Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan adclick, Syswow64 & resetting internet security settings


  • This topic is locked This topic is locked
15 replies to this topic

#1 wattie17

wattie17

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 27 November 2014 - 12:35 AM

Hello. I am running Windows 8 on an hp envy m6 laptop. I have Norton internet security and Superantispyware on this system which I installed at purchase. Both are enabled for real time protection. Lately I have been noticing that my Norton kept showing block notifications for Trojan adclicker. I would run full system scans an get a virus detection along with about 15 to 30 tracking cookies. Quarantined them and restarted my computer on prompt. I noticed that my security setting in internet explorer (10) would be listed as custom and am constantly having to change it back to default. hen I kept getting messages saying internet explorer has stopped working/responding, as well as com powershell messages saying the same. I purchased a license for avast av program and did a full system scan. It found an removed some things but still having the same issues. I then installed malwarebytes and did system scan. again it found and removed some things but still having the same issues.

Some examples of the messages I see from avast

 

ff5ee,com/query (don't have the full address)

Url. Mal

Mentions process Windows/syswow64

 

New ones I had not seen

http://xmika.com/click?app etc

redirect,.adfeeds

process ieexplore.exe

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Marko at 23:06:14 on 2014-11-26
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5596.3031 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\msfeedssync.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
C:\Windows\system32\msiexec.exe
C:\Windows\syswow64\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\logagent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\logagent.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Amazon Cloud Player] C:\Users\Marko\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1018402B-E64A-43DA-BFA3-8B01A8180E92} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1018402B-E64A-43DA-BFA3-8B01A8180E92}\C496E6B6379737F5375637F533735393D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{1018402B-E64A-43DA-BFA3-8B01A8180E92}\C696E6B6379737F5355435F533735393 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2013-6-11 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2013-6-11 26280]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswNdisFlt.sys [2014-11-22 449936]
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-11-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-11-22 267632]
R0 DKDFM;Device Filter Manager Driver;C:\Windows\System32\Drivers\DKDFM.sys [2012-12-12 40752]
R0 DKTLFSMF;Telemetry File System Mini Filter Driver;C:\Windows\System32\Drivers\DKTLFSMF.sys [2012-12-12 106832]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2014-11-22 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2014-11-22 1050432]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2014-11-22 436624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-7-11 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-6-11 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-1-23 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-18 199008]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-11-22 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-11-22 83280]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2014-11-22 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-22 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-22 104416]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2013-2-7 1641768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-7-30 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-6-21 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-7-30 23552]
R2 ValBioService;ValBioService;C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [2014-2-13 16384]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-6-11 91648]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\Drivers\DKRtWrt.sys [2012-12-12 52048]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-18 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-18 690832]
R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-6-3 29424]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-1-7 401856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-6-11 58536]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\Drivers\MijXfilt.sys [2012-12-1 117520]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-18 43832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]
.
=============== Created Last 30 ================
.
2014-11-25 11:45:55 -------- d-sh--w- C:\found.000
2014-11-24 18:28:16 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-24 18:27:00 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-24 18:26:59 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-24 18:26:59 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-24 18:26:59 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-24 18:26:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-24 17:43:08 -------- d-----w- C:\Users\Marko\AppData\Local\Programs
2014-11-23 05:59:14 -------- d-----w- C:\Windows\pss
2014-11-23 03:53:59 -------- d-----w- C:\Users\Marko\AppData\Roaming\AVAST Software
2014-11-23 03:45:43 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-23 03:45:40 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-23 03:45:29 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-23 03:45:22 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-23 03:45:15 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-23 03:45:11 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-23 03:45:05 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-23 03:44:59 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-11-23 03:44:03 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-23 03:43:36 449936 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-11-23 03:31:26 -------- d-----w- C:\Program Files\AVAST Software
2014-11-23 03:08:37 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-22 01:13:10 -------- d-----w- C:\Users\Marko\AppData\Local\NPE
2014-11-20 06:28:27 -------- d--h--w- C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}
.
==================== Find3M  ====================
.
2014-09-21 03:43:18 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-09-21 03:43:18 353864 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 23:08:17.03 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 PM

Posted 27 November 2014 - 03:22 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

ie11.pngRe-enable downloads in Internet Explorer


Press thew7.png + R on your keyboard at the same time. Type inetcpl.cpl and click OK.
 
Click the Security tab and then on reset.PNG


Step 2
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 3

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 4

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.

Edited by deeprybka, 27 November 2014 - 03:23 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 27 November 2014 - 04:20 PM

[2014.11.27 16:09:27.857] - Begin
[2014.11.27 16:09:27.857] -
[2014.11.27 16:09:27.857] - ....................................
[2014.11.27 16:09:27.857] - ..::::::::::::::::::....................
[2014.11.27 16:09:27.873] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Poweliks
[2014.11.27 16:09:27.873] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.0.0.1
[2014.11.27 16:09:27.873] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Oct 15 2014
[2014.11.27 16:09:27.873] - .::EE:::::::::::::SS:.EE..........TT......
[2014.11.27 16:09:27.873] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright © ESET, spol. s r.o.
[2014.11.27 16:09:27.873] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
[2014.11.27 16:09:27.873] - ....................................
[2014.11.27 16:09:27.873] -
[2014.11.27 16:09:27.873] - --------------------------------------------------------------------------------
[2014.11.27 16:09:27.873] -
[2014.11.27 16:09:27.873] - INFO: OS: 6.2.9200 SP0
[2014.11.27 16:09:27.873] - INFO: Product Type: Workstation
[2014.11.27 16:09:27.873] - INFO: WoW64: True
[2014.11.27 16:09:27.889] - INFO: Machine guid: 39D0BB7D-4587-485A-B6C7-D5C20237E88A
[2014.11.27 16:09:27.889] -
[2014.11.27 16:09:30.587] - INFO: Scanning for system infection...
[2014.11.27 16:09:30.587] - --------------------------------------------------------------------------------
[2014.11.27 16:09:30.602] -
[2014.11.27 16:09:30.602] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.27 16:09:30.602] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.27 16:09:30.602] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.27 16:09:30.602] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.27 16:09:30.602] - INFO: Processing classes...
[2014.11.27 16:09:30.602] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{724d43a1-0d85-11d4-9908-00400523e39a}]
[2014.11.27 16:09:30.602] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{734d43a7-0d85-11d4-9908-00400523e39a}]
[2014.11.27 16:09:30.602] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{C4C13033-C0B5-42ef-B5F7-66621858DA10}]
[2014.11.27 16:09:30.602] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.27 16:09:30.602] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.27 16:09:30.602] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}]
[2014.11.27 16:09:30.602] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.27 16:09:30.602] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.27 16:09:30.602] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.27 16:09:30.602] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.27 16:09:30.602] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.27 16:09:30.602] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.27 16:09:30.602] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.27 16:09:30.602] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.27 16:09:30.602] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.27 16:09:30.602] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.27 16:09:30.618] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.27 16:09:30.618] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.27 16:09:30.618] - INFO: Win32/Poweliks found
[2014.11.27 16:10:02.616] - INFO: process: dllhost.exe, pid 4296, parent 828
[2014.11.27 16:10:02.616] - INFO: process: dllhost.exe, pid 1100, parent 4084
[2014.11.27 16:10:02.616] - INFO: Terminated process pid = 1100
[2014.11.27 16:10:02.616] - INFO: process: dllhost.exe, pid 6180, parent 1100
[2014.11.27 16:10:02.616] - INFO: Terminated process pid = 6180
[2014.11.27 16:10:02.616] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.27 16:10:02.616] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.27 16:10:02.616] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.27 16:10:02.616] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.27 16:10:02.616] - INFO: Processing classes...
[2014.11.27 16:10:02.616] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{724d43a1-0d85-11d4-9908-00400523e39a}]
[2014.11.27 16:10:02.616] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{734d43a7-0d85-11d4-9908-00400523e39a}]
[2014.11.27 16:10:02.616] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{C4C13033-C0B5-42ef-B5F7-66621858DA10}]
[2014.11.27 16:10:02.616] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.27 16:10:02.616] - INFO: Deleted classid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.27 16:10:02.616] - INFO: Processing clsid [\Registry\User\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}]
[2014.11.27 16:10:02.616] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.27 16:10:02.616] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.27 16:10:02.616] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.27 16:10:02.616] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.27 16:10:02.616] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.27 16:10:02.616] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.27 16:10:02.631] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.27 16:10:02.631] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.27 16:10:02.631] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.27 16:10:02.631] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.27 16:10:02.631] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.27 16:10:02.631] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.27 16:10:02.631] - INFO: Cleaning status: 0
[2014.11.27 16:10:07.858] - End

#4 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 27 November 2014 - 04:26 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Marko at 2014-11-27 16:23:56
Running from C:\Users\Marko\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\Amazon Amazon Cloud Player) (Version: 1.7.0.344 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7545D28D-00EC-C15D-FE18-C3E3F5EC0BDD}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Angry Birds Rio (HKLM-x32\...\{0D637670-BC00-4FAC-8E00-518EB7F65091}) (Version: 1.4.4 - Rovio)
Angry Birds Seasons (HKLM-x32\...\{D4022612-B213-4B5B-A135-0E1C0DC1DD44}) (Version: 3.1.1 - Rovio)
Angry Birds Space (HKLM-x32\...\{47D2E295-28AF-4C24-9116-084D30BE9A89}) (Version: 1.3.1 - Rovio)
Angry Birds Star Wars (HKLM-x32\...\{9013721D-0440-4CCF-81FC-D60DC138D412}) (Version: 1.1.0 - Rovio)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diskeeper 12 Home (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
eMusic Download Manager 6 (HKLM-x32\...\eMusic Download Manager 6) (Version: 6.0.4 - emusic.com)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Lenovo Fingerprint Manager (HKLM\...\{7BD0897C-DE1A-4946-9138-3C8A05DA5061}) (Version: 4.5.248.0 - Validity Sensors, Inc.)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.248.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MotioninJoy DS3 driver version 0.6.0004 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0004 - www.motioninjoy.com)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboForm 7-9-9-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

23-11-2014 03:29:24 avast! antivirus system restore point
26-11-2014 18:37:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {133B79ED-8637-459F-B5C5-82E90B52DBAA} - System32\Tasks\RNUpgradeHelperLogonPrompt_Marko => C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-20] (RealNetworks, Inc.)
Task: {20FDFFBE-CF9E-41F3-A7CD-5E460546A3D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {292E4636-B007-4126-A60F-FD0E038C25B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {387C74FC-26C9-469C-8733-E87FD17AF98F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {38A2489D-E5A8-4F79-A4F7-887329CE84AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {3D4BC4C3-5C96-4906-B262-257437FAD7AC} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLJOJMJJMGMNMMJLMCNMJJJGMGMCNLMNMOMOMCNHMJMKJNMCNLJMJGMPMOMLMLMHMMJNJNJJMJNJICMIMCNGMCNGMFMOMPMCNPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMMJBJKJLIMJFMJMLMNMJNHICMMJBJKJLIMJJNBJCMCLOJNIEJAJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMNMOMLMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {42B32F5D-85C9-44EB-A6EC-4724F321776A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {509CA34F-C3AD-4716-9D79-FF0AFED5BFAE} - System32\Tasks\HPCeeScheduleForMarko => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5A0731EC-437E-430D-9E64-E61D30632D32} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5C697B95-0224-4CA3-AE63-0495C31B01DE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {659D739E-3FE4-4FF3-AA1F-98AEB299CC60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {6E62159D-9262-4399-8EE3-F1F3004B84F8} - System32\Tasks\ReclaimerUpdateXML_Marko => C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-20] (RealNetworks, Inc.)
Task: {74A19467-88B6-487B-BA12-6A6264942268} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {8B2ADCE8-2C0C-4315-95A3-57C9F7E30BD3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8BC61525-3D91-456F-8CE6-910B961C2C0D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8DEC4BD3-8976-47C3-9BA4-496DF6FF3925} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {8F55F00C-48A8-431B-894B-EC7BB47096B8} - System32\Tasks\RNUpgradeHelperResumePrompt_Marko => C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-20] (RealNetworks, Inc.)
Task: {97D3C9E3-FB1C-40DF-A7FC-6366778A3012} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-03] (Synaptics Incorporated)
Task: {9B7F15AD-B4A6-45C2-A224-DB5054FBE95A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9DEF0F13-3A3E-4559-9A8F-C96FF360686B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-09-02] (Siber Systems)
Task: {B2C35A3E-D098-4332-95ED-186710F949D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {C8D154D0-CC2C-40EC-A2AE-DEE761A17344} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {CFCC63FC-F183-40CA-95C8-70260BDD4EA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {D20899FA-5F14-4A84-BFD2-7919A2451C4B} - System32\Tasks\ReclaimerUpdateFiles_Marko => C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-20] (RealNetworks, Inc.)
Task: {D285DE59-8FA0-4BBF-AB4D-EFDA7C73F2E7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {DAC9F057-3F87-492A-810D-17B83A73C767} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)
Task: {E2E28C58-8C34-44E3-B3A7-2008BDDF0863} - System32\Tasks\SUPERAntiSpyware Scheduled Task 298bb17d-3453-4cfa-8aed-27a927b3afe4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {E7628EF0-1234-44B2-AA03-6B3732701336} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {F76405B0-F9C7-4674-8DDB-061CB9FB500E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2e031bde-7f3c-43d9-be41-7f13694c4ffb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarko.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Marko.job => C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Marko.job => C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marko.job => C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 298bb17d-3453-4cfa-8aed-27a927b3afe4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2e031bde-7f3c-43d9-be41-7f13694c4ffb.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-01-23 01:27 - 2013-01-23 01:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-30 01:17 - 2014-07-30 01:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-30 04:04 - 2014-07-30 04:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-09-06 01:47 - 2012-09-06 01:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-02-07 08:19 - 2013-02-07 08:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-01-23 01:27 - 2013-01-23 01:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-27 15:59 - 2014-11-27 15:59 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14112701\algo.dll
2014-06-21 22:46 - 2014-09-20 22:43 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-11-22 22:44 - 2014-11-22 22:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-21 22:46 - 2014-09-20 22:43 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\StartupApproved\Run: => "Amazon Cloud Player"

