Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus removal advice


  • This topic is locked This topic is locked
47 replies to this topic

#1 Mike1179

Mike1179

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 15 November 2014 - 09:17 PM

Hi, I'm wondering if anyone can help me with this?

 

My computer (Windows 7) was/is infected with PUP.Optional.InstallCore.A and I'm not sure I got rid of it all.

 

I followed a Bleeping Computer cached page and removed the files with malwarebytes, then did a clean up with Quarantine.exe and finally a browser clean with Avast.

 

After this, I started getting dozens of MSI logs created (not sure if this is related) and browser redirects (which firefox managed to block).

 

Comodo firewall won't save any of my 'rules'. The settings are just wrong i.e. ALL my files are on the trusted files list, the 'trusted vendors list' has hundreds of entries, and all my blocked applications etc are now in the 'trusted files' list.

 

Now malwarebytes is playing up: I can't complete a threat scan, and when i click 'view detailed log', it redirects to 'my computer'

 

I have been running malwarebytes threat scans that come up with 'no threats'

 

but now I can't do system restore either as i get error message 0x0070005, which microsoft say is a malware issue

 

Any help greatly appreciated

 

Thank you 

Mike

 

 



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:22 PM

Posted 16 November 2014 - 04:49 PM

Hi Mike1179 and Welcome to Bleepingcomputer !

As I am in training I will need to get my Mentor to approve my post and will advice you on what to do in my next reply!

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 Mike1179

Mike1179
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 16 November 2014 - 05:20 PM

Thanks Seedy21



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:22 PM

Posted 16 November 2014 - 05:52 PM

Hello Mike1179

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

I would like to see what MalwareBytes has removed.
  • Open MalwareBytes Anti-malware Program
  • Click on History and then Application Logs as seen in the image below.

    History_AL.png
  • Find the scan that has the threat's and has removed them.

    MBAMScanLog_zps21b494ad.jpg
  • Click on Copy to Clipboard then paste into your next reply.
Step 2

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:22 PM

Posted 18 November 2014 - 11:47 AM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 Mike1179

Mike1179
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 18 November 2014 - 05:35 PM

Hi Seedy - Thanks for this - Here is he information:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/11/2014
Scan Time: 00:52:06
Logfile: 1411 07.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.13.11
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Private

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368891
Time Elapsed: 10 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3596227979-2911767744-3651838352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [b2378dad1e5e43f3ed44a0cfb3501be5],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3596227979-2911767744-3651838352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [a940d268522aa98dfa6f8ff614f05aa6],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3596227979-2911767744-3651838352-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2Y1E2Z1G1J1T1M, Quarantined, [a940d268522aa98dfa6f8ff614f05aa6]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Private (administrator) on PRIVATE-HP on 18-11-2014 22:19:49
Running from C:\Users\Private\Desktop
Loaded Profile: Private (Available profiles: Private & Etavirp 2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-14] (AVAST Software)
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\...\MountPoints2: {4db7d3e6-4fc4-11e3-85a5-80c16eea6999} - "F:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0E64034F-A1A2-4D2B-B671-71D8F6BDF9C9} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0E64034F-A1A2-4D2B-B671-71D8F6BDF9C9} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3596227979-2911767744-3651838352-1000 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3596227979-2911767744-3651838352-1000 -> {0E64034F-A1A2-4D2B-B671-71D8F6BDF9C9} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3596227979-2911767744-3651838352-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3596227979-2911767744-3651838352-1000 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No File
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKU\S-1-5-21-3596227979-2911767744-3651838352-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{1A42ED0E-FF32-42CC-83E4-7440401AFD9A}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{4907E6C3-B393-4333-90D3-5059DE2343B5}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Private\AppData\Roaming\Mozilla\Firefox\Profiles\fzm5d6mq.default
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-3596227979-2911767744-3651838352-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Private\AppData\Roaming\Mozilla\Firefox\Profiles\fzm5d6mq.default\searchplugins\google-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-05-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-05]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-13] (Symantec Corporation)
S2 CLPSLauncher; "C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe" [X]
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [X]
S2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [X]
S2 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
S4 HPSLPSVC; C:\Users\Private\AppData\Local\Temp\7zS5497\hpslpsvc64.dll [X]
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] () [File not signed]
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-05-11] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 22:19 - 2014-11-18 22:20 - 00018426 _____ () C:\Users\Private\Desktop\FRST.txt
2014-11-18 22:19 - 2014-11-18 22:19 - 00000000 ____D () C:\FRST
2014-11-18 22:18 - 2014-11-18 22:18 - 02117120 _____ (Farbar) C:\Users\Private\Desktop\FRST64.exe
2014-11-18 21:59 - 2014-11-18 21:59 - 00001604 _____ () C:\Users\Private\Documents\1411 07.txt
2014-11-18 00:07 - 2014-11-18 00:12 - 00000000 ____D () C:\Users\Private\Documents\Etavirp
2014-11-16 02:21 - 2014-11-16 02:23 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Local\Adobe
2014-11-16 02:21 - 2014-11-16 02:21 - 00000000 ____D () C:\Users\Etavirp 2\Documents\Updater
2014-11-15 23:49 - 2014-11-15 23:50 - 00000000 ____D () C:\Users\Private\Documents\WORK IN PROGRESS
2014-11-15 02:47 - 2014-11-16 01:19 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-11-15 02:43 - 2014-11-15 02:43 - 00000000 ____D () C:\Users\Private\AppData\Local\Comodo
2014-11-15 02:43 - 2014-11-15 02:43 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-11-14 23:18 - 2014-11-14 23:18 - 00000000 ____D () C:\Users\Private\AppData\Local\{5EE07DD6-FADE-43A0-BB23-55B666AAD5BF}
2014-11-14 18:34 - 2014-11-14 18:34 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-14 18:34 - 2014-11-14 18:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-14 01:30 - 2014-11-14 01:32 - 00000000 ____D () C:\AdwCleaner
2014-11-14 00:51 - 2014-11-14 00:51 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-11-13 01:10 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 01:10 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 01:10 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 01:10 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 01:10 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 01:10 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 01:10 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 01:10 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 01:10 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 01:10 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 01:10 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 01:10 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 01:10 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 01:10 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 01:10 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 01:10 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 01:10 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 01:10 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 01:10 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 01:10 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 01:10 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 01:10 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 01:10 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 01:10 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 01:10 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 01:10 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 01:09 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 01:09 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 01:09 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 01:09 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 01:09 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 01:09 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 01:09 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 01:09 - 2014-09-19 09:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 01:09 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 01:09 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 01:09 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 01:09 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 01:09 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 01:09 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 01:09 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 01:09 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 01:09 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 01:09 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 01:09 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 01:09 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 01:09 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-06 22:42 - 2014-11-06 22:42 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Roaming\AVAST Software
2014-11-05 12:32 - 2014-11-18 22:14 - 00001512 _____ () C:\Windows\setupact.log
2014-11-05 12:32 - 2014-11-05 12:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-05 12:10 - 2014-11-05 12:10 - 00000000 ____D () C:\Users\Private\AppData\Roaming\AVAST Software
2014-11-05 11:48 - 2014-11-05 11:48 - 00000000 ____D () C:\AVAST Software
2014-11-05 11:47 - 2014-11-16 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-05 11:47 - 2014-11-14 18:34 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-05 11:47 - 2014-11-14 18:34 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-05 11:47 - 2014-11-14 18:34 - 00116728 _____ () C:\Windows\system32\Drivers\aswStm.sys
2014-11-05 11:47 - 2014-11-14 18:34 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-05 11:47 - 2014-11-14 18:34 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-05 11:47 - 2014-11-14 18:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-05 11:47 - 2014-11-14 18:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-05 11:47 - 2014-11-14 18:34 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-05 11:47 - 2014-11-14 18:34 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-05 11:47 - 2014-11-14 18:33 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-05 11:46 - 2014-11-05 11:46 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-05 11:43 - 2014-11-05 11:43 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Local\Help
2014-11-05 11:40 - 2014-11-05 11:46 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-05 11:38 - 2014-11-05 11:38 - 05004328 _____ (AVAST Software) C:\Users\Etavirp 2\Desktop\avast_free_antivirus_setup_online.exe
2014-11-03 11:06 - 2014-11-05 11:26 - 00252168 _____ () C:\Users\Etavirp 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-02 13:16 - 2014-11-02 13:16 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Local\Macromedia
2014-11-02 13:13 - 2014-11-05 09:27 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Roaming\Mozilla
2014-11-02 13:13 - 2014-11-05 09:27 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Local\Mozilla
2014-11-02 10:46 - 2014-11-02 10:46 - 00000462 _____ () C:\Users\Etavirp 2\Desktop\OS © - Shortcut.lnk
2014-11-02 10:45 - 2014-11-02 10:45 - 00001099 _____ () C:\Users\Etavirp 2\Desktop\explorer - Shortcut.lnk
2014-11-02 10:44 - 2014-11-02 10:44 - 00001102 _____ () C:\Users\Etavirp 2\Desktop\Pictures - Shortcut.lnk
2014-11-02 10:43 - 2014-11-02 10:43 - 00001105 _____ () C:\Users\Etavirp 2\Desktop\Documents - Shortcut.lnk
2014-11-02 10:43 - 2014-11-02 10:43 - 00001077 _____ () C:\Users\Etavirp 2\Desktop\Music - Shortcut.lnk
2014-11-02 10:37 - 2014-11-02 10:37 - 00002655 _____ () C:\Users\Etavirp 2\Desktop\Microsoft Word.lnk
2014-11-02 10:37 - 2014-11-02 10:37 - 00001304 _____ () C:\Users\Etavirp 2\Desktop\Notepad.lnk
2014-11-02 10:37 - 2014-11-02 10:37 - 00001230 _____ () C:\Users\Etavirp 2\Desktop\Calculator.lnk
2014-11-02 10:36 - 2014-11-02 10:36 - 00001079 _____ () C:\Users\Etavirp 2\Desktop\FileASSASSIN.lnk
2014-11-02 10:36 - 2014-11-02 10:36 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Local\Apple
2014-11-02 10:33 - 2014-11-02 10:33 - 00000000 ____D () C:\Users\Etavirp 2\hpremote
2014-11-02 10:32 - 2014-11-02 10:32 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Roaming\Hewlett-Packard
2014-11-02 10:31 - 2014-10-24 20:31 - 00000898 _____ () C:\Users\Etavirp 2\Desktop\Sandboxed Web Browser.lnk
2014-11-01 02:47 - 2014-11-01 02:47 - 00000000 ____D () C:\Users\Private\AppData\Local\Macromedia
2014-10-29 22:08 - 2014-11-16 02:23 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Roaming\Adobe
2014-10-29 22:08 - 2014-11-16 02:20 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Local\VirtualStore
2014-10-29 22:08 - 2014-11-02 13:11 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E14CE75C-1712-4A33-8946-07FFE2CB2E35}
2014-10-29 22:07 - 2014-11-16 01:26 - 00000000 ____D () C:\Users\Etavirp 2
2014-10-29 22:07 - 2014-11-05 09:28 - 00000000 ___RD () C:\Users\Etavirp 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-29 22:07 - 2014-11-05 09:28 - 00000000 ___RD () C:\Users\Etavirp 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-29 22:07 - 2014-11-05 09:27 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Roaming\Macromedia
2014-10-29 22:07 - 2014-10-29 22:11 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Roaming\WTablet
2014-10-29 22:07 - 2014-10-29 22:07 - 00000020 ___SH () C:\Users\Etavirp 2\ntuser.ini
2014-10-29 22:07 - 2012-10-13 07:15 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Roaming\TuneUp Software
2014-10-29 22:07 - 2012-05-11 08:18 - 00000000 ____D () C:\Users\Etavirp 2\AppData\Local\Hewlett-Packard
2014-10-28 17:19 - 2014-10-28 17:19 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 17:19 - 2014-10-28 17:19 - 00001153 _____ () C:\Users\Public\Desktop\Firefox.lnk
2014-10-28 17:19 - 2014-10-28 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-28 15:50 - 2014-11-16 01:26 - 00000000 ____D () C:\Users\Private\AppData\Local\Mozilla
2014-10-28 15:50 - 2014-10-28 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 15:50 - 2014-10-28 15:50 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-28 15:49 - 2014-10-28 15:47 - 24656704 _____ (Mozilla) C:\Users\Private\Downloads\Firefox.EXE
2014-10-28 15:48 - 2014-10-28 17:11 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-10-28 15:47 - 2014-10-28 15:47 - 24656704 _____ (Mozilla) C:\Users\Private\Downloads\Firefox%20Setup%2027.0.exe
2014-10-28 15:46 - 2014-10-28 15:46 - 00834776 _____ ( ) C:\Users\Private\Downloads\FirefoxSetup.exe
2014-10-28 15:12 - 2014-10-28 15:12 - 00000000 ____D () C:\Users\Private\AppData\Local\{7CF016C9-CCE4-45EA-B958-69D9D6765A79}
2014-10-28 13:37 - 2014-11-17 00:12 - 00000000 ____D () C:\Users\Private\Documents\1410 HACK
2014-10-28 10:44 - 2014-10-28 10:44 - 00001684 _____ () C:\Users\Private\Desktop\WINWORD.EXE - Shortcut.lnk
2014-10-27 12:33 - 2014-10-27 12:35 - 00000000 ____D () C:\Users\Private\AppData\Local\Avg2013
2014-10-27 11:50 - 2014-10-27 11:50 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 11:14 - 2014-11-14 00:52 - 00001919 _____ () C:\Users\Private\Desktop\Anger Management For Dummies - Copy.pdf - Shortcut.lnk
2014-10-24 20:32 - 2014-10-26 20:35 - 00001004 _____ () C:\Users\Private\Desktop\Sandboxie.lnk
2014-10-24 20:31 - 2014-10-24 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-23 10:55 - 2014-10-23 10:55 - 00000000 ____D () C:\Users\Private\AppData\Local\Avg2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 22:19 - 2012-06-20 07:00 - 02048435 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 22:18 - 2009-07-14 05:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 22:14 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 22:14 - 2009-07-14 04:45 - 01400360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-18 22:13 - 2010-11-21 03:47 - 00609428 _____ () C:\Windows\PFRO.log
2014-11-18 22:13 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 22:13 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 21:56 - 2012-11-21 00:16 - 22859264 ___SH () C:\Users\Private\Documents\Thumbs.db
2014-11-18 21:53 - 2014-06-29 09:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 21:51 - 2012-05-11 08:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-18 21:50 - 2012-06-20 00:32 - 00000000 ____D () C:\Users\Private\AppData\Roaming\Adobe
2014-11-18 21:48 - 2012-06-25 21:53 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-18 21:47 - 2012-05-11 08:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 21:29 - 2012-10-01 07:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 20:59 - 2014-04-13 18:43 - 00000000 ____D () C:\Users\Private\My Art & Letters
2014-11-18 01:16 - 2012-06-19 22:08 - 00000000 ____D () C:\Users\Private\Documents\QL BOOK
2014-11-17 23:03 - 2012-06-27 19:43 - 00003376 _____ () C:\Windows\Sandboxie.ini
2014-11-16 21:16 - 2014-09-27 02:30 - 00251160 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-11-16 02:43 - 2012-06-19 21:04 - 00000000 ____D () C:\Users\Private
2014-11-16 01:26 - 2014-06-21 10:51 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-11-16 01:26 - 2013-11-09 00:26 - 00000000 ____D () C:\Users\Private\Desktop\SECURITY
2014-11-16 01:26 - 2013-10-30 21:55 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-11-16 01:26 - 2012-08-02 15:54 - 00000000 ___HD () C:\Users\Private\AppData\Local\Downloaded Installations
2014-11-16 01:26 - 2012-06-20 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-11-16 01:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-16 01:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-11-16 01:25 - 2012-06-20 02:58 - 00000000 ____D () C:\ProgramData\Comodo
2014-11-16 01:25 - 2012-06-20 02:58 - 00000000 ____D () C:\Program Files\COMODO
2014-11-16 01:25 - 2012-06-20 02:58 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-11-14 21:15 - 2012-06-21 15:44 - 00000000 ____D () C:\Users\Private\Tracing
2014-11-14 21:14 - 2012-08-04 23:26 - 00000000 ___HD () C:\Users\Private\AppData\Local\CrashDumps
2014-11-14 21:14 - 2012-06-19 21:10 - 00000000 ___DC () C:\Users\Private\AppData\Local\MigWiz
2014-11-14 21:14 - 2011-02-11 17:00 - 00000000 ____D () C:\Windows\Panther
2014-11-14 20:03 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 01:15 - 2014-05-06 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 01:14 - 2013-08-15 13:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 01:11 - 2012-06-22 22:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 00:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-12 23:09 - 2014-08-24 14:51 - 00000000 ____D () C:\Users\Private\AppData\Roaming\WTablet
2014-11-12 12:36 - 2012-06-19 22:05 - 00000000 ____D () C:\Users\Private\Documents\09 COMINFO
2014-11-07 22:34 - 2010-11-21 07:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-07 22:34 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-11-07 22:34 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-07 20:35 - 2012-06-19 22:06 - 00000000 ____D () C:\Users\Private\Documents\40 AS
2014-11-05 13:18 - 2010-11-21 07:16 - 00000000 ____D () C:\Windows\ShellNew
2014-11-05 13:18 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-05 13:18 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-05 13:18 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-11-05 13:18 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-05 12:32 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 12:32 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU(64).TXT
2014-11-05 11:48 - 2012-06-20 02:59 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-11-05 11:40 - 2014-09-27 09:00 - 00252168 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-11-05 10:48 - 2012-06-23 18:07 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2014-11-05 10:47 - 2012-06-23 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2014-11-05 10:47 - 2012-06-23 18:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-11-05 09:28 - 2012-05-11 08:29 - 00000000 ____D () C:\Program Files (x86)\PlayReady
2014-11-05 09:28 - 2012-05-11 08:23 - 00000000 ____D () C:\Program Files\PlayReady
2014-11-04 14:30 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 13:12 - 2012-06-20 03:55 - 00000000 ___RD () C:\Sandbox
2014-11-01 02:44 - 2012-10-01 07:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-01 02:44 - 2012-07-05 14:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-01 02:44 - 2012-05-11 08:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-01 02:43 - 2014-08-22 11:46 - 00000000 ____D () C:\Users\Private\AppData\Local\Adobe
2014-10-31 17:38 - 2013-11-05 11:37 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-10-28 15:50 - 2012-07-07 21:44 - 00000000 ____D () C:\Users\Private\AppData\Roaming\Mozilla
2014-10-28 15:12 - 2012-06-20 09:45 - 00000000 ____D () C:\Users\Private\AppData\Local\Windows Live Writer
2014-10-27 12:35 - 2012-06-20 02:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-27 11:50 - 2014-06-29 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 11:50 - 2014-06-29 09:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 20:35 - 2014-09-01 20:36 - 00001704 _____ () C:\Users\Private\Desktop\Recuva.lnk
2014-10-26 20:35 - 2014-09-01 20:28 - 00001842 _____ () C:\Users\Public\Desktop\My Printer.lnk
2014-10-26 13:16 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-26 11:15 - 2012-06-19 22:09 - 00000000 ____D () C:\Users\Private\Documents\WRI
2014-10-25 09:37 - 2014-05-27 10:50 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-10-25 09:36 - 2014-05-27 10:51 - 00001955 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-10-25 09:36 - 2014-05-27 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2014-10-25 09:36 - 2014-05-27 10:51 - 00000000 ____D () C:\Program Files (x86)\Sonos

