus, apparently.
 
As I said, I raid ComboFix to address the problem. It isn't redirecting any more, but a string of characters still appears after the forward slash at the end of the address.
 
For example, I just opened it, and the address in firefox is:
https://www.google.co.uk/?gfe_rd=cr&ei=1-1lVPuNJ8bH8ge73oH4BQ&gws_rd=ssl
 
The address in IE and Chrome doesn't have this extra stuff at the end. I attach the logs, any ideas?
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Arimov at 11:43:56 on 2014-11-14
#Option Extended Search is enabled.
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.4095.1806 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\LastPass\lastapp_x64.exe
C:\Program Files\Ext2Fsd\Ext2Mgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HWiNFO64\HWiNFO64.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Nightly\firefox.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
mRun: [LastApp] C:\Program Files (x86)\LastPass\lastapp_x64.exe
mRun: [Ext2 Volume Manager] C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\Arimov\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Arimov\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\VideoLAN\VLC\npvlc.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 Ext2Fsd;Linux ext2 file system driver;C:\Windows\System32\drivers\ext2fsd.sys [2014-8-5 769304]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2014-7-5 31648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-9-15 239616]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
R2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2013-7-19 2179056]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 uvhid;Unified Virtual HID;C:\Windows\System32\drivers\uvhid.sys [2014-10-2 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-18 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-5 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-5 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-17 1255736]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2014-11-14 11:35:22    11627712    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E6C642A-A444-4DEE-B2B1-DC2C8BE12BAD}\mpengine.dll
2014-11-14 11:29:30    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-11-14 11:11:37    98816    ----a-w-    C:\Windows\sed.exe
2014-11-14 11:11:37    256000    ----a-w-    C:\Windows\PEV.exe
2014-11-14 11:11:37    208896    ----a-w-    C:\Windows\MBR.exe
2014-11-14 10:36:51    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C7F7C307-EF0E-4982-B9E2-300AFD07BA1C}\gapaengine.dll
2014-11-14 10:31:01    --------    d-----w-    C:\Program Files\Nightly
2014-11-12 10:29:12    11627712    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-08 00:28:51    --------    d-----w-    C:\Users\Arimov\AppData\Roaming\TightVNC
2014-11-08 00:27:59    --------    d-----w-    C:\ProgramData\TightVNC
2014-11-08 00:27:59    --------    d-----w-    C:\Program Files\TightVNC
2014-11-08 00:20:15    --------    d-----w-    C:\Program Files (x86)\Xming
2014-10-21 20:33:24    --------    d-----w-    C:\Westwood
2014-10-18 07:12:59    977408    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-10-07 18:15:52    --------    d-----w-    C:\Users\Arimov\AppData\Roaming\Unified Remote
2014-10-07 18:15:14    --------    d-----w-    C:\Program Files (x86)\Unified Remote
2014-10-07 17:54:46    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-10-07 17:54:15    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2014-10-07 16:34:29    --------    d-----w-    C:\symbols
2014-10-07 16:30:27    --------    d-----w-    C:\Program Files\Debugging Tools for Windows (x64)
2014-10-07 16:29:03    --------    d-----w-    C:\Windows\System32\appmgmt
2014-10-05 11:02:03    --------    d-----w-    C:\New folder (2)
2014-10-02 15:58:58    6656    ----a-w-    C:\Windows\System32\drivers\hidkmdf.sys
2014-10-02 15:58:58    20992    ----a-w-    C:\Windows\System32\drivers\uvhid.sys
2014-09-30 17:05:44    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-30 17:05:44    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-24 16:32:57    --------    d-----w-    C:\ProgramData\redistpart
2014-09-24 16:32:53    --------    d-----w-    C:\ProgramData\explauncher
2014-09-24 16:32:52    --------    d-----w-    C:\ProgramData\launcher
2014-09-24 16:29:54    --------    d-----w-    C:\Program Files (x86)\Paragon Software
2014-09-23 19:34:37    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-23 19:34:37    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-21 09:36:49    --------    d-----w-    C:\Program Files (x86)\EaseUS
2014-09-21 08:59:58    --------    d-----w-    C:\Users\Arimov\AppData\Local\Skype
2014-09-21 08:59:53    --------    d-----r-    C:\Program Files (x86)\Skype
2014-09-21 08:44:42    --------    d-----w-    C:\Users\Arimov\AppData\Local\Thunderbird
2014-09-21 08:33:45    --------    d-----w-    C:\Users\Arimov\AppData\Roaming\Widgit
2014-09-21 08:33:45    --------    d-----w-    C:\Users\Arimov\AppData\Roaming\First Keys 3
2014-09-21 07:52:19    --------    d-----w-    C:\Users\Arimov\.android
2014-09-21 07:52:07    1721576    ----a-w-    C:\Windows\System32\WdfCoInstaller01009.dll
2014-09-21 07:52:07    1002728    ----a-w-    C:\Windows\System32\WinUSBCoInstaller2.dll
2014-09-21 07:52:04    --------    d-----w-    C:\Program Files (x86)\WugFresh Development
2014-09-21 07:51:30    --------    d-----w-    C:\ProgramData\Widgit
2014-09-21 07:50:50    --------    d-----w-    C:\Program Files (x86)\Widgit
2014-09-20 10:14:54    --------    d-----w-    C:\Users\Arimov\fd
2014-09-20 10:13:11    --------    d-----w-    C:\Program Files (x86)\FaceDown
2014-09-16 14:09:43    --------    d-----w-    C:\Program Files\OpenBR
2014-09-16 13:31:58    --------    d-----w-    C:\Users\Arimov\AppData\Roaming\Applied Recognition Inc
2014-09-16 13:31:57    --------    d-----w-    C:\Users\Arimov\AppData\Roaming\com.appliedrec.Fotobounce
2014-09-16 13:31:48    --------    d-----w-    C:\Program Files (x86)\Fotobounce Family
2014-09-16 13:30:58    --------    d-----w-    C:\Users\Arimov\AppData\Local\Adobe
2014-09-16 13:09:17    --------    d-----w-    C:\Users\Arimov\AppData\Roaming\deluge
2014-09-16 13:07:57    --------    d-----w-    C:\Program Files (x86)\Deluge
2014-09-16 13:06:45    --------    d-----w-    C:\Program Files (x86)\BitTyrant
2014-09-15 22:32:04    128384    ----a-w-    C:\Windows\System32\amdhcp64.dll
2014-09-15 22:32:04    118096    ----a-w-    C:\Windows\SysWow64\amdhcp32.dll
2014-09-15 22:32:00    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2014-09-15 22:32:00    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2014-09-15 22:32:00    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2014-09-15 22:32:00    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2014-09-15 22:31:48    126848    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2014-09-15 22:31:44    100032    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2014-09-15 22:31:40    1113576    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2014-09-15 22:31:30    9254184    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2014-09-15 22:31:22    7207592    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2014-09-15 22:31:16    7028336    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2014-09-15 22:29:04    293088    ----a-w-    C:\Windows\System32\drivers\amdacpksd.sys
2014-09-15 22:26:58    16750080    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2014-09-15 22:18:06    235008    ----a-w-    C:\Windows\System32\clinfo.exe
2014-09-15 22:18:00    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-09-15 22:17:58    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2014-09-15 22:17:56    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2014-09-15 22:17:56    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2014-09-15 22:17:54    33867264    ----a-w-    C:\Windows\System32\amdocl64.dll
2014-09-15 22:17:04    28770304    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2014-09-15 22:16:18    65024    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-09-15 22:16:18    58880    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-09-15 22:13:24    27918336    ----a-w-    C:\Windows\System32\atio6axx.dll
2014-09-15 22:09:38    48128    ----a-w-    C:\Windows\System32\amdmmcl6.dll
2014-09-15 22:09:36    37888    ----a-w-    C:\Windows\SysWow64\amdmmcl.dll
2014-09-15 22:09:10    127488    ----a-w-    C:\Windows\System32\mantle64.dll
2014-09-15 22:09:04    113664    ----a-w-    C:\Windows\SysWow64\mantle32.dll
2014-09-15 22:09:00    5639168    ----a-w-    C:\Windows\System32\amdmantle64.dll
2014-09-15 22:08:08    23375360    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2014-09-15 22:07:48    367104    ----a-w-    C:\Windows\System32\atiapfxx.exe
2014-09-15 22:07:46    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2014-09-15 22:07:44    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2014-09-15 22:07:42    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2014-09-15 22:07:42    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2014-09-15 22:07:36    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2014-09-15 22:06:46    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2014-09-15 22:05:52    4480000    ----a-w-    C:\Windows\SysWow64\amdmantle32.dll
2014-09-15 22:03:26    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2014-09-15 22:03:24    619008    ----a-w-    C:\Windows\System32\atieclxx.exe
2014-09-15 22:03:18    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2014-09-15 22:03:12    91648    ----a-w-    C:\Windows\System32\mantleaxl64.dll
2014-09-15 22:03:08    85504    ----a-w-    C:\Windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03:04    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2014-09-15 22:00:04    95744    ----a-w-    C:\Windows\System32\amdave64.dll
2014-09-15 22:00:00    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2014-09-15 21:59:50    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2014-09-15 21:59:46    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2014-09-15 21:59:40    827392    ----a-w-    C:\Windows\System32\coinst_14.30.dll
2014-09-15 21:59:14    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2014-09-15 21:59:12    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2014-09-15 21:59:12    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2014-09-15 21:59:12    146944    ----a-w-    C:\Windows\System32\atig6txx.dll
2014-09-15 21:59:08    133632    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2014-09-15 21:59:06    576000    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2014-09-15 21:58:54    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2014-09-15 17:21:34    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2014-09-15 17:19:58    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2014-09-15 17:06:03    --------    d-----w-    C:\Users\Arimov\AppData\Local\Apps
2014-09-15 16:30:06    1199    ----a-w-    C:\mydel.bat
.
==================== Find6M  ====================
.
2014-11-14 10:55:18    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-12 10:29:23    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 10:29:23    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-09-29 00:58:48    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02    2108416    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57    5829632    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12    4201472    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18    2309632    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-19 00:18:55    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-15 22:31:50    144328    ----a-w-    C:\Windows\System32\atiuxp64.dll
2014-09-15 22:31:46    118096    ----a-w-    C:\Windows\System32\atiu9p64.dll
2014-09-15 22:31:42    1335544    ----a-w-    C:\Windows\System32\aticfx64.dll
2014-09-15 22:31:34    10826488    ----a-w-    C:\Windows\System32\atidxx64.dll
2014-09-15 22:31:06    8044976    ----a-w-    C:\Windows\System32\atiumd6a.dll
2014-09-15 22:31:02    8296296    ----a-w-    C:\Windows\System32\atiumd64.dll
2014-09-15 22:03:28    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2014-09-15 21:59:20    1210880    ----a-w-    C:\Windows\System32\atiadlxx.dll
2014-09-15 21:59:16    900608    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2014-09-14 13:47:51    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-09-13 01:58:18    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-09-13 01:40:05    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-01 11:53:22    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 01:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-21 21:38:53    15824384    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-07-17 17:05:06    269008    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 17:05:06    125584    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-17 12:26:00    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-07-17 02:07:58    235520    ----a-w-    C:\Windows\System32\winsta.dll
2014-07-17 02:07:45    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-07-17 02:07:44    681984    ----a-w-    C:\Windows\System32\termsrv.dll
2014-07-17 02:07:41    1113088    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-07-17 02:07:39    150528    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2014-07-17 02:07:37    3722240    ----a-w-    C:\Windows\System32\mstscax.dll
2014-07-17 02:07:29    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-07-17 02:07:24    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-07-17 02:07:08    1118720    ----a-w-    C:\Windows\System32\mstsc.exe
2014-07-17 01:40:03    157696    ----a-w-    C:\Windows\SysWow64\winsta.dll
2014-07-17 01:39:50    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-07-17 01:39:42    3221504    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-07-17 01:39:32    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-07-17 01:39:30    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2014-07-17 01:39:08    1051136    ----a-w-    C:\Windows\SysWow64\mstsc.exe
2014-07-17 01:21:54    212480    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-07-17 01:21:27    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-07-07 02:06:35    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-07-07 02:06:35    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-07 01:40:21    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-07-07 01:40:12    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-07-07 01:39:16    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-07-05 16:56:49    386680    ----a-w-    C:\Windows\System32\drivers\sptd.sys
2014-07-05 16:38:44    31648    ----a-w-    C:\Windows\System32\drivers\HWiNFO64A.SYS
2014-07-05 16:09:43    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-07-05 13:54:45    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2014-07-05 13:54:45    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2014-06-30 22:24:50    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-06-30 22:14:53    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-06-27 02:08:12    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-06-27 01:45:52    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-06-24 03:29:36    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-06-24 02:59:49    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-06-21 17:01:22    94720    ----a-w-    C:\Windows\System32\drivers\AtihdW76.sys
2014-06-21 16:59:38    110080    ----a-w-    C:\Windows\System32\DelayAPO.dll
2014-06-18 22:23:33    73880    ----a-w-    C:\Windows\System32\mscories.dll
.
============= FINISH: 11:44:14.98 ===============