========================= Accounts: ==========================

Administrator (S-1-5-21-3577962383-2107934119-3180764031-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3577962383-2107934119-3180764031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3577962383-2107934119-3180764031-1004 - Limited - Enabled)
Marko (S-1-5-21-3577962383-2107934119-3180764031-1002 - Administrator - Enabled) => C:\Users\Marko

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2014 04:02:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x5094a012
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x1248
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/27/2014 04:11:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03981648
Faulting process id: 0x32b4
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5

Error: (11/27/2014 04:11:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
at System.Management.Automation.DlrScriptCommandProcessor.Complete()
at System.Management.Automation.CommandProcessorBase.DoComplete()
at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (11/27/2014 04:09:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x5010a8c5
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x2834
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/27/2014 04:09:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17148, time stamp: 0x5010a862
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x5d0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/27/2014 04:08:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03335efc
Faulting process id: 0x3dd4
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5

Error: (11/27/2014 04:08:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
at System.Management.Automation.DlrScriptCommandProcessor.Complete()
at System.Management.Automation.CommandProcessorBase.DoComplete()
at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (11/27/2014 04:06:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x037a9028
Faulting process id: 0x1e2c
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5

Error: (11/27/2014 04:06:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
at System.Management.Automation.DlrScriptCommandProcessor.Complete()
at System.Management.Automation.CommandProcessorBase.DoComplete()
at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (11/27/2014 03:56:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x036cd13c
Faulting process id: 0x1b88
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5


System errors:
=============
Error: (11/27/2014 04:12:27 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/27/2014 04:10:07 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/27/2014 04:09:33 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/27/2014 04:08:58 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/27/2014 04:08:22 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/27/2014 04:07:42 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/27/2014 04:07:03 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/27/2014 04:06:25 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/27/2014 04:05:49 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/27/2014 04:05:14 PM) (Source: DCOM) (EventID: 10010) (User: Markolap)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (11/27/2014 04:02:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.171485094a012ntdll.dll6.2.9200.1704653b485c4c0000005000617b0124801d00a8568805d4bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlla86a3078-7678-11e4-bf30-8434971435a9

Error: (11/27/2014 04:11:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: powershell.exe6.2.9200.1638450109cceunknown0.0.0.000000000c00000050398164832b401d00a221337dc11C:\Windows\syswow64\windowspowershell\v1.0\powershell.exeunknown54895b59-7615-11e4-bf2f-8434971435a9

Error: (11/27/2014 04:11:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
at System.Management.Automation.DlrScriptCommandProcessor.Complete()
at System.Management.Automation.CommandProcessorBase.DoComplete()
at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (11/27/2014 04:09:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.171485010a8c5ntdll.dll6.2.9200.1704653b485c4c0000005000617b0283401d00a21e2f02af5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll2333da8c-7615-11e4-bf2f-8434971435a9

Error: (11/27/2014 04:09:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.171485010a862ntdll.dll6.2.9200.1704653b485c4c0000005000617b05d001d00a21d4881c49C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll16ec4ab7-7615-11e4-bf2f-8434971435a9

Error: (11/27/2014 04:08:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: powershell.exe6.2.9200.1638450109cceunknown0.0.0.000000000c000000503335efc3dd401d00a21b380820bC:\Windows\syswow64\windowspowershell\v1.0\powershell.exeunknownf81c2129-7614-11e4-bf2f-8434971435a9

Error: (11/27/2014 04:08:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
at System.Management.Automation.DlrScriptCommandProcessor.Complete()
at System.Management.Automation.CommandProcessorBase.DoComplete()
at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (11/27/2014 04:06:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: powershell.exe6.2.9200.1638450109cceunknown0.0.0.000000000c0000005037a90281e2c01d00a21446b020cC:\Windows\syswow64\windowspowershell\v1.0\powershell.exeunknownbb2e975c-7614-11e4-bf2f-8434971435a9

Error: (11/27/2014 04:06:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
at System.Management.Automation.DlrScriptCommandProcessor.Complete()
at System.Management.Automation.CommandProcessorBase.DoComplete()
at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (11/27/2014 03:56:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: powershell.exe6.2.9200.1638450109cceunknown0.0.0.000000000c0000005036cd13c1b8801d00a20011e69f6C:\Windows\syswow64\windowspowershell\v1.0\powershell.exeunknown4676c4fb-7613-11e4-bf2f-8434971435a9


==================== Memory info ===========================

Processor: AMD A10-4600M APU with Radeon™ HD Graphics
Percentage of memory in use: 31%
Total physical RAM: 5596.25 MB
Available physical RAM: 3851.95 MB
Total Pagefile: 11228.25 MB
Available Pagefile: 9285.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.81 GB) (Free:345.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.06 GB) (Free:3.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:14.9 GB) (Free:11.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 27345438)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================








Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Marko (administrator) on MARKOLAP on 27-11-2014 16:22:20
Running from C:\Users\Marko\Desktop
Loaded Profile: Marko (Available profiles: Marko & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-03] (IDT, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-09-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-24] (SUPERAntiSpyware)
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\Run: [Amazon Cloud Player] => C:\Users\Marko\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-10-22] ()
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-09-02] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3577962383-2107934119-3180764031-1002: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll (eMusic.com)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-22]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Google Search) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-30]
CHR Extension: (Website Logon) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2012-11-30]
CHR Extension: (Website Logon) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-07-25]
CHR Extension: (Norton Identity Safe) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-24]
CHR Extension: (Website Logon) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaaieiajnhcnimjgfmjpccjmmfkploci [2013-03-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-30]
CHR Extension: (Google Wallet) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (RoboForm) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-09]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-01-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-06-03] (IDT, Inc.) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [16384 2014-02-13] (Validity Sensors, Inc.) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2013-06-11] (Advanced Micro Devices)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-06-03] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 16:22 - 2014-11-27 16:22 - 00021486 _____ () C:\Users\Marko\Desktop\FRST.txt
2014-11-27 16:21 - 2014-11-27 16:22 - 00000000 ____D () C:\FRST
2014-11-27 16:21 - 2014-11-27 16:21 - 02117632 _____ (Farbar) C:\Users\Marko\Desktop\FRST64.exe
2014-11-27 16:16 - 2014-11-27 16:16 - 00000000 ___SH () C:\DkHyperbootSync
2014-11-27 16:09 - 2014-11-27 16:10 - 00016102 _____ () C:\Users\Marko\Desktop\ESETPoweliksCleaner.exe_20141127.160927.10868.log
2014-11-27 16:07 - 2014-11-27 16:08 - 00186568 _____ (ESET) C:\Users\Marko\Desktop\ESETPoweliksCleaner.exe
2014-11-27 15:57 - 2014-11-27 15:58 - 00526144 _____ () C:\Windows\Minidump\112714-113802-01.dmp
2014-11-27 15:57 - 2014-11-27 15:57 - 00292600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-27 04:10 - 2014-10-08 23:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-11-27 04:10 - 2014-10-08 23:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-11-27 04:10 - 2014-10-08 23:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2014-11-27 04:10 - 2014-10-08 22:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-11-27 04:10 - 2014-10-08 22:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2014-11-27 04:10 - 2012-09-20 01:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2014-11-27 04:10 - 2012-09-20 00:53 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2014-11-27 04:05 - 2014-10-11 02:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-27 04:05 - 2014-10-11 00:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-27 04:05 - 2014-10-08 22:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-27 04:05 - 2014-10-08 22:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-27 04:05 - 2014-10-08 22:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-27 04:05 - 2014-09-22 00:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-11-27 04:05 - 2014-09-21 22:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-11-27 03:24 - 2014-11-27 16:15 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-27 03:23 - 2014-11-27 16:15 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-27 03:21 - 2014-11-20 15:56 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 03:21 - 2014-11-20 15:56 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-27 03:17 - 2014-11-27 03:17 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-11-27 03:12 - 2014-11-27 03:12 - 00524704 _____ () C:\Windows\Minidump\112714-35708-01.dmp
2014-11-26 23:08 - 2014-11-26 23:08 - 00017623 _____ () C:\Users\Marko\Desktop\dds.txt
2014-11-26 23:08 - 2014-11-26 23:08 - 00017518 _____ () C:\Users\Marko\Desktop\attach.txt
2014-11-26 13:56 - 2014-11-26 13:56 - 00688992 ____R (Swearware) C:\Users\Marko\Desktop\dds.com
2014-11-26 06:08 - 2014-09-24 18:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-26 06:08 - 2014-09-24 18:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-26 06:07 - 2014-09-24 18:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-26 06:07 - 2014-09-24 18:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-26 06:05 - 2014-10-01 18:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-26 06:04 - 2014-10-11 02:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-26 06:04 - 2014-10-11 00:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-26 06:04 - 2014-10-11 00:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-26 06:04 - 2014-10-11 00:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-26 06:04 - 2014-10-11 00:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-26 06:01 - 2014-07-11 19:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-26 06:01 - 2014-07-11 19:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-11-26 06:01 - 2014-07-08 17:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-11-26 06:01 - 2014-07-08 17:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-11-26 06:01 - 2014-07-07 00:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-11-26 06:01 - 2014-07-07 00:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-11-26 06:01 - 2014-07-04 05:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-11-26 06:01 - 2014-07-02 20:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-11-26 06:01 - 2014-07-02 19:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-11-26 06:01 - 2014-06-28 02:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-11-26 06:01 - 2014-06-28 01:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-11-26 06:01 - 2014-06-28 01:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-11-26 06:01 - 2014-06-25 02:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-26 06:01 - 2014-06-17 18:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-26 06:01 - 2014-06-17 18:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-26 06:01 - 2014-06-11 09:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-11-26 06:01 - 2014-06-10 23:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-11-26 06:01 - 2014-06-10 17:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-11-26 06:01 - 2014-02-04 05:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-11-26 06:00 - 2014-07-11 23:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-26 06:00 - 2014-07-11 23:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-26 06:00 - 2014-07-08 17:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-11-26 06:00 - 2014-07-08 17:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-11-26 06:00 - 2014-06-25 02:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-26 05:53 - 2014-10-18 03:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-26 05:53 - 2014-10-18 02:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-26 05:51 - 2014-10-02 20:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-26 05:51 - 2014-10-02 17:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-26 05:51 - 2014-10-02 17:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-26 05:51 - 2014-10-02 17:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-26 05:51 - 2014-09-13 01:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-26 05:51 - 2014-09-05 19:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-26 05:51 - 2014-08-28 23:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-26 05:51 - 2014-08-28 23:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-26 05:51 - 2014-07-24 08:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-26 05:50 - 2014-09-02 21:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-26 05:50 - 2014-09-02 21:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-26 05:50 - 2014-08-28 23:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-26 05:50 - 2014-08-28 23:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-26 05:50 - 2014-08-28 01:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-26 05:50 - 2014-08-28 01:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-26 05:50 - 2014-08-28 00:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-26 05:50 - 2014-08-28 00:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-26 05:50 - 2014-08-28 00:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-26 05:50 - 2014-08-28 00:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-26 05:48 - 2014-07-07 00:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-26 05:48 - 2014-07-07 00:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-26 05:48 - 2014-07-07 00:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-26 05:48 - 2014-07-07 00:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-26 05:48 - 2014-07-06 23:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-26 05:48 - 2014-07-06 23:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-26 05:48 - 2014-07-06 23:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-26 05:48 - 2014-07-06 22:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-26 05:47 - 2014-10-11 02:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-26 05:47 - 2014-10-11 02:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-26 05:47 - 2014-10-11 02:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-26 05:47 - 2014-10-11 02:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-26 05:47 - 2014-10-11 00:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-26 05:47 - 2014-10-11 00:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-26 05:47 - 2014-10-11 00:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-26 05:47 - 2014-10-11 00:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-26 05:45 - 2014-09-22 00:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-26 05:45 - 2014-08-26 17:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-26 05:44 - 2014-11-19 02:29 - 00582552 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-26 05:44 - 2014-11-19 02:29 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-26 05:44 - 2014-10-21 22:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-11-26 05:44 - 2014-10-21 20:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-11-26 05:44 - 2014-10-21 20:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-26 05:44 - 2014-10-21 20:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-11-26 05:44 - 2014-10-21 20:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-11-26 05:44 - 2014-10-21 20:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-26 05:44 - 2014-10-21 20:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-11-26 05:44 - 2014-09-02 21:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-26 05:44 - 2014-09-02 21:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-26 05:43 - 2014-10-23 07:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-26 05:43 - 2014-10-23 06:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-26 05:43 - 2014-08-21 18:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-26 05:43 - 2014-08-21 18:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-26 05:43 - 2014-07-24 08:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-11-26 05:43 - 2014-07-16 18:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-11-26 05:43 - 2014-07-16 17:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-11-26 05:43 - 2014-07-16 17:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-11-26 05:43 - 2014-07-12 01:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-11-26 05:43 - 2014-07-11 23:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-11-26 05:43 - 2014-07-11 23:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-11-26 05:43 - 2014-07-11 23:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-11-26 05:43 - 2014-07-11 23:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-11-26 05:43 - 2014-06-28 01:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-26 05:43 - 2014-06-27 21:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-26 05:41 - 2014-11-08 06:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-26 05:41 - 2014-11-08 06:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-26 05:41 - 2014-11-08 01:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-26 05:41 - 2014-11-08 01:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-26 05:41 - 2014-10-11 03:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-26 05:41 - 2014-10-11 02:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-26 05:41 - 2014-10-11 02:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-26 05:41 - 2014-10-11 00:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-26 05:38 - 2014-06-12 18:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-26 05:38 - 2014-06-12 18:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-26 05:34 - 2014-10-25 20:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-26 05:34 - 2014-10-25 20:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-26 05:34 - 2014-10-25 20:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-26 05:34 - 2014-10-25 20:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-26 05:34 - 2014-10-25 19:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-26 05:33 - 2014-10-25 20:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-26 05:33 - 2014-10-25 20:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-26 05:33 - 2014-10-25 20:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-26 05:33 - 2014-10-25 20:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-26 05:33 - 2014-10-25 20:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-26 05:33 - 2014-10-25 20:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-26 05:33 - 2014-10-25 20:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-26 05:33 - 2014-10-25 20:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-26 05:33 - 2014-10-25 19:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-26 05:33 - 2014-10-25 19:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-26 05:33 - 2014-10-25 19:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-26 05:33 - 2014-10-25 19:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-26 05:33 - 2014-10-25 16:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-25 12:36 - 2014-11-27 16:00 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-25 12:35 - 2014-11-27 16:00 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-25 06:45 - 2014-11-25 06:45 - 00000000 __SHD () C:\found.000
2014-11-25 06:15 - 2014-11-25 06:15 - 00010344 ____N () C:\bootsqm.dat
2014-11-24 14:29 - 2014-11-24 14:29 - 00280712 _____ () C:\Windows\Minidump\112414-65894-01.dmp
2014-11-24 13:28 - 2014-11-26 03:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 13:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 13:26 - 2014-11-24 13:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-24 13:26 - 2014-11-24 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 13:26 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 13:26 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 12:24 - 2014-11-24 12:30 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Marko\Documents\mbam-setup-2.0.3.1025.exe
2014-11-23 13:49 - 2014-11-23 13:53 - 32507072 _____ (Microsoft Corporation) C:\Users\Marko\Documents\Windows-KB890830-x64-V5.18.exe
2014-11-23 06:00 - 2014-11-23 06:00 - 00000149 _____ () C:\Users\Marko\Desktop\Remove fff5ee.com Malicious Website - MalwareFixes.url
2014-11-23 00:59 - 2014-11-23 00:59 - 00000000 ____D () C:\Windows\pss
2014-11-22 23:50 - 2014-11-22 23:51 - 04978536 _____ (AVAST Software) C:\Users\Public\Desktop\avast_internet_security_setup_online.exe
2014-11-22 23:50 - 2014-11-22 23:51 - 04978536 _____ (AVAST Software) C:\Users\Marko\Documents\avast_internet_security_setup_online.exe
2014-11-22 22:53 - 2014-11-22 22:53 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\AVAST Software
2014-11-22 22:50 - 2014-11-22 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-22 22:46 - 2014-11-27 03:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-22 22:45 - 2014-11-22 22:47 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-22 22:44 - 2014-11-22 22:44 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-22 22:44 - 2014-11-22 22:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 22:44 - 2014-11-22 22:43 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-22 22:43 - 2014-11-22 22:43 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-22 22:31 - 2014-11-22 22:31 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-22 22:25 - 2014-11-22 22:25 - 00000000 _____ () C:\Users\Marko\Documents\License.avastlic
2014-11-22 22:08 - 2014-11-22 22:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-21 20:13 - 2014-11-23 04:24 - 00000000 ____D () C:\Users\Marko\AppData\Local\NPE
2014-11-20 06:38 - 2014-11-27 16:13 - 00000394 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marko.job
2014-11-20 06:38 - 2014-11-27 03:41 - 00002958 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marko
2014-11-20 06:38 - 2014-11-27 03:41 - 00000388 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Marko.job
2014-11-20 06:38 - 2014-11-26 06:42 - 00002954 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marko
2014-11-20 06:38 - 2014-11-26 06:42 - 00000384 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Marko.job
2014-11-20 06:38 - 2014-11-20 06:38 - 00003612 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Marko
2014-11-20 06:38 - 2014-11-20 06:38 - 00002662 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marko
2014-11-20 02:17 - 2014-11-20 02:17 - 00280656 _____ () C:\Windows\Minidump\112014-73195-01.dmp
2014-11-20 01:29 - 2014-11-22 11:56 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-20 01:28 - 2014-11-23 01:34 - 00000000 ___HD () C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}
2014-11-17 04:03 - 2014-11-21 12:48 - 00000130 _____ () C:\Users\Marko\Desktop\http--boobslovin.com-page-137-.url
2014-11-12 15:18 - 2014-11-27 03:13 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForMarko.job
2014-11-12 15:18 - 2014-11-26 03:18 - 00003164 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMarko
2014-11-03 00:54 - 2014-11-03 00:54 - 00000258 _____ () C:\Users\Marko\Desktop\Costume Masks, Halloween Mask, Medieval Masks and Latex Masks by Medieval Collectibles.url
2014-11-02 13:19 - 2014-11-02 13:19 - 00000527 _____ () C:\Users\Marko\Desktop\Blogger Hardmetal Brasil Um novo olhar sobre hard rock e heavy metal - Postar um comentário.url
2014-11-02 12:46 - 2014-11-02 12:46 - 00000446 _____ () C:\Users\Marko\Desktop\Revolution Rock 011 Diablo Swing Orchestra.url
2014-11-01 11:09 - 2014-11-01 11:09 - 00001202 _____ () C:\Users\Marko\Desktop\All for One and bleep Em All by Midnight Creeps.url
2014-10-29 01:43 - 2014-11-02 13:43 - 00000172 _____ () C:\Users\Marko\Desktop\http--boobslovin.com-page-134-.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 16:23 - 2012-11-30 23:25 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 16:14 - 2012-12-16 00:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-27 16:14 - 2012-11-30 23:25 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 16:13 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 16:02 - 2012-12-12 03:47 - 00000000 ____D () C:\Users\Marko\AppData\Local\CrashDumps
2014-11-27 16:02 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-27 15:57 - 2013-01-13 00:14 - 00000000 ____D () C:\Windows\Minidump
2014-11-27 15:56 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-11-27 15:55 - 2013-01-13 00:14 - 655683532 _____ () C:\Windows\MEMORY.DMP
2014-11-27 15:55 - 2012-08-03 17:23 - 01324998 _____ () C:\Windows\PFRO.log
2014-11-27 04:19 - 2012-11-30 22:45 - 01729064 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 04:11 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-27 03:57 - 2012-12-01 03:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-27 03:17 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-11-27 03:16 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-27 03:16 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-27 03:16 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-27 03:16 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-27 02:42 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-11-27 02:00 - 2012-12-16 00:49 - 00000528 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 298bb17d-3453-4cfa-8aed-27a927b3afe4.job
2014-11-27 00:49 - 2012-12-16 00:49 - 00000528 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2e031bde-7f3c-43d9-be41-7f13694c4ffb.job
2014-11-26 03:18 - 2012-11-30 22:42 - 00000000 ____D () C:\Users\Marko
2014-11-25 21:57 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-25 14:58 - 2012-12-01 03:10 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 23:38 - 2012-11-30 23:17 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-24 22:55 - 2012-09-18 19:07 - 00000000 ____D () C:\ProgramData\Norton
2014-11-24 22:49 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-11-24 22:49 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-24 22:22 - 2012-12-12 05:12 - 00000000 ____D () C:\Users\Marko\AppData\Local\Condusiv_Technologies
2014-11-24 22:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\TAPI
2014-11-24 13:31 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-23 22:00 - 2012-12-02 22:32 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-23 21:59 - 2012-12-10 23:39 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-22 01:56 - 2012-09-18 19:12 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2014-11-13 00:18 - 2012-11-30 23:25 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 00:18 - 2012-11-30 23:25 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-02 23:53 - 2012-07-26 02:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 22:12 - 2014-05-19 11:32 - 00000000 ____D () C:\Users\Marko\Desktop\DM
2014-10-31 23:26 - 2012-12-12 05:40 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 06:39

==================== End Of Log ============================

#5 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 27 November 2014 - 06:12 PM

Zoek exe file does not run. I disabled shields in avast, closed superantispyware and left free version malwarebytes alone. I run as admin and the windows message asking if I want to allow the program to make changes appears. I waited ten minutes and then downloaded it again. still nothing has appeared after another 10 minutes.

#6 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 27 November 2014 - 06:53 PM

got it.



Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by Marko on Thu 11/27/2014 at 18:34:32.91.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marko\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/27/2014 6:40:16 PM Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Users\Marko\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
R2 - [Diskeeper] - Diskeeper - c:\program files\condusiv technologies\diskeeper\dkservice.exe
R2 - [FPLService] - TrueSuiteService - c:\program files (x86)\hp simplepass\truesuiteservice.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
R2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe
R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe
R2 - [RealPlayer Cloud Service] - RealPlayer Cloud Service - c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe
R2 - [RealPlayerUpdateSvc] - RealPlayer Update Service - c:\program files (x86)\real\updateservice\realplayerupdatesvc.exe
R2 - [STacSV] - Audio Service - c:\program files\idt\wdm\stacsv64.exe
R2 - [ValBioService] - ValBioService - c:\program files\lenovo fingerprint reader\valbioservice.exe
R2 - [valWBFPolicyService] - Validity WBF Policy Service - c:\windows\system32\valwbfpolicyservice.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
S3 - [TrueService] - TrueAPI Service component - c:\program files\common files\authentec\trueservice.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 5597 MB
CPU Info: AMD A10-4600M APU with Radeon™ HD Graphics
CPU Speed: 2334.3 MHz
Sound Card: Speakers / HP (IDT High Definit |
Communication Headphones (IDT H |
Display Adapters: AMD Radeon HD 7660G | AMD Radeon HD 7660G | AMD Radeon HD 7660G | AMD Radeon HD 7660G
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter #2 | Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp DVD RAM UJ8B2
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 671.8GB | D: 26.1GB
Hard Disks - Free: C: 347.6GB | D: 3.1GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1
Time Zone: Eastern Standard Time
Motherboard *: Hewlett-Packard 18A6
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Firewall: avast! Antivirus disabled
Internet Explorer Version: 10.0.9200.17148
Google Chrome version: 39.0.2171.71
Flash Player version: 15.0.0.239
Shockwave Player version: 11.6.5r635