Some content of TEMP:
====================
C:\Users\Private\AppData\Local\Temp\Quarantine.exe
C:\Users\Private\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 17:50

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Private at 2014-11-18 22:20:40
Running from C:\Users\Private\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT Screen Thief 3.9 (HKLM-x32\...\AT Screen Thief_is1) (Version:  - Alex and Alex Soft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belkin F5U249 Driver and Icon (HKLM-x32\...\{E33A4D86-8941-41CB-9DF7-466FACB3ADF2}) (Version: 1.0 - BELKIN)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series User Registration (HKLM-x32\...\Canon iP2600 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EPSON TWAIN 5 (HKLM-x32\...\{9A3EABC0-CA06-11D4-BF77-00104B130C19}) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom ™ 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
FreeOCR 3.0 (HKLM\...\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}) (Version: 3.0 - Free OCR)
GeekBuddy (HKLM\...\{C36B3AE4-FCFE-4A0A-AA3D-71E1A51C1F16}) (Version: 4.11.91 - Comodo Security Solutions Inc)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6305 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuarkXPress 5.0 (HKLM-x32\...\{BD6840EF-4113-4DA9-BA8B-BC7C34832BA0}) (Version: 5.00.0000 - Quark Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Remove Hidden Data Tool (HKLM-x32\...\{90F80409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 27.2.81200 - Sonos, Inc.)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.141 - VeriSign)
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VirtualCom driver (HKLM\...\{19639A51-FCC5-40BA-9F07-D8292A07249B}) (Version: 1.0.0 - ait)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version:  - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-11-2014 12:45:25 Windows Modules Installer
07-11-2014 22:21:35 Windows Modules Installer
13-11-2014 01:10:51 Windows Update
14-11-2014 01:18:50 Removed OpenOffice 4.1.1
14-11-2014 18:33:11 avast! antivirus system restore point
14-11-2014 20:46:40 Adblock Plus for IE
14-11-2014 20:47:10 Removed Adblock Plus for IE (32-bit and 64-bit)
15-11-2014 02:47:52 Device Driver Package Install: COMODO Network Service
16-11-2014 01:16:57 Restore Operation
16-11-2014 01:20:20 avast! antivirus system restore point
16-11-2014 01:23:03 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0213F53F-3777-46F1-AF35-F38CD9A89AC0} - System32\Tasks\{4F50FA25-3A72-41BB-A0CF-622932F59DB7} => C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe [2009-01-27] (Alex & Alex Soft)
Task: {040DC7DF-A7DF-4CE7-BB02-A80F87EB3F40} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {0C947C21-03EA-4A8A-870B-EB0847DE349A} - System32\Tasks\{7D8D5FD6-6F1A-495B-BD8A-E476A794F0E6} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2012-03-08] (Microsoft Corporation)
Task: {0DE8C74E-BF81-4739-B2F9-AF2D432A3102} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1362E546-B37F-40F9-B161-2F1D19EA80C8} - System32\Tasks\{E65F5854-7180-46BC-B1A6-8EB738E0481A} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2012-03-08] (Microsoft Corporation)
Task: {15599AC0-A5C0-4B2A-85F8-0BB4A92DC8C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-01] (Adobe Systems Incorporated)
Task: {2411D935-03F3-479B-A9D7-9B0E5069B0EF} - System32\Tasks\{0C1E3FEF-A9DD-4566-838C-A1335CC4773C} => C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe [2009-01-27] (Alex & Alex Soft)
Task: {26719D75-A390-4AAE-B9C0-B03EBB713D62} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {2FB43863-1D7E-459C-B8E2-5E66485FD7A0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {325BB644-00FB-4CF9-ACF9-E95E40AC7EB4} - System32\Tasks\{B6902AC1-F9ED-47BF-8007-BD4C56C801DD} => C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe [2009-01-27] (Alex & Alex Soft)
Task: {33494F0D-F471-400B-B5D8-7120C09FEAB3} - System32\Tasks\{0638D050-4DD6-47C7-8637-52D5A86626C7} => C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe [2009-01-27] (Alex & Alex Soft)
Task: {5434FDB2-3B9A-460E-88D2-0F7E1F067135} - \CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} No Task File <==== ATTENTION
Task: {5D6C1C3C-94B5-4DF0-BB10-E582687A33F9} - System32\Tasks\{DADD74A9-300D-4110-8268-0FD9603F5729} => C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe [2009-01-27] (Alex & Alex Soft)
Task: {60715603-6921-42E6-9A7C-58F35E70A407} - System32\Tasks\{468A723C-99CE-4FE0-BDE1-185E53C235DB} => C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe [2009-01-27] (Alex & Alex Soft)
Task: {662EA1C9-B00B-4FBF-992E-FCB1B425C251} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {69096756-1FF0-4FD7-9E0E-591377F2E9B9} - System32\Tasks\{53D5F592-C02D-4E5F-BD94-7F688CD9322A} => C:\Program Files (x86)\Quark\QuarkXPress\QuarkXPress.exe [2012-06-23] (Quark, Inc.)
Task: {74595BD1-5AA6-4D3C-8C43-CD42225B3CD6} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {77A873E6-E0D7-49F5-84F1-D6A8331A76ED} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {77CB5986-9D89-446D-AB36-8E10058F77D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {884B25F9-362C-4677-B5CA-0B6694AC6A49} - System32\Tasks\{DE9D0470-19C3-4EF8-B1F6-61DFFC3EECC6} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2012-03-08] (Microsoft Corporation)
Task: {955108C9-63D8-4A4A-8CE0-6EC8B5FA4C76} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-14] (AVAST Software)
Task: {A85BCE6D-D029-4E10-8C96-290291C200E9} - System32\Tasks\{CE406844-BDF9-4EC2-AF0E-1E9FE05DA1CA} => C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe [2009-01-27] (Alex & Alex Soft)
Task: {B94D1F5D-83D8-4627-A7BB-6F4AE26B5FEC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {D5155948-8C10-45E4-85BB-9082F7F86F57} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()
Task: {ED7A3382-60D7-4272-9256-C0A753A42AC9} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {F62FB001-1CE6-40C9-87CF-43680B80B3D8} - System32\Tasks\{4C595297-1928-4BB4-8C71-2C6D11D5F3AE} => C:\Program Files (x86)\Adobe Software\Adobe Bridge\Bridge.exe
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-07-10 23:06 - 2011-02-28 22:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-08-24 14:51 - 2011-09-08 16:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-05-11 08:07 - 2011-12-26 05:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-18 22:16 - 2014-11-18 22:16 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111802\algo.dll
2014-11-14 18:34 - 2014-11-14 18:34 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-11 08:17 - 2011-12-16 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CalendarSynchService => 2
MSCONFIG\Services: CLPSLS => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: TouchServicePen => 2
MSCONFIG\Services: VIPAppService => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Private^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Private^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JL Alpine Advent Calendar.lnk => C:\Windows\pss\JL Alpine Advent Calendar.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Private^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JL Edwardian Advent Calendar.lnk => C:\Windows\pss\JL Edwardian Advent Calendar.lnk.Startup
MSCONFIG\startupreg: AVG-Secure-Search-Update_0913b => C:\Users\Private\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6122c6acec8447d09d845188280e806a-c6c15d68f1f11264c1c5b2cc2a502c2b0940e95b --CMPID 0913b
MSCONFIG\startupreg: BATINDICATOR => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: COMODO => C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
MSCONFIG\startupreg: CPA => C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LaunchHPOSIAPP => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SetIcon => C:\Program Files\Icons\SetIcon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3596227979-2911767744-3651838352-500 - Administrator - Disabled)
Etavirp 2 (S-1-5-21-3596227979-2911767744-3651838352-1005 - Limited - Enabled) => C:\Users\Etavirp 2
Guest (S-1-5-21-3596227979-2911767744-3651838352-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3596227979-2911767744-3651838352-1002 - Limited - Enabled)
Private (S-1-5-21-3596227979-2911767744-3651838352-1000 - Administrator - Enabled) => C:\Users\Private

==================== Faulty Device Manager Devices =============

Name: K:\
Description: Card  Reader    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Multiple
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: aswStm
Description: aswStm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswStm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 09:00:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xefc
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (11/17/2014 11:02:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x8d0
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (11/16/2014 01:28:28 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Removed Adblock Plus for IE (32-bit and 64-bit)). Additional information: 0x80070005.

Error: (11/16/2014 01:20:57 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Device Driver Package Install: COMODO Network Service). Additional information: 0x80070005.

Error: (11/15/2014 03:24:29 AM) (Source: Microsoft Office 10) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Word.

Error: (11/15/2014 03:24:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 10.0.6866.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8e0

Start Time: 01d000836fe20dbe

Termination Time: 0

Application Path: C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE

Report Id: e1797028-6c76-11e4-b891-ceb052c03688

Error: (11/14/2014 09:15:21 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3596227979-2911767744-3651838352-1000}/">.

Error: (11/14/2014 09:14:39 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3596227979-2911767744-3651838352-1000}/">.

Error: (11/14/2014 01:29:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Failed to Start the CVH service 1063

Error: (11/14/2014 00:51:26 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Private-HP)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.