ComboFix 14-11-12.01 - Arimov 14/11/2014 11:12:53.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2224 [GMT 0:00]
Running from: c:\users\Arimov\Downloads\comfix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((( Files Created from 2014-10-14 to 2014-11-14 )))))))))))))))))))))))))))))))
.
.
2014-11-14 11:20 . 2014-11-14 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-14 10:36 . 2014-09-20 09:37 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7F7C307-EF0E-4982-B9E2-300AFD07BA1C}\gapaengine.dll
2014-11-14 10:36 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63749F90-80CF-466D-BA65-5A35F12AAF74}\mpengine.dll
2014-11-12 10:29 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-11 19:33 . 2014-11-14 10:31 -------- d-----w- c:\program files\Nightly
2014-11-10 18:56 . 2014-09-20 09:37 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECF9438E-14EA-414E-AA77-4461B84970D6}\gapaengine.dll
2014-11-08 00:28 . 2014-11-08 00:28 -------- d-----w- c:\users\Arimov\AppData\Roaming\TightVNC
2014-11-08 00:27 . 2014-11-08 00:28 -------- d-----w- c:\program files\TightVNC
2014-11-08 00:27 . 2014-11-08 00:27 -------- d-----w- c:\programdata\TightVNC
2014-11-08 00:22 . 2014-11-08 00:22 -------- d-----w- c:\program files (x86)\PuTTY
2014-11-08 00:20 . 2014-11-08 00:20 -------- d-----w- c:\program files (x86)\Xming
2014-10-21 20:36 . 2014-10-21 20:36 -------- d-----w- c:\program files\WinRAR
2014-10-21 20:33 . 2014-10-21 20:33 -------- d-----w- C:\Westwood
2014-10-18 07:12 . 2014-09-19 02:25 23631360 ----a-w- c:\windows\system32\mshtml.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-14 10:55 . 2014-07-30 23:04 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 10:29 . 2014-07-16 11:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 10:29 . 2014-07-16 11:26 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-30 11:25 . 2014-07-13 15:59 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-19 02:01 . 2014-07-30 22:44 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-02 15:58 . 2014-10-02 15:58 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2014-10-02 15:58 . 2014-10-02 15:58 20992 ----a-w- c:\windows\system32\drivers\uvhid.sys
2014-09-25 02:08 . 2014-09-30 17:05 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 17:05 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-20 09:37 . 2014-09-01 13:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-15 22:32 . 2014-09-15 22:32 128384 ----a-w- c:\windows\system32\amdhcp64.dll
2014-09-15 22:32 . 2014-09-15 22:32 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2014-04-18 02:43 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2014-04-18 02:42 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2014-09-15 22:31 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2014-04-18 02:42 1335544 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2014-09-15 22:31 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2014-04-18 02:42 10826488 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-15 22:31 . 2014-09-15 22:31 9254184 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:31 . 2014-09-15 22:31 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2014-09-15 22:31 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31 . 2014-04-18 02:42 8044976 ----a-w- c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2014-04-18 02:42 8296296 ----a-w- c:\windows\system32\atiumd64.dll
2014-09-15 22:29 . 2014-09-15 22:29 293088 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26 16750080 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17 33867264 ----a-w- c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13 27918336 ----a-w- c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09 5639168 ----a-w- c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08 23375360 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05 4480000 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-09-15 22:03 . 2014-09-15 22:03 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03 619008 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-09-15 22:00 . 2014-09-15 22:00 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-09-15 22:00 . 2014-09-15 22:00 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-09-15 21:59 . 2014-09-15 21:59 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-09-15 21:59 . 2014-09-15 21:59 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-09-15 21:59 . 2014-09-15 21:59 827392 ----a-w- c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2014-04-18 01:09 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
2014-09-15 21:59 . 2014-04-18 01:09 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-09-15 17:21 . 2014-09-15 17:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-09-15 17:19 . 2014-09-15 17:19 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-09-15 16:31 . 2014-09-15 16:30 1199 ----a-w- C:\mydel.bat
2014-09-14 13:47 . 2014-09-14 13:47 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-09-14 13:47 . 2014-09-14 13:48 319912 ----a-w- c:\windows\system32\javaws.exe
2014-09-14 13:47 . 2014-09-14 13:47 189352 ----a-w- c:\windows\system32\javaw.exe
2014-09-14 13:47 . 2014-09-14 13:47 189352 ----a-w- c:\windows\system32\java.exe
2014-09-09 22:11 . 2014-09-23 19:34 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 19:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-09-01 13:27 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-01 13:27 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-07-21 21:38 . 2014-07-21 21:38 15824384 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2014-10-02 333008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LastApp"="c:\program files (x86)\LastPass\lastapp_x64.exe" [2014-07-01 36637240]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2011-02-05 1211536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-7-21 15824384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz137;cpuz137;c:\users\Arimov\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\Arimov\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys;c:\windows\SYSNATIVE\DRIVERS\uvhid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16 10:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Arimov\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Arimov\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-DriverMax_RESTART - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-14 11:28:47
ComboFix-quarantined-files.txt 2014-11-14 11:28
.
Pre-Run: 72,971,333,632 bytes free
Post-Run: 72,983,728,128 bytes free
.
- - End Of File - - C9E46D64065115AF21926581B0E78945
23B571400A29918F5392F6E85EEB756E

Attached Files


Edited by Oh My!, 20 November 2014 - 07:53 PM.
Posted Combofix


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 19 November 2014 - 09:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556085 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 20 November 2014 - 07:52 PM

Greetings Ne Mo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Ne Mo

Ne Mo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 22 November 2014 - 07:52 AM

Hi, thanks. Had to zip the NFO as it was too big. Hope that's ok.