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-11-23 03:44:03 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\Marko\AppData\Local\Temp ====
2014-11-22 16:39:58 254A27FA704202A4D1EEE68C9C0E3639 8192 ----a-w- C:\Users\Marko\AppData\Local\Temp\3a70\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S9A15BR\SoftwareUpdater[2].exe
2014-11-22 16:38:11 254A27FA704202A4D1EEE68C9C0E3639 8192 ----a-w- C:\Users\Marko\AppData\Local\Temp\3a70\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S9A15BR\SoftwareUpdater[1].exe
2014-11-22 05:39:59 ABF4997C1B799394081CFB53D4727C01 8192 ----a-w- C:\Users\Marko\AppData\Local\Temp\170d4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQHYW5O0\jvlsetup[4].exe
2014-11-22 05:38:35 A8F4F528D4A15C878587E3F3346D70D0 5543 ----a-w- C:\Users\Marko\AppData\Local\Temp\170d4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQHYW5O0\jvlsetup[3].exe
2014-11-22 05:36:26 AC8B2A5965DC09BE929F73D05FFCFC2F 1163 ----a-w- C:\Users\Marko\AppData\Local\Temp\170d4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQHYW5O0\jvlsetup[2].exe
2014-11-22 05:33:40 C93FDAF7199380D6A393443E2BAE58D4 1163 ----a-w- C:\Users\Marko\AppData\Local\Temp\170d4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQHYW5O0\jvlsetup[1].exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-27 09:10:29 4D49E796F93BE211F537B18F03E89428 15360 ----a-w- C:\Windows\SysWOW64\eventcls.dll
2014-11-27 09:10:26 1B0CCFDF7C1D1FE543CAB4C2B4CD52AB 52224 ----a-w- C:\Windows\SysWOW64\vsstrace.dll
2014-11-27 09:10:25 5A48FF73B231D8A219AD381EA966BC63 1195520 ----a-w- C:\Windows\SysWOW64\vssapi.dll
2014-11-27 09:05:23 E26F65C88E31C613C79E547807D561B0 17562112 ----a-w- C:\Windows\SysWOW64\shell32.dll
2014-11-27 09:05:19 BDE81573863F60B45D9AF102A343B267 513536 ----a-w- C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-11-27 09:05:19 0BE9606A1175C7400ED862991453A847 458240 ----a-w- C:\Windows\SysWOW64\dnsapi.dll
2014-11-27 08:21:11 97F94237DEB2C5146F6A2CFFDFFDD378 106440 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-27 08:21:11 82CB5C6E9EE9B1CD1FD84B24A2BE0228 713672 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 11:08:00 F1F89FA475E12684BB0EBA360FC0EB7C 318976 ----a-w- C:\Windows\SysWOW64\schannel.dll
2014-11-26 11:07:58 800AB1F0B0A71D163A28F8B83A157B3D 72192 ----a-w- C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-26 11:04:53 B3EED38E70AC9568288A58852DD436E1 713728 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2014-11-26 11:04:50 8B74CC7C7BECBDF6C00060FAFB56A7BB 146944 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2014-11-26 11:01:21 8EE4E15CD5E62EA1FD3331F5BDCDF97B 2620928 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL
2014-11-26 11:01:19 7BB8D2AE467A8B2D88EDCDFBAC40964C 1408952 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2014-11-26 11:01:14 E182544D07146B762939CAAF5FA18495 478352 ----a-w- C:\Windows\SysWOW64\locale.nls
2014-11-26 11:01:08 E932B750A978F0A93BA7327FA04844DB 2032640 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll
2014-11-26 11:01:08 0621E6E20AABF521A91C74C9AD7A7663 96768 ----a-w- C:\Windows\SysWOW64\dwmapi.dll
2014-11-26 11:01:06 231C3AA139D74642AE7D957B7811EBD1 1220608 ----a-w- C:\Windows\SysWOW64\storagewmi.dll
2014-11-26 11:00:42 16DDE29F307B0663AFD8897442E065B7 8192 ----a-w- C:\Windows\SysWOW64\KBDRUM.DLL
2014-11-26 11:00:40 C7A3ACA54E11E2BDCEB46975EC8848BA 7168 ----a-w- C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-26 11:00:37 EDE03D06A35132D786C35FE5DD2F0B07 6656 ----a-w- C:\Windows\SysWOW64\KBDRU.DLL
2014-11-26 11:00:36 D57A1A110698E4A9B5FCEB536F90BAAF 6656 ----a-w- C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-26 11:00:36 6E34D6520DC74C611B6415B40B47808F 6144 ----a-w- C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-26 11:00:32 A08F2C30B46A60F81D66CB3FE3C14631 7168 ----a-w- C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-26 10:53:46 5152299EE007CBFF390B83062C052C95 567808 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
2014-11-26 10:51:01 E95E502611E33E83FF1FE0C0A143B74B 2043392 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll
2014-11-26 10:50:54 AA0796E335B8913322EF3B5B0FFC3663 227328 ----a-w- C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-26 10:50:54 91D7857BB977249F442EDD53CA2122CF 141824 ----a-w- C:\Windows\SysWOW64\rpchttp.dll
2014-11-26 10:50:52 D9D2DB0BB5B8FF79E1012A61EBA6356E 499712 ----a-w- C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-26 10:50:51 2B3289A8FF425A2421C940E839A16EC0 227840 ----a-w- C:\Windows\SysWOW64\FXSAPI.dll
2014-11-26 10:48:58 C5AC3F6E50500596320747DC96C8316E 5095424 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-11-26 10:48:54 61FDC4560746FD5579B69A83E497E20C 233472 ----a-w- C:\Windows\SysWOW64\winsta.dll
2014-11-26 10:48:54 2BE2BCA9EE6BACA15D57871657E58B0C 1049600 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-11-26 10:48:53 AC0B4E69B7CAC4643E3801C3C2169477 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2014-11-26 10:47:12 FC6608DAC34E4392DFA1F3321C3E9445 8858624 ----a-w- C:\Windows\SysWOW64\twinui.dll
2014-11-26 10:47:11 63AECC991FF55C65F583A2D16BDB6AE5 2416640 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-11-26 10:47:08 E08AD6127CFD2B2196E0219D535443F1 2037760 ----a-w- C:\Windows\SysWOW64\authui.dll
2014-11-26 10:47:00 977D36EA5A97EF972EEEEA97D33A98C5 295424 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2014-11-26 10:44:41 D4672231F8BA23F726F0705EA03D57C2 510464 ----a-w- C:\Windows\SysWOW64\rastls.dll
2014-11-26 10:44:29 DB20525B25EF6427BFFC2DCE2A0CF687 568832 ----a-w- C:\Windows\SysWOW64\WSShared.dll
2014-11-26 10:43:44 F4C1E92962A66CEB7A49811BE62ABA5A 1418752 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2014-11-26 10:43:43 A2C7DD72861F271D6916BBB866ABE48F 68096 ----a-w- C:\Windows\SysWOW64\packager.dll
2014-11-26 10:43:15 BBC180F529B08A65100536A08724ED58 1126400 ----a-w- C:\Windows\SysWOW64\user32.dll
2014-11-26 10:43:07 AEFC2C5E01740C731C1C451752606471 27648 ----a-w- C:\Windows\SysWOW64\sscore.dll
2014-11-26 10:41:09 38A255D2EA229F731967B0A4291D6B06 452608 ----a-w- C:\Windows\SysWOW64\SHCore.dll
2014-11-26 10:41:05 CD132421F3E2A665EB746ECBA74316A5 666624 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-11-26 10:41:03 13937172E5F58FCF9DF67F252496B139 187904 ----a-w- C:\Windows\SysWOW64\pku2u.dll
2014-11-26 10:38:02 1122B660FD27AB3BC94534B5EA98259C 754176 ----a-w- C:\Windows\SysWOW64\actxprxy.dll
2014-11-26 10:34:17 9E693725F153CD9EF08E90D58EBEBC54 14368768 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-11-26 10:33:59 8D4A22F77C915F95BD43D0B87EF9DD16 2055168 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-11-26 10:33:56 25675CBC95EFE46BADB77517E6BC4DAA 13758464 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-11-26 10:33:52 D7B42130AAE3AED8E487619A9E1BF351 1762816 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-11-26 10:33:49 005C724A03D515C021B5C99DF233D626 1181696 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-11-26 10:33:45 8B9B8B299EA8F3459258651F2715800A 1441280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-11-26 10:33:38 D790BF4857C770303BAD1EFAB9B019C2 2861568 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-11-26 10:33:37 DA243158233832634ED12CB4DC10A1B1 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-11-26 10:33:36 FA76509E854E2B56D86B519515DEB941 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2014-11-26 10:33:35 1D3967BB5CF911B10C59BD9B8A9B2C30 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-11-26 10:33:33 46A456C8E7D2D9A08F56390FF328C27E 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-11-26 10:33:32 8D3B447D5C77D51878B765D1E8412999 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2014-11-26 10:33:31 F20D4C62654EA7AE56D001F33523529B 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-11-26 10:33:30 6C9C9A3DB148AFC5F77BD0D84BC9248C 80384 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-11-26 10:33:28 CE3C1060585125EA8471969106BFC2DB 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-11-26 10:33:27 989FF71C719526B95264AAA15DA4058C 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-11-26 10:33:26 C540DD7B005B2DC87908B816EF53A7CD 44032 ----a-w- C:\Windows\SysWOW64\UXInit.dll
2014-11-26 10:33:24 8D471DA9EF322368D93FC4DC0D3A4F85 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-11-26 10:33:23 048E882BD570E31639757F079FD80E14 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-11-26 10:33:20 48253CE1F969428CBAC79C4A707E4A59 534528 ----a-w- C:\Windows\SysWOW64\uxtheme.dll
2014-11-26 10:33:20 19B1DC0ED949D5BA2F96EC68CE792F3E 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-27 20:57:14 27F496FBD15DFC50EDDBCD1C6A22C789 292600 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2014-11-27 09:10:28 4C7A3D08B4C617AA9BC8D9C10F2F4019 17408 ----a-w- C:\Windows\Sysnative\eventcls.dll
2014-11-27 09:10:27 2E9F4330645108C6A35EAB1120CD96D4 69632 ----a-w- C:\Windows\Sysnative\vsstrace.dll
2014-11-27 09:10:24 20C01B1C480554BD060272573259890F 1519104 ----a-w- C:\Windows\Sysnative\vssapi.dll
2014-11-27 09:10:23 FE37051171F3B90B18037FDBAC5B9D76 1484288 ----a-w- C:\Windows\Sysnative\VSSVC.exe
2014-11-27 09:05:27 06B59051EA619EB028B9CF2F8B6F5CDC 19764736 ----a-w- C:\Windows\Sysnative\shell32.dll
2014-11-27 09:05:21 6DEE155EE2983829EB0F28035083B79A 673792 ----a-w- C:\Windows\Sysnative\mfmpeg2srcsnk.dll
2014-11-27 09:05:20 7904C03BF9C0C0337563FFAA97D0ACE8 623616 ----a-w- C:\Windows\Sysnative\dnsapi.dll
2014-11-27 09:05:14 B9450BC3F1820A99D010D7426BCA60E9 212992 ----a-w- C:\Windows\Sysnative\dnsrslvr.dll
2014-11-26 11:08:01 3DA84EED8FD188EA00FAF7352D3C8A22 414208 ----a-w- C:\Windows\Sysnative\schannel.dll
2014-11-26 11:07:58 76714016993263794ECBF8EF317F6E45 86528 ----a-w- C:\Windows\Sysnative\ncryptsslp.dll
2014-11-26 11:05:17 7AFD5CA6E87242AD40FBBACBEC199177 4068864 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-11-26 11:04:56 2ADDCFA35A7D45FDB883312821E2561C 3248640 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2014-11-26 11:04:53 76E0CE29EF5BC3EEDC7962AE18508FC1 713728 ----a-w- C:\Windows\Sysnative\adtschema.dll
2014-11-26 11:04:50 94C0D6C5B967720B59B134DDDA97FC7A 146944 ----a-w- C:\Windows\Sysnative\msaudite.dll
2014-11-26 11:01:31 DD92DF2E4B94B64C3D31DE27A06D1575 1824784 ----a-w- C:\Windows\Sysnative\ntdll.dll
2014-11-26 11:01:24 1BE05DA2BDD01C2B55E8EF932CEFC590 1023488 ----a-w- C:\Windows\Sysnative\localspl.dll
2014-11-26 11:01:17 3D353BA6A5A2A39AC34034FF57CAEDE9 1539584 ----a-w- C:\Windows\Sysnative\storagewmi.dll
2014-11-26 11:01:15 4930F66E2F2BC026DBA513CBE2F38DB1 2842112 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL
2014-11-26 11:01:14 E182544D07146B762939CAAF5FA18495 478352 ----a-w- C:\Windows\Sysnative\locale.nls
2014-11-26 11:01:13 F43314B83101DEBF7D7CCD42493CFC60 263680 ----a-w- C:\Windows\Sysnative\wcmsvc.dll
2014-11-26 11:01:13 50FDEA8EDF71EB1A9F6C76D6E613BC60 2238464 ----a-w- C:\Windows\Sysnative\d3d10warp.dll
2014-11-26 11:01:11 11FAD2D291E172B95FCB54B4B1CE508F 1403896 ----a-w- C:\Windows\Sysnative\winload.efi
2014-11-26 11:01:10 9C7C5190CD04EFAD1A71A4D6A8A44FDE 1271664 ----a-w- C:\Windows\Sysnative\winload.exe
2014-11-26 11:01:05 C5FE4940CA3C5FB2EAB6C39C3FC456AD 117248 ----a-w- C:\Windows\Sysnative\dwmapi.dll
2014-11-26 11:01:03 7319B31138CF508E0C4502946657A4B4 209920 ----a-w- C:\Windows\Sysnative\profsvc.dll
2014-11-26 11:01:03 5AAB01B8725DC24CA6B3FC5012D70DB9 74752 ----a-w- C:\Windows\Sysnative\wcmcsp.dll
2014-11-26 11:00:59 FC1569B5705887D74FE7C8A39BE1C71C 340480 ----a-w- C:\Windows\Sysnative\defragsvc.dll
2014-11-26 11:00:59 12A626D63F58DACEB63BD41C7D86B09A 733184 ----a-w- C:\Windows\Sysnative\win32spl.dll
2014-11-26 11:00:45 9BD3DE5E420C4123BA08613270764AC4 181248 ----a-w- C:\Windows\Sysnative\Defrag.exe
2014-11-26 11:00:44 05CA44CAA9C4FB53923E1A9E44EA0F0F 8704 ----a-w- C:\Windows\Sysnative\KBDRUM.DLL