System errors:
=============
Error: (11/18/2014 10:14:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
%%193

Error: (11/18/2014 10:14:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GeekBuddyRSP Server service failed to start due to the following error:
%%2

Error: (11/18/2014 10:14:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Easybits Services for Windows service failed to start due to the following error:
%%2

Error: (11/18/2014 10:14:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COMODO Dragon Update Service service failed to start due to the following error:
%%2

Error: (11/18/2014 10:14:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
%%193

Error: (11/18/2014 10:14:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COMODO LPS Launcher service failed to start due to the following error:
%%2

Error: (11/18/2014 09:00:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/18/2014 08:16:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
%%193

Error: (11/18/2014 08:16:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GeekBuddyRSP Server service failed to start due to the following error:
%%2

Error: (11/18/2014 08:16:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Easybits Services for Windows service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (11/18/2014 09:00:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102efc01d003725f4ab25fC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlldc44d588-6f65-11e4-aee1-eef22cec0799

Error: (11/17/2014 11:02:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18247521eaf24c000037400000000000c41028d001d002b8d9040046C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllc0608106-6ead-11e4-8963-f7b827b4f694

Error: (11/16/2014 01:28:28 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Removed Adblock Plus for IE (32-bit and 64-bit)0x80070005

Error: (11/16/2014 01:20:57 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Device Driver Package Install: COMODO Network Service0x80070005

Error: (11/15/2014 03:24:29 AM) (Source: Microsoft Office 10) (EventID: 2001) (User: )
Description: Microsoft Word

Error: (11/15/2014 03:24:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE10.0.6866.08e001d000836fe20dbe0C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXEe1797028-6c76-11e4-b891-ceb052c03688

Error: (11/14/2014 09:15:21 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3596227979-2911767744-3651838352-1000}/

Error: (11/14/2014 09:14:39 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3596227979-2911767744-3651838352-1000}/

Error: (11/14/2014 01:29:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Failed to Start the CVH service 1063

Error: (11/14/2014 00:51:26 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Private-HP)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 41%
Total physical RAM: 6048.8 MB
Available physical RAM: 3524.61 MB
Total Pagefile: 12095.78 MB
Available Pagefile: 9649.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1846.44 GB) (Free:1713.77 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.47 GB) (Free:2.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CBB44473)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1846.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:22 PM

Posted 19 November 2014 - 03:17 PM

Hi Mike1179

Before we continue I can see some specialised software on your machine. Can you confirm if this machine is a Work or a Personal machine? If its a work machine do you have permission to fix it?

Thank you


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:22 PM

Posted 21 November 2014 - 03:54 PM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 Mike1179

Mike1179
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 21 November 2014 - 04:20 PM

Not sure what you mean by specialised software? But it is a personal machine. Thx 



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:22 PM

Posted 22 November 2014 - 12:32 PM

Hi Mike1179

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\...\MountPoints2: {4db7d3e6-4fc4-11e3-85a5-80c16eea6999} - "F:\WD Drive Unlock.exe" autoplay=true
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Private\AppData\Local\Temp\Quarantine.exe
C:\Users\Private\AppData\Local\Temp\sqlite3.dll
C:\Users\Private\AppData\Local\{5EE07DD6-FADE-43A0-BB23-55B666AAD5BF}
C:\Users\Private\AppData\Local\{7CF016C9-CCE4-45EA-B958-69D9D6765A79}
C:\Users\Private\AppData\Local\Avg2013
C:\Users\Private\AppData\Local\Avg2015
Hosts:
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2

  • Download TDSSKiller and save it to your Desktop.
  • Unzip the folder (Right Click > Extract to your Desktop).
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.in the style of "TDSSKiller.[Version]_[Date]_[Time]_log.txt"


Edited by seedy21, 22 November 2014 - 12:33 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 Mike1179

Mike1179
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 23 November 2014 - 03:56 PM

Hi Seedy21

 

Results from step 1:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Private at 2014-11-23 20:50:33 Run:1
Running from C:\Users\Private\Desktop
Loaded Profile: Private (Available profiles: Private & Etavirp 2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\...\MountPoints2: {4db7d3e6-4fc4-11e3-85a5-80c16eea6999} - "F:\WD Drive Unlock.exe" autoplay=true
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Private\AppData\Local\Temp\Quarantine.exe
C:\Users\Private\AppData\Local\Temp\sqlite3.dll
C:\Users\Private\AppData\Local\{5EE07DD6-FADE-43A0-BB23-55B666AAD5BF}
C:\Users\Private\AppData\Local\{7CF016C9-CCE4-45EA-B958-69D9D6765A79}
C:\Users\Private\AppData\Local\Avg2013
C:\Users\Private\AppData\Local\Avg2015
Hosts:
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
"HKU\S-1-5-21-3596227979-2911767744-3651838352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4db7d3e6-4fc4-11e3-85a5-80c16eea6999}" => Key deleted successfully.
"HKCR\CLSID\{4db7d3e6-4fc4-11e3-85a5-80c16eea6999}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Private\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Users\Private\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
C:\Users\Private\AppData\Local\{5EE07DD6-FADE-43A0-BB23-55B666AAD5BF} => Moved successfully.
C:\Users\Private\AppData\Local\{7CF016C9-CCE4-45EA-B958-69D9D6765A79} => Moved successfully.
C:\Users\Private\AppData\Local\Avg2013 => Moved successfully.
C:\Users\Private\AppData\Local\Avg2015 => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 50.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#12 Mike1179

Mike1179
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 23 November 2014 - 04:06 PM

Hi Seedy21

 

Result from step 2 - no infected or suspicious files, although the browser (firefox) is blocking a redirect - 'Firefox prevented this page from being redirected to another site'. Is this significant?

 

thx Mike

 