FRST scan


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by Arimov (administrator) on ARIMOV-PC on 22-11-2014 12:28:44
Running from C:\Users\Arimov\Desktop
Loaded Profile: Arimov (Available profiles: Arimov)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(REALiX) C:\Program Files\HWiNFO64\HWiNFO64.EXE
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(LastPass) C:\Program Files (x86)\LastPass\lastapp_x64.exe
(Ext2Fsd Group (www.ext2fsd.com)) C:\Program Files\Ext2Fsd\Ext2Mgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [LastApp] => C:\Program Files (x86)\LastPass\lastapp_x64.exe [36637240 2014-07-01] (LastPass)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe [1211536 2011-02-05] (Ext2Fsd Group (www.ext2fsd.com))
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3765471224-3898711021-4281587159-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3765471224-3898711021-4281587159-1000\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-10-02] (Unified Intents AB)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3765471224-3898711021-4281587159-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\searchplugins\duckduckgo.xml
FF Extension: LastPass - C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\Extensions\support@lastpass.com [2014-07-13]
FF Extension: WOT - C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-13]
FF Extension: DownloadHelper - C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-16]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-07-13]
FF Extension: Adblock Plus - C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-13]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769304 2014-05-11] (www.ext2fsd.com)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-07-05] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-05] (Duplex Secure Ltd.)
R3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [20992 2014-10-02] (Windows ® Win 7 DDK provider)
U3 av3ncor6; C:\Windows\System32\Drivers\av3ncor6.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\comfix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Arimov\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 12:28 - 2014-11-22 12:28 - 00010448 _____ () C:\Users\Arimov\Desktop\FRST.txt
2014-11-22 12:28 - 2014-11-22 12:28 - 00000000 ____D () C:\FRST
2014-11-22 12:27 - 2014-11-22 12:27 - 02118144 _____ (Farbar) C:\Users\Arimov\Downloads\FRST64.exe
2014-11-22 12:27 - 2014-11-22 12:27 - 02118144 _____ (Farbar) C:\Users\Arimov\Desktop\FRST64.exe
2014-11-20 20:43 - 2014-11-20 20:43 - 13289157 _____ () C:\Users\Arimov\Downloads\10343325_10152514462066939_454930195_n.mp4
2014-11-20 20:43 - 2014-11-20 20:43 - 01179982 _____ () C:\Users\Arimov\Downloads\10812900_10152507074767029_1701754124_n.mp4
2014-11-20 20:42 - 2014-11-20 20:42 - 14079002 _____ () C:\Users\Arimov\Downloads\879597_733554176739178_1816769394_n.mp4
2014-11-20 20:38 - 2014-11-22 12:03 - 00000000 ____D () C:\Program Files\Nightly
2014-11-18 19:23 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 19:23 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 19:23 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 19:23 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 15:27 - 2014-11-16 15:27 - 00000218 _____ () C:\Users\Arimov\.recently-used.xbel
2014-11-16 15:27 - 2014-11-16 15:27 - 00000023 _____ () C:\Users\Arimov\.gtk-bookmarks
2014-11-16 12:31 - 2014-11-16 12:31 - 00000877 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2014-11-16 12:31 - 2014-11-16 12:31 - 00000865 _____ () C:\Users\Public\Desktop\Nightly.lnk
2014-11-15 11:56 - 2014-11-15 11:56 - 43936768 _____ () C:\Users\Arimov\Downloads\firefox-36.0a1.en-US.win64-x86_64.installer.exe
2014-11-14 15:58 - 2014-11-14 15:58 - 00008617 _____ () C:\Users\Arimov\Downloads\vpngate_193.107.85.47_udp_1195.ovpn
2014-11-14 15:58 - 2014-11-14 15:58 - 00008617 _____ () C:\Users\Arimov\Downloads\vpngate_193.107.85.47_udp_1195(1).ovpn
2014-11-14 15:08 - 2014-11-14 15:08 - 00000000 __SHD () C:\Users\Arimov\AppData\Local\EmieBrowserModeList
2014-11-14 12:09 - 2014-11-14 12:09 - 00003532 _____ () C:\Users\Arimov\Desktop\attach.zip
2014-11-14 11:44 - 2014-11-14 11:44 - 00024389 _____ () C:\Users\Arimov\Desktop\dds.txt
2014-11-14 11:44 - 2014-11-14 11:44 - 00010521 _____ () C:\Users\Arimov\Desktop\attach.txt
2014-11-14 11:42 - 2014-11-14 11:42 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Arimov\Downloads\rkill.exe
2014-11-14 11:42 - 2014-11-14 11:42 - 00688992 _____ (Swearware) C:\Users\Arimov\Downloads\dds(1).com
2014-11-14 11:41 - 2014-11-14 11:42 - 00688992 ____R (Swearware) C:\Users\Arimov\Downloads\dds.com
2014-11-14 11:28 - 2014-11-14 11:28 - 00016195 _____ () C:\ComboFix.txt
2014-11-14 11:11 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-14 11:11 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-14 11:11 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-14 11:11 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-14 11:11 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-14 11:11 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-14 11:11 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-14 11:11 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-14 11:10 - 2014-11-14 11:29 - 00000000 ____D () C:\Qoobox
2014-11-14 11:10 - 2014-11-14 11:26 - 00000000 ____D () C:\Windows\erdnt
2014-11-14 11:08 - 2014-11-14 11:09 - 05597734 ____R (Swearware) C:\Users\Arimov\Downloads\comfix.exe
2014-11-14 10:28 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-14 10:28 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-14 10:28 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-14 10:28 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-14 10:28 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-14 10:28 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-14 10:28 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-14 10:28 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-14 10:28 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-14 10:28 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-14 10:28 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-14 10:28 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-14 10:28 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-14 10:28 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-14 10:28 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-14 10:28 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-14 10:28 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-14 10:28 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-14 10:28 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-14 10:28 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-14 10:28 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-14 10:28 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-14 10:28 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-14 10:28 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-14 10:28 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-14 10:28 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-14 10:28 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-14 10:28 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-14 10:28 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-14 10:28 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-14 10:28 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-14 10:28 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-14 10:28 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-14 10:28 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-14 10:28 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-14 10:28 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-14 10:28 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-14 10:28 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-14 10:28 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-14 10:28 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-14 10:28 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-14 10:28 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-14 10:28 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-14 10:28 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-14 10:28 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-14 10:28 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-14 10:28 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-14 10:28 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-14 10:28 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-14 10:28 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-14 10:28 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-14 10:28 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-14 10:28 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-14 10:28 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-14 10:28 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-14 10:28 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-14 10:28 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-14 10:28 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-14 10:28 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-14 10:28 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-14 10:28 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-14 10:28 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-14 10:28 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-14 10:28 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-14 10:28 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-14 10:28 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-14 10:28 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-14 10:28 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-14 10:28 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-14 10:28 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-14 10:28 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-14 10:28 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-14 10:28 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-14 10:28 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-14 10:28 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-14 10:28 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-14 10:28 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-14 10:28 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-14 10:28 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-14 10:28 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-14 10:28 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-14 10:28 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-14 10:28 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-14 10:28 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-14 10:28 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-14 10:28 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-14 10:28 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 10:28 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-14 10:28 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-14 10:28 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-14 10:28 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-14 10:27 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-14 10:27 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-14 10:27 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 10:27 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-14 10:27 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-14 10:27 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-14 10:27 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:52 - 2014-11-12 10:52 - 08062645 _____ () C:\Users\Arimov\Downloads\file-570621199.matroska
2014-11-10 20:04 - 2014-11-10 20:04 - 25229648 _____ (PortableApps.com) C:\Users\Arimov\Downloads\VLCPortable_2.1.5.paf.exe
2014-11-09 14:36 - 2014-11-09 14:36 - 00000000 ____D () C:\Users\Arimov\Desktop\rec
2014-11-09 14:14 - 2014-11-09 14:14 - 00578078 _____ () C:\Users\Arimov\Downloads\Pattern-Password-disable.zip
2014-11-09 13:56 - 2014-11-09 13:56 - 00429808 _____ () C:\Users\Arimov\Downloads\Android Multi Tools v1.02b.exe
2014-11-09 13:56 - 2013-08-08 17:27 - 00000000 ____D () C:\Users\Arimov\Downloads\Android Multi Tools v1.02b
2014-11-08 09:40 - 2014-11-08 09:40 - 00002481 _____ () C:\Users\Arimov\Desktop\TightVNC Viewer.lnk
2014-11-08 00:46 - 2014-11-14 15:52 - 00000600 _____ () C:\Users\Arimov\AppData\Local\PUTTY.RND
2014-11-08 00:28 - 2014-11-08 00:28 - 00000000 ____D () C:\Users\Arimov\AppData\Roaming\TightVNC
2014-11-08 00:28 - 2014-11-08 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2014-11-08 00:27 - 2014-11-08 00:28 - 00000000 ____D () C:\Program Files\TightVNC
2014-11-08 00:27 - 2014-11-08 00:27 - 02367488 _____ () C:\Users\Arimov\Downloads\tightvnc-2.7.10-setup-64bit.msi
2014-11-08 00:27 - 2014-11-08 00:27 - 00000000 ____D () C:\ProgramData\TightVNC
2014-11-08 00:22 - 2014-11-09 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2014-11-08 00:22 - 2014-11-08 00:22 - 00000988 _____ () C:\Users\Arimov\Desktop\PuTTY.lnk
2014-11-08 00:22 - 2014-11-08 00:22 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-11-08 00:20 - 2014-11-08 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xming
2014-11-08 00:20 - 2014-11-08 00:20 - 00000000 ____D () C:\Program Files (x86)\Xming
2014-11-08 00:19 - 2014-11-08 00:19 - 02204914 _____ (Colin Harrison ) C:\Users\Arimov\Downloads\Xming-6-9-0-31-setup.exe
2014-11-08 00:00 - 2014-11-08 00:00 - 01017458 _____ () C:\Users\Arimov\Downloads\x11vnc_0.9.13-1_armhf.deb
2014-11-07 16:38 - 2014-11-16 19:15 - 00007615 _____ () C:\Users\Arimov\AppData\Local\Resmon.ResmonCfg
2014-11-07 16:29 - 2014-11-07 16:32 - 00072193 _____ () C:\Users\Arimov\Downloads\theme.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00042671 _____ () C:\Users\Arimov\Downloads\109520.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00040109 _____ () C:\Users\Arimov\Downloads\109593.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00039978 _____ () C:\Users\Arimov\Downloads\109637.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00038650 _____ () C:\Users\Arimov\Downloads\86892.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00037783 _____ () C:\Users\Arimov\Downloads\www.hamilton-trust.org.uk.html
2014-11-07 16:29 - 2014-11-07 16:32 - 00036610 _____ () C:\Users\Arimov\Downloads\94917.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00036409 _____ () C:\Users\Arimov\Downloads\english.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00036341 _____ () C:\Users\Arimov\Downloads\86895.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00035852 _____ () C:\Users\Arimov\Downloads\86868.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00035531 _____ () C:\Users\Arimov\Downloads\86877.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00034516 _____ () C:\Users\Arimov\Downloads\108754.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00034118 _____ () C:\Users\Arimov\Downloads\school-subscription.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00033962 _____ () C:\Users\Arimov\Downloads\92234.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00033864 _____ () C:\Users\Arimov\Downloads\92221.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00033639 _____ () C:\Users\Arimov\Downloads\86860.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00033462 _____ () C:\Users\Arimov\Downloads\108844.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00033375 _____ () C:\Users\Arimov\Downloads\92235.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00033348 _____ () C:\Users\Arimov\Downloads\109165.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00032775 _____ () C:\Users\Arimov\Downloads\86880.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00032567 _____ () C:\Users\Arimov\Downloads\92216.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00032015 _____ () C:\Users\Arimov\Downloads\92218.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00031550 _____ () C:\Users\Arimov\Downloads\93546.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00029700 _____ () C:\Users\Arimov\Downloads\92202.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00029466 _____ () C:\Users\Arimov\Downloads\95105.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00029449 _____ () C:\Users\Arimov\Downloads\95099.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00029442 _____ () C:\Users\Arimov\Downloads\92230.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00029365 _____ () C:\Users\Arimov\Downloads\92208.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00029328 _____ () C:\Users\Arimov\Downloads\92200.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00028964 _____ () C:\Users\Arimov\Downloads\95095.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00028638 _____ () C:\Users\Arimov\Downloads\95102.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00028511 _____ () C:\Users\Arimov\Downloads\92207.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00028114 _____ () C:\Users\Arimov\Downloads\95008.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00027489 _____ () C:\Users\Arimov\Downloads\user.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00027374 _____ () C:\Users\Arimov\Downloads\108452.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00027131 _____ () C:\Users\Arimov\Downloads\terms-and-conditions.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00026436 _____ () C:\Users\Arimov\Downloads\92177.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00025462 _____ () C:\Users\Arimov\Downloads\privacy-policy.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00024726 _____ () C:\Users\Arimov\Downloads\maths.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00023829 _____ () C:\Users\Arimov\Downloads\help-contact-us.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00021900 _____ () C:\Users\Arimov\Downloads\science.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00018051 _____ () C:\Users\Arimov\Downloads\about-hamilton.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00017956 _____ () C:\Users\Arimov\Downloads\topics-for-the-new-curriculum.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00017853 _____ () C:\Users\Arimov\Downloads\training.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00017423 _____ () C:\Users\Arimov\Downloads\become-a-friend.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00017041 _____ () C:\Users\Arimov\Downloads\teacher-support.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00016697 _____ () C:\Users\Arimov\Downloads\blog.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00016603 _____ () C:\Users\Arimov\Downloads\mixed-age-spring-term-plans.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00016431 _____ () C:\Users\Arimov\Downloads\use-for-free.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00015728 _____ () C:\Users\Arimov\Downloads\questions-about-the-new-curriculum.htm
2014-11-07 16:29 - 2014-11-07 16:32 - 00000352 _____ () C:\Users\Arimov\Downloads\11410
2014-11-07 16:29 - 2014-11-07 16:31 - 00034517 _____ () C:\Users\Arimov\Downloads\92206.htm
2014-11-07 16:29 - 2014-11-07 16:31 - 00032992 _____ () C:\Users\Arimov\Downloads\92223.htm
2014-11-07 16:29 - 2014-11-07 16:29 - 00014634 _____ () C:\Users\Arimov\Downloads\www.hamiltoneducation.org.uk.html
2014-11-07 16:29 - 2014-11-07 16:29 - 00007791 _____ () C:\Users\Arimov\Downloads\www.hamiltonweblearner.com.html
2014-11-07 16:29 - 2014-11-07 16:29 - 00006105 _____ () C:\Users\Arimov\Downloads\www.hamiltonplay.org.uk.html
2014-11-07 16:29 - 2014-04-16 13:21 - 00005833 _____ () C:\Users\Arimov\Downloads\www.hamiltonathome.org.uk.html
2014-11-07 08:50 - 2014-11-07 08:51 - 266617850 _____ () C:\Users\Arimov\Downloads\Ross_s_Game_Dungeon_The_Last_Stand.mp4
2014-11-07 08:32 - 2014-11-07 08:47 - 67063792 _____ () C:\Users\Arimov\Downloads\Ross_s_Game_Dungeon_The_Last_Stand.flv
2014-11-03 14:24 - 2014-11-03 15:02 - 114889318 _____ () C:\Users\Arimov\Downloads\rstp.part3.rar
2014-11-03 10:15 - 2014-11-03 10:56 - 125829120 _____ () C:\Users\Arimov\Downloads\rstp.part2.rar
2014-10-30 13:36 - 2014-10-30 16:44 - 00011970 _____ () C:\Users\Arimov\Documents\words.xlsx
2014-10-30 12:34 - 2014-10-30 13:15 - 125829120 _____ () C:\Users\Arimov\Downloads\rstp.part1.rar
2014-10-30 10:20 - 2014-10-30 10:21 - 27458664 _____ (PortableApps.com) C:\Users\Arimov\Downloads\ThunderbirdPortableTest_28.0_Beta_1_English.paf.exe
2014-10-29 22:45 - 2014-10-29 22:45 - 01970620 _____ () C:\Users\Arimov\Downloads\rpcs3-x64_0.0.0.4.zip
2014-10-29 09:57 - 2014-10-29 09:58 - 201238681 _____ () C:\Users\Arimov\Downloads\Freeman_s_Mind_Episode_61.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 12:29 - 2014-07-16 11:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 12:15 - 2014-07-05 13:42 - 01798361 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 12:11 - 2009-07-14 04:45 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 12:11 - 2009-07-14 04:45 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-22 12:07 - 2009-07-14 05:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-22 12:02 - 2014-07-13 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-22 12:02 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-22 12:02 - 2009-07-14 04:51 - 00055077 _____ () C:\Windows\setupact.log
2014-11-20 20:45 - 2014-07-21 13:30 - 00000000 ____D () C:\Users\Arimov\AppData\Roaming\vlc
2014-11-18 19:50 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-18 19:24 - 2014-07-17 17:26 - 00003832 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1405618005
2014-11-18 19:24 - 2014-07-17 17:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-16 15:27 - 2014-09-10 13:33 - 00000000 ____D () C:\Users\Arimov\AppData\Roaming\gedit
2014-11-16 15:27 - 2014-08-12 00:22 - 00000000 ____D () C:\Users\Arimov\AppData\Roaming\gtk-2.0
2014-11-16 15:27 - 2014-08-12 00:22 - 00000000 ____D () C:\Users\Arimov\.gconfd
2014-11-16 15:27 - 2014-07-05 13:40 - 00000000 ____D () C:\Users\Arimov
2014-11-16 15:26 - 2014-08-12 00:22 - 00000000 ____D () C:\Users\Arimov\.gconf
2014-11-16 12:24 - 2014-08-06 10:46 - 00000000 ____D () C:\Users\Arimov\AppData\Roaming\XYplorer
2014-11-14 14:49 - 2009-07-14 04:45 - 00408800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 12:25 - 2014-09-10 13:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 12:24 - 2014-07-30 22:44 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 11:36 - 2014-07-05 16:03 - 00014486 _____ () C:\Windows\PFRO.log
2014-11-14 11:29 - 2014-09-13 14:54 - 00000000 ____D () C:\Users\New folder
2014-11-14 11:29 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2014-11-14 11:20 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-14 10:55 - 2014-07-30 23:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 10:53 - 2014-07-30 22:51 - 00000000 ____D () C:\AdwCleaner
2014-11-12 10:42 - 2014-09-13 14:54 - 00000000 ____D () C:\compare
2014-11-12 10:29 - 2014-07-16 11:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 10:29 - 2014-07-16 11:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 10:29 - 2014-07-16 11:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-10 20:09 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-09 13:58 - 2014-09-21 07:52 - 00000000 ____D () C:\Users\Arimov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2014-11-09 13:58 - 2014-09-21 07:52 - 00000000 ____D () C:\Program Files (x86)\WugFresh Development
2014-10-31 08:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 13:16 - 2014-07-16 19:05 - 00000000 ____D () C:\Users\Arimov\Documents\Flvware-Flv-Downloader
2014-10-30 11:25 - 2014-07-13 15:59 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 17:42

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014
Ran by Arimov at 2014-11-22 12:29:29
Running from C:\Users\Arimov\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anti-Twin (Installation 06/08/2014) (HKLM-x32\...\Anti-Twin 2014-08-06 12.02.58) (Version:  - Joerg Rosenthal, Germany)
BitTyrant (HKLM-x32\...\BitTyrant) (Version: 2.5.0.0_BitTyrant - )
Chromium (HKU\S-1-5-21-3765471224-3898711021-4281587159-1000\...\Chromium) (Version: 38.0.2088.0 - Chromium)
Command & Conquer Gold Edition Stand Alone v1.06c revision 2 (HKLM-x32\...\{931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1) (Version:  - Westwood Studios)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Deluge 1.3.7 (HKLM-x32\...\Deluge) (Version:  - )
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.26.0.202 - Innovative Solutions)
EaseUS Data Recovery Wizard 8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 8.0_is1) (Version:  - EaseUS)
Ext2Fsd 0.52 (HKLM\...\Ext2Fsd_is1) (Version: 0.52 - Matt Wu)
Flvware Flv Downloader (HKLM-x32\...\Flvware Flv Downloader_is1) (Version:  - )
Fotobounce 3.9.6 (HKLM-x32\...\com.appliedrec.Fotobounce) (Version: 3.9.6 - Applied Recognition Inc.)
Fotobounce 3.9.6 (x32 Version: 3.9.6 - Applied Recognition Inc.) Hidden
gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HWiNFO64 Version 4.30 (HKLM\...\HWiNFO64_is1) (Version: 4.30 - Martin Malík - REALiX)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LastPass for Applications (HKLM-x32\...\LastApp) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0a1 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.1.1 (x86 en-GB)) (Version: 31.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Nightly 36.0a1 (x64 en-US) (HKLM\...\Nightly 36.0a1 (x64 en-US)) (Version: 36.0a1 - Mozilla)
OpenBR (HKLM-x32\...\OpenBR) (Version: 0.4.0 - OpenBiometrics)
Opera Stable 25.0.1614.71 (HKLM-x32\...\Opera 25.0.1614.71) (Version: 25.0.1614.71 - Opera Software ASA)
Paragon Partition Manager™ 2014 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version:  - )
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Unified Remote (HKLM-x32\...\{D7930C67-5816-417B-BF28-54BB75EFDAF9}) (Version: 2.14.4.0 - Unified Remote)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Widgit Communicate: SymWriter (x32 Version: 2.1.40.0 - Widgit Software) Hidden
Widgit English UK Speech Pack (x32 Version: 2.0.30.0 - Widgit Software) Hidden
Widgit Symboliser (x32 Version: 2.0.40.0 - Widgit Software) Hidden
Widgit SymWriter (UK) (HKLM-x32\...\{d67af425-057c-4be4-98cd-424cc698f623}) (Version: 2.1.40.0 - Widgit Software)
Widgit SymWriter Resources UK (x32 Version: 2.1.40.0 - Widgit Software) Hidden
Widgit Wordlist Manager (x32 Version: 5.0.40.0 - Widgit Software) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
XYplorer 14.30 (HKLM-x32\...\XYplorer) (Version: 14.30 - Donald Lessau)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3765471224-3898711021-4281587159-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Arimov\AppData\Local\Chromium\Application\38.0.2088.0\delegate_execute.exe (The Chromium Authors)