2014-11-26 11:00:41 03D0D2E49D71AD3F0D545F5F915B10F9 7168 ----a-w- C:\Windows\Sysnative\KBDTAT.DLL
2014-11-26 11:00:40 B495BC16629E0BCED17CEFD25C23964E 6656 ----a-w- C:\Windows\Sysnative\KBDRU.DLL
2014-11-26 11:00:38 DF9F74432FB1CE9178F33E276A4431BA 6656 ----a-w- C:\Windows\Sysnative\KBDBASH.DLL
2014-11-26 11:00:37 DCFD9072A8A1AFCBFB0E05B32C9150EB 7168 ----a-w- C:\Windows\Sysnative\KBDYAK.DLL
2014-11-26 11:00:37 9ED8C4F352416C11C73C6D912906CA79 7168 ----a-w- C:\Windows\Sysnative\KBDRU1.DLL
2014-11-26 10:53:45 87C2B38DF709D99371124DD5E981EE97 778240 ----a-w- C:\Windows\Sysnative\oleaut32.dll
2014-11-26 10:51:40 E68F456AF77E45A53DE634B2A361F16E 522728 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2014-11-26 10:51:40 37B2C3BFD6E259A5CBC0053100908157 783872 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2014-11-26 10:51:39 8FB10919E1283FD108334FDBFB173574 169472 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll
2014-11-26 10:51:39 832D5BEB0478B52EE1698428DC23C2C2 267264 ----a-w- C:\Windows\Sysnative\EncDump.dll
2014-11-26 10:51:22 A92EF73B02686B7E6F070B486512DB88 389176 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml
2014-11-26 10:51:05 89DA335401D956F2696E35A38817BE19 2837504 ----a-w- C:\Windows\Sysnative\WsmSvc.dll
2014-11-26 10:50:59 81D75DB1FCE576D5BAA2E0F568D224EF 309248 ----a-w- C:\Windows\Sysnative\WsmWmiPl.dll
2014-11-26 10:50:54 FEE098DF4EFFD13F520277AA156D559E 188928 ----a-w- C:\Windows\Sysnative\rpchttp.dll
2014-11-26 10:50:51 00EECDBA8B58623470681044B606DD5B 609280 ----a-w- C:\Windows\Sysnative\FXSCOMEX.dll
2014-11-26 10:50:50 37C202C17E989578690756A75C120F0C 254976 ----a-w- C:\Windows\Sysnative\FXST30.dll
2014-11-26 10:50:49 3CD0811267360076328984561FA399E9 616448 ----a-w- C:\Windows\Sysnative\FXSAPI.dll
2014-11-26 10:50:47 06814BF85FF787026BEEB23A4D49719E 432640 ----a-w- C:\Windows\Sysnative\FXSTIFF.dll
2014-11-26 10:48:59 F518FD5FDD680629673C9DC77DC0EEC6 5982208 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-11-26 10:48:55 2B3D2FDF50EDABEBE0A9E6F741C81858 724992 ----a-w- C:\Windows\Sysnative\termsrv.dll
2014-11-26 10:48:54 6D6C2DA65E13E51F75BBE2ACA3A48835 300544 ----a-w- C:\Windows\Sysnative\winsta.dll
2014-11-26 10:48:54 155779F35206A76C7126273F9D5AD2EE 1125376 ----a-w- C:\Windows\Sysnative\mstsc.exe
2014-11-26 10:47:10 25A05112F470B22A9B4AEDC7BC0E4C0B 2885632 ----a-w- C:\Windows\Sysnative\msi.dll
2014-11-26 10:47:08 DDA84431EC8B11A1C5DA66BAD476424D 2307072 ----a-w- C:\Windows\Sysnative\authui.dll
2014-11-26 10:47:05 F08961951319B772AA3C32113E107483 10115072 ----a-w- C:\Windows\Sysnative\twinui.dll
2014-11-26 10:47:01 020C789C8481A6A0E8363ABBBD505574 393216 ----a-w- C:\Windows\Sysnative\msihnd.dll
2014-11-26 10:44:41 B70195713474BB161AB88AF3FAA8B99A 585728 ----a-w- C:\Windows\Sysnative\rastls.dll
2014-11-26 10:44:31 546E25DFB035828FA21E75C50EBF1768 10777 ----a-w- C:\Windows\Sysnative\AutoconfigV2.cab
2014-11-26 10:44:31 20C5D70BAD65BA200CE906351F4CA007 582552 ----a-w- C:\Windows\Sysnative\AutoUpdate.exe
2014-11-26 10:44:31 12EB318D09814572D6EA8A639EB68517 695808 ----a-w- C:\Windows\Sysnative\WSShared.dll
2014-11-26 10:44:29 285CFFDB3D91627EB1979302E5F277FC 462760 ----a-w- C:\Windows\Sysnative\NotificationUI.exe
2014-11-26 10:44:27 E02B7D16DA0F325940DA6F270B876724 125952 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll
2014-11-26 10:44:27 D445081E191E44AC51ADFB900FB92350 198656 ----a-w- C:\Windows\Sysnative\Windows.ApplicationModel.Store.dll
2014-11-26 10:43:46 6F4DB6ED4AB48721D7E477B301177AFA 1845760 ----a-w- C:\Windows\Sysnative\msxml3.dll
2014-11-26 10:43:43 AE54A060C9A76ADACD6A09BCA83D50BF 79872 ----a-w- C:\Windows\Sysnative\packager.dll
2014-11-26 10:43:18 FAC7814096952227B0EBB08175D82B40 1341952 ----a-w- C:\Windows\Sysnative\user32.dll
2014-11-26 10:43:18 05A5B36592BB5F371B6AB020A2691E42 305664 ----a-w- C:\Windows\Sysnative\srvsvc.dll
2014-11-26 10:43:16 4E94CA181141C246CBC25CCE2BF05DCF 1549824 ----a-w- C:\Windows\Sysnative\msdtctm.dll
2014-11-26 10:43:08 05A31B89EAF676D2A57A51CC2462F4A1 35840 ----a-w- C:\Windows\Sysnative\sscore.dll
2014-11-26 10:41:09 01CA660050B7228B99C9A2FC9A3D6979 588288 ----a-w- C:\Windows\Sysnative\SHCore.dll
2014-11-26 10:41:08 20ED904FE289689B076D5DB690C5CA77 1281536 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-11-26 10:41:07 822797E780335497E0CC7D059ADF64B6 827904 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-11-26 10:41:03 2ACBE51AA462AD845D2F484780AA312C 238080 ----a-w- C:\Windows\Sysnative\pku2u.dll
2014-11-26 10:38:03 AF6D3CC749D97FDC7E4C6051CA296B7F 2146304 ----a-w- C:\Windows\Sysnative\actxprxy.dll
2014-11-26 10:34:33 BB9EDB136C117014C9ECC281E15568F3 19284480 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-11-26 10:34:06 71882DBD92A58EC265508E5F4F5894B3 15399424 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-11-26 10:34:03 237DD0E5230B0E78C09836D888798380 2655232 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-11-26 10:34:01 4E0BA41211B870111B8DE9B03B49C18E 2237952 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-11-26 10:33:51 CAFB7296295D473364DE6B57C970A445 1409536 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-11-26 10:33:45 469B033F7E48F7B9943523055FA1EAF9 1509376 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-11-26 10:33:44 71B20011967F1E4F550A8DDD095C8251 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-11-26 10:33:40 1952844CFCB6BEA72CFE538F2E951A1D 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll
2014-11-26 10:33:40 02D8C74F640D2116E07A46AD7D4064E4 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-11-26 10:33:38 A1D32506F067DF92455C9306669D933F 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-11-26 10:33:36 2094F0FBF3E4FF5B53DD46C2C4BFBD6D 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-11-26 10:33:35 624EA391F837DD143B649C62D0A661F9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2014-11-26 10:33:34 D39E6B207EEA4867BD62FBC511C320E0 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-11-26 10:33:32 D0FE275A6C25CD1BD6B40C726E87564A 197120 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-11-26 10:33:31 CCA72EBB1E4B0849EA251211F7C1B4AE 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-11-26 10:33:30 305A20D511396D77C9A81EC1A6D4F243 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2014-11-26 10:33:27 C987F9E6981F1EDF7AAC65A8734D4267 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-11-26 10:33:27 124F008B1CEC1FA16A4B4665C34BC76B 451584 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-11-26 10:33:26 88D1D38F87E4EF2129E6988E08CAB222 53760 ----a-w- C:\Windows\Sysnative\UXInit.dll
2014-11-26 10:33:24 FBCCEDE1720306CBC2D448248CDA0772 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-11-26 10:33:24 345BEAB65EB2DD9A9813C97C559972AE 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-11-26 10:33:19 7D996CEA7CDA7342FE091ADFF14DFAB0 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-11-23 03:44:24 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\Sysnative\aswBoot.exe
====== C:\Windows\Sysnative\drivers =====
2014-11-26 11:01:00 AA37946941ED3805AB3A924965907147 328000 ----a-w- C:\Windows\Sysnative\drivers\volsnap.sys
2014-11-26 10:51:02 2AE9136724568DB4F08BC04F131CFC54 2233152 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-11-26 10:51:00 11B9DC4FF08E11CB1E77F4C0822B83C9 328512 ----a-w- C:\Windows\Sysnative\drivers\Classpnp.sys
2014-11-26 10:45:43 FAC362ED29713A535C6E2EEFFA5B4733 270024 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys
2014-11-26 10:45:41 B7FD627AAE8E95848BFEC437C923A87E 35320 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys
2014-11-26 10:43:20 B56A855B23676CCE05B626C6037FD02F 674304 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys
2014-11-26 10:43:19 14EE56050E1637926F5CFA65B1F4209B 404480 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2014-11-26 10:43:18 0AA400AB21745F1153ECE75E0186509A 211456 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2014-11-26 10:43:17 78E9665C8DC59106D133CBEF0F0C3DE3 250368 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys
2014-11-26 10:43:15 FAAB461D5AEB21EE5FC5C0DBD6648223 447296 ----a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS
2014-11-26 10:41:07 0EB535ADDC065F2D0CBFC089630A6065 171840 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-11-24 18:28:16 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-24 18:27:00 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-24 18:26:59 D1F2D4DF0A5D3B700794E26356A55B44 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-24 18:26:59 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-23 03:45:43 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-11-23 03:45:40 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-11-23 03:45:34 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2014-11-23 03:45:29 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-11-23 03:45:22 2DA1C1AEDF454F8E32A863A1AEACDD8C 83280 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-11-23 03:45:15 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2014-11-23 03:45:11 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-11-23 03:45:05 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\Windows\Sysnative\drivers\aswsnx.sys
2014-11-23 03:44:59 EAFC6970073525E98D4D0E2B56741227 28184 ----a-w- C:\Windows\Sysnative\drivers\aswKbd.sys
2014-11-23 03:43:36 8025E7521EB601207627E8B4722ACE19 449936 ----a-w- C:\Windows\Sysnative\drivers\aswNdisFlt.sys
====== C:\Windows\Tasks ======
2014-11-27 08:23:52 C730C22B71FB52B3FF38BA5DE19CD2B7 3362 ----a-w- C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-25 17:35:59 99EE61E94A24C5A97791D498843FA852 3340 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-23 03:46:27 554705035BFC85560DF98EA877CE1F7D 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-11-20 11:38:12 720DDA0679B5E1F2CDB8542584084C23 3612 ----a-w- C:\Windows\Sysnative\Tasks\RNUpgradeHelperResumePrompt_Marko
2014-11-20 11:38:05 2A451794CBA9E7AA53DCE97168634E5E 2958 ----a-w- C:\Windows\Sysnative\Tasks\ReclaimerUpdateFiles_Marko
2014-11-20 11:38:04 22E195A5AB8FDA3829C4B6EC07932E25 388 ----a-w- C:\Windows\Tasks\ReclaimerUpdateFiles_Marko.job
2014-11-20 11:38:03 9B7E24C7F2B4303C193B8CFDD5ACFB01 384 ----a-w- C:\Windows\Tasks\ReclaimerUpdateXML_Marko.job
2014-11-20 11:38:03 7E0C67940D3AF454BA01024AA7B8ADE4 2954 ----a-w- C:\Windows\Sysnative\Tasks\ReclaimerUpdateXML_Marko
2014-11-12 20:18:57 D35AAA33DDC1CD0196CB1623EC76FBDC 3164 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForMarko
2014-11-12 20:18:57 77E264B5946BDCC5B2AD91439C33F166 350 ----a-w- C:\Windows\Tasks\HPCeeScheduleForMarko.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
2014-11-27 21:50:46 !HASH: COULD NOT OPEN FILE !!!!! 0 --sha-w- C:\DkHyperbootSync
====== C:\Users\Marko\AppData\Roaming ======
2014-11-24 17:43:08 -------- d-----w- C:\Users\Marko\AppData\Local\Programs
2014-11-22 01:13:10 -------- d-----w- C:\Users\Marko\AppData\Local\NPE
====== C:\Users\Marko ======
2014-11-27 21:21:05 AD94C6A77FCEBDE1B56B4B124D65805D 2117632 ----a-w- C:\Users\Marko\Desktop\FRST64.exe
2014-11-27 21:13:45 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp
2014-11-27 21:07:59 7650EF7FFE338A50ADE28288FB601B7A 186568 ----a-w- C:\Users\Marko\Desktop\ESETPoweliksCleaner.exe
2014-11-26 18:56:57 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Marko\Desktop\dds.com
2014-11-24 17:24:28 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Marko\Documents\mbam-setup-2.0.3.1025.exe
2014-11-23 18:49:25 4DEDE96BD568BD11DC92C6D893666E1E 32507072 ----a-w- C:\Users\Marko\Documents\Windows-KB890830-x64-V5.18.exe
2014-11-20 06:29:19 -------- d-----w- C:\ProgramData\Windows Genuine Advantage
2014-11-20 06:28:27 -------- d--h--w- C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}