20:58:56.0249 0x0cd4  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
20:59:33.0236 0x0cd4  ============================================================
20:59:33.0236 0x0cd4  Current date / time: 2014/11/23 20:59:33.0236
20:59:33.0236 0x0cd4  SystemInfo:
20:59:33.0236 0x0cd4  
20:59:33.0236 0x0cd4  OS Version: 6.1.7601 ServicePack: 1.0
20:59:33.0236 0x0cd4  Product type: Workstation
20:59:33.0236 0x0cd4  ComputerName: PRIVATE-HP
20:59:33.0236 0x0cd4  UserName: Private
20:59:33.0236 0x0cd4  Windows directory: C:\Windows
20:59:33.0236 0x0cd4  System windows directory: C:\Windows
20:59:33.0236 0x0cd4  Running under WOW64
20:59:33.0236 0x0cd4  Processor architecture: Intel x64
20:59:33.0236 0x0cd4  Number of processors: 8
20:59:33.0236 0x0cd4  Page size: 0x1000
20:59:33.0236 0x0cd4  Boot type: Normal boot
20:59:33.0236 0x0cd4  ============================================================
20:59:34.0578 0x0cd4  KLMD registered as C:\Windows\system32\drivers\25379168.sys
20:59:35.0046 0x0cd4  System UUID: {F5F004DB-F4A3-8BAB-C5CD-D35924DC5AE2}
20:59:35.0405 0x0cd4  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:59:35.0420 0x0cd4  ============================================================
20:59:35.0420 0x0cd4  \Device\Harddisk0\DR0:
20:59:35.0420 0x0cd4  MBR partitions:
20:59:35.0420 0x0cd4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:59:35.0420 0x0cd4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE6CE2800
20:59:35.0420 0x0cd4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE6D15000, BlocksNum 0x20F3000
20:59:35.0420 0x0cd4  ============================================================
20:59:35.0451 0x0cd4  C: <-> \Device\Harddisk0\DR0\Partition2
20:59:35.0498 0x0cd4  D: <-> \Device\Harddisk0\DR0\Partition3
20:59:35.0498 0x0cd4  ============================================================
20:59:35.0498 0x0cd4  Initialize success
20:59:35.0498 0x0cd4  ============================================================
20:59:45.0077 0x1388  ============================================================
20:59:45.0077 0x1388  Scan started
20:59:45.0077 0x1388  Mode: Manual;
20:59:45.0077 0x1388  ============================================================
20:59:45.0077 0x1388  KSN ping started
20:59:45.0139 0x1388  KSN ping finished: false
20:59:45.0654 0x1388  ================ Scan system memory ========================
20:59:45.0654 0x1388  System memory - ok
20:59:45.0654 0x1388  ================ Scan services =============================
20:59:45.0779 0x1388  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:59:45.0794 0x1388  1394ohci - ok
20:59:45.0841 0x1388  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:59:45.0841 0x1388  ACPI - ok
20:59:45.0857 0x1388  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:59:45.0857 0x1388  AcpiPmi - ok
20:59:45.0966 0x1388  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:59:45.0981 0x1388  AdobeFlashPlayerUpdateSvc - ok
20:59:46.0013 0x1388  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:59:46.0028 0x1388  adp94xx - ok
20:59:46.0059 0x1388  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:59:46.0059 0x1388  adpahci - ok
20:59:46.0075 0x1388  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:59:46.0075 0x1388  adpu320 - ok
20:59:46.0091 0x1388  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:59:46.0106 0x1388  AeLookupSvc - ok
20:59:46.0153 0x1388  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:59:46.0169 0x1388  AFD - ok
20:59:46.0184 0x1388  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:59:46.0184 0x1388  agp440 - ok
20:59:46.0200 0x1388  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:59:46.0200 0x1388  ALG - ok
20:59:46.0231 0x1388  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:59:46.0231 0x1388  aliide - ok
20:59:46.0231 0x1388  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:59:46.0247 0x1388  amdide - ok
20:59:46.0262 0x1388  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:59:46.0262 0x1388  AmdK8 - ok
20:59:46.0293 0x1388  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:59:46.0293 0x1388  AmdPPM - ok
20:59:46.0309 0x1388  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:59:46.0309 0x1388  amdsata - ok
20:59:46.0325 0x1388  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:59:46.0325 0x1388  amdsbs - ok
20:59:46.0340 0x1388  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:59:46.0356 0x1388  amdxata - ok
20:59:46.0371 0x1388  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
20:59:46.0387 0x1388  androidusb - ok
20:59:46.0418 0x1388  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
20:59:46.0418 0x1388  AppID - ok
20:59:46.0465 0x1388  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:59:46.0465 0x1388  AppIDSvc - ok
20:59:46.0496 0x1388  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:59:46.0496 0x1388  Appinfo - ok
20:59:46.0574 0x1388  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:59:46.0574 0x1388  Apple Mobile Device - ok
20:59:46.0590 0x1388  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:59:46.0590 0x1388  arc - ok
20:59:46.0621 0x1388  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:59:46.0621 0x1388  arcsas - ok
20:59:46.0699 0x1388  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:59:46.0715 0x1388  aspnet_state - ok
20:59:46.0746 0x1388  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
20:59:46.0746 0x1388  aswHwid - ok
20:59:46.0761 0x1388  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:59:46.0761 0x1388  aswMonFlt - ok
20:59:46.0777 0x1388  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
20:59:46.0777 0x1388  aswRdr - ok
20:59:46.0777 0x1388  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:59:46.0777 0x1388  aswRvrt - ok
20:59:46.0824 0x1388  [ 655D6F1B8722091427FB18663A546E2C, 92074D308C9CF1752C49CAA47ED16FB327366174A1AFBE2CAEBFD23021EC830C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:59:46.0839 0x1388  aswSnx - ok
20:59:46.0886 0x1388  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:59:46.0886 0x1388  aswSP - ok
20:59:46.0902 0x1388  [ C8C2E9F8DBD951547CCEC1E3650643FE, DB85F9BFF79B7D8DF1F80264D060E1CDCA125D596E4660592F52B3C8A780046A ] aswStm          C:\Windows\system32\drivers\aswStm.sys
20:59:46.0902 0x1388  aswStm - ok
20:59:46.0917 0x1388  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:59:46.0917 0x1388  aswVmm - ok
20:59:46.0949 0x1388  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:59:46.0949 0x1388  AsyncMac - ok
20:59:46.0980 0x1388  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:59:46.0980 0x1388  atapi - ok
20:59:47.0042 0x1388  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:59:47.0058 0x1388  AudioEndpointBuilder - ok
20:59:47.0073 0x1388  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:59:47.0089 0x1388  AudioSrv - ok
20:59:47.0120 0x1388  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:59:47.0120 0x1388  avast! Antivirus - ok
20:59:47.0151 0x1388  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:59:47.0151 0x1388  AxInstSV - ok
20:59:47.0183 0x1388  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:59:47.0198 0x1388  b06bdrv - ok
20:59:47.0229 0x1388  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:59:47.0245 0x1388  b57nd60a - ok
20:59:47.0261 0x1388  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:59:47.0261 0x1388  BDESVC - ok
20:59:47.0276 0x1388  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:59:47.0276 0x1388  Beep - ok
20:59:47.0307 0x1388  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:59:47.0323 0x1388  BFE - ok
20:59:47.0354 0x1388  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:59:47.0385 0x1388  BITS - ok
20:59:47.0385 0x1388  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:59:47.0401 0x1388  blbdrive - ok
20:59:47.0448 0x1388  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:59:47.0463 0x1388  Bonjour Service - ok
20:59:47.0495 0x1388  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:59:47.0495 0x1388  bowser - ok
20:59:47.0510 0x1388  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:59:47.0510 0x1388  BrFiltLo - ok
20:59:47.0526 0x1388  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:59:47.0526 0x1388  BrFiltUp - ok
20:59:47.0541 0x1388  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:59:47.0557 0x1388  Browser - ok
20:59:47.0588 0x1388  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:59:47.0588 0x1388  Brserid - ok
20:59:47.0635 0x1388  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:59:47.0635 0x1388  BrSerWdm - ok
20:59:47.0651 0x1388  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:59:47.0651 0x1388  BrUsbMdm - ok
20:59:47.0666 0x1388  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:59:47.0666 0x1388  BrUsbSer - ok
20:59:47.0682 0x1388  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:59:47.0697 0x1388  BTHMODEM - ok
20:59:47.0713 0x1388  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:59:47.0713 0x1388  bthserv - ok
20:59:47.0760 0x1388  [ A3AD13CA2747953DDD4C9AE4FB925BEC, 860FA3A04DE9DA0B19C625681E594713844F3401FEFD7C26A28C6C94BA6920C7 ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
20:59:47.0775 0x1388  CalendarSynchService - ok
20:59:47.0791 0x1388  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:59:47.0791 0x1388  cdfs - ok
20:59:47.0807 0x1388  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:59:47.0822 0x1388  cdrom - ok
20:59:47.0838 0x1388  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:59:47.0838 0x1388  CertPropSvc - ok
20:59:47.0853 0x1388  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:59:47.0853 0x1388  circlass - ok
20:59:47.0885 0x1388  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:59:47.0900 0x1388  CLFS - ok
20:59:47.0947 0x1388  CLPSLauncher - ok
20:59:47.0978 0x1388  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:59:47.0994 0x1388  clr_optimization_v2.0.50727_32 - ok
20:59:48.0009 0x1388  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:59:48.0025 0x1388  clr_optimization_v2.0.50727_64 - ok
20:59:48.0103 0x1388  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:59:48.0197 0x1388  clr_optimization_v4.0.30319_32 - ok
20:59:48.0212 0x1388  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:59:48.0228 0x1388  clr_optimization_v4.0.30319_64 - ok
20:59:48.0243 0x1388  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:59:48.0243 0x1388  CmBatt - ok
20:59:48.0446 0x1388  [ 5B33C08DE574DA58606B61CFCCD3F082, F88D7BD25D32C2A59AD602DBFED8CA061635B8FEF98CFF93715260B1925D1C4E ] CmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:59:48.0524 0x1388  CmdAgent - ok
20:59:48.0540 0x1388  [ 348A7FDDF0D7354ED6308AF96EEF4F54, CB3631315429E3187E77C5799EF7AABE68320D29370DE2992F644D07975BD7A6 ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
20:59:48.0540 0x1388  cmderd - ok
20:59:48.0571 0x1388  [ 923659525ADAC632EA6F94570CCE1561, 375571DAC5A13160295E10EDE571B1A05500FD4136EAF4C48BD664D7D427E069 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
20:59:48.0571 0x1388  cmdGuard - ok
20:59:48.0587 0x1388  [ 0AB6E8D34782E83AEECEEE76BC788957, 104482EA8C35BA983CCBDA05ECD6DDCF993D3F7216CEA97E6838A67CE75B47C7 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
20:59:48.0587 0x1388  cmdHlp - ok
20:59:48.0618 0x1388  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:59:48.0618 0x1388  cmdide - ok
20:59:48.0696 0x1388  [ E621EC50B1A85D875904CC0741F03D16, 644077BC4560DA3E8EEAD93170A0E1B7D67293338280A34315BED4A684D42EEB ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
20:59:48.0743 0x1388  cmdvirth - ok
20:59:48.0789 0x1388  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:59:48.0805 0x1388  CNG - ok
20:59:48.0836 0x1388  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:59:48.0836 0x1388  Compbatt - ok
20:59:48.0867 0x1388  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:59:48.0883 0x1388  CompositeBus - ok
20:59:48.0883 0x1388  COMSysApp - ok
20:59:48.0961 0x1388  [ F08C6020E57F5E5BF2FD034DB10BEDFB, 288EA64A57057EAD135685F2C46CA53BA0319EA28B7B7A2ECBE29E50ED807FCA ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:59:48.0961 0x1388  cphs - ok
20:59:48.0977 0x1388  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:59:48.0977 0x1388  crcdisk - ok
20:59:49.0023 0x1388  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:59:49.0023 0x1388  CryptSvc - ok
20:59:49.0101 0x1388  [ 72794D112CBAFF3BC0C29BF7350D4741, 060C207F27306A3464FBCD8B08BDC97E34923ECA349933ECB059848BD08F41ED ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:59:49.0117 0x1388  cvhsvc - ok
20:59:49.0148 0x1388  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:59:49.0148 0x1388  DcomLaunch - ok
20:59:49.0179 0x1388  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:59:49.0195 0x1388  defragsvc - ok
20:59:49.0211 0x1388  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:59:49.0211 0x1388  DfsC - ok
20:59:49.0242 0x1388  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:59:49.0242 0x1388  Dhcp - ok
20:59:49.0257 0x1388  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:59:49.0257 0x1388  discache - ok
20:59:49.0289 0x1388  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:59:49.0289 0x1388  Disk - ok
20:59:49.0320 0x1388  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:59:49.0320 0x1388  Dnscache - ok
20:59:49.0351 0x1388  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:59:49.0351 0x1388  dot3svc - ok
20:59:49.0382 0x1388  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:59:49.0382 0x1388  DPS - ok
20:59:49.0429 0x1388  DragonUpdater - ok
20:59:49.0460 0x1388  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:59:49.0460 0x1388  drmkaud - ok
20:59:49.0523 0x1388  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:59:49.0538 0x1388  DXGKrnl - ok
20:59:49.0554 0x1388  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:59:49.0554 0x1388  EapHost - ok
20:59:49.0647 0x1388  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:59:49.0694 0x1388  ebdrv - ok
20:59:49.0741 0x1388  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:59:49.0757 0x1388  EFS - ok
20:59:49.0803 0x1388  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:59:49.0819 0x1388  elxstor - ok
20:59:49.0835 0x1388  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:59:49.0835 0x1388  ErrDev - ok
20:59:49.0881 0x1388  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:59:49.0897 0x1388  EventSystem - ok
20:59:49.0913 0x1388  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:59:49.0928 0x1388  exfat - ok
20:59:49.0928 0x1388  ezSharedSvc - ok
20:59:49.0959 0x1388  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:59:49.0959 0x1388  fastfat - ok
20:59:49.0991 0x1388  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:59:50.0006 0x1388  Fax - ok
20:59:50.0022 0x1388  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:59:50.0022 0x1388  fdc - ok
20:59:50.0022 0x1388  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:59:50.0037 0x1388  fdPHost - ok
20:59:50.0037 0x1388  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:59:50.0037 0x1388  FDResPub - ok
20:59:50.0053 0x1388  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:59:50.0053 0x1388  FileInfo - ok
20:59:50.0053 0x1388  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:59:50.0053 0x1388  Filetrace - ok
20:59:50.0069 0x1388  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:59:50.0069 0x1388  flpydisk - ok
20:59:50.0084 0x1388  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:59:50.0084 0x1388  FltMgr - ok
20:59:50.0147 0x1388  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:59:50.0178 0x1388  FontCache - ok
20:59:50.0209 0x1388  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:59:50.0209 0x1388  FontCache3.0.0.0 - ok
20:59:50.0209 0x1388  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:59:50.0225 0x1388  FsDepends - ok
20:59:50.0256 0x1388  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:59:50.0256 0x1388  Fs_Rec - ok
20:59:50.0287 0x1388  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:59:50.0287 0x1388  fvevol - ok
20:59:50.0303 0x1388  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:59:50.0318 0x1388  gagp30kx - ok
20:59:50.0334 0x1388  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:59:50.0349 0x1388  GamesAppService - ok
20:59:50.0365 0x1388  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:59:50.0365 0x1388  GEARAspiWDM - ok
20:59:50.0396 0x1388  GeekBuddyRSP - ok
20:59:50.0443 0x1388  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:59:50.0459 0x1388  gpsvc - ok
20:59:50.0474 0x1388  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:59:50.0474 0x1388  hcw85cir - ok
20:59:50.0490 0x1388  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:59:50.0490 0x1388  HdAudAddService - ok
20:59:50.0505 0x1388  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:59:50.0521 0x1388  HDAudBus - ok
20:59:50.0537 0x1388  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:59:50.0537 0x1388  HidBatt - ok
20:59:50.0552 0x1388  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:59:50.0552 0x1388  HidBth - ok
20:59:50.0568 0x1388  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:59:50.0568 0x1388  HidIr - ok
20:59:50.0583 0x1388  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:59:50.0583 0x1388  hidserv - ok
20:59:50.0630 0x1388  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:59:50.0630 0x1388  HidUsb - ok
20:59:50.0646 0x1388  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:59:50.0646 0x1388  hkmsvc - ok
20:59:50.0677 0x1388  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:59:50.0677 0x1388  HomeGroupListener - ok
20:59:50.0693 0x1388  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:59:50.0708 0x1388  HomeGroupProvider - ok
20:59:50.0739 0x1388  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:59:50.0755 0x1388  HPClientSvc - ok
20:59:50.0771 0x1388  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:59:50.0771 0x1388  HpSAMD - ok
20:59:50.0833 0x1388  HPSLPSVC - ok
20:59:50.0864 0x1388  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:59:50.0880 0x1388  HTTP - ok
20:59:50.0911 0x1388  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:59:50.0911 0x1388  hwpolicy - ok
20:59:50.0927 0x1388  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:59:50.0927 0x1388  i8042prt - ok
20:59:50.0958 0x1388  [ 2FDAEC4B02729C48C0FD1B0B4695995B, 87331D91FA3A23257B9913067B7B16D08710408070795B638058DBF728BBB288 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
20:59:50.0958 0x1388  iaStor - ok
20:59:50.0973 0x1388  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:59:50.0989 0x1388  iaStorV - ok
20:59:51.0020 0x1388  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:59:51.0036 0x1388  idsvc - ok
20:59:51.0395 0x1388  [ 371D7F91C0D2314EB984A4A6CBEABC92, DD4B04308596C1E6C75B8772D4421137F3A83285DBCFD4DF54166D2B0B45A317 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:59:51.0644 0x1388  igfx - ok
20:59:51.0691 0x1388  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:59:51.0691 0x1388  iirsp - ok
20:59:51.0753 0x1388  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:59:51.0769 0x1388  IKEEXT - ok
20:59:51.0800 0x1388  [ 8E8C4F5DE79216E56A2E61D573C4F9B3, 7634C33E64B2A40FF5C0B8A1B2CF024A945EF70DE49CACDF96B01A043DC9A7F4 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
20:59:51.0800 0x1388  inspect - ok
20:59:51.0894 0x1388  [ 68E799ADC93086EA170D3314DF23BEDB, F3B30B806F54FC6A9C2EC8C357591191BF606AA12D2D90B24411C31D7825E6EE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:59:51.0925 0x1388  IntcAzAudAddService - ok