==================== Restore Points  =========================

03-11-2014 10:23:40 Windows Update
07-11-2014 08:30:16 Windows Update
08-11-2014 00:27:52 Installed TightVNC
10-11-2014 18:55:52 Windows Update
14-11-2014 10:36:27 Windows Update
14-11-2014 12:23:31 Windows Update
18-11-2014 19:30:44 Windows Update
18-11-2014 21:16:21 Windows Update
22-11-2014 12:14:04 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2014-11-14 11:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3C3D370A-5DB5-46F4-B5EC-FDB5B18D4385} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DDAEDE6-C5A8-4CBF-AD49-8B4FFD53937D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {52C2D922-BA99-40BF-B34A-19272A1CB64D} - System32\Tasks\Opera scheduled Autoupdate 1405618005 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-14] (Opera Software)
Task: {A0A68896-2265-499C-9AED-D4FDF926183C} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE [2013-12-11] (REALiX)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-13 16:09 - 2014-07-13 16:09 - 01267200 _____ () C:\Users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\extensions\[email protected]<script type="text/javascript"> /* */ </script>\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3765471224-3898711021-4281587159-500 - Administrator - Disabled)
Arimov (S-1-5-21-3765471224-3898711021-4281587159-1000 - Administrator - Enabled) => C:\Users\Arimov
Guest (S-1-5-21-3765471224-3898711021-4281587159-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3765471224-3898711021-4281587159-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 07:44:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2014 07:44:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2014 09:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: splwow64.exe, version: 6.1.7601.17777, time stamp: 0x4f35fbfe
Faulting module name: GDI32.dll, version: 6.1.7601.18577, time stamp: 0x53f7f650
Exception code: 0xc0000005
Fault offset: 0x000000000000ce45
Faulting process id: 0x1650
Faulting application start time: 0xsplwow64.exe0
Faulting application path: splwow64.exe1
Faulting module path: splwow64.exe2
Report Id: splwow64.exe3

Error: (11/16/2014 05:43:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2014 05:43:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2014 00:14:47 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program LastPass Tray Icon because of this error.

Program: LastPass Tray Icon
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/16/2014 00:14:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lastapp_x64.exe, version: 3.1.40.0, time stamp: 0x53b2e185
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000096
Fault offset: 0x0000000000182948
Faulting process id: 0x63c
Faulting application start time: 0xlastapp_x64.exe0
Faulting application path: lastapp_x64.exe1
Faulting module path: lastapp_x64.exe2
Report Id: lastapp_x64.exe3

Error: (11/12/2014 00:49:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2014 00:49:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2014 10:58:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.0.5428, time stamp: 0x54620f0c
Faulting module name: mozalloc.dll, version: 36.0.0.5428, time stamp: 0x54620179
Exception code: 0x80000003
Fault offset: 0x0000000000001fef
Faulting process id: 0xfe0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (11/20/2014 09:06:34 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANDROID
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073}.
The master browser is stopping or an election is being forced.

Error: (11/18/2014 08:55:37 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANDROID
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073}.
The master browser is stopping or an election is being forced.

Error: (11/18/2014 07:18:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/16/2014 09:35:23 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANDROID
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073}.
The master browser is stopping or an election is being forced.

Error: (11/16/2014 07:12:03 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANDROID
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073}.
The master browser is stopping or an election is being forced.

Error: (11/16/2014 07:00:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANDROID
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073}.
The master browser is stopping or an election is being forced.

Error: (11/16/2014 06:48:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANDROID
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073}.
The master browser is stopping or an election is being forced.

Error: (11/16/2014 06:36:01 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANDROID
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073}.
The master browser is stopping or an election is being forced.

Error: (11/16/2014 06:00:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANDROID
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ACC12D1-39E2-4DD8-BE8B-8CB713A3D073}.
The master browser is stopping or an election is being forced.

Error: (11/16/2014 04:40:49 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueBasic


Microsoft Office Sessions:
=========================
Error: (11/18/2014 07:44:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\EaseUS\easeus data recovery wizard\RdfCheck.exe

Error: (11/18/2014 07:44:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (11/16/2014 09:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: splwow64.exe6.1.7601.177774f35fbfeGDI32.dll6.1.7601.1857753f7f650c0000005000000000000ce45165001d001e4bdf9bbc0C:\Windows\splwow64.exeC:\Windows\system32\GDI32.dllfccfd280-6dd7-11e4-89ea-00044b03d33f

Error: (11/16/2014 05:43:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\EaseUS\easeus data recovery wizard\RdfCheck.exe

Error: (11/16/2014 05:43:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (11/16/2014 00:14:47 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: LastPass Tray Icon000000000

Error: (11/16/2014 00:14:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lastapp_x64.exe3.1.40.053b2e185ole32.dll6.1.7601.175144ce7c92cc0000096000000000018294863c01d0012ffce18080C:\Program Files (x86)\LastPass\lastapp_x64.exeC:\Windows\system32\ole32.dll2791d2a0-6d8a-11e4-8336-00044b03d33f

Error: (11/12/2014 00:49:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\EaseUS\easeus data recovery wizard\RdfCheck.exe

Error: (11/12/2014 00:49:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (11/12/2014 10:58:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.0.542854620f0cmozalloc.dll36.0.0.542854620179800000030000000000001feffe001cffe65b282ac70C:\Program Files\Nightly\plugin-container.exeC:\Program Files\Nightly\mozalloc.dllc44ae8d0-6a5a-11e4-ba42-00044b03d33f


CodeIntegrity Errors:
===================================
  Date: 2014-11-14 11:17:09.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\comfix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-14 11:17:09.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\comfix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 4094.54 MB
Available physical RAM: 2157.62 MB
Total Pagefile: 8187.26 MB
Available Pagefile: 5720.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:175.13 GB) (Free:67.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:48.86 GB) (Free:27.08 GB) EXT3
Drive h: (GDI95) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive l: () (Fixed) (Total:48.86 GB) (Free:27.08 GB) EXT3
Drive m: () (Network) (Total:12.95 GB) (Free:2.07 GB)
Drive o: (New Volume) (Fixed) (Total:152.67 GB) (Free:34.5 GB) NTFS
Drive z: () (Network) (Total:7.41 GB) (Free:7.25 GB)

==================== MBR & Partition Table ==================

==================== End Of Log ============================
 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 22 November 2014 - 08:40 AM

Greetings,

Thank you for the information. There are a couple of things I would like to follow up on. One is a suspicious file and the second has to do with your Master Boot Record (MBR).

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\comfix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Arimov\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
File: C:\Windows\System32\Drivers\av3ncor6.sys
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Ne Mo

Ne Mo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 22 November 2014 - 10:59 AM

Thanks for your help. Fixlog is below.

I should have mentioned before, my system is a dual-boot with Windows and Linux. The bootloader is GRUB, not MBR. So MBR scanning tools like aswMBR aren't going to be able to look at it, right?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014
Ran by Arimov at 2014-11-22 15:54:33 Run:1
Running from C:\Users\Arimov\Desktop
Loaded Profile: Arimov (Available profiles: Arimov)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\comfix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Arimov\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
File: C:\Windows\System32\Drivers\av3ncor6.sys
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
catchme => Service deleted successfully.
cpuz137 => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.

========================= File: C:\Windows\System32\Drivers\av3ncor6.sys ========================

"C:\Windows\System32\Drivers\av3ncor6.sys" not found.
====== End Of File: ======


==== End of Fixlog ====



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 22 November 2014 - 03:35 PM

Thank you for the dual boot explanation. Was wondering why FRST didn't contain any MBR information.

How is your computer running, any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 Ne Mo

Ne Mo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 23 November 2014 - 05:58 AM

It's a bit slow as svchost is using a lot of resources. In resmon it's number 1 or two for all 4: CPU, Memory, Network and disk... Firefox in particular is very slow.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 23 November 2014 - 09:50 AM

OK, please do this please.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Ne Mo

Ne Mo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 23 November 2014 - 12:17 PM

Ok, here it is. I assume you meant to run Combofix a second time and post a log, so I did.

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Arimov [Administrator]
Mode : Scan -- Date : 11/23/2014  16:43:06

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160} -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3765471224-3898711021-4281587159-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3765471224-3898711021-4281587159-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y160P0 ATA Device +++++
--- User ---
[MBR] 52ac7fc9b69d0c3e31c74c6246d59500
[BSP] 1b05faa0e9c02a5b26ba3087a25f318f : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 156332 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 840 EVO SCSI Disk Device +++++
--- User ---
[MBR] 90356c03d82ee125b94245e47fda215a
[BSP] b2f7e998548577947e58ffd7ee874fbd : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 179338 MB
2 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 367495168 | Size: 9000 MB
3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 385927168 | Size: 50034 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: FNK TECH USB CARD READER USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