====== C: exe-files ==
2014-11-26 10:33:47 95F20403548F47822B6F96F2D6B2AA20 775312 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-11-26 10:33:47 0E144293FBAECD79A045B336FA6C0F0D 770704 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-11-26 10:33:43 EDBEE1FFEE2F0A804B32BBD5317C3B84 485376 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-11-26 10:33:42 B62CEFF31A4CB18804727FA28381165A 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-11-26 06:23:58 9D83E2859AC027E8C505CB4D1931AF47 1117264 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.71\39.0.2171.71_39.0.2171.65_chrome_updater.exe
2014-11-22 05:39:59 ABF4997C1B799394081CFB53D4727C01 8192 ----a-w- C:\Users\Marko\AppData\Local\Temp\170d4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQHYW5O0\jvlsetup[4].exe
2014-11-22 05:38:35 A8F4F528D4A15C878587E3F3346D70D0 5543 ----a-w- C:\Users\Marko\AppData\Local\Temp\170d4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQHYW5O0\jvlsetup[3].exe
2014-11-22 05:36:26 AC8B2A5965DC09BE929F73D05FFCFC2F 1163 ----a-w- C:\Users\Marko\AppData\Local\Temp\170d4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQHYW5O0\jvlsetup[2].exe
2014-11-22 05:33:40 C93FDAF7199380D6A393443E2BAE58D4 1163 ----a-w- C:\Users\Marko\AppData\Local\Temp\170d4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQHYW5O0\jvlsetup[1].exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3577962383-2107934119-3180764031-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"Amazon Cloud Player"="C:\Users\Marko\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"Amazon Cloud Player"="C:\Users\Marko\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2014-06-22 03:47:06 1212 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/25/2014 02:58 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/30/2012 11:25 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/30/2012 11:25 PM]
C:\Windows\tasks\HPCeeScheduleForMarko.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/14/2010 12:15 AM]
C:\Windows\tasks\ReclaimerUpdateFiles_Marko.job --a-------- C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [11/20/2014 03:37 AM]
C:\Windows\tasks\ReclaimerUpdateXML_Marko.job --a-------- C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [11/20/2014 03:37 AM]
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marko.job --a-------- C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [11/20/2014 03:37 AM]
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 298bb17d-3453-4cfa-8aed-27a927b3afe4.job --a-------- C:\Program Files\SUPERAntiSpyware\SASTask.exe [05/04/2011 12:52 PM]
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2e031bde-7f3c-43d9-be41-7f13694c4ffb.job --a-------- C:\Program Files\SUPERAntiSpyware\SASTask.exe [05/04/2011 12:52 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForMarko" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLJOJMJJMGMNMMJLMCNMJJJGMGMCNLMNMOMOMCNHMJMKJNMCNLJMJGMPMOMLMLMHMMJNJNJJMJNJICMIMCNGMCNGMFMOMPMCNPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMMJBJKJLIMJFMJMLMNMJNHICMMJBJKJLIMJJNBJCMCLOJNIEJAJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMNMOMLMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\ReclaimerUpdateFiles_Marko" [C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe]
"C:\Windows\SysNative\tasks\ReclaimerUpdateXML_Marko" [C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe]
"C:\Windows\SysNative\tasks\RNUpgradeHelperLogonPrompt_Marko" [C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe]
"C:\Windows\SysNative\tasks\RNUpgradeHelperResumePrompt_Marko" [C:\Users\Marko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe]
"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 298bb17d-3453-4cfa-8aed-27a927b3afe4" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 2e031bde-7f3c-43d9-be41-7f13694c4ffb" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Thu 11/27/2014 at 18:50:56.33 ======================

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 PM

Posted 28 November 2014 - 02:02 PM

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.2KB   2 downloads
 
 
After the Reboot:
 
Step 2

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif


Step 3


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif 
  
 
Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 29 November 2014 - 02:39 AM

ran the first step and got the log file but the program is still running after 2 hours. Is it safe to restart or is something wrong? Both files are on my desktop.

#9 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 29 November 2014 - 03:13 AM

It took longer than I expected but it finally finished. Compute seems ok, except internet explorer stops responding frequently and sometimes closes on its own.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Marko at 2014-11-28 22:26:24 Run:1
Running from C:\Users\Marko\Desktop
Loaded Profile: Marko (Available profiles: Marko & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
2014-11-20 01:29 - 2014-11-22 11:56 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-20 01:28 - 2014-11-23 01:34 - 00000000 ___HD () C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}
EmptyTemp:

*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
"HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key not found.
"HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
"HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key not found.
"HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51} => Moved successfully.
EmptyTemp: => Removed 14.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#10 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 29 November 2014 - 03:24 AM