20:59:51.0987 0x1388  [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
20:59:52.0019 0x1388  Intel® Capability Licensing Service Interface - ok
20:59:52.0034 0x1388  [ C9DCE1CB628AEED3C0C30ABBF4F1E718, 794E6BE05010E315C321DA75ED8FF427CAF3C2AA7C723B267CB22A5D9FC8C4C8 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
20:59:52.0050 0x1388  Intel® ME Service - ok
20:59:52.0081 0x1388  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:59:52.0081 0x1388  intelide - ok
20:59:52.0112 0x1388  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:59:52.0128 0x1388  intelppm - ok
20:59:52.0143 0x1388  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:59:52.0143 0x1388  IPBusEnum - ok
20:59:52.0159 0x1388  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:59:52.0159 0x1388  IpFilterDriver - ok
20:59:52.0206 0x1388  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:59:52.0221 0x1388  iphlpsvc - ok
20:59:52.0221 0x1388  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:59:52.0237 0x1388  IPMIDRV - ok
20:59:52.0253 0x1388  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:59:52.0253 0x1388  IPNAT - ok
20:59:52.0331 0x1388  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:59:52.0346 0x1388  iPod Service - ok
20:59:52.0362 0x1388  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:59:52.0362 0x1388  IRENUM - ok
20:59:52.0393 0x1388  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:59:52.0393 0x1388  isapnp - ok
20:59:52.0424 0x1388  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:59:52.0440 0x1388  iScsiPrt - ok
20:59:52.0471 0x1388  [ 6C85719A21B3F62C2C76280F4BD36C7B, 471E333467937720EF9369419EEDE5C2246C976123B437E0AC66F394CF1C056A ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
20:59:52.0471 0x1388  jhi_service - ok
20:59:52.0487 0x1388  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:59:52.0502 0x1388  kbdclass - ok
20:59:52.0502 0x1388  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:59:52.0502 0x1388  kbdhid - ok
20:59:52.0518 0x1388  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:59:52.0533 0x1388  KeyIso - ok
20:59:52.0565 0x1388  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:59:52.0565 0x1388  KSecDD - ok
20:59:52.0596 0x1388  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:59:52.0596 0x1388  KSecPkg - ok
20:59:52.0611 0x1388  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:59:52.0611 0x1388  ksthunk - ok
20:59:52.0643 0x1388  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:59:52.0658 0x1388  KtmRm - ok
20:59:52.0705 0x1388  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:59:52.0721 0x1388  LanmanServer - ok
20:59:52.0736 0x1388  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:59:52.0752 0x1388  LanmanWorkstation - ok
20:59:52.0767 0x1388  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:59:52.0767 0x1388  lltdio - ok
20:59:52.0783 0x1388  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:59:52.0783 0x1388  lltdsvc - ok
20:59:52.0799 0x1388  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:59:52.0799 0x1388  lmhosts - ok
20:59:52.0830 0x1388  [ BF22ACF4CF3734D61357E67F0521BC03, EDDFBDC4BE29BF26904B2DF7074F471711238469CDDBED1CA253A49B993F53DF ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:59:52.0845 0x1388  LMS - ok
20:59:52.0877 0x1388  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:59:52.0877 0x1388  LSI_FC - ok
20:59:52.0877 0x1388  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:59:52.0892 0x1388  LSI_SAS - ok
20:59:52.0908 0x1388  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:59:52.0908 0x1388  LSI_SAS2 - ok
20:59:52.0908 0x1388  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:59:52.0923 0x1388  LSI_SCSI - ok
20:59:52.0939 0x1388  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:59:52.0939 0x1388  luafv - ok
20:59:52.0955 0x1388  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:59:52.0955 0x1388  megasas - ok
20:59:52.0970 0x1388  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:59:52.0986 0x1388  MegaSR - ok
20:59:53.0001 0x1388  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
20:59:53.0017 0x1388  MEIx64 - ok
20:59:53.0033 0x1388  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:59:53.0033 0x1388  MMCSS - ok
20:59:53.0048 0x1388  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:59:53.0048 0x1388  Modem - ok
20:59:53.0064 0x1388  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:59:53.0064 0x1388  monitor - ok
20:59:53.0079 0x1388  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:59:53.0079 0x1388  mouclass - ok
20:59:53.0079 0x1388  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:59:53.0079 0x1388  mouhid - ok
20:59:53.0095 0x1388  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:59:53.0111 0x1388  mountmgr - ok
20:59:53.0173 0x1388  [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:59:53.0173 0x1388  MozillaMaintenance - ok
20:59:53.0189 0x1388  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:59:53.0189 0x1388  mpio - ok
20:59:53.0220 0x1388  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:59:53.0220 0x1388  mpsdrv - ok
20:59:53.0251 0x1388  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:59:53.0282 0x1388  MpsSvc - ok
20:59:53.0298 0x1388  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:59:53.0313 0x1388  MRxDAV - ok
20:59:53.0313 0x1388  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:59:53.0329 0x1388  mrxsmb - ok
20:59:53.0329 0x1388  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:59:53.0345 0x1388  mrxsmb10 - ok
20:59:53.0360 0x1388  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:59:53.0360 0x1388  mrxsmb20 - ok
20:59:53.0376 0x1388  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:59:53.0391 0x1388  msahci - ok
20:59:53.0407 0x1388  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:59:53.0423 0x1388  msdsm - ok
20:59:53.0438 0x1388  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:59:53.0438 0x1388  MSDTC - ok
20:59:53.0469 0x1388  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:59:53.0469 0x1388  Msfs - ok
20:59:53.0485 0x1388  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:59:53.0485 0x1388  mshidkmdf - ok
20:59:53.0501 0x1388  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:59:53.0501 0x1388  msisadrv - ok
20:59:53.0516 0x1388  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:59:53.0516 0x1388  MSiSCSI - ok
20:59:53.0532 0x1388  msiserver - ok
20:59:53.0547 0x1388  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:59:53.0547 0x1388  MSKSSRV - ok
20:59:53.0563 0x1388  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:59:53.0563 0x1388  MSPCLOCK - ok
20:59:53.0579 0x1388  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:59:53.0579 0x1388  MSPQM - ok
20:59:53.0610 0x1388  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:59:53.0625 0x1388  MsRPC - ok
20:59:53.0641 0x1388  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:59:53.0641 0x1388  mssmbios - ok
20:59:53.0657 0x1388  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:59:53.0657 0x1388  MSTEE - ok
20:59:53.0672 0x1388  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:59:53.0672 0x1388  MTConfig - ok
20:59:53.0672 0x1388  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:59:53.0688 0x1388  Mup - ok
20:59:53.0719 0x1388  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:59:53.0735 0x1388  napagent - ok
20:59:53.0750 0x1388  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:59:53.0766 0x1388  NativeWifiP - ok
20:59:53.0813 0x1388  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:59:53.0828 0x1388  NDIS - ok
20:59:53.0828 0x1388  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:59:53.0844 0x1388  NdisCap - ok
20:59:53.0859 0x1388  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:59:53.0859 0x1388  NdisTapi - ok
20:59:53.0875 0x1388  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:59:53.0875 0x1388  Ndisuio - ok
20:59:53.0891 0x1388  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:59:53.0891 0x1388  NdisWan - ok
20:59:53.0906 0x1388  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:59:53.0906 0x1388  NDProxy - ok
20:59:53.0906 0x1388  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:59:53.0922 0x1388  NetBIOS - ok
20:59:53.0937 0x1388  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:59:53.0937 0x1388  NetBT - ok
20:59:53.0937 0x1388  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:59:53.0953 0x1388  Netlogon - ok
20:59:53.0969 0x1388  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:59:53.0984 0x1388  Netman - ok
20:59:54.0031 0x1388  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:59:54.0047 0x1388  NetMsmqActivator - ok
20:59:54.0047 0x1388  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:59:54.0062 0x1388  NetPipeActivator - ok
20:59:54.0078 0x1388  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:59:54.0093 0x1388  netprofm - ok
20:59:54.0156 0x1388  [ 570813483F26B5C8D984BCA5BB70B50D, 458F4A95D234C66BF0551BA4EA48920DD97B16647CF6327CD0057257CB64CF32 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
20:59:54.0171 0x1388  netr28x - ok
20:59:54.0187 0x1388  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:59:54.0187 0x1388  NetTcpActivator - ok
20:59:54.0187 0x1388  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:59:54.0187 0x1388  NetTcpPortSharing - ok
20:59:54.0218 0x1388  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:59:54.0218 0x1388  nfrd960 - ok
20:59:54.0234 0x1388  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:59:54.0234 0x1388  NlaSvc - ok
20:59:54.0249 0x1388  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:59:54.0249 0x1388  Npfs - ok
20:59:54.0265 0x1388  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:59:54.0265 0x1388  nsi - ok
20:59:54.0265 0x1388  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:59:54.0281 0x1388  nsiproxy - ok
20:59:54.0343 0x1388  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:59:54.0374 0x1388  Ntfs - ok
20:59:54.0374 0x1388  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:59:54.0374 0x1388  Null - ok
20:59:54.0390 0x1388  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:59:54.0405 0x1388  nvraid - ok
20:59:54.0437 0x1388  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:59:54.0437 0x1388  nvstor - ok
20:59:54.0468 0x1388  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:59:54.0483 0x1388  nv_agp - ok
20:59:54.0499 0x1388  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:59:54.0499 0x1388  ohci1394 - ok
20:59:54.0515 0x1388  ose - ok
20:59:54.0561 0x1388  osppsvc - ok
20:59:54.0577 0x1388  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:59:54.0593 0x1388  p2pimsvc - ok
20:59:54.0608 0x1388  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:59:54.0624 0x1388  p2psvc - ok
20:59:54.0655 0x1388  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
20:59:54.0655 0x1388  Parport - ok
20:59:54.0686 0x1388  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:59:54.0686 0x1388  partmgr - ok
20:59:54.0717 0x1388  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:59:54.0733 0x1388  PcaSvc - ok
20:59:54.0749 0x1388  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:59:54.0749 0x1388  pci - ok
20:59:54.0780 0x1388  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:59:54.0780 0x1388  pciide - ok
20:59:54.0795 0x1388  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:59:54.0811 0x1388  pcmcia - ok
20:59:54.0827 0x1388  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:59:54.0827 0x1388  pcw - ok
20:59:54.0873 0x1388  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:59:54.0889 0x1388  PEAUTH - ok
20:59:54.0951 0x1388  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:59:54.0951 0x1388  PerfHost - ok
20:59:55.0029 0x1388  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:59:55.0045 0x1388  pla - ok
20:59:55.0092 0x1388  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:59:55.0123 0x1388  PlugPlay - ok
20:59:55.0154 0x1388  [ 0BEE791C7C7ACE453C134E73633C497D, 82B30461DBF40AC15FCE6A83B9BAD2EBD05B27DEA1B784EAA096422FE8927B7B ] pmxdrv          C:\Windows\system32\drivers\pmxdrv.sys
20:59:55.0154 0x1388  pmxdrv - ok
20:59:55.0170 0x1388  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:59:55.0170 0x1388  PNRPAutoReg - ok
20:59:55.0201 0x1388  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:59:55.0201 0x1388  PNRPsvc - ok
20:59:55.0232 0x1388  [ 32D374C60778253B81FA76C2FE19E155, 6BD6B360EAC4F9988921281B52B4B1A29DDD287C6DB18688B4CEA5B1B4F22106 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
20:59:55.0232 0x1388  Point64 - ok
20:59:55.0263 0x1388  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:59:55.0279 0x1388  PolicyAgent - ok
20:59:55.0295 0x1388  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:59:55.0310 0x1388  Power - ok
20:59:55.0326 0x1388  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:59:55.0326 0x1388  PptpMiniport - ok
20:59:55.0341 0x1388  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:59:55.0357 0x1388  Processor - ok
20:59:55.0373 0x1388  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:59:55.0388 0x1388  ProfSvc - ok
20:59:55.0388 0x1388  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:59:55.0388 0x1388  ProtectedStorage - ok
20:59:55.0404 0x1388  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:59:55.0404 0x1388  Psched - ok
20:59:55.0451 0x1388  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:59:55.0482 0x1388  ql2300 - ok
20:59:55.0497 0x1388  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:59:55.0497 0x1388  ql40xx - ok
20:59:55.0513 0x1388  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:59:55.0529 0x1388  QWAVE - ok
20:59:55.0544 0x1388  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:59:55.0544 0x1388  QWAVEdrv - ok
20:59:55.0544 0x1388  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:59:55.0544 0x1388  RasAcd - ok
20:59:55.0560 0x1388  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:59:55.0575 0x1388  RasAgileVpn - ok
20:59:55.0575 0x1388  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:59:55.0591 0x1388  RasAuto - ok
20:59:55.0591 0x1388  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:59:55.0607 0x1388  Rasl2tp - ok
20:59:55.0622 0x1388  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:59:55.0622 0x1388  RasMan - ok
20:59:55.0638 0x1388  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:59:55.0638 0x1388  RasPppoe - ok
20:59:55.0669 0x1388  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:59:55.0669 0x1388  RasSstp - ok
20:59:55.0685 0x1388  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:59:55.0685 0x1388  rdbss - ok
20:59:55.0700 0x1388  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:59:55.0700 0x1388  rdpbus - ok
20:59:55.0716 0x1388  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:59:55.0716 0x1388  RDPCDD - ok
20:59:55.0731 0x1388  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:59:55.0731 0x1388  RDPENCDD - ok
20:59:55.0747 0x1388  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:59:55.0747 0x1388  RDPREFMP - ok
20:59:55.0794 0x1388  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:59:55.0794 0x1388  RdpVideoMiniport - ok
20:59:55.0841 0x1388  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:59:55.0856 0x1388  RDPWD - ok
20:59:55.0856 0x1388  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:59:55.0872 0x1388  rdyboost - ok
20:59:55.0887 0x1388  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:59:55.0887 0x1388  RemoteAccess - ok
20:59:55.0903 0x1388  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:59:55.0903 0x1388  RemoteRegistry - ok
20:59:55.0919 0x1388  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:59:55.0919 0x1388  RpcEptMapper - ok
20:59:55.0919 0x1388  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:59:55.0919 0x1388  RpcLocator - ok
20:59:55.0950 0x1388  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:59:55.0950 0x1388  RpcSs - ok
20:59:55.0965 0x1388  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:59:55.0965 0x1388  rspndr - ok
20:59:56.0012 0x1388  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:59:56.0012 0x1388  RTL8167 - ok
20:59:56.0028 0x1388  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:59:56.0028 0x1388  SamSs - ok
20:59:56.0075 0x1388  [ B38103F1B78072D53EC23AC8287A72C2, B502C6AD64DC3D1185086623D32C275CEAF1F50BE22011B2B7F55B7FC0135857 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
20:59:56.0090 0x1388  SbieDrv - ok
20:59:56.0106 0x1388  [ 542B3B5219AA6CE3E55B7C70021C0C35, B47E23E647AAD7C88DE7116F11973D3E6B7423A13B4F0709F2A11CC405423E10 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
20:59:56.0106 0x1388  SbieSvc - ok
20:59:56.0121 0x1388  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:59:56.0137 0x1388  sbp2port - ok
20:59:56.0153 0x1388  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:59:56.0168 0x1388  SCardSvr - ok
20:59:56.0168 0x1388  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:59:56.0184 0x1388  scfilter - ok
20:59:56.0215 0x1388  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:59:56.0231 0x1388  Schedule - ok
20:59:56.0246 0x1388  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:59:56.0246 0x1388  SCPolicySvc - ok
20:59:56.0262 0x1388  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:59:56.0262 0x1388  SDRSVC - ok
20:59:56.0293 0x1388  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:59:56.0293 0x1388  secdrv - ok
20:59:56.0293 0x1388  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:59:56.0309 0x1388  seclogon - ok
20:59:56.0309 0x1388  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:59:56.0309 0x1388  SENS - ok
20:59:56.0324 0x1388  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:59:56.0324 0x1388  SensrSvc - ok
20:59:56.0355 0x1388  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:59:56.0355 0x1388  Serenum - ok
20:59:56.0371 0x1388  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
20:59:56.0371 0x1388  Serial - ok
20:59:56.0402 0x1388  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:59:56.0402 0x1388  sermouse - ok
20:59:56.0480 0x1388  [ 9D38320BB32230349379DF5DDBBF7FCE, 8AAA8B0B60E65F596C3276DCCD0D8146B40172B6D509B597EDFDA46AC8A72A4C ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:59:56.0496 0x1388  ServiceLayer - ok
20:59:56.0511 0x1388  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:59:56.0511 0x1388  SessionEnv - ok
20:59:56.0527 0x1388  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:59:56.0527 0x1388  sffdisk - ok
20:59:56.0543 0x1388  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:59:56.0543 0x1388  sffp_mmc - ok
20:59:56.0543 0x1388  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:59:56.0543 0x1388  sffp_sd - ok
20:59:56.0558 0x1388  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:59:56.0558 0x1388  sfloppy - ok
20:59:56.0605 0x1388  [ C6CC9297BD53E5229653303E556AA539, 921E21EDED244FEE15B56564B97C97785F45AB862C1012BFA0B96B121DC90076 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:59:56.0621 0x1388  Sftfs - ok
20:59:56.0683 0x1388  [ 13693B6354DD6E72DC5131DA7D764B90, 447EFDA7CFB1F62EA316219D996406C8DC374097DB903F362D6E945227D8BB2D ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:59:56.0699 0x1388  sftlist - ok
20:59:56.0699 0x1388  [ 390AA7BC52CEE43F6790CDEA1E776703, 0D008289E4B14EF56D5233B7C8C789A36503FBAA8896660776557D6F08808FA7 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:59:56.0714 0x1388  Sftplay - ok