================================

ComboFix 14-11-18.01 - Arimov 23/11/2014  16:58:09.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.4095.1912 [GMT 0:00]
Running from: c:\users\Arimov\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-23 to 2014-11-23  )))))))))))))))))))))))))))))))
.
.
2014-11-23 17:04 . 2014-11-23 17:04    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-11-23 16:46 . 2014-11-02 04:20    11632448    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B21E4626-26F3-45CB-A360-29BB2CD25452}\mpengine.dll
2014-11-23 16:37 . 2014-11-23 16:39    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-11-23 16:37 . 2014-11-23 16:37    --------    d-----w-    c:\programdata\RogueKiller
2014-11-22 16:07 . 2014-11-22 16:07    --------    d-----w-    c:\program files\Nightly
2014-11-22 12:28 . 2014-11-22 15:54    --------    d-----w-    C:\FRST
2014-11-22 12:14 . 2014-09-20 09:37    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16F3530-0F82-4932-8C99-6211A37861EB}\gapaengine.dll
2014-11-22 12:14 . 2014-11-02 04:20    11632448    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-18 19:23 . 2014-11-11 03:08    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-18 19:23 . 2014-11-11 03:08    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-18 19:23 . 2014-11-11 02:44    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-18 19:23 . 2014-11-11 02:44    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-14 15:08 . 2014-11-14 15:08    --------    d-sh--w-    c:\users\Arimov\AppData\Local\EmieBrowserModeList
2014-11-14 10:27 . 2014-10-25 01:57    77824    ----a-w-    c:\windows\system32\packager.dll
2014-11-14 10:27 . 2014-10-25 01:32    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2014-11-14 10:27 . 2014-10-10 00:57    3198976    ----a-w-    c:\windows\system32\win32k.sys
2014-11-14 10:27 . 2014-10-14 02:13    3241984    ----a-w-    c:\windows\system32\msi.dll
2014-11-14 10:27 . 2014-10-14 01:50    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-11-14 10:27 . 2014-10-18 02:05    861696    ----a-w-    c:\windows\system32\oleaut32.dll
2014-11-14 10:27 . 2014-10-18 01:33    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2014-11-08 00:28 . 2014-11-08 00:28    --------    d-----w-    c:\users\Arimov\AppData\Roaming\TightVNC
2014-11-08 00:27 . 2014-11-08 00:28    --------    d-----w-    c:\program files\TightVNC
2014-11-08 00:27 . 2014-11-08 00:27    --------    d-----w-    c:\programdata\TightVNC
2014-11-08 00:22 . 2014-11-08 00:22    --------    d-----w-    c:\program files (x86)\PuTTY
2014-11-08 00:20 . 2014-11-08 00:20    --------    d-----w-    c:\program files (x86)\Xming
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-14 12:24 . 2014-07-30 22:44    103374192    ----a-w-    c:\windows\system32\MRT.exe
2014-11-14 10:55 . 2014-07-30 23:04    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 10:29 . 2014-07-16 11:26    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 10:29 . 2014-07-16 11:26    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-30 11:25 . 2014-07-13 15:59    275080    ------w-    c:\windows\system32\MpSigStub.exe
2014-10-02 15:58 . 2014-10-02 15:58    6656    ----a-w-    c:\windows\system32\drivers\hidkmdf.sys
2014-10-02 15:58 . 2014-10-02 15:58    20992    ----a-w-    c:\windows\system32\drivers\uvhid.sys
2014-09-25 02:08 . 2014-09-30 17:05    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 17:05    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-20 09:37 . 2014-09-01 13:30    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-15 22:32 . 2014-09-15 22:32    128384    ----a-w-    c:\windows\system32\amdhcp64.dll
2014-09-15 22:32 . 2014-09-15 22:32    118096    ----a-w-    c:\windows\SysWow64\amdhcp32.dll
2014-09-15 22:32 . 2014-09-15 22:32    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2014-04-18 02:43    144328    ----a-w-    c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2014-09-15 22:31    126848    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2014-04-18 02:42    118096    ----a-w-    c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2014-09-15 22:31    100032    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2014-04-18 02:42    1335544    ----a-w-    c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2014-09-15 22:31    1113576    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2014-04-18 02:42    10826488    ----a-w-    c:\windows\system32\atidxx64.dll
2014-09-15 22:31 . 2014-09-15 22:31    9254184    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:31 . 2014-09-15 22:31    7207592    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2014-09-15 22:31    7028336    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31 . 2014-04-18 02:42    8044976    ----a-w-    c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2014-04-18 02:42    8296296    ----a-w-    c:\windows\system32\atiumd64.dll
2014-09-15 22:29 . 2014-09-15 22:29    293088    ----a-w-    c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26    16750080    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18    235008    ----a-w-    c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17    33867264    ----a-w-    c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17    28770304    ----a-w-    c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16    65024    ----a-w-    c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16    58880    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13    27918336    ----a-w-    c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09    48128    ----a-w-    c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09    37888    ----a-w-    c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09    127488    ----a-w-    c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09    113664    ----a-w-    c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09    5639168    ----a-w-    c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08    23375360    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07    367104    ----a-w-    c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05    4480000    ----a-w-    c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2014-04-18 01:30    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2014-09-15 22:03 . 2014-09-15 22:03    31232    ----a-w-    c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03    619008    ----a-w-    c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03    91648    ----a-w-    c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03    85504    ----a-w-    c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2014-09-15 22:00 . 2014-09-15 22:00    95744    ----a-w-    c:\windows\system32\amdave64.dll
2014-09-15 22:00 . 2014-09-15 22:00    90112    ----a-w-    c:\windows\SysWow64\amdave32.dll
2014-09-15 21:59 . 2014-09-15 21:59    89088    ----a-w-    c:\windows\system32\atisamu64.dll
2014-09-15 21:59 . 2014-09-15 21:59    80896    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2014-09-15 21:59 . 2014-09-15 21:59    827392    ----a-w-    c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2014-04-18 01:09    1210880    ----a-w-    c:\windows\system32\atiadlxx.dll
2014-09-15 21:59 . 2014-04-18 01:09    900608    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    146944    ----a-w-    c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59    133632    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59    576000    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2014-09-15 17:21 . 2014-09-15 17:21    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2014-09-15 17:19 . 2014-09-15 17:19    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2014-09-15 16:31 . 2014-09-15 16:30    1199    ----a-w-    C:\mydel.bat
2014-09-14 13:47 . 2014-09-14 13:47    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-09-14 13:47 . 2014-09-14 13:48    319912    ----a-w-    c:\windows\system32\javaws.exe
2014-09-14 13:47 . 2014-09-14 13:47    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-09-14 13:47 . 2014-09-14 13:47    189352    ----a-w-    c:\windows\system32\java.exe
2014-09-09 22:11 . 2014-09-23 19:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 19:34    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-18 07:12    424448    ----a-w-    c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-18 07:12    372736    ----a-w-    c:\windows\SysWow64\rastls.dll
2014-07-21 21:38 . 2014-07-21 21:38    15824384    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2014-10-02 333008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LastApp"="c:\program files (x86)\LastPass\lastapp_x64.exe" [2014-07-01 36637240]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2011-02-05 1211536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-7-21 15824384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys;c:\windows\SYSNATIVE\DRIVERS\uvhid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16 10:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Arimov\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Arimov\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Arimov\AppData\Roaming\Mozilla\Firefox\Profiles\3na7xl9o.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - about:blank
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-23  17:11:51
ComboFix-quarantined-files.txt  2014-11-23 17:11
ComboFix2.txt  2014-11-14 11:28
.
Pre-Run: 71,433,261,056 bytes free
Post-Run: 71,778,623,488 bytes free
.
- - End Of File - - 0AA325E0FC1197E1F7B3C1D045ACBB23
23B571400A29918F5392F6E85EEB756E
 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 23 November 2014 - 03:18 PM

I wanted to take a look at a previous run from the below date/time:

2014-11-14 11:11


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Ne Mo

Ne Mo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 24 November 2014 - 01:42 PM

Hi, I've only run Combofix twice. The original report is in my first post.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 24 November 2014 - 02:44 PM

You are right, sorry that was my error. Please rerun RogueKiller and select Delete for all the entries. Then do this.

===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run TDSSKiller by Kaspersky on Windows 8/7/Vista

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Junkware log
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 Ne Mo

Ne Mo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 27 November 2014 - 04:12 PM

Sorry, forgot to copy the Rkill log now I cant find it. It did say it had removed everything though.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Ultimate x64
Ran by Arimov on 24/11/2014 at 23:20:39.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/11/2014 at 23:23:06.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