03:14:01.0838 0x01e4  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
03:14:01.0838 0x01e4  UEFI system
03:14:21.0166 0x01e4  ============================================================
03:14:21.0166 0x01e4  Current date / time: 2014/11/29 03:14:21.0166
03:14:21.0166 0x01e4  SystemInfo:
03:14:21.0166 0x01e4 
03:14:21.0166 0x01e4  OS Version: 6.2.9200 ServicePack: 0.0
03:14:21.0166 0x01e4  Product type: Workstation
03:14:21.0166 0x01e4  ComputerName: MARKOLAP
03:14:21.0166 0x01e4  UserName: Marko
03:14:21.0166 0x01e4  Windows directory: C:\Windows
03:14:21.0166 0x01e4  System windows directory: C:\Windows
03:14:21.0166 0x01e4  Running under WOW64
03:14:21.0166 0x01e4  Processor architecture: Intel x64
03:14:21.0166 0x01e4  Number of processors: 4
03:14:21.0166 0x01e4  Page size: 0x1000
03:14:21.0166 0x01e4  Boot type: Normal boot
03:14:21.0166 0x01e4  ============================================================
03:14:23.0157 0x01e4  KLMD registered as C:\Windows\system32\drivers\58824616.sys
03:14:23.0474 0x01e4  System UUID: {F1639180-1F9E-66E1-DBFA-E22FA1F5989B}
03:14:24.0301 0x01e4  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:14:24.0301 0x01e4  Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 ( 14.91 Gb ), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:14:24.0317 0x01e4  ============================================================
03:14:24.0317 0x01e4  \Device\Harddisk0\DR0:
03:14:24.0317 0x01e4  GPT partitions:
03:14:24.0317 0x01e4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {773715E0-C3F5-4EEF-B05B-A1D4AE4E1DDA}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
03:14:24.0317 0x01e4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {41EB3E67-131D-437C-881E-F37F77C98654}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
03:14:24.0317 0x01e4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E6DEB51D-D5BB-418C-AA4B-5263C98F14B4}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
03:14:24.0317 0x01e4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {419978E0-E709-45B4-9D42-F9B4F069DB83}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x53F9D800
03:14:24.0317 0x01e4  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {63DDE116-AE19-41A6-9A62-75E577319C91}, Name: Basic data partition, StartLBA 0x54128000, BlocksNum 0x341E000
03:14:24.0317 0x01e4  MBR partitions:
03:14:24.0317 0x01e4  \Device\Harddisk1\DR1:
03:14:24.0317 0x01e4  MBR partitions:
03:14:24.0317 0x01e4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
03:14:24.0317 0x01e4  ============================================================
03:14:24.0364 0x01e4  C: <-> \Device\Harddisk0\DR0\Partition4
03:14:24.0504 0x01e4  D: <-> \Device\Harddisk0\DR0\Partition5
03:14:24.0504 0x01e4  ============================================================
03:14:24.0504 0x01e4  Initialize success
03:14:24.0504 0x01e4  ============================================================
03:15:09.0362 0x1a50  ============================================================
03:15:09.0362 0x1a50  Scan started
03:15:09.0362 0x1a50  Mode: Manual;
03:15:09.0362 0x1a50  ============================================================
03:15:09.0362 0x1a50  KSN ping started
03:15:11.0957 0x1a50  KSN ping finished: true
03:15:13.0896 0x1a50  ================ Scan system memory ========================
03:15:13.0896 0x1a50  System memory - ok
03:15:13.0912 0x1a50  ================ Scan services =============================
03:15:14.0005 0x1a50  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:15:14.0005 0x1a50  !SASCORE - ok
03:15:15.0196 0x1a50  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
03:15:15.0212 0x1a50  1394ohci - ok
03:15:15.0243 0x1a50  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
03:15:15.0243 0x1a50  3ware - ok
03:15:15.0290 0x1a50  [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
03:15:15.0305 0x1a50  Accelerometer - ok
03:15:15.0336 0x1a50  [ A3BDA4D1186C8F47FA1BC8E91F197537, 9E0D9E5DD562E0D28874F272929736A8669903D755A7D214DCE7385CB34DD3A6 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
03:15:15.0352 0x1a50  ACPI - ok
03:15:15.0383 0x1a50  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
03:15:15.0383 0x1a50  acpiex - ok
03:15:15.0430 0x1a50  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
03:15:15.0430 0x1a50  acpipagr - ok
03:15:15.0461 0x1a50  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
03:15:15.0461 0x1a50  AcpiPmi - ok
03:15:15.0492 0x1a50  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
03:15:15.0492 0x1a50  acpitime - ok
03:15:15.0804 0x1a50  [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:15:15.0836 0x1a50  AdobeFlashPlayerUpdateSvc - ok
03:15:16.0569 0x1a50  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
03:15:16.0584 0x1a50  adp94xx - ok
03:15:16.0631 0x1a50  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
03:15:16.0647 0x1a50  adpahci - ok
03:15:16.0678 0x1a50  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
03:15:16.0694 0x1a50  adpu320 - ok
03:15:16.0756 0x1a50  [ AB34A3211A1D2AB977DE00CD7BC5A464, B893D957718BB56E10CAFE5F393AAC62FC541B391539B06D6C684AEB37B685F1 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
03:15:16.0756 0x1a50  AeLookupSvc - ok
03:15:16.0834 0x1a50  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\Windows\system32\drivers\afd.sys
03:15:16.0850 0x1a50  AFD - ok
03:15:16.0912 0x1a50  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
03:15:16.0912 0x1a50  agp440 - ok
03:15:16.0959 0x1a50  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
03:15:16.0975 0x1a50  ALG - ok
03:15:17.0037 0x1a50  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
03:15:17.0068 0x1a50  AllUserInstallAgent - ok
03:15:17.0099 0x1a50  [ 2809D7ACA9491712AB6F328816BA1B48, A83F7C048801C2E5024CB1CC51E47DDF04CF6FB33FE344B6A2839BD255F7E9AE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:15:17.0120 0x1a50  AMD External Events Utility - ok
03:15:17.0214 0x1a50  AMD FUEL Service - ok
03:15:17.0323 0x1a50  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
03:15:17.0338 0x1a50  AmdK8 - ok
03:15:17.0884 0x1a50  [ 73053682B449256FA24F0E0CFA009911, 77723E7B5898BB3FB528B31D08FA2161CFCE2FA4446617360E2A71D68275BF9C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
03:15:18.0181 0x1a50  amdkmdag - ok
03:15:18.0274 0x1a50  [ 6EA10EC0B15CBF698E7295EA73E880D0, CCF09F357EEA70FF2D8F70A37B50AB45AF53AC1BC96D1286AA506AF0916C334A ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
03:15:18.0290 0x1a50  amdkmdap - ok
03:15:18.0337 0x1a50  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
03:15:18.0337 0x1a50  AmdPPM - ok
03:15:18.0399 0x1a50  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
03:15:18.0399 0x1a50  amdsata - ok
03:15:18.0477 0x1a50  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
03:15:18.0493 0x1a50  amdsbs - ok
03:15:18.0524 0x1a50  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
03:15:18.0524 0x1a50  amdxata - ok
03:15:18.0571 0x1a50  [ 0E6F9683928F99DF16E0E7924E4807D9, D236F8BCC233370E86F6A474F7576601E10AEC5923B9ED168FEF6303228F940E ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
03:15:18.0571 0x1a50  amd_sata - ok
03:15:18.0680 0x1a50  [ F9254DE6FA0A2782A4810726F2D677EF, C6FBDC24E48EE330D47C5A4726633207EE90B841D2A62900E1B2CDACAC7F2B58 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
03:15:18.0695 0x1a50  amd_xata - ok
03:15:18.0773 0x1a50  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
03:15:18.0773 0x1a50  AODDriver4.2 - ok
03:15:18.0898 0x1a50  [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
03:15:18.0929 0x1a50  AppHostSvc - ok
03:15:18.0961 0x1a50  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
03:15:18.0961 0x1a50  AppID - ok
03:15:19.0039 0x1a50  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
03:15:19.0054 0x1a50  AppIDSvc - ok
03:15:19.0137 0x1a50  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
03:15:19.0137 0x1a50  Appinfo - ok
03:15:19.0231 0x1a50  [ 44695679881DEB85CAD7C249B151066E, A44413ACA911DDB5757DE9F9ECC3968979C47617CF9DF81B24E7ECDE7E0D54BC ] APXACC          C:\Windows\system32\DRIVERS\appexDrv.sys
03:15:19.0246 0x1a50  APXACC - ok
03:15:19.0309 0x1a50  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
03:15:19.0309 0x1a50  arc - ok
03:15:19.0325 0x1a50  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
03:15:19.0340 0x1a50  arcsas - ok
03:15:19.0558 0x1a50  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:15:19.0590 0x1a50  aspnet_state - ok
03:15:19.0621 0x1a50  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
03:15:19.0621 0x1a50  aswHwid - ok
03:15:19.0699 0x1a50  [ EAFC6970073525E98D4D0E2B56741227, 361A4FEE9DAA30780C9C144A7285ACC23DDB6FD2DF80DBC19CFA138E6C5BEAE5 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
03:15:19.0699 0x1a50  aswKbd - ok
03:15:19.0746 0x1a50  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
03:15:19.0746 0x1a50  aswMonFlt - ok
03:15:19.0824 0x1a50  [ 8025E7521EB601207627E8B4722ACE19, E4DB4CD0BAF7F1CDF71F5C01CF44654C415AEE7FB24235D9396EDC2B4D81AD5E ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
03:15:19.0839 0x1a50  aswNdisFlt - ok
03:15:19.0902 0x1a50  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
03:15:19.0902 0x1a50  aswRdr - ok
03:15:19.0917 0x1a50  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
03:15:19.0917 0x1a50  aswRvrt - ok
03:15:20.0026 0x1a50  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
03:15:20.0058 0x1a50  aswSnx - ok
03:15:20.0089 0x1a50  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
03:15:20.0104 0x1a50  aswSP - ok
03:15:20.0167 0x1a50  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
03:15:20.0182 0x1a50  aswStm - ok
03:15:20.0229 0x1a50  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
03:15:20.0229 0x1a50  aswVmm - ok
03:15:20.0276 0x1a50  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
03:15:20.0276 0x1a50  AsyncMac - ok
03:15:20.0307 0x1a50  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
03:15:20.0323 0x1a50  atapi - ok
03:15:20.0510 0x1a50  [ 62B78165A465844CC7552F5D2E051E71, F155BB64A8FE6332E34E4DDFCD08F02CA148908E55A9E5DBEF958605FF8B9A2E ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
03:15:20.0619 0x1a50  athr - ok
03:15:20.0682 0x1a50  [ 87DAD8D354E312DB16636DC71EB39E5E, 904C874799BF30F06BFC725A59040C6E1B7D176011DA41D1ACBE4CAB20369671 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
03:15:20.0682 0x1a50  AtiHDAudioService - ok
03:15:20.0744 0x1a50  [ 8FB10919E1283FD108334FDBFB173574, EAD11C6FA884AAC9E8534C267E9B1D2EAB1F2A396EACC900525465A2AEAB84D3 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
03:15:20.0760 0x1a50  AudioEndpointBuilder - ok
03:15:20.0853 0x1a50  [ 37B2C3BFD6E259A5CBC0053100908157, BB2103C67ED00D2A6C19D97BDFC8D7695F1957910743CA406038262DB1BB9339 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
03:15:20.0884 0x1a50  Audiosrv - ok
03:15:21.0041 0x1a50  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
03:15:21.0041 0x1a50  avast! Antivirus - ok
03:15:21.0087 0x1a50  [ D25195B0A2075862E988B85161DF07FD, 4CF120D958EBD5F9F1785B5576F5E37A7F508E5694C43E8336310F2B7A278A77 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
03:15:21.0087 0x1a50  avast! Firewall - ok
03:15:21.0155 0x1a50  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
03:15:21.0170 0x1a50  AxInstSV - ok
03:15:21.0217 0x1a50  [ 45C6EC94DE3D466B4B452EA0E3870321, 2C32648B91B9824579309D64C899ADEF626E10E75EE66EE95C22CBE71ED1864D ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
03:15:21.0233 0x1a50  b06bdrv - ok
03:15:21.0264 0x1a50  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
03:15:21.0279 0x1a50  BasicDisplay - ok
03:15:21.0311 0x1a50  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
03:15:21.0326 0x1a50  BasicRender - ok
03:15:21.0389 0x1a50  [ 5BEC02F0A82187227E7457F4600DDFDA, 1B3C25D91F324FB21493C904BFA6D60DB8CB7D49A083E54CA9FFC4F3EDAE3CF4 ] BDESVC          C:\Windows\System32\bdesvc.dll
03:15:21.0404 0x1a50  BDESVC - ok
03:15:21.0420 0x1a50  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
03:15:21.0420 0x1a50  Beep - ok
03:15:21.0498 0x1a50  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\Windows\System32\bfe.dll
03:15:21.0529 0x1a50  BFE - ok
03:15:21.0592 0x1a50  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
03:15:22.0855 0x1a50  BITS - ok
03:15:22.0917 0x1a50  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
03:15:22.0933 0x1a50  bowser - ok
03:15:23.0011 0x1a50  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
03:15:23.0027 0x1a50  BrokerInfrastructure - ok
03:15:23.0105 0x1a50  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
03:15:23.0105 0x1a50  Browser - ok
03:15:23.0157 0x1a50  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
03:15:23.0157 0x1a50  BthAvrcpTg - ok
03:15:23.0219 0x1a50  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
03:15:23.0219 0x1a50  BthHFEnum - ok
03:15:23.0250 0x1a50  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
03:15:23.0250 0x1a50  bthhfhid - ok
03:15:23.0281 0x1a50  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
03:15:23.0281 0x1a50  BTHMODEM - ok
03:15:23.0344 0x1a50  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
03:15:23.0359 0x1a50  bthserv - ok
03:15:23.0375 0x1a50  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
03:15:23.0390 0x1a50  cdfs - ok
03:15:23.0437 0x1a50  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
03:15:23.0437 0x1a50  cdrom - ok
03:15:23.0500 0x1a50  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
03:15:23.0531 0x1a50  CertPropSvc - ok
03:15:23.0562 0x1a50  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
03:15:23.0562 0x1a50  circlass - ok
03:15:23.0593 0x1a50  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
03:15:23.0609 0x1a50  CLFS - ok
03:15:23.0687 0x1a50  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
03:15:23.0687 0x1a50  CmBatt - ok
03:15:23.0765 0x1a50  [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG             C:\Windows\system32\Drivers\cng.sys
03:15:23.0780 0x1a50  CNG - ok
03:15:23.0812 0x1a50  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
03:15:23.0827 0x1a50  CompositeBus - ok
03:15:23.0827 0x1a50  COMSysApp - ok
03:15:23.0874 0x1a50  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
03:15:23.0890 0x1a50  condrv - ok
03:15:23.0952 0x1a50  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
03:15:23.0952 0x1a50  CryptSvc - ok
03:15:24.0014 0x1a50  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
03:15:24.0014 0x1a50  dam - ok
03:15:24.0061 0x1a50  [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d            C:\Windows\System32\drivers\dc3d.sys
03:15:24.0077 0x1a50  dc3d - ok
03:15:24.0155 0x1a50  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
03:15:24.0186 0x1a50  DcomLaunch - ok
03:15:24.0264 0x1a50  [ FC1569B5705887D74FE7C8A39BE1C71C, 7DEB8FE472C72C439A2F54B6277C0A87AC2083869BD9AF8226071B7AA33B09FF ] defragsvc       C:\Windows\System32\defragsvc.dll
03:15:24.0295 0x1a50  defragsvc - ok
03:15:24.0342 0x1a50  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
03:15:24.0373 0x1a50  DeviceAssociationService - ok
03:15:24.0467 0x1a50  [ D7A3877D9E126E21925DA873677C1D65, 466FAB854A6F4C8B5D2B398C46131AF6683B20AB9157C5243B03E62FB35DDD74 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
03:15:24.0498 0x1a50  DeviceInstall - ok
03:15:24.0576 0x1a50  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
03:15:24.0576 0x1a50  Dfsc - ok
03:15:24.0654 0x1a50  [ 41AC348DBD378F618CB4FDEE54270692, A4080C9FF314F52C52E2207E5F7B745A003E931FA42E67E742D34477B5CC0166 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
03:15:24.0670 0x1a50  dg_ssudbus - ok
03:15:24.0717 0x1a50  [ 6DBE7FE196F8E9D212DCC34EDDF7C3C1, 3E1D63E2237476C2CB500B8B68565A43A639DBE187B79EC69D25C0B32F3494FA ] Dhcp            C:\Windows\system32\dhcpcore.dll
03:15:24.0732 0x1a50  Dhcp - ok
03:15:24.0794 0x1a50  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
03:15:24.0794 0x1a50  discache - ok
03:15:24.0826 0x1a50  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\Windows\system32\drivers\disk.sys
03:15:24.0841 0x1a50  disk - ok
03:15:25.0127 0x1a50  [ 2E279CABD74C2BD983E40210EA80B702, EE61F095D3473E47D08DEC1260F14E9DC4263D7A11BBD5C8E31C5A8A99A61BCD ] Diskeeper       C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
03:15:25.0205 0x1a50  Diskeeper - ok
03:15:25.0268 0x1a50  [ 87DF6F629C01B91AD24D64BCA6C04DD5, 3C0CEBFC77564DBA88097B74B7A4165DB02BD1B0858EC87641A3B2121B960978 ] DKDFM           C:\Windows\system32\drivers\DKDFM.sys
03:15:25.0268 0x1a50  DKDFM - ok
03:15:25.0330 0x1a50  [ 50669EA06563BE99C1786BC41F859AEA, 08FCB845DA1629A0C06C78B7ED430F2C7F1902BFD2FD93D63F0EC63BD676E48B ] DKRtWrt         C:\Windows\system32\DRIVERS\DKRtWrt.sys
03:15:25.0330 0x1a50  DKRtWrt - ok
03:15:25.0377 0x1a50  [ 15BFCEBC1E7D9C165CBEFB4D98D96262, 1807DEC1A3D0C77B906DCF4B6496E202EE51828AEB98D9AF7E8D70C969CBA840 ] DKTLFSMF        C:\Windows\system32\drivers\DKTLFSMF.sys
03:15:25.0377 0x1a50  DKTLFSMF - ok
03:15:25.0439 0x1a50  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
03:15:25.0439 0x1a50  dmvsc - ok
03:15:25.0517 0x1a50  [ B9450BC3F1820A99D010D7426BCA60E9, FC7C35A0C522E5DA52B0616CF99F4903EAC14946180A18A8D8A0FF555BAA87C5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
03:15:25.0517 0x1a50  Dnscache - ok
03:15:25.0626 0x1a50  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
03:15:25.0642 0x1a50  dot3svc - ok
03:15:25.0673 0x1a50  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
03:15:25.0689 0x1a50  DPS - ok
03:15:25.0736 0x1a50  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
03:15:25.0751 0x1a50  drmkaud - ok
03:15:25.0845 0x1a50  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
03:15:25.0860 0x1a50  DsmSvc - ok
03:15:25.0985 0x1a50  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
03:15:26.0016 0x1a50  DXGKrnl - ok
03:15:26.0079 0x1a50  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
03:15:26.0094 0x1a50  Eaphost - ok
03:15:26.0313 0x1a50  [ C815C4FAE6A816DFB58975F3D0396692, BCFB286137163C4760367F0056688D18168407CA5ED9DED95179F967FCC035DE ] ebdrv           C:\Windows\system32\drivers\evbda.sys
03:15:26.0406 0x1a50  ebdrv - ok
03:15:26.0531 0x1a50  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\Windows\System32\lsass.exe
03:15:26.0547 0x1a50  EFS - ok
03:15:26.0609 0x1a50  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
03:15:26.0609 0x1a50  EhStorClass - ok
03:15:26.0640 0x1a50  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
03:15:26.0656 0x1a50  EhStorTcgDrv - ok
03:15:26.0672 0x1a50  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
03:15:26.0687 0x1a50  ErrDev - ok
03:15:26.0781 0x1a50  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
03:15:26.0796 0x1a50  EventSystem - ok
03:15:26.0828 0x1a50  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
03:15:26.0843 0x1a50  exfat - ok
03:15:26.0906 0x1a50  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
03:15:26.0906 0x1a50  fastfat - ok
03:15:26.0999 0x1a50  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
03:15:27.0030 0x1a50  Fax - ok
03:15:27.0046 0x1a50  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
03:15:27.0046 0x1a50  fdc - ok
03:15:27.0093 0x1a50  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
03:15:27.0093 0x1a50  fdPHost - ok
03:15:27.0145 0x1a50  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
03:15:27.0160 0x1a50  FDResPub - ok
03:15:27.0207 0x1a50  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
03:15:27.0223 0x1a50  fhsvc - ok
03:15:27.0269 0x1a50  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
03:15:27.0269 0x1a50  FileInfo - ok
03:15:27.0316 0x1a50  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
03:15:27.0316 0x1a50  Filetrace - ok
03:15:27.0347 0x1a50  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
03:15:27.0347 0x1a50  flpydisk - ok
03:15:27.0394 0x1a50  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
03:15:27.0410 0x1a50  FltMgr - ok
03:15:27.0519 0x1a50  [ 305CB1E16576F436BC8797E629A3D46D, E3644AE3FA8F755D306D9C4177262CEC451B33731074508B139F3F86AC1B5AE6 ] FontCache       C:\Windows\system32\FntCache.dll
03:15:27.0550 0x1a50  FontCache - ok
03:15:27.0706 0x1a50  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:15:27.0722 0x1a50  FontCache3.0.0.0 - ok
03:15:27.0956 0x1a50  [ 3A5C8F2F3500833F614BB509A1270971, 8B48B9F7C194831FA003B7ABD34BA7ECB05417338A3CADDBAAB8BB58ADBDC396 ] FPLService      C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
03:15:28.0003 0x1a50  FPLService - ok
03:15:28.0018 0x1a50  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
03:15:28.0034 0x1a50  FsDepends - ok
03:15:28.0065 0x1a50  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
03:15:28.0065 0x1a50  Fs_Rec - ok
03:15:28.0159 0x1a50  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
03:15:28.0174 0x1a50  fvevol - ok
03:15:28.0252 0x1a50  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
03:15:28.0252 0x1a50  FxPPM - ok
03:15:28.0315 0x1a50  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
03:15:28.0315 0x1a50  gagp30kx - ok
03:15:28.0377 0x1a50  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
03:15:28.0377 0x1a50  gencounter - ok
03:15:28.0439 0x1a50  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
03:15:28.0455 0x1a50  GPIOClx0101 - ok
03:15:28.0549 0x1a50  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
03:15:28.0595 0x1a50  gpsvc - ok
03:15:28.0705 0x1a50  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:15:28.0720 0x1a50  gupdate - ok
03:15:28.0751 0x1a50  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:15:28.0751 0x1a50  gupdatem - ok
03:15:28.0829 0x1a50  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:15:28.0829 0x1a50  gusvc - ok
03:15:28.0876 0x1a50  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:15:28.0892 0x1a50  HdAudAddService - ok
03:15:28.0939 0x1a50  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
03:15:28.0939 0x1a50  HDAudBus - ok
03:15:29.0032 0x1a50  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
03:15:29.0032 0x1a50  HidBatt - ok
03:15:29.0136 0x1a50  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
03:15:29.0136 0x1a50  HidBth - ok
03:15:29.0214 0x1a50  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
03:15:29.0214 0x1a50  hidi2c - ok
03:15:29.0276 0x1a50  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
03:15:29.0276 0x1a50  HidIr - ok
03:15:29.0323 0x1a50  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
03:15:29.0339 0x1a50  hidserv - ok
03:15:29.0370 0x1a50  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
03:15:29.0385 0x1a50  HidUsb - ok
03:15:29.0448 0x1a50  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
03:15:29.0463 0x1a50  hkmsvc - ok
03:15:29.0479 0x1a50  [ 6CC1AD7B0E071C317B7FB8FC6AEF0EDA, 2A907E87E491F76B75F13CD921962EA4D1FF4C705E393F8FA3F48EC701E668F5 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:15:29.0495 0x1a50  HomeGroupListener - ok
03:15:29.0541 0x1a50  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:15:29.0557 0x1a50  HomeGroupProvider - ok
03:15:29.0697 0x1a50  [ 6515296E8F9D81BB6C4588C4878A9AC1, 4102FCA9CC6CDAA52E68F030034C6C15DF036D5E9B6E0A8007B72655A3D1E3DD ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
03:15:29.0697 0x1a50  HP Support Assistant Service - ok
03:15:29.0744 0x1a50  [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
03:15:29.0744 0x1a50  hpdskflt - ok
03:15:29.0885 0x1a50  [ 514455F6586473791C5C6B25BA4E1BAB, 0C2CAE8F35241F1B936C502AAB7C9303C643D898BAB1D060FCA1E6B3A7D9FDB9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
03:15:29.0916 0x1a50  hpqwmiex - ok
03:15:29.0994 0x1a50  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
03:15:29.0994 0x1a50  HpSAMD - ok
03:15:30.0072 0x1a50  [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv           C:\Windows\system32\Hpservice.exe
03:15:30.0072 0x1a50  hpsrv - ok
03:15:30.0181 0x1a50  [ F50912B0A861ED396F6062E79C37A4A7, 9B53EA5A03BB664EF5343B766C760BB8A96697ED4F2A0C81A4F58C443B4BC329 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
03:15:30.0181 0x1a50  HPWMISVC - ok
03:15:30.0275 0x1a50  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
03:15:30.0306 0x1a50  HTTP - ok
03:15:30.0353 0x1a50  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
03:15:30.0353 0x1a50  hwpolicy - ok
03:15:30.0415 0x1a50  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
03:15:30.0415 0x1a50  hyperkbd - ok
03:15:30.0446 0x1a50  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
03:15:30.0446 0x1a50  HyperVideo - ok