20:59:56.0730 0x1388  [ 617E29A0B0A2807466560D4C4E338D3E, 5E95D38DB9A6776EB4A15A952FA7949831D6F660EED8C3E79BD09D102BAC5D67 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:59:56.0730 0x1388  Sftredir - ok
20:59:56.0730 0x1388  [ 8F571F016FA1976F445147E9E6C8AE9B, 527AB960F2E08F598D1B953BDA4EA749831DD3C765DA278044B8AB22365F02B5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:59:56.0730 0x1388  Sftvol - ok
20:59:56.0745 0x1388  [ C3CDDD18F43D44AB713CF8C4916F7696, 38093295825AFDD08D7E32CC4EF2A6C447F6D6E3C6F7EA5554C25E7C3F16FC92 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:59:56.0745 0x1388  sftvsa - ok
20:59:56.0761 0x1388  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:59:56.0777 0x1388  SharedAccess - ok
20:59:56.0808 0x1388  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:59:56.0808 0x1388  ShellHWDetection - ok
20:59:56.0823 0x1388  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:59:56.0839 0x1388  SiSRaid2 - ok
20:59:56.0839 0x1388  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:59:56.0839 0x1388  SiSRaid4 - ok
20:59:56.0901 0x1388  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:59:56.0917 0x1388  SkypeUpdate - ok
20:59:56.0933 0x1388  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:59:56.0948 0x1388  Smb - ok
20:59:56.0964 0x1388  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:59:56.0964 0x1388  SNMPTRAP - ok
20:59:56.0964 0x1388  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:59:56.0964 0x1388  spldr - ok
20:59:57.0011 0x1388  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:59:57.0011 0x1388  Spooler - ok
20:59:57.0104 0x1388  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:59:57.0151 0x1388  sppsvc - ok
20:59:57.0167 0x1388  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:59:57.0167 0x1388  sppuinotify - ok
20:59:57.0198 0x1388  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:59:57.0213 0x1388  srv - ok
20:59:57.0229 0x1388  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:59:57.0245 0x1388  srv2 - ok
20:59:57.0245 0x1388  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:59:57.0260 0x1388  srvnet - ok
20:59:57.0291 0x1388  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
20:59:57.0291 0x1388  ssadbus - ok
20:59:57.0307 0x1388  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:59:57.0307 0x1388  ssadmdfl - ok
20:59:57.0323 0x1388  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
20:59:57.0323 0x1388  ssadmdm - ok
20:59:57.0354 0x1388  [ ED161B91FDF7EAA39469D72D463D5F4E, FC793E378FB709313D0AC44F59BF5C9488D73235AA2B1A21C50C3DED91C6BE62 ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
20:59:57.0369 0x1388  sscdbus - ok
20:59:57.0401 0x1388  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:59:57.0401 0x1388  SSDPSRV - ok
20:59:57.0416 0x1388  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:59:57.0416 0x1388  SstpSvc - ok
20:59:57.0432 0x1388  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:59:57.0432 0x1388  stexstor - ok
20:59:57.0463 0x1388  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:59:57.0479 0x1388  stisvc - ok
20:59:57.0479 0x1388  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:59:57.0479 0x1388  swenum - ok
20:59:57.0494 0x1388  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:59:57.0510 0x1388  swprv - ok
20:59:57.0557 0x1388  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:59:57.0588 0x1388  SysMain - ok
20:59:57.0603 0x1388  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:59:57.0603 0x1388  TabletInputService - ok
20:59:57.0791 0x1388  [ C4C20CFA4F42E9B7454E895C5C47BCD3, 6540A9DB78AF61601CED8993670F82200FCF6EA8A29A55FDAE21A40E8B51783E ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
20:59:57.0869 0x1388  TabletServicePen - ok
20:59:57.0900 0x1388  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:59:57.0915 0x1388  TapiSrv - ok
20:59:57.0915 0x1388  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:59:57.0931 0x1388  TBS - ok
20:59:58.0009 0x1388  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:59:58.0040 0x1388  Tcpip - ok
20:59:58.0087 0x1388  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:59:58.0118 0x1388  TCPIP6 - ok
20:59:58.0134 0x1388  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:59:58.0134 0x1388  tcpipreg - ok
20:59:58.0165 0x1388  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:59:58.0165 0x1388  TDPIPE - ok
20:59:58.0181 0x1388  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:59:58.0181 0x1388  TDTCP - ok
20:59:58.0212 0x1388  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:59:58.0212 0x1388  tdx - ok
20:59:58.0227 0x1388  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:59:58.0227 0x1388  TermDD - ok
20:59:58.0274 0x1388  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:59:58.0290 0x1388  TermService - ok
20:59:58.0337 0x1388  [ CE4B6956E4E12492715A53076E58761F, 0D12934B8F7D18F5785A3EAEDEC2CBD1C3627F7D73C73E9329C73A3B99990D36 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
20:59:58.0337 0x1388  TFsExDisk - ok
20:59:58.0352 0x1388  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:59:58.0368 0x1388  Themes - ok
20:59:58.0383 0x1388  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:59:58.0399 0x1388  THREADORDER - ok
20:59:58.0461 0x1388  [ E4FAD21646088D79F8889B6531396ACF, D0C8F0E3293D423245FD2233F283A1FE2463E15F8B9F4ED6AC96C2164EC51F75 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:59:58.0461 0x1388  TomTomHOMEService - ok
20:59:58.0524 0x1388  [ 7625DCF246E488E523DC1F64C38ABDA2, 71AC3D321F7B3403421522F773398CBCC2DD348132B62A4D1E589103FCDED3DA ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
20:59:58.0555 0x1388  TouchServicePen - ok
20:59:58.0571 0x1388  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:59:58.0571 0x1388  TrkWks - ok
20:59:58.0586 0x1388  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:59:58.0602 0x1388  TrustedInstaller - ok
20:59:58.0633 0x1388  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:59:58.0633 0x1388  tssecsrv - ok
20:59:58.0680 0x1388  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:59:58.0680 0x1388  TsUsbFlt - ok
20:59:58.0711 0x1388  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:59:58.0711 0x1388  TsUsbGD - ok
20:59:58.0727 0x1388  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:59:58.0742 0x1388  tunnel - ok
20:59:58.0758 0x1388  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:59:58.0758 0x1388  uagp35 - ok
20:59:58.0773 0x1388  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:59:58.0789 0x1388  udfs - ok
20:59:58.0805 0x1388  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:59:58.0805 0x1388  UI0Detect - ok
20:59:58.0820 0x1388  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:59:58.0836 0x1388  uliagpkx - ok
20:59:58.0836 0x1388  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:59:58.0851 0x1388  umbus - ok
20:59:58.0867 0x1388  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:59:58.0867 0x1388  UmPass - ok
20:59:58.0929 0x1388  [ B097EBA0E3FEB020BB65FE43AF5ECCFF, B8FE680EE49B633F3FAFD81E8CE5063397774F63636C9F3C280815114A0ABD0F ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:59:58.0945 0x1388  UNS - ok
20:59:58.0961 0x1388  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:59:58.0976 0x1388  upnphost - ok
20:59:59.0007 0x1388  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:59:59.0007 0x1388  USBAAPL64 - ok
20:59:59.0054 0x1388  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:59:59.0054 0x1388  usbccgp - ok
20:59:59.0085 0x1388  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:59:59.0085 0x1388  usbcir - ok
20:59:59.0117 0x1388  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:59:59.0117 0x1388  usbehci - ok
20:59:59.0148 0x1388  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:59:59.0148 0x1388  usbhub - ok
20:59:59.0179 0x1388  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:59:59.0179 0x1388  usbohci - ok
20:59:59.0195 0x1388  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:59:59.0210 0x1388  usbprint - ok
20:59:59.0241 0x1388  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:59:59.0241 0x1388  usbscan - ok
20:59:59.0273 0x1388  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:59:59.0273 0x1388  USBSTOR - ok
20:59:59.0304 0x1388  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:59:59.0304 0x1388  usbuhci - ok
20:59:59.0319 0x1388  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:59:59.0319 0x1388  UxSms - ok
20:59:59.0335 0x1388  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:59:59.0335 0x1388  VaultSvc - ok
20:59:59.0366 0x1388  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:59:59.0366 0x1388  vdrvroot - ok
20:59:59.0413 0x1388  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:59:59.0429 0x1388  vds - ok
20:59:59.0444 0x1388  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:59:59.0444 0x1388  vga - ok
20:59:59.0460 0x1388  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:59:59.0460 0x1388  VgaSave - ok
20:59:59.0475 0x1388  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:59:59.0475 0x1388  vhdmp - ok
20:59:59.0507 0x1388  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:59:59.0507 0x1388  viaide - ok
20:59:59.0553 0x1388  [ F211E659AAF2D82E4DBD6EA4A8178829, 5B039682BF1BD1286B2CFA4AE8D218CD82C2478E4A88395D78B6F777DD78DEA0 ] VIPAppService   C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
20:59:59.0553 0x1388  VIPAppService - ok
20:59:59.0569 0x1388  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:59:59.0585 0x1388  volmgr - ok
20:59:59.0600 0x1388  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:59:59.0616 0x1388  volmgrx - ok
20:59:59.0616 0x1388  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:59:59.0631 0x1388  volsnap - ok
20:59:59.0647 0x1388  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:59:59.0647 0x1388  vsmraid - ok
20:59:59.0694 0x1388  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:59:59.0725 0x1388  VSS - ok
20:59:59.0741 0x1388  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:59:59.0741 0x1388  vwifibus - ok
20:59:59.0756 0x1388  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:59:59.0756 0x1388  vwififlt - ok
20:59:59.0772 0x1388  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:59:59.0772 0x1388  vwifimp - ok
20:59:59.0803 0x1388  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:59:59.0803 0x1388  W32Time - ok
20:59:59.0850 0x1388  [ FE75777289278A4941FE6139E82B3BD9, 4B0F3117C7D905240DB54EEE376404757258051CC5F8F312CAF748E1811368C6 ] wacmoumonitor   C:\Windows\system32\DRIVERS\wacmoumonitor.sys
20:59:59.0850 0x1388  wacmoumonitor - ok
20:59:59.0881 0x1388  [ E04D43C7D1641E95D35CAE6086C7E350, BF08ED680EC835D70C522B91560B8987F206793E8E2987117C1D7B77DEFF8556 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
20:59:59.0881 0x1388  wacommousefilter - ok
20:59:59.0897 0x1388  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:59:59.0897 0x1388  WacomPen - ok
20:59:59.0943 0x1388  [ EC1CEB237E365330C1FCFC4876AA0AC0, 9BFF9062AC5E4B9D0C6502D8DE7E59B887903ED29F26157A5F82966932F1EBD0 ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
20:59:59.0959 0x1388  wacomvhid - ok
20:59:59.0990 0x1388  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:59:59.0990 0x1388  WANARP - ok
21:00:00.0006 0x1388  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:00:00.0006 0x1388  Wanarpv6 - ok
21:00:00.0084 0x1388  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:00:00.0115 0x1388  WatAdminSvc - ok
21:00:00.0177 0x1388  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:00:00.0209 0x1388  wbengine - ok
21:00:00.0224 0x1388  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:00:00.0240 0x1388  WbioSrvc - ok
21:00:00.0255 0x1388  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:00:00.0255 0x1388  wcncsvc - ok
21:00:00.0287 0x1388  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:00:00.0287 0x1388  WcsPlugInService - ok
21:00:00.0302 0x1388  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:00:00.0302 0x1388  Wd - ok
21:00:00.0349 0x1388  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
21:00:00.0349 0x1388  WDC_SAM - ok
21:00:00.0396 0x1388  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:00:00.0427 0x1388  Wdf01000 - ok
21:00:00.0443 0x1388  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:00:00.0443 0x1388  WdiServiceHost - ok
21:00:00.0443 0x1388  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:00:00.0458 0x1388  WdiSystemHost - ok
21:00:00.0489 0x1388  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
21:00:00.0505 0x1388  WebClient - ok
21:00:00.0536 0x1388  [ D5BA7D43FA2EF656BF7E98A188391E40, 56CF132B7C43A0F9C7C4D070730315FE7AFD2E87E94014DFC3D7107BB52B9C64 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:00:00.0552 0x1388  Wecsvc - ok
21:00:00.0567 0x1388  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:00:00.0583 0x1388  wercplsupport - ok
21:00:00.0599 0x1388  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:00:00.0599 0x1388  WerSvc - ok
21:00:00.0630 0x1388  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:00:00.0630 0x1388  WfpLwf - ok
21:00:00.0645 0x1388  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:00:00.0645 0x1388  WIMMount - ok
21:00:00.0661 0x1388  WinDefend - ok
21:00:00.0677 0x1388  WinHttpAutoProxySvc - ok
21:00:00.0723 0x1388  [ 136760C1E9697BAF4ECDEAE5590A0806, 12E80D0923D794F4C520FEA7CB98EF581231B996FB1876EB20995E6E457EFF56 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:00:00.0723 0x1388  Winmgmt - ok
21:00:00.0833 0x1388  [ 3BB6B401A780BF434C8F58137DE10BF7, 1A377C39B78B92A1A1FED699EE5E5ED0271A6FFAC143F1D29FC1FDF4D726A522 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:00:00.0879 0x1388  WinRM - ok
21:00:00.0942 0x1388  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:00:00.0942 0x1388  WinUsb - ok
21:00:00.0973 0x1388  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:00:01.0004 0x1388  Wlansvc - ok
21:00:01.0035 0x1388  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:00:01.0035 0x1388  wlcrasvc - ok
21:00:01.0113 0x1388  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:00:01.0191 0x1388  wlidsvc - ok
21:00:01.0238 0x1388  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:00:01.0238 0x1388  WmiAcpi - ok
21:00:01.0285 0x1388  [ 4DF841632B62A7CF19A79A05046A8AB1, D80F28FD7FEB95DB83976EAFECB2E9AE1423DA4D34EC5D820FC39A33444B82DA ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:00:01.0301 0x1388  wmiApSrv - ok
21:00:01.0332 0x1388  WMPNetworkSvc - ok
21:00:01.0363 0x1388  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:00:01.0363 0x1388  WPCSvc - ok
21:00:01.0394 0x1388  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:00:01.0394 0x1388  WPDBusEnum - ok
21:00:01.0425 0x1388  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:00:01.0425 0x1388  ws2ifsl - ok
21:00:01.0441 0x1388  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:00:01.0441 0x1388  wscsvc - ok
21:00:01.0457 0x1388  WSearch - ok
21:00:01.0519 0x1388  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:00:01.0566 0x1388  wuauserv - ok
21:00:01.0597 0x1388  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:00:01.0597 0x1388  WudfPf - ok
21:00:01.0628 0x1388  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:01.0644 0x1388  WUDFRd - ok
21:00:01.0675 0x1388  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:00:01.0691 0x1388  wudfsvc - ok
21:00:01.0722 0x1388  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:00:01.0722 0x1388  WwanSvc - ok
21:00:01.0769 0x1388  ================ Scan global ===============================
21:00:01.0784 0x1388  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:00:01.0831 0x1388  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:00:01.0847 0x1388  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:00:01.0862 0x1388  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:00:01.0893 0x1388  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:00:01.0893 0x1388  [ Global ] - ok
21:00:01.0893 0x1388  ================ Scan MBR ==================================
21:00:01.0909 0x1388  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:00:02.0361 0x1388  \Device\Harddisk0\DR0 - ok
21:00:02.0361 0x1388  ================ Scan VBR ==================================
21:00:02.0377 0x1388  [ 392C4A751CF9DE1B943FB69DCD50966C ] \Device\Harddisk0\DR0\Partition1
21:00:02.0517 0x1388  \Device\Harddisk0\DR0\Partition1 - ok
21:00:02.0517 0x1388  [ E5DBA649882D9568428644CF56ADCEDE ] \Device\Harddisk0\DR0\Partition2
21:00:02.0642 0x1388  \Device\Harddisk0\DR0\Partition2 - ok
21:00:02.0673 0x1388  [ E8E9F832D80AFBE933D52F20A984D4AF ] \Device\Harddisk0\DR0\Partition3
21:00:02.0705 0x1388  \Device\Harddisk0\DR0\Partition3 - ok
21:00:02.0705 0x1388  ================ Scan generic autorun ======================
21:00:02.0751 0x1388  [ ABAEEE966953092F013902849495E588, C1760F10AFCDF9F510A35508DD7DFB52FAE4BEB1C2F422C714E2587917CB8312 ] C:\Windows\system32\igfxtray.exe
21:00:02.0751 0x1388  IgfxTray - ok
21:00:02.0798 0x1388  [ 6200A37004340CBC2BA7BD585285513D, 44102F31F0223DA8633A9E44C4C15780D0CFDD9FD7D33F23F128C523087AB330 ] C:\Windows\system32\hkcmd.exe
21:00:02.0798 0x1388  HotKeysCmds - ok
21:00:02.0845 0x1388  [ C0798E90F54A10E37001CE26E51D3793, 58FCA9D3562138CF177E000DB1839FAF479F3A40139ABD366F4328F8D51FB917 ] C:\Windows\system32\igfxpers.exe
21:00:02.0861 0x1388  Persistence - ok
21:00:02.0954 0x1388  [ 9843083FA1E4A655195DF4D7A687C576, 83BFC1F2C594C8BE2D775022ACDF2047A73DC7DE03E1207D90062EC7A3F38FEE ] c:\Program Files\Microsoft Device Center\itype.exe
21:00:02.0985 0x1388  IntelliType Pro - ok
21:00:03.0063 0x1388  [ 770FF1850E70B98777F5978FC8FD5D57, 98DF428740363EB61199798CBA88C9472C429AE97E05E1ACC7D920BF81D19BE3 ] c:\Program Files\Microsoft Device Center\ipoint.exe
21:00:03.0095 0x1388  IntelliPoint - ok
21:00:03.0188 0x1388  [ D67C4C1BAE2B6236F21A115E8316D16C, 29E99052F7B4B66610861DCE71A397D8DBBB4B33C2CDF8292E46AAAAAE3ED6A3 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
21:00:03.0251 0x1388  COMODO Internet Security - ok
21:00:03.0453 0x1388  [ 07AF92553C94A548C38BE54B6A668318, C43269A6F2B7F95290D4ABF9EFDA8E2631408671A7A6E01A06DD90E503467C36 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
21:00:03.0516 0x1388  AvastUI.exe - ok
21:00:03.0563 0x1388  tvncontrol - ok
21:00:03.0563 0x1388  Sidebar - ok
21:00:03.0594 0x1388  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:00:03.0594 0x1388  mctadmin - ok
21:00:03.0594 0x1388  Sidebar - ok
21:00:03.0609 0x1388  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:00:03.0609 0x1388  mctadmin - ok
21:00:03.0672 0x1388  [ BA7D51208ED1A5F2DAB4894C9717CBBD, 0341CC07EEEDB598F0EC68E1FE250F3FD73C099198B364E5877D5535D25BE26B ] C:\Program Files\Sandboxie\SbieCtrl.exe
21:00:03.0687 0x1388  SandboxieControl - ok
21:00:03.0719 0x1388  [ BA7D51208ED1A5F2DAB4894C9717CBBD, 0341CC07EEEDB598F0EC68E1FE250F3FD73C099198B364E5877D5535D25BE26B ] C:\Program Files\Sandboxie\SbieCtrl.exe
21:00:03.0719 0x1388  SandboxieControl - ok
21:00:03.0750 0x1388  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
21:00:03.0781 0x1388  FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 7.0.55655.4142 ), 0x60010 ( disabled )
21:00:03.0797 0x1388  Win FW state via NFP2: enabled
21:00:03.0797 0x1388  ============================================================
21:00:03.0797 0x1388  Scan finished
21:00:03.0797 0x1388  ============================================================
21:00:03.0797 0x133c  Detected object count: 0
21:00:03.0797 0x133c  Actual detected object count: 0
 