19:03:09.0128 0x11f4  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
19:03:12.0217 0x11f4  ============================================================
19:03:12.0217 0x11f4  Current date / time: 2014/11/26 19:03:12.0217
19:03:12.0217 0x11f4  SystemInfo:
19:03:12.0217 0x11f4  
19:03:12.0217 0x11f4  OS Version: 6.1.7601 ServicePack: 1.0
19:03:12.0217 0x11f4  Product type: Workstation
19:03:12.0217 0x11f4  ComputerName: ARIMOV-PC
19:03:12.0217 0x11f4  UserName: Arimov
19:03:12.0217 0x11f4  Windows directory: C:\Windows
19:03:12.0217 0x11f4  System windows directory: C:\Windows
19:03:12.0217 0x11f4  Running under WOW64
19:03:12.0217 0x11f4  Processor architecture: Intel x64
19:03:12.0217 0x11f4  Number of processors: 4
19:03:12.0217 0x11f4  Page size: 0x1000
19:03:12.0217 0x11f4  Boot type: Normal boot
19:03:12.0217 0x11f4  ============================================================
19:03:12.0373 0x11f4  KLMD registered as C:\Windows\system32\drivers\01637943.sys
19:03:12.0404 0x11f4  System UUID: {4517CF0C-1453-C0E8-6132-D7667B0A4D3F}
19:03:12.0731 0x11f4  Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 ( 152.67 Gb ), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:03:12.0731 0x11f4  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:03:12.0747 0x11f4  ============================================================
19:03:12.0747 0x11f4  \Device\Harddisk0\DR0:
19:03:12.0747 0x11f4  MBR partitions:
19:03:12.0747 0x11f4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x13156000
19:03:12.0747 0x11f4  \Device\Harddisk1\DR1:
19:03:12.0747 0x11f4  MBR partitions:
19:03:12.0747 0x11f4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:03:12.0747 0x11f4  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x15E45000
19:03:12.0747 0x11f4  ============================================================
19:03:12.0747 0x11f4  C: <-> \Device\Harddisk1\DR1\Partition2
19:03:12.0778 0x11f4  O: <-> \Device\Harddisk0\DR0\Partition1
19:03:12.0778 0x11f4  ============================================================
19:03:12.0778 0x11f4  Initialize success
19:03:12.0778 0x11f4  ============================================================
19:03:42.0137 0x0de8  ============================================================
19:03:42.0137 0x0de8  Scan started
19:03:42.0137 0x0de8  Mode: Manual;
19:03:42.0137 0x0de8  ============================================================
19:03:42.0137 0x0de8  KSN ping started
19:03:44.0883 0x0de8  KSN ping finished: true
19:03:45.0133 0x0de8  ================ Scan system memory ========================
19:03:45.0133 0x0de8  System memory - ok
19:03:45.0133 0x0de8  ================ Scan services =============================
19:03:45.0179 0x0de8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:03:45.0179 0x0de8  1394ohci - ok
19:03:45.0211 0x0de8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:03:45.0211 0x0de8  ACPI - ok
19:03:45.0211 0x0de8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:03:45.0226 0x0de8  AcpiPmi - ok
19:03:45.0242 0x0de8  [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:45.0242 0x0de8  AdobeFlashPlayerUpdateSvc - ok
19:03:45.0273 0x0de8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:45.0289 0x0de8  adp94xx - ok
19:03:45.0289 0x0de8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:03:45.0304 0x0de8  adpahci - ok
19:03:45.0320 0x0de8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:03:45.0320 0x0de8  adpu320 - ok
19:03:45.0320 0x0de8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:03:45.0335 0x0de8  AeLookupSvc - ok
19:03:45.0351 0x0de8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
19:03:45.0351 0x0de8  AFD - ok
19:03:45.0367 0x0de8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:03:45.0367 0x0de8  agp440 - ok
19:03:45.0367 0x0de8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:03:45.0367 0x0de8  ALG - ok
19:03:45.0382 0x0de8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:03:45.0382 0x0de8  aliide - ok
19:03:45.0382 0x0de8  [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:03:45.0398 0x0de8  AMD External Events Utility - ok
19:03:45.0398 0x0de8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:03:45.0398 0x0de8  amdide - ok
19:03:45.0398 0x0de8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:03:45.0398 0x0de8  AmdK8 - ok
19:03:45.0803 0x0de8  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:46.0178 0x0de8  amdkmdag - ok
19:03:46.0225 0x0de8  [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:03:46.0240 0x0de8  amdkmdap - ok
19:03:46.0256 0x0de8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:03:46.0256 0x0de8  AmdPPM - ok
19:03:46.0256 0x0de8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:03:46.0256 0x0de8  amdsata - ok
19:03:46.0271 0x0de8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:46.0271 0x0de8  amdsbs - ok
19:03:46.0287 0x0de8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:03:46.0287 0x0de8  amdxata - ok
19:03:46.0287 0x0de8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:03:46.0287 0x0de8  AppID - ok
19:03:46.0287 0x0de8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:03:46.0303 0x0de8  AppIDSvc - ok
19:03:46.0303 0x0de8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:03:46.0303 0x0de8  Appinfo - ok
19:03:46.0318 0x0de8  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:03:46.0318 0x0de8  AppMgmt - ok
19:03:46.0334 0x0de8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:03:46.0334 0x0de8  arc - ok
19:03:46.0334 0x0de8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:03:46.0334 0x0de8  arcsas - ok
19:03:46.0349 0x0de8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:03:46.0349 0x0de8  aspnet_state - ok
19:03:46.0365 0x0de8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:46.0365 0x0de8  AsyncMac - ok
19:03:46.0365 0x0de8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:03:46.0365 0x0de8  atapi - ok
19:03:46.0381 0x0de8  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:03:46.0381 0x0de8  AtiHDAudioService - ok
19:03:46.0396 0x0de8  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:46.0412 0x0de8  AudioEndpointBuilder - ok
19:03:46.0427 0x0de8  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:03:46.0443 0x0de8  AudioSrv - ok
19:03:46.0459 0x0de8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:03:46.0459 0x0de8  AxInstSV - ok
19:03:46.0474 0x0de8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:03:46.0474 0x0de8  b06bdrv - ok
19:03:46.0490 0x0de8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:46.0505 0x0de8  b57nd60a - ok
19:03:46.0505 0x0de8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:03:46.0505 0x0de8  BDESVC - ok
19:03:46.0521 0x0de8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:03:46.0521 0x0de8  Beep - ok
19:03:46.0537 0x0de8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:03:46.0552 0x0de8  BFE - ok
19:03:46.0583 0x0de8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
19:03:46.0599 0x0de8  BITS - ok
19:03:46.0615 0x0de8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:46.0615 0x0de8  blbdrive - ok
19:03:46.0615 0x0de8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:03:46.0615 0x0de8  bowser - ok
19:03:46.0630 0x0de8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:46.0630 0x0de8  BrFiltLo - ok
19:03:46.0630 0x0de8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:46.0630 0x0de8  BrFiltUp - ok
19:03:46.0630 0x0de8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:03:46.0646 0x0de8  BridgeMP - ok
19:03:46.0646 0x0de8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:03:46.0646 0x0de8  Browser - ok
19:03:46.0661 0x0de8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:03:46.0677 0x0de8  Brserid - ok
19:03:46.0677 0x0de8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:46.0677 0x0de8  BrSerWdm - ok
19:03:46.0677 0x0de8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:46.0677 0x0de8  BrUsbMdm - ok
19:03:46.0693 0x0de8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:46.0693 0x0de8  BrUsbSer - ok
19:03:46.0693 0x0de8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:46.0693 0x0de8  BTHMODEM - ok
19:03:46.0708 0x0de8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:03:46.0708 0x0de8  bthserv - ok
19:03:46.0708 0x0de8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:03:46.0724 0x0de8  cdfs - ok
19:03:46.0724 0x0de8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:03:46.0724 0x0de8  cdrom - ok
19:03:46.0739 0x0de8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:03:46.0739 0x0de8  CertPropSvc - ok
19:03:46.0739 0x0de8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:03:46.0739 0x0de8  circlass - ok
19:03:46.0755 0x0de8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:03:46.0771 0x0de8  CLFS - ok
19:03:46.0771 0x0de8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:46.0771 0x0de8  clr_optimization_v2.0.50727_32 - ok
19:03:46.0786 0x0de8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:46.0786 0x0de8  clr_optimization_v2.0.50727_64 - ok
19:03:46.0786 0x0de8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:46.0802 0x0de8  clr_optimization_v4.0.30319_32 - ok
19:03:46.0802 0x0de8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:46.0802 0x0de8  clr_optimization_v4.0.30319_64 - ok
19:03:46.0817 0x0de8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:46.0817 0x0de8  CmBatt - ok
19:03:46.0817 0x0de8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:03:46.0817 0x0de8  cmdide - ok
19:03:46.0833 0x0de8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:03:46.0849 0x0de8  CNG - ok
19:03:46.0849 0x0de8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:03:46.0849 0x0de8  Compbatt - ok
19:03:46.0849 0x0de8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:03:46.0849 0x0de8  CompositeBus - ok
19:03:46.0864 0x0de8  COMSysApp - ok
19:03:46.0864 0x0de8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:46.0864 0x0de8  crcdisk - ok
19:03:46.0880 0x0de8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:03:46.0880 0x0de8  CryptSvc - ok
19:03:46.0895 0x0de8  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
19:03:46.0911 0x0de8  CSC - ok
19:03:46.0927 0x0de8  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
19:03:46.0942 0x0de8  CscService - ok
19:03:46.0973 0x0de8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:03:46.0973 0x0de8  DcomLaunch - ok
19:03:46.0989 0x0de8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:03:47.0005 0x0de8  defragsvc - ok
19:03:47.0005 0x0de8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:03:47.0020 0x0de8  DfsC - ok
19:03:47.0020 0x0de8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:03:47.0036 0x0de8  Dhcp - ok
19:03:47.0036 0x0de8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:03:47.0036 0x0de8  discache - ok
19:03:47.0051 0x0de8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:03:47.0051 0x0de8  Disk - ok
19:03:47.0051 0x0de8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:03:47.0067 0x0de8  Dnscache - ok
19:03:47.0067 0x0de8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:03:47.0083 0x0de8  dot3svc - ok
19:03:47.0083 0x0de8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:03:47.0098 0x0de8  DPS - ok
19:03:47.0098 0x0de8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:03:47.0098 0x0de8  drmkaud - ok
19:03:47.0129 0x0de8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:03:47.0145 0x0de8  DXGKrnl - ok
19:03:47.0161 0x0de8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:03:47.0161 0x0de8  EapHost - ok
19:03:47.0239 0x0de8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:03:47.0317 0x0de8  ebdrv - ok
19:03:47.0332 0x0de8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
19:03:47.0332 0x0de8  EFS - ok
19:03:47.0348 0x0de8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:03:47.0363 0x0de8  ehRecvr - ok
19:03:47.0379 0x0de8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:03:47.0379 0x0de8  ehSched - ok
19:03:47.0395 0x0de8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:03:47.0410 0x0de8  elxstor - ok
19:03:47.0410 0x0de8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:03:47.0410 0x0de8  ErrDev - ok
19:03:47.0441 0x0de8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:03:47.0441 0x0de8  EventSystem - ok
19:03:47.0457 0x0de8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:03:47.0457 0x0de8  exfat - ok
19:03:47.0488 0x0de8  [ 20E6CE130F4F4D1993B68E17F37CEE22, 0B5A9FAA94379806A7EAE02026CB8A348B2D6B6AC6B87EBB481B940CBCCAFE3E ] Ext2Fsd         C:\Windows\system32\drivers\Ext2Fsd.sys
19:03:47.0504 0x0de8  Ext2Fsd - ok
19:03:47.0504 0x0de8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:03:47.0519 0x0de8  fastfat - ok
19:03:47.0535 0x0de8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:03:47.0551 0x0de8  Fax - ok
19:03:47.0566 0x0de8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:03:47.0566 0x0de8  fdc - ok
19:03:47.0566 0x0de8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:03:47.0566 0x0de8  fdPHost - ok
19:03:47.0566 0x0de8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:03:47.0582 0x0de8  FDResPub - ok
19:03:47.0582 0x0de8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:03:47.0582 0x0de8  FileInfo - ok
19:03:47.0582 0x0de8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:03:47.0582 0x0de8  Filetrace - ok
19:03:47.0597 0x0de8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:47.0597 0x0de8  flpydisk - ok
19:03:47.0613 0x0de8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:03:47.0613 0x0de8  FltMgr - ok
19:03:47.0644 0x0de8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:03:47.0675 0x0de8  FontCache - ok
19:03:47.0675 0x0de8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:47.0675 0x0de8  FontCache3.0.0.0 - ok
19:03:47.0691 0x0de8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:03:47.0691 0x0de8  FsDepends - ok
19:03:47.0691 0x0de8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:03:47.0691 0x0de8  Fs_Rec - ok
19:03:47.0707 0x0de8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:03:47.0707 0x0de8  fvevol - ok
19:03:47.0722 0x0de8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:47.0722 0x0de8  gagp30kx - ok
19:03:47.0738 0x0de8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:03:47.0769 0x0de8  gpsvc - ok
19:03:47.0769 0x0de8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:03:47.0769 0x0de8  hcw85cir - ok
19:03:47.0785 0x0de8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:47.0785 0x0de8  HdAudAddService - ok
19:03:47.0800 0x0de8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:03:47.0800 0x0de8  HDAudBus - ok
19:03:47.0800 0x0de8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:47.0800 0x0de8  HidBatt - ok
19:03:47.0816 0x0de8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:03:47.0816 0x0de8  HidBth - ok
19:03:47.0816 0x0de8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:03:47.0816 0x0de8  HidIr - ok
19:03:47.0831 0x0de8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
19:03:47.0831 0x0de8  hidserv - ok
19:03:47.0831 0x0de8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:03:47.0831 0x0de8  HidUsb - ok
19:03:47.0831 0x0de8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:03:47.0847 0x0de8  hkmsvc - ok
19:03:47.0847 0x0de8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:47.0863 0x0de8  HomeGroupListener - ok
19:03:47.0878 0x0de8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:47.0878 0x0de8  HomeGroupProvider - ok
19:03:47.0878 0x0de8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:03:47.0894 0x0de8  HpSAMD - ok
19:03:47.0925 0x0de8  [ 5ECEC779312AD35B1B19951A4B53FAC1, 67F4D2603E233FA0C2957419BB196BE6273C02FF6AAA188BA613EF62E80BCBC1 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:03:47.0941 0x0de8  HPSLPSVC - ok
19:03:47.0972 0x0de8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:03:47.0987 0x0de8  HTTP - ok
19:03:47.0987 0x0de8  [ D7E0591E2BA1289C875A9D948377441E, 9FDBC10A4FBCE2E9521DF84E177A08530DF6FBF1F830B3D3788367DF8F8ED327 ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO64A.SYS
19:03:48.0003 0x0de8  HWiNFO32 - ok
19:03:48.0003 0x0de8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:03:48.0003 0x0de8  hwpolicy - ok
19:03:48.0003 0x0de8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:03:48.0003 0x0de8  i8042prt - ok
19:03:48.0019 0x0de8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:03:48.0034 0x0de8  iaStorV - ok
19:03:48.0050 0x0de8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:48.0081 0x0de8  idsvc - ok
19:03:48.0081 0x0de8  IEEtwCollectorService - ok
19:03:48.0081 0x0de8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:03:48.0081 0x0de8  iirsp - ok
19:03:48.0112 0x0de8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:03:48.0128 0x0de8  IKEEXT - ok
19:03:48.0143 0x0de8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:03:48.0143 0x0de8  intelide - ok
19:03:48.0143 0x0de8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:03:48.0143 0x0de8  intelppm - ok
19:03:48.0159 0x0de8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:03:48.0159 0x0de8  IPBusEnum - ok
19:03:48.0159 0x0de8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:48.0175 0x0de8  IpFilterDriver - ok
19:03:48.0190 0x0de8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:03:48.0206 0x0de8  iphlpsvc - ok
19:03:48.0206 0x0de8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:03:48.0206 0x0de8  IPMIDRV - ok
19:03:48.0221 0x0de8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:03:48.0221 0x0de8  IPNAT - ok
19:03:48.0221 0x0de8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:03:48.0221 0x0de8  IRENUM - ok
19:03:48.0237 0x0de8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:03:48.0237 0x0de8  isapnp - ok
19:03:48.0237 0x0de8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:03:48.0253 0x0de8  iScsiPrt - ok
19:03:48.0253 0x0de8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:48.0253 0x0de8  kbdclass - ok
19:03:48.0268 0x0de8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:03:48.0268 0x0de8  kbdhid - ok
19:03:48.0268 0x0de8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
19:03:48.0268 0x0de8  KeyIso - ok
19:03:48.0268 0x0de8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:03:48.0284 0x0de8  KSecDD - ok
19:03:48.0284 0x0de8  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:03:48.0284 0x0de8  KSecPkg - ok
19:03:48.0299 0x0de8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:03:48.0299 0x0de8  ksthunk - ok
19:03:48.0315 0x0de8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:03:48.0315 0x0de8  KtmRm - ok
19:03:48.0331 0x0de8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:03:48.0346 0x0de8  LanmanServer - ok
19:03:48.0346 0x0de8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:48.0346 0x0de8  LanmanWorkstation - ok
19:03:48.0362 0x0de8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:03:48.0362 0x0de8  lltdio - ok
19:03:48.0377 0x0de8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:03:48.0377 0x0de8  lltdsvc - ok
19:03:48.0393 0x0de8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:03:48.0393 0x0de8  lmhosts - ok
19:03:48.0393 0x0de8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:03:48.0409 0x0de8  LSI_FC - ok
19:03:48.0409 0x0de8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:03:48.0409 0x0de8  LSI_SAS - ok
19:03:48.0424 0x0de8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:03:48.0424 0x0de8  LSI_SAS2 - ok
19:03:48.0424 0x0de8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:03:48.0424 0x0de8  LSI_SCSI - ok
19:03:48.0440 0x0de8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:03:48.0440 0x0de8  luafv - ok
19:03:48.0455 0x0de8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:03:48.0455 0x0de8  Mcx2Svc - ok
19:03:48.0455 0x0de8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:03:48.0455 0x0de8  megasas - ok
19:03:48.0471 0x0de8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:03:48.0471 0x0de8  MegaSR - ok
19:03:48.0487 0x0de8  Microsoft SharePoint Workspace Audit Service - ok
19:03:48.0487 0x0de8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:03:48.0487 0x0de8  MMCSS - ok
19:03:48.0502 0x0de8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:03:48.0502 0x0de8  Modem - ok
19:03:48.0502 0x0de8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:03:48.0502 0x0de8  monitor - ok
19:03:48.0518 0x0de8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:03:48.0518 0x0de8  mouclass - ok
19:03:48.0518 0x0de8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:03:48.0518 0x0de8  mouhid - ok
19:03:48.0533 0x0de8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:03:48.0533 0x0de8  mountmgr - ok
19:03:48.0533 0x0de8  [ 2E84A1108EB089EA4B3121949AC0AD25, 3DAA060928C1F9BC05F2529A1023401571F53F4B8800152D9F55E73E5A8FD234 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:03:48.0533 0x0de8  MozillaMaintenance - ok
19:03:48.0549 0x0de8  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:03:48.0565 0x0de8  MpFilter - ok
19:03:48.0565 0x0de8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:03:48.0565 0x0de8  mpio - ok
19:03:48.0580 0x0de8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:03:48.0580 0x0de8  mpsdrv - ok
19:03:48.0611 0x0de8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:03:48.0627 0x0de8  MpsSvc - ok
19:03:48.0643 0x0de8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:03:48.0643 0x0de8  MRxDAV - ok
19:03:48.0658 0x0de8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:48.0658 0x0de8  mrxsmb - ok
19:03:48.0674 0x0de8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:48.0674 0x0de8  mrxsmb10 - ok
19:03:48.0674 0x0de8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:48.0689 0x0de8  mrxsmb20 - ok
19:03:48.0689 0x0de8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:03:48.0689 0x0de8  msahci - ok
19:03:48.0689 0x0de8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:03:48.0705 0x0de8  msdsm - ok
19:03:48.0705 0x0de8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:03:48.0721 0x0de8  MSDTC - ok
19:03:48.0721 0x0de8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:03:48.0721 0x0de8  Msfs - ok
19:03:48.0721 0x0de8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:03:48.0736 0x0de8  mshidkmdf - ok
19:03:48.0736 0x0de8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:03:48.0736 0x0de8  msisadrv - ok
19:03:48.0736 0x0de8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:03:48.0752 0x0de8  MSiSCSI - ok
19:03:48.0752 0x0de8  msiserver - ok
19:03:48.0752 0x0de8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:03:48.0752 0x0de8  MSKSSRV - ok
19:03:48.0752 0x0de8  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:03:48.0767 0x0de8  MsMpSvc - ok
19:03:48.0767 0x0de8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:48.0767 0x0de8  MSPCLOCK - ok
19:03:48.0767 0x0de8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:03:48.0767 0x0de8  MSPQM - ok
19:03:48.0783 0x0de8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:03:48.0799 0x0de8  MsRPC - ok
19:03:48.0799 0x0de8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:03:48.0799 0x0de8  mssmbios - ok
19:03:48.0799 0x0de8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:03:48.0799 0x0de8  MSTEE - ok
19:03:48.0814 0x0de8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:03:48.0814 0x0de8  MTConfig - ok
19:03:48.0814 0x0de8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:03:48.0830 0x0de8  Mup - ok
19:03:48.0845 0x0de8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:03:48.0861 0x0de8  napagent - ok
19:03:48.0877 0x0de8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:03:48.0877 0x0de8  NativeWifiP - ok
19:03:48.0908 0x0de8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:03:48.0923 0x0de8  NDIS - ok
19:03:48.0939 0x0de8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:48.0939 0x0de8  NdisCap - ok
19:03:48.0939 0x0de8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:48.0939 0x0de8  NdisTapi - ok
19:03:48.0955 0x0de8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:48.0955 0x0de8  Ndisuio - ok
19:03:48.0955 0x0de8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:48.0955 0x0de8  NdisWan - ok
19:03:48.0970 0x0de8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:03:48.0970 0x0de8  NDProxy - ok
19:03:48.0970 0x0de8  [ DC6530A291D4BDF6DF399F1F128E7F8F, 85123D802063383646EEBC60F4ABBCDBA2AE3180E99A8A99C024B1EBB0C6690E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:03:48.0986 0x0de8  Net Driver HPZ12 - ok
19:03:48.0986 0x0de8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:03:48.0986 0x0de8  NetBIOS - ok
19:03:49.0001 0x0de8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:03:49.0001 0x0de8  NetBT - ok
19:03:49.0001 0x0de8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
19:03:49.0001 0x0de8  Netlogon - ok
19:03:49.0017 0x0de8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:03:49.0033 0x0de8  Netman - ok
19:03:49.0033 0x0de8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:49.0048 0x0de8  NetMsmqActivator - ok
19:03:49.0048 0x0de8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:49.0048 0x0de8  NetPipeActivator - ok
19:03:49.0064 0x0de8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:03:49.0079 0x0de8  netprofm - ok
19:03:49.0095 0x0de8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:49.0095 0x0de8  NetTcpActivator - ok
19:03:49.0095 0x0de8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:49.0111 0x0de8  NetTcpPortSharing - ok
19:03:49.0111 0x0de8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:03:49.0111 0x0de8  nfrd960 - ok
19:03:49.0126 0x0de8  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:03:49.0126 0x0de8  NisDrv - ok
19:03:49.0142 0x0de8  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
19:03:49.0142 0x0de8  NisSrv - ok
19:03:49.0157 0x0de8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:03:49.0173 0x0de8  NlaSvc - ok
19:03:49.0173 0x0de8  [ C31FA031335EFF434B2D94278E74BCCE, F5DFD40C16E4013CBAD0E4FB8EF2B4419702B9C215218F69C4A2DD7C4C4C1E2B ] NPF             C:\Windows\system32\drivers\npf.sys
19:03:49.0173 0x0de8  NPF - ok
19:03:49.0173 0x0de8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:03:49.0173 0x0de8  Npfs - ok
19:03:49.0189 0x0de8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:03:49.0189 0x0de8  nsi - ok
19:03:49.0189 0x0de8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:03:49.0189 0x0de8  nsiproxy - ok
19:03:49.0235 0x0de8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:03:49.0282 0x0de8  Ntfs - ok
19:03:49.0282 0x0de8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:03:49.0282 0x0de8  Null - ok
19:03:49.0298 0x0de8  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
19:03:49.0313 0x0de8  NVENETFD - ok
19:03:49.0313 0x0de8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:03:49.0329 0x0de8  nvraid - ok
19:03:49.0329 0x0de8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:03:49.0329 0x0de8  nvstor - ok
19:03:49.0345 0x0de8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:03:49.0345 0x0de8  nv_agp - ok
19:03:49.0345 0x0de8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:03:49.0360 0x0de8  ohci1394 - ok
19:03:49.0360 0x0de8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:03:49.0360 0x0de8  ose - ok
19:03:49.0485 0x0de8  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:03:49.0594 0x0de8  osppsvc - ok
19:03:49.0625 0x0de8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:03:49.0625 0x0de8  p2pimsvc - ok
19:03:49.0641 0x0de8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:03:49.0657 0x0de8  p2psvc - ok
19:03:49.0672 0x0de8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:03:49.0672 0x0de8  Parport - ok
19:03:49.0672 0x0de8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:03:49.0672 0x0de8  partmgr - ok
19:03:49.0688 0x0de8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:03:49.0688 0x0de8  PcaSvc - ok
19:03:49.0703 0x0de8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:03:49.0703 0x0de8  pci - ok
19:03:49.0719 0x0de8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:03:49.0719 0x0de8  pciide - ok
19:03:49.0719 0x0de8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:03:49.0735 0x0de8  pcmcia - ok
19:03:49.0735 0x0de8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:03:49.0735 0x0de8  pcw - ok
19:03:49.0766 0x0de8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:03:49.0781 0x0de8  PEAUTH - ok
19:03:49.0813 0x0de8  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:03:49.0844 0x0de8  PeerDistSvc - ok
19:03:49.0875 0x0de8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:03:49.0875 0x0de8  PerfHost - ok
19:03:49.0922 0x0de8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:03:49.0953 0x0de8  pla - ok
19:03:49.0969 0x0de8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:03:49.0984 0x0de8  PlugPlay - ok
19:03:49.0984 0x0de8  [ 71F62C51DFDFBC04C83C5C64B2B8058E, CAB12E6D27BE421BD5A3CB04066EA50303A3210332ECC4B5C03B5F19735FC857 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:03:49.0984 0x0de8  Pml Driver HPZ12 - ok
19:03:50.0000 0x0de8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:03:50.0000 0x0de8  PNRPAutoReg - ok
19:03:50.0015 0x0de8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:03:50.0015 0x0de8  PNRPsvc - ok
19:03:50.0031 0x0de8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:03:50.0047 0x0de8  PolicyAgent - ok
19:03:50.0062 0x0de8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:03:50.0062 0x0de8  Power - ok
19:03:50.0078 0x0de8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:03:50.0078 0x0de8  PptpMiniport - ok
19:03:50.0078 0x0de8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:03:50.0078 0x0de8  Processor - ok
19:03:50.0093 0x0de8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:03:50.0093 0x0de8  ProfSvc - ok
19:03:50.0109 0x0de8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:50.0109 0x0de8  ProtectedStorage - ok
19:03:50.0109 0x0de8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:03:50.0125 0x0de8  Psched - ok
19:03:50.0156 0x0de8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:03:50.0187 0x0de8  ql2300 - ok
19:03:50.0203 0x0de8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:03:50.0203 0x0de8  ql40xx - ok
19:03:50.0218 0x0de8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:03:50.0234 0x0de8  QWAVE - ok
19:03:50.0234 0x0de8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:03:50.0234 0x0de8  QWAVEdrv - ok
19:03:50.0234 0x0de8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:03:50.0249 0x0de8  RasAcd - ok
19:03:50.0249 0x0de8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:50.0249 0x0de8  RasAgileVpn - ok
19:03:50.0265 0x0de8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:03:50.0265 0x0de8  RasAuto - ok
19:03:50.0265 0x0de8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:50.0281 0x0de8  Rasl2tp - ok
19:03:50.0296 0x0de8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:03:50.0296 0x0de8  RasMan - ok
19:03:50.0312 0x0de8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:50.0312 0x0de8  RasPppoe - ok
19:03:50.0312 0x0de8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:03:50.0312 0x0de8  RasSstp - ok
19:03:50.0327 0x0de8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:03:50.0343 0x0de8  rdbss - ok
19:03:50.0343 0x0de8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:03:50.0343 0x0de8  rdpbus - ok
19:03:50.0343 0x0de8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:50.0343 0x0de8  RDPCDD - ok
19:03:50.0359 0x0de8  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:03:50.0359 0x0de8  RDPDR - ok
19:03:50.0374 0x0de8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:03:50.0374 0x0de8  RDPENCDD - ok
19:03:50.0374 0x0de8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:03:50.0374 0x0de8  RDPREFMP - ok
19:03:50.0374 0x0de8  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:03:50.0390 0x0de8  RdpVideoMiniport - ok
19:03:50.0390 0x0de8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:03:50.0390 0x0de8  RDPWD - ok
19:03:50.0405 0x0de8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:03:50.0405 0x0de8  rdyboost - ok
19:03:50.0421 0x0de8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:03:50.0421 0x0de8  RemoteAccess - ok
19:03:50.0437 0x0de8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:03:50.0437 0x0de8  RemoteRegistry - ok
19:03:50.0452 0x0de8  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9, 9F66C47D49AADDC946C20945685C1B8BDFAF011D9CD840AC9F3130B5BA09946C ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
19:03:50.0452 0x0de8  rpcapd - ok
19:03:50.0452 0x0de8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:03:50.0468 0x0de8  RpcEptMapper - ok
19:03:50.0468 0x0de8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:03:50.0468 0x0de8  RpcLocator - ok
19:03:50.0483 0x0de8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:03:50.0499 0x0de8  RpcSs - ok
19:03:50.0499 0x0de8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:03:50.0499 0x0de8  rspndr - ok
19:03:50.0499 0x0de8  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:03:50.0499 0x0de8  s3cap - ok
19:03:50.0515 0x0de8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
19:03:50.0515 0x0de8  SamSs - ok
19:03:50.0515 0x0de8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:03:50.0515 0x0de8  sbp2port - ok
19:03:50.0530 0x0de8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:03:50.0546 0x0de8  SCardSvr - ok
19:03:50.0546 0x0de8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:03:50.0546 0x0de8  scfilter - ok
19:03:50.0577 0x0de8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:03:50.0608 0x0de8  Schedule - ok
19:03:50.0608 0x0de8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:03:50.0608 0x0de8  SCPolicySvc - ok
19:03:50.0624 0x0de8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:03:50.0624 0x0de8  SDRSVC - ok
19:03:50.0639 0x0de8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:03:50.0639 0x0de8  secdrv - ok
19:03:50.0639 0x0de8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:03:50.0639 0x0de8  seclogon - ok
19:03:50.0639 0x0de8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
19:03:50.0655 0x0de8  SENS - ok
19:03:50.0655 0x0de8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:03:50.0655 0x0de8  SensrSvc - ok