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:22 PM

Posted 24 November 2014 - 02:48 AM

Hi Mike1179

although the browser (firefox) is blocking a redirect - 'Firefox prevented this page from being redirected to another site'. Is this significant?

Thank you for this information. Does this message appear when you go to any website or does it appear when you first open Firefox?

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    autoclean;
    emptyclsid;
    emptyfolderscheck;delete
    startupall;
    services_list;
    standardsearch;
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 Mike1179

Mike1179
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 24 November 2014 - 09:01 PM

Hi Seedy 21

 

Thanks for all your help.

1 - The attempted browser re-direct is only when clicking to go to Bleeping Computer

2 - A couple of questions regarding 'security'. Plus Zoek file below.

Do I need clean re-install for avast - can't get the 'webshield' setting to activate. (unless this is only available on the full version?) Click to switch on, but when click ok, switches off again.

Do I need clean re-install for Comodo - which has thousands of files on its 'safe file' list, none of which can be altered or deleted.

Do I need clean re-install for Malwarebytes which has all its scan facilities disabled 'The scan failed to run successfully' and the 'view detailed log' redirects to 'my computer'

The Scanlog in MWBytes history shows everything is disabled: This is a copy of the logfile.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/11/2014
Scan Time: 23:39:07
Logfile:
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2014.11.15.09
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Private

Scan Type:
Result: Failed
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 0 sec

Memory: Disabled
Startup: Disabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Disabled
PUP: Disabled
PUM: Disabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
----------------------------------------------------------------

Zoek.exe v5.0.0.0 Updated 05-November-2014
Tool run by Private on 24/11/2014 at 23:54:56.40.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Private\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24/11/2014 23:58:22 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\TomTom DesktopSuite deleted successfully
C:\Program Files\Adobe Software deleted successfully
C:\PROGRA~3\BoostSoftware deleted successfully
C:\PROGRA~3\CPA_VA deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\PDFC deleted successfully
C:\PROGRA~3\Shared Space deleted successfully
C:\Users\Private\AppData\Local\CrashDumps deleted successfully
C:\Users\Private\AppData\Local\MigWiz deleted successfully
C:\Users\Private\AppData\Local\VeriSign deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3596227979-2911767744-3651838352-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0E64034F-A1A2-4D2B-B671-71D8F6BDF9C9} deleted successfully
HKEY_USERS\S-1-5-21-3596227979-2911767744-3651838352-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully
HKEY_USERS\S-1-5-21-3596227979-2911767744-3651838352-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3596227979-2911767744-3651838352-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Private\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Avg_Update_0814av deleted
C:\Windows\tasks\0814avUpdateInfo.job deleted
C:\windows\SysNative\tasks\0814avUpdateInfo deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Etavirp 2\Documents\Updater deleted

==== System Specs ======================

Operating System: Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 64-bit
Manufacturer: Hewlett-Packard - Model: p6-2190ea
Install Date: 19/06/2012 22:04:08
Last Boot: 24/11/2014 21:31:10
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Number of Processors: 8
Work Station
Bootmode: Normal boot
Total RAM: 6048 MB (free 4632 MB - 76)
Computername: PRIVATE-HP
Domain: WORKGROUP
User: Private (Non-Administrator account)
Local Disk:        C:\ - NTFS - 1846 GB (free 1713 GB)
Local Disk:        D:\ - NTFS - 16 GB (free 2 GB)
CD \ DVD Drive:    E:\
Removable Disk:    K:\ -  -  GB (free  GB)
Local Disk:        Q:\ -  -  GB (free  GB)
Bootdevice: \Device\HarddiskVolume1
Windows update:
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Anti-Spyware: COMODO Antivirus disabled (Outdated)
Firewall: COMODO Firewall disabled
Default Browser: Firefox    33.0
Internet Explorer Version: 10.0.9200.16750
Mozilla Firefox version: 33.0 (x86 en-US)
Sun Java version: 1.7.0_71 (32-bit)
Flash Player version: 15.0.0.189

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-11-14 18:34:09    B59EF013D567E5746F1DEE2565F747ED    43152    ----a-w-    C:\Windows\avastSS.scr
2014-11-14 00:51:26    E21B90BD14AFFC13D50A2E8A26336561    2052    ----a-w-    C:\Windows\epplauncher.mif
====== C:\Users\Private\AppData\Local\Temp ====
====== Java Cache =====
2014-11-03 23:44:01    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\Etavirp 2\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4b9ad6ef
====== C:\Windows\SysWOW64 =====
2014-11-18 22:33:25    ADFB31FA72AFE0298A60BF4AC1045A42    550912    ----a-w-    C:\Windows\SysWOW64\kerberos.dll
2014-11-18 22:33:25    98B3C919C6B9C5F810FF2CAFA339822B    186880    ----a-w-    C:\Windows\SysWOW64\pku2u.dll
2014-11-13 01:10:30    9AB39ADD28C7C1A685B1EA8C6A25CF08    146432    ----a-w-    C:\Windows\SysWOW64\msaudite.dll
2014-11-13 01:10:30    980EEEE8815DA7593708774D1225BD35    681984    ----a-w-    C:\Windows\SysWOW64\adtschema.dll
2014-11-13 01:10:30    9216ABFD53F5EC1F35C3554AD1A175DE    22016    ----a-w-    C:\Windows\SysWOW64\secur32.dll
2014-11-13 01:10:30    13E5B1CD503A4B21E9F0A2D55A00198B    96768    ----a-w-    C:\Windows\SysWOW64\sspicli.dll
2014-11-13 01:10:24    5FDBDEECA34E73325D87C5ACD16A3EEC    701440    ----a-w-    C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 01:10:22    537184E7306E06BB22C5B93D2AFA4DF8    1237504    ----a-w-    C:\Windows\SysWOW64\msxml3.dll
2014-11-13 01:10:21    FD79B005E849DF3D7E9B5EB7A637C528    374784    ----a-w-    C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 01:10:21    AA7325057A1E1CC401798C0B1238E182    195584    ----a-w-    C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 01:10:21    8D338464B851DDD76E2B876A3E09EB70    442880    ----a-w-    C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 01:10:21    09FA271EE1F9AD68B2D1C1C210F4B71F    2048    ----a-w-    C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 01:09:57    B580A6B9932669DE703001AEE66D5BB1    259584    ----a-w-    C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 01:09:57    8FE6AB488ECDC60930CE973A7051B0D4    221184    ----a-w-    C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 01:09:57    8CFAEFCD7F1E004950FCAE870A501B3E    248832    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2014-11-13 01:09:56    9CEA80FFC617E6B6DD7B52E6225C0D38    65536    ----a-w-    C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 01:09:56    8205E55DFB11809E5F2AAD1C48840535    17408    ----a-w-    C:\Windows\SysWOW64\credssp.dll
2014-11-13 01:09:56    37BC079204BF9B087D6DE6B728908B4B    172032    ----a-w-    C:\Windows\SysWOW64\wdigest.dll
2014-11-13 01:09:23    0F39AC3274312EFFD03928291E8BA7CA    67584    ----a-w-    C:\Windows\SysWOW64\packager.dll
2014-11-13 01:09:19    CB55B9AAB060C803BE4AD229AA0FEC28    2363904    ----a-w-    C:\Windows\SysWOW64\msi.dll
2014-11-13 01:09:03    EDA54D2E17C0271D2CDA946ABE344110    571904    ----a-w-    C:\Windows\SysWOW64\oleaut32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-18 22:33:25    8A8CB073A4B9F9D97CFA8CA9C1C851CE    728064    ----a-w-    C:\Windows\Sysnative\kerberos.dll
2014-11-18 22:33:25    1306E6A1BF4D506CD687DF9F947270F2    241152    ----a-w-    C:\Windows\Sysnative\pku2u.dll
2014-11-14 18:34:12    6663B30328C239D2AB10D2583054CF2E    364512    ----a-w-    C:\Windows\Sysnative\aswBoot.exe
2014-11-13 01:10:31    008CD4EBFABCF78D0F19B3778492648C    683520    ----a-w-    C:\Windows\Sysnative\termsrv.dll
2014-11-13 01:10:30    C4C1B73FC2FF151BA08E1EAFDE2A2FAF    1460736    ----a-w-    C:\Windows\Sysnative\lsasrv.dll
2014-11-13 01:10:30    7184AEACDA13E64B10F84E9DD79C8A01    146432    ----a-w-    C:\Windows\Sysnative\msaudite.dll
2014-11-13 01:10:30    58F87BF5659C8EBC61EB439C916F2F9A    681984    ----a-w-    C:\Windows\Sysnative\adtschema.dll
2014-11-13 01:10:25    F992AAE3F2DF1D7D2A75B681B0C5280E    304640    ----a-w-    C:\Windows\Sysnative\generaltel.dll
2014-11-13 01:10:25    9F1FA4F36406693C77CC5779AA7E532D    228864    ----a-w-    C:\Windows\Sysnative\aepdu.dll
2014-11-13 01:10:24    6021CF6A11DE9B5FC1BD210B6855C497    424448    ----a-w-    C:\Windows\Sysnative\aeinv.dll
2014-11-13 01:10:24    1FEBD408F32DFC523882E7DA5AC57819    878080    ----a-w-    C:\Windows\Sysnative\IMJP10K.DLL
2014-11-13 01:10:23    364ECFF4ABD9D575F4F7CF7EB7928EF3    1882624    ----a-w-    C:\Windows\Sysnative\msxml3.dll
2014-11-13 01:10:21    FAFCB80D42A65964B6F4945283B8C10F    296448    ----a-w-    C:\Windows\Sysnative\AudioSes.dll
2014-11-13 01:10:21    DE3E38431B00C2EA247C53675DCF01A0    680960    ----a-w-    C:\Windows\Sysnative\audiosrv.dll
2014-11-13 01:10:21    D005697F0467BBDDAB7638496DA5DB52    2048    ----a-w-    C:\Windows\Sysnative\msxml3r.dll
2014-11-13 01:10:21    B1BB7B91C3C878FDB2874138CE81C4EF    284672    ----a-w-    C:\Windows\Sysnative\EncDump.dll
2014-11-13 01:10:21    A2C9E45F4069A002E985D1563D16813B    440832    ----a-w-    C:\Windows\Sysnative\AudioEng.dll
2014-11-13 01:10:21    9383B21A4B77C130940262DDC5F3F49B    500224    ----a-w-    C:\Windows\Sysnative\AUDIOKSE.dll
2014-11-13 01:09:58    A71B81AC2C14ABA013CCF1225D9E3E36    342016    ----a-w-    C:\Windows\Sysnative\schannel.dll
2014-11-13 01:09:57    55F0CF40479A1FC89CFA578909A540F2    210944    ----a-w-    C:\Windows\Sysnative\wdigest.dll
2014-11-13 01:09:57    47C48C705F4F1EFC99B50B43AE4301FE    314880    ----a-w-    C:\Windows\Sysnative\msv1_0.dll
2014-11-13 01:09:57    109CC0DF72CC07A6CB59D2995255A1DA    309760    ----a-w-    C:\Windows\Sysnative\ncrypt.dll
2014-11-13 01:09:56    DF30FC54FFF79BC744B22A4850A3CF92    86528    ----a-w-    C:\Windows\Sysnative\TSpkg.dll
2014-11-13 01:09:56    336BA030AB7B05300CB0B5C6AFB27176    22016    ----a-w-    C:\Windows\Sysnative\credssp.dll
2014-11-13 01:09:24    934735F508E297504460935B71E99F0B    77824    ----a-w-    C:\Windows\Sysnative\packager.dll
2014-11-13 01:09:23    93C055B6AAD76360A60CB7E59A491531    3198976    ----a-w-    C:\Windows\Sysnative\win32k.sys
2014-11-13 01:09:19    2720C94ADCC1727A66365CCB1CE456C4    3241984    ----a-w-    C:\Windows\Sysnative\msi.dll
2014-11-13 01:09:03    B938AF16A521C913791C6F7AFF032757    861696    ----a-w-    C:\Windows\Sysnative\oleaut32.dll
====== C:\Windows\Sysnative\drivers =====
2014-11-13 01:10:31    41774FF331F609EF442B7398EE6202B1    155064    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-11-05 11:47:11    C8C2E9F8DBD951547CCEC1E3650643FE    116728    ----a-w-    C:\Windows\Sysnative\drivers\aswStm.sys
2014-11-05 11:47:11    B1881A01E301990B671694CA1623F1B6    436624    ----a-w-    C:\Windows\Sysnative\drivers\aswSP.sys
2014-11-05 11:47:11    9BE9F2B83DE80E2752B1405CC427E2EC    29208    ----a-w-    C:\Windows\Sysnative\drivers\aswHwid.sys
2014-11-05 11:47:11    655D6F1B8722091427FB18663A546E2C    1050432    ----a-w-    C:\Windows\Sysnative\drivers\aswsnx.sys
2014-11-05 11:47:11    4750016EF9CC1DEC6DA3FE5AF9A7F095    93568    ----a-w-    C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-11-05 11:47:11    2DA1C1AEDF454F8E32A863A1AEACDD8C    83280    ----a-w-    C:\Windows\Sysnative\drivers\aswmonflt.sys
2014-11-05 11:47:11    1A5BDDE65B648DC3AD48B6ECAA3AE9C8    267632    ----a-w-    C:\Windows\Sysnative\drivers\aswVmm.sys
2014-11-05 11:47:11    1323269A92645705DEFA053F3596829D    65776    ----a-w-    C:\Windows\Sysnative\drivers\aswRvrt.sys
====== C:\Windows\Tasks ======
2014-11-05 11:47:17    5CFF2485B5AE8AEFCEFFCA71FEF6670F    3924    ----a-w-    C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-10-29 22:08:12    B3A0E82A28B3AB32CBC817174635A5CD    3950    ----a-w-    C:\Windows\Sysnative\Tasks\User_Feed_Synchronization-{E14CE75C-1712-4A33-8946-07FFE2CB2E35}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-11-15 02:45:20    --------    d-----w-    C:\PROGRA~2\COMMON~1\COMODO
2014-11-07 22:34:10    --------    d-----w-    C:\PROGRA~2\Windows Media Player
2014-10-28 17:19:18    --------    d-----w-    C:\PROGRA~2\Mozilla Maintenance Service
======= C: =====
====== C:\Users\Private\AppData\Roaming ======
2014-11-16 02:21:31    --------    d-----w-    C:\Users\Etavirp 2\AppData\Local\Adobe
2014-11-15 03:13:13    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\AppData\Locallow\COMODO
2014-11-15 02:47:49    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\AppData\Locallow\COMODO
2014-11-15 02:43:13    --------    d-----w-    C:\Users\Private\AppData\Local\Comodo
2014-11-05 11:43:08    --------    d-----w-    C:\Users\Etavirp 2\AppData\Local\Help
2014-11-03 23:43:57    --------    d-----w-    C:\Users\Etavirp 2\AppData\Locallow\Sun
2014-11-03 11:06:56    680402A4E074F7073FFF8EE2DDB949CA    252168    ----a-w-    C:\Users\Etavirp 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-02 13:16:41    --------    d-----w-    C:\Users\Etavirp 2\AppData\Locallow\Microsoft
2014-11-02 13:13:25    --------    d-----w-    C:\Users\Etavirp 2\AppData\Roaming\Mozilla
2014-11-02 13:13:25    --------    d-----w-    C:\Users\Etavirp 2\AppData\Local\Mozilla
2014-11-02 10:36:04    --------    d-----w-    C:\Users\Etavirp 2\AppData\Local\Apple
2014-11-02 10:32:16    --------    d-----w-    C:\Users\Etavirp 2\AppData\Roaming\Hewlett-Packard
2014-10-29 22:08:10    --------    d-----w-    C:\Users\Etavirp 2\AppData\Roaming\Adobe
2014-10-29 22:08:07    --------    d-----r-    C:\Users\Etavirp 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-10-29 22:08:07    --------    d-----r-    C:\Users\Etavirp 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-10-29 22:08:05    --------    d-----w-    C:\Users\Etavirp 2\AppData\Roaming\Identities
2014-10-29 22:08:02    --------    d-----w-    C:\Users\Etavirp 2\AppData\Local\VirtualStore
2014-10-29 22:07:57    --------    d-----w-    C:\Users\Etavirp 2\AppData\Roaming\WTablet
2014-10-29 22:07:55    --------    d-s---w-    C:\Users\Etavirp 2\AppData\Roaming\Microsoft
2014-10-29 22:07:55    --------    d-----w-    C:\Users\Etavirp 2\AppData\Roaming\TuneUp Software
2014-10-29 22:07:55    --------    d-----w-    C:\Users\Etavirp 2\AppData\Roaming\Media Center Programs
2014-10-29 22:07:55    --------    d-----w-    C:\Users\Etavirp 2\AppData\Local\Temp
2014-10-29 22:07:55    --------    d-----w-    C:\Users\Etavirp 2\AppData\Local\Microsoft
2014-10-29 22:07:55    --------    d-----w-    C:\Users\Etavirp 2\AppData\Local\Hewlett-Packard
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-28 15:50:49    --------    d-----w-    C:\Users\Private\AppData\Local\Mozilla
2014-10-27 12:33:41    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2013
====== C:\Users\Private ======
2014-11-18 22:18:21    BD87BEE55EF3586727D2BFAB365D1D1A    2117120    ----a-w-    C:\Users\Private\Desktop\FRST64.exe
2014-11-15 02:43:01    --------    d-----w-    C:\ProgramData\Comodo Downloader
2014-11-02 10:33:00    --------    d-----w-    C:\Users\Etavirp 2\hpremote
2014-10-29 22:08:07    --------    d-----r-    C:\Users\Etavirp 2\Searches
2014-10-29 22:08:03    --------    d-----r-    C:\Users\Etavirp 2\Contacts
2014-10-29 22:07:56    6FC234AD3752E1267B34FB12BCD6718B    20    --sh--w-    C:\Users\Etavirp 2\ntuser.ini
2014-10-29 22:07:55    --------    d--h--w-    C:\Users\Etavirp 2\AppData
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Videos
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Saved Games
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Pictures
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Music
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Links
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Favorites
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Downloads
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Documents
2014-10-29 22:07:55    --------    d-----r-    C:\Users\Etavirp 2\Desktop
2014-10-28 15:50:45    --------    d-----w-    C:\ProgramData\Mozilla