19:03:50.0655 0x0de8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:03:50.0671 0x0de8  Serenum - ok
19:03:50.0671 0x0de8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:03:50.0671 0x0de8  Serial - ok
19:03:50.0671 0x0de8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:03:50.0671 0x0de8  sermouse - ok
19:03:50.0686 0x0de8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:03:50.0702 0x0de8  SessionEnv - ok
19:03:50.0702 0x0de8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:03:50.0702 0x0de8  sffdisk - ok
19:03:50.0702 0x0de8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:03:50.0702 0x0de8  sffp_mmc - ok
19:03:50.0717 0x0de8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:03:50.0717 0x0de8  sffp_sd - ok
19:03:50.0717 0x0de8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:50.0717 0x0de8  sfloppy - ok
19:03:50.0733 0x0de8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:03:50.0749 0x0de8  SharedAccess - ok
19:03:50.0749 0x0de8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:03:50.0764 0x0de8  ShellHWDetection - ok
19:03:50.0764 0x0de8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:03:50.0780 0x0de8  SiSRaid2 - ok
19:03:50.0780 0x0de8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:03:50.0780 0x0de8  SiSRaid4 - ok
19:03:50.0795 0x0de8  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:03:50.0795 0x0de8  SkypeUpdate - ok
19:03:50.0811 0x0de8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:03:50.0811 0x0de8  Smb - ok
19:03:50.0811 0x0de8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:03:50.0827 0x0de8  SNMPTRAP - ok
19:03:50.0827 0x0de8  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\syswow64\speedfan.sys
19:03:50.0827 0x0de8  speedfan - ok
19:03:50.0827 0x0de8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:03:50.0827 0x0de8  spldr - ok
19:03:50.0842 0x0de8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:03:50.0858 0x0de8  Spooler - ok
19:03:50.0951 0x0de8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:03:51.0029 0x0de8  sppsvc - ok
19:03:51.0045 0x0de8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:03:51.0045 0x0de8  sppuinotify - ok
19:03:51.0061 0x0de8  [ 74D30C2EF66C2EB19F17ED5423AA8038, F79AB2B2B60620565FB2169255F95F4B37F6113F0AF776D1BAD02681EBE0DB54 ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:03:51.0061 0x0de8  sptd - ok
19:03:51.0092 0x0de8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:03:51.0092 0x0de8  srv - ok
19:03:51.0107 0x0de8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:03:51.0123 0x0de8  srv2 - ok
19:03:51.0123 0x0de8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:03:51.0139 0x0de8  srvnet - ok
19:03:51.0139 0x0de8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:03:51.0154 0x0de8  SSDPSRV - ok
19:03:51.0154 0x0de8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:03:51.0154 0x0de8  SstpSvc - ok
19:03:51.0185 0x0de8  [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:03:51.0201 0x0de8  Steam Client Service - ok
19:03:51.0201 0x0de8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:03:51.0201 0x0de8  stexstor - ok
19:03:51.0217 0x0de8  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:03:51.0217 0x0de8  StillCam - ok
19:03:51.0232 0x0de8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:03:51.0248 0x0de8  stisvc - ok
19:03:51.0248 0x0de8  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:03:51.0248 0x0de8  storflt - ok
19:03:51.0263 0x0de8  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:03:51.0263 0x0de8  storvsc - ok
19:03:51.0263 0x0de8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:03:51.0263 0x0de8  swenum - ok
19:03:51.0279 0x0de8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:03:51.0295 0x0de8  swprv - ok
19:03:51.0341 0x0de8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:03:51.0388 0x0de8  SysMain - ok
19:03:51.0404 0x0de8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:51.0404 0x0de8  TabletInputService - ok
19:03:51.0419 0x0de8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:03:51.0419 0x0de8  TapiSrv - ok
19:03:51.0435 0x0de8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:03:51.0435 0x0de8  TBS - ok
19:03:51.0482 0x0de8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:03:51.0529 0x0de8  Tcpip - ok
19:03:51.0575 0x0de8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:03:51.0607 0x0de8  TCPIP6 - ok
19:03:51.0622 0x0de8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:03:51.0622 0x0de8  tcpipreg - ok
19:03:51.0638 0x0de8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:03:51.0638 0x0de8  TDPIPE - ok
19:03:51.0638 0x0de8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:03:51.0638 0x0de8  TDTCP - ok
19:03:51.0638 0x0de8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:03:51.0653 0x0de8  tdx - ok
19:03:51.0653 0x0de8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:03:51.0653 0x0de8  TermDD - ok
19:03:51.0669 0x0de8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:03:51.0700 0x0de8  TermService - ok
19:03:51.0700 0x0de8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:03:51.0700 0x0de8  Themes - ok
19:03:51.0700 0x0de8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:03:51.0716 0x0de8  THREADORDER - ok
19:03:51.0716 0x0de8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:03:51.0731 0x0de8  TrkWks - ok
19:03:51.0731 0x0de8  [ A1965DFC0CD91E7CFC42925F8F597274, 7478D7DACD94F0C3D4F0CDAC9CD71CB03CB45C503DE6B1207A51F989844CB1F3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
19:03:51.0731 0x0de8  TrueSight - ok
19:03:51.0747 0x0de8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:51.0747 0x0de8  TrustedInstaller - ok
19:03:51.0747 0x0de8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:51.0747 0x0de8  tssecsrv - ok
19:03:51.0763 0x0de8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:03:51.0763 0x0de8  TsUsbFlt - ok
19:03:51.0763 0x0de8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:03:51.0778 0x0de8  tunnel - ok
19:03:51.0825 0x0de8  [ 56C10D3338B01D3FBCC5AF24B3833E1C, 99ABF0D33E2372521384DA3C98FD4A3534155AD5B6B7852EBE94E098AA3DC9B8 ] tvnserver       C:\Program Files\TightVNC\tvnserver.exe
19:03:51.0872 0x0de8  tvnserver - ok
19:03:51.0887 0x0de8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:03:51.0887 0x0de8  uagp35 - ok
19:03:51.0903 0x0de8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:03:51.0903 0x0de8  udfs - ok
19:03:51.0919 0x0de8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:03:51.0919 0x0de8  UI0Detect - ok
19:03:51.0919 0x0de8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:03:51.0934 0x0de8  uliagpkx - ok
19:03:51.0934 0x0de8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
19:03:51.0934 0x0de8  umbus - ok
19:03:51.0934 0x0de8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:03:51.0934 0x0de8  UmPass - ok
19:03:51.0950 0x0de8  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:03:51.0950 0x0de8  UmRdpService - ok
19:03:51.0965 0x0de8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:03:51.0981 0x0de8  upnphost - ok
19:03:51.0981 0x0de8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:03:51.0997 0x0de8  usbaudio - ok
19:03:51.0997 0x0de8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:51.0997 0x0de8  usbccgp - ok
19:03:52.0012 0x0de8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:03:52.0012 0x0de8  usbcir - ok
19:03:52.0012 0x0de8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:03:52.0012 0x0de8  usbehci - ok
19:03:52.0028 0x0de8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:03:52.0028 0x0de8  usbhub - ok
19:03:52.0043 0x0de8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:03:52.0043 0x0de8  usbohci - ok
19:03:52.0043 0x0de8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:03:52.0043 0x0de8  usbprint - ok
19:03:52.0059 0x0de8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:52.0059 0x0de8  USBSTOR - ok
19:03:52.0059 0x0de8  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:03:52.0059 0x0de8  usbuhci - ok
19:03:52.0075 0x0de8  [ 5967E5195EF841ED0A7F77CBE9F44B89, DAE0C9C5A2CC2703C6020175CD009E27C886E0F99B1B7840B68D9F9DB95BD9A2 ] uvhid           C:\Windows\system32\DRIVERS\uvhid.sys
19:03:52.0075 0x0de8  uvhid - ok
19:03:52.0075 0x0de8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:03:52.0075 0x0de8  UxSms - ok
19:03:52.0090 0x0de8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
19:03:52.0090 0x0de8  VaultSvc - ok
19:03:52.0090 0x0de8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:03:52.0090 0x0de8  vdrvroot - ok
19:03:52.0106 0x0de8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:03:52.0121 0x0de8  vds - ok
19:03:52.0121 0x0de8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:52.0137 0x0de8  vga - ok
19:03:52.0137 0x0de8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:03:52.0137 0x0de8  VgaSave - ok
19:03:52.0153 0x0de8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:03:52.0153 0x0de8  vhdmp - ok
19:03:52.0153 0x0de8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:03:52.0153 0x0de8  viaide - ok
19:03:52.0168 0x0de8  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:03:52.0168 0x0de8  vmbus - ok
19:03:52.0168 0x0de8  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:03:52.0184 0x0de8  VMBusHID - ok
19:03:52.0184 0x0de8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:03:52.0184 0x0de8  volmgr - ok
19:03:52.0199 0x0de8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:03:52.0215 0x0de8  volmgrx - ok
19:03:52.0215 0x0de8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:03:52.0231 0x0de8  volsnap - ok
19:03:52.0231 0x0de8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:52.0246 0x0de8  vsmraid - ok
19:03:52.0277 0x0de8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:03:52.0324 0x0de8  VSS - ok
19:03:52.0324 0x0de8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:03:52.0324 0x0de8  vwifibus - ok
19:03:52.0340 0x0de8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:03:52.0355 0x0de8  W32Time - ok
19:03:52.0371 0x0de8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:03:52.0371 0x0de8  WacomPen - ok
19:03:52.0371 0x0de8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:03:52.0371 0x0de8  WANARP - ok
19:03:52.0387 0x0de8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:03:52.0387 0x0de8  Wanarpv6 - ok
19:03:52.0418 0x0de8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:52.0449 0x0de8  WatAdminSvc - ok
19:03:52.0480 0x0de8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:03:52.0527 0x0de8  wbengine - ok
19:03:52.0543 0x0de8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:03:52.0543 0x0de8  WbioSrvc - ok
19:03:52.0558 0x0de8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:03:52.0574 0x0de8  wcncsvc - ok
19:03:52.0574 0x0de8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:52.0574 0x0de8  WcsPlugInService - ok
19:03:52.0589 0x0de8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:03:52.0589 0x0de8  Wd - ok
19:03:52.0605 0x0de8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:03:52.0621 0x0de8  Wdf01000 - ok
19:03:52.0636 0x0de8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:03:52.0636 0x0de8  WdiServiceHost - ok
19:03:52.0652 0x0de8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:03:52.0652 0x0de8  WdiSystemHost - ok
19:03:52.0652 0x0de8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:03:52.0667 0x0de8  WebClient - ok
19:03:52.0683 0x0de8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:03:52.0683 0x0de8  Wecsvc - ok
19:03:52.0699 0x0de8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:03:52.0699 0x0de8  wercplsupport - ok
19:03:52.0699 0x0de8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:03:52.0714 0x0de8  WerSvc - ok
19:03:52.0714 0x0de8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:52.0714 0x0de8  WfpLwf - ok
19:03:52.0714 0x0de8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:03:52.0714 0x0de8  WIMMount - ok
19:03:52.0730 0x0de8  WinDefend - ok
19:03:52.0730 0x0de8  WinHttpAutoProxySvc - ok
19:03:52.0745 0x0de8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:03:52.0745 0x0de8  Winmgmt - ok
19:03:52.0808 0x0de8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:03:52.0855 0x0de8  WinRM - ok
19:03:52.0870 0x0de8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
19:03:52.0870 0x0de8  WinUSB - ok
19:03:52.0886 0x0de8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:03:52.0917 0x0de8  Wlansvc - ok
19:03:52.0917 0x0de8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:03:52.0917 0x0de8  WmiAcpi - ok
19:03:52.0933 0x0de8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:03:52.0948 0x0de8  wmiApSrv - ok
19:03:52.0948 0x0de8  WMPNetworkSvc - ok
19:03:52.0948 0x0de8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:03:52.0948 0x0de8  WPCSvc - ok
19:03:52.0964 0x0de8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:03:52.0964 0x0de8  WPDBusEnum - ok
19:03:52.0979 0x0de8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:03:52.0979 0x0de8  ws2ifsl - ok
19:03:52.0979 0x0de8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
19:03:52.0979 0x0de8  wscsvc - ok
19:03:52.0995 0x0de8  WSearch - ok
19:03:53.0057 0x0de8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:03:53.0104 0x0de8  wuauserv - ok
19:03:53.0120 0x0de8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:03:53.0120 0x0de8  WudfPf - ok
19:03:53.0135 0x0de8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:53.0135 0x0de8  WUDFRd - ok
19:03:53.0151 0x0de8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:03:53.0151 0x0de8  wudfsvc - ok
19:03:53.0151 0x0de8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:03:53.0167 0x0de8  WwanSvc - ok
19:03:53.0167 0x0de8  ================ Scan global ===============================
19:03:53.0167 0x0de8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:03:53.0182 0x0de8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:03:53.0198 0x0de8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:03:53.0213 0x0de8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:03:53.0213 0x0de8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:03:53.0229 0x0de8  [ Global ] - ok
19:03:53.0229 0x0de8  ================ Scan MBR ==================================
19:03:53.0229 0x0de8  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk0\DR0
19:03:53.0245 0x0de8  \Device\Harddisk0\DR0 - ok
19:03:53.0245 0x0de8  [ EA923EB0EC0060F1451E9AD7B5762CFE ] \Device\Harddisk1\DR1
19:03:53.0260 0x0de8  \Device\Harddisk1\DR1 - ok
19:03:53.0260 0x0de8  ================ Scan VBR ==================================
19:03:53.0260 0x0de8  [ 158071D30CF2BE2440056827D3736214 ] \Device\Harddisk0\DR0\Partition1
19:03:53.0276 0x0de8  \Device\Harddisk0\DR0\Partition1 - ok
19:03:53.0276 0x0de8  [ 2A6C245FBE1F88B5B773560EBA50E1BA ] \Device\Harddisk1\DR1\Partition1
19:03:53.0276 0x0de8  \Device\Harddisk1\DR1\Partition1 - ok
19:03:53.0276 0x0de8  [ 484142AEA4AAC033D80B339165C628DE ] \Device\Harddisk1\DR1\Partition2
19:03:53.0276 0x0de8  \Device\Harddisk1\DR1\Partition2 - ok
19:03:53.0276 0x0de8  ================ Scan generic autorun ======================
19:03:53.0307 0x0de8  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
19:03:53.0338 0x0de8  MSC - ok
19:03:53.0401 0x0de8  [ 56C10D3338B01D3FBCC5AF24B3833E1C, 99ABF0D33E2372521384DA3C98FD4A3534155AD5B6B7852EBE94E098AA3DC9B8 ] C:\Program Files\TightVNC\tvnserver.exe
19:03:53.0432 0x0de8  tvncontrol - ok
19:03:53.0432 0x0de8  LastApp - ok
19:03:53.0479 0x0de8  [ B4060C1841F6CC886E5FFCF4CF5581F3, 30DB29FEDB5828E102A8C38D678D6427EA13A1C8808A65B2768AE17C4345B01A ] C:\Program Files\Ext2Fsd\Ext2Mgr.exe
19:03:53.0494 0x0de8  Ext2 Volume Manager - ok
19:03:53.0510 0x0de8  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
19:03:53.0510 0x0de8  BCSSync - ok
19:03:53.0525 0x0de8  [ 3CD5FD3FED5388DC01A072DB5D06C9CD, BED3D0CE4EF7A8D0FAB8B1E2E519D2B7F9BB81E62F5CBC6C968179FC20956165 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
19:03:53.0557 0x0de8  StartCCC - ok
19:03:53.0635 0x0de8  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
19:03:53.0713 0x0de8  DAEMON Tools Lite - ok
19:03:53.0728 0x0de8  [ 80D10A1EF565CFD604483296B3990197, 8D1D7678B6100AC19820735132484785DC87BF709136A86133C2FC393180714A ] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
19:03:53.0744 0x0de8  Unified Remote v2 - ok
19:03:53.0744 0x0de8  Waiting for KSN requests completion. In queue: 279
19:03:54.0758 0x0de8  Waiting for KSN requests completion. In queue: 279
19:03:55.0772 0x0de8  Waiting for KSN requests completion. In queue: 279
19:03:56.0786 0x0de8  Waiting for KSN requests completion. In queue: 279
19:03:57.0800 0x0de8  Waiting for KSN requests completion. In queue: 279
19:03:58.0814 0x0de8  Waiting for KSN requests completion. In queue: 279
19:03:59.0828 0x0de8  Waiting for KSN requests completion. In queue: 279
19:04:00.0842 0x0de8  Waiting for KSN requests completion. In queue: 279
19:04:01.0856 0x0de8  Waiting for KSN requests completion. In queue: 279
 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 27 November 2014 - 06:03 PM

Thank you. How is your computer running?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users