====== C: exe-files ==
2014-11-18 22:18:21    BD87BEE55EF3586727D2BFAB365D1D1A    2117120    ----a-w-    C:\Users\Private\Desktop\FRST64.exe
=== C: other files ==
2014-11-24 01:08:28    76CDB2BAD9582D23C1F6F4D868218D6C    22    ----a-w-    C:\Users\Private\AppData\Local\Temp\avastBCLTMP\{e76fd755-c1ba-4dcb-9f13-99bd91223ade}.zip
2014-11-24 01:08:28    76CDB2BAD9582D23C1F6F4D868218D6C    22    ----a-w-    C:\Users\Private\AppData\Local\Temp\avastBCLTMP\{38481807-ca0e-42d2-bf39-b33af135cc4d}.zip
2014-11-24 01:08:28    76CDB2BAD9582D23C1F6F4D868218D6C    22    ----a-w-    C:\Users\Private\AppData\Local\Temp\avastBCLTMP\{25510184-5a38-4a99-b273-dca8eef6cd08}.zip
2014-11-23 20:57:47    84FBC34C73ACE9B074B17040B284390F    4163057    ----a-w-    C:\Users\Private\Desktop\tdsskiller.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3596227979-2911767744-3651838352-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"tvncontrol"="C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -controlservice -slave"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IntelliType Pro"="c:\Program Files\Microsoft Device Center\itype.exe"
"IntelliPoint"="c:\Program Files\Microsoft Device Center\ipoint.exe"
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0913b]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AVG-Secure-Search-Update_0913b"
"hkey"="HKCU"
"command"="C:\\Users\\Private\\AppData\\Roaming\\AVG 0913b Campaign\\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6122c6acec8447d09d845188280e806a-c6c15d68f1f11264c1c5b2cc2a502c2b0940e95b --CMPID 0913b"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BATINDICATOR]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BATINDICATOR"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="COMODO"
"hkey"="HKLM"
"command"="C:\\Program Files\\COMODO\\COMODO GeekBuddy\\CLPSLA.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CPA]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CPA"
"hkey"="HKLM"
"command"="C:\\Program Files\\COMODO\\COMODO GeekBuddy\\VALA.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriveUtilitiesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DriveUtilitiesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Western Digital\\WD Utilities\\WDDriveUtilitiesHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Easybits Recovery"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LaunchHPOSIAPP]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchHPOSIAPP"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\LaunchApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Magic Desktop for HP notification]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Magic Desktop for HP notification"
"hkey"="HKLM"
"command"="\"C:\\ProgramData\\Easybits Magic Desktop for HP\\mdhpSUN.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Norton Online Backup"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Complete]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDF Complete"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF Complete\\pdfsty.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SetIcon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SetIcon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Icons\\SetIcon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TomTomHOME.exe"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Drive Unlocker]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WD Drive Unlocker"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Western Digital\\WD Security\\WDDriveAutoUnlock.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Quick View]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WD Quick View"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Western Digital\\WD Quick View\\WDDMStatus.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\Windows\\pss\\Acrobat Assistant.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Adobe\\ACROBA~1.0\\Distillr\\AcroTray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\Windows\\pss\\Adobe Gamma Loader.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\Windows\\pss\\Microsoft Office.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Private^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Users\\Private\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\Windows\\pss\\Adobe Gamma.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Private^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JL Alpine Advent Calendar.lnk]
"item"="JL Alpine Advent Calendar"
"path"="C:\\Users\\Private\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\JL Alpine Advent Calendar.lnk"
"backup"="C:\\Windows\\pss\\JL Alpine Advent Calendar.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files (x86)\\JL Alpine Advent Calendar\\JL Alpine Advent Calendar.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Private^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JL Edwardian Advent Calendar.lnk]
"path"="C:\\Users\\Private\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\JL Edwardian Advent Calendar.lnk"
"backup"="C:\\Windows\\pss\\JL Edwardian Advent Calendar.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\JLEDWA~1\\JLEDWA~1.EXE "
"item"="JL Edwardian Advent Calendar"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BBSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\bthserv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CalendarSynchService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CLPSLS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Fax]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HP Support Assistant Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPClientSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpqwmiex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPSLPSVC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® ME Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NOBU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ServiceLayer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TabletInputService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TomTomHOMEService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TouchServicePen]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VIPAppService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDBackup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDDriveService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPCSvc]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/11/2014 02:44]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{E14CE75C-1712-4A33-8946-07FFE2CB2E35}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{0638D050-4DD6-47C7-8637-52D5A86626C7}" [C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe]
"C:\Windows\SysNative\tasks\{0C1E3FEF-A9DD-4566-838C-A1335CC4773C}" [C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe]
"C:\Windows\SysNative\tasks\{468A723C-99CE-4FE0-BDE1-185E53C235DB}" [C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe]
"C:\Windows\SysNative\tasks\{4C595297-1928-4BB4-8C71-2C6D11D5F3AE}" [C:\Program Files (x86)\Adobe Software\Adobe Bridge\Bridge.exe]
"C:\Windows\SysNative\tasks\{4F50FA25-3A72-41BB-A0CF-622932F59DB7}" [C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe]
"C:\Windows\SysNative\tasks\{53D5F592-C02D-4E5F-BD94-7F688CD9322A}" [C:\Program Files (x86)\Quark\QuarkXPress\QuarkXPress.exe]
"C:\Windows\SysNative\tasks\{7D8D5FD6-6F1A-495B-BD8A-E476A794F0E6}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]
"C:\Windows\SysNative\tasks\{B6902AC1-F9ED-47BF-8007-BD4C56C801DD}" [C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe]
"C:\Windows\SysNative\tasks\{CE406844-BDF9-4EC2-AF0E-1E9FE05DA1CA}" [C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe]
"C:\Windows\SysNative\tasks\{DADD74A9-300D-4110-8268-0FD9603F5729}" [C:\Program Files (x86)\AT Screen Thief 3.9\screenthief.exe]
"C:\Windows\SysNative\tasks\{DE9D0470-19C3-4EF8-B1F6-61DFFC3EECC6}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]
"C:\Windows\SysNative\tasks\{E65F5854-7180-46BC-B1A6-8EB738E0481A}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [16/11/2014 01:26]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Private\AppData\Roaming\Thunderbird\Profiles\sgi52xel.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

ProfilePath: C:\Users\Private\AppData\Roaming\TomTom\HOME\Profiles\jd8mx7ol.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

ProfilePath: C:\Users\Private\AppData\Roaming\Mozilla\Firefox\Profiles\g875bll4.default
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Private\AppData\Roaming\Mozilla\Firefox\Profiles\fzm5d6mq.default
63F8C13F269B10BC9363B007DAAACAE6    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[14/11/2014 18:33]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[14/11/2014 18:33]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}"
{EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} Google  Url="https://www.google.com/search?q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG-Secure-Search-Update_0913b deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BATINDICATOR deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveUtilitiesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchHPOSIAPP deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Unlocker deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Quick View deleted successfully

==== HijackThis Entries ======================

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A42ED0E-FF32-42CC-83E4-7440401AFD9A}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{4907E6C3-B393-4333-90D3-5059DE2343B5}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A42ED0E-FF32-42CC-83E4-7440401AFD9A}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A42ED0E-FF32-42CC-83E4-7440401AFD9A}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Unknown owner - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - Unknown owner - C:\Windows\System32\ezSharedSvcHost.exe (file missing)
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Unknown owner - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Office  Source Engine (ose) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Office Software Protection Platform (osppsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Private\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Etavirp 2\AppData\Local\Mozilla\Firefox\Profiles\egnzvano.default\Cache emptied successfully
C:\Users\Etavirp 2\AppData\Local\Mozilla\Firefox\Profiles\egnzvano.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6 folders=3 2779469 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Etavirp 2\AppData\Local\Temp emptied successfully
C:\Users\Private\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Private\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 25/11/2014 at  1:37:04.18 ======================
 



#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:22 PM

Posted 25 November 2014 - 01:03 PM

Hi Mike1179

Looking at your log it shows that MalwareBytes is corrupt.

Step 1

  • Click on Start -> Control Panel -> Add/Remove Programs

Uninstall the following programs

  • avast
    Comodo
    Malwarebytes
  • Close the Add/Remove Programs and Control Panel
  • Restart your computer

Please re-install Avast and Comodo Firewall.

Step 2
 

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
    MBAMsettings.JPG
  • Go back to the Dashboard and select Scan Now
    MBAMScan.JPG
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot
    MBAMReboot.JPG
     
  • On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop.
    MBAMLog.JPG
  • Please post that log for my review.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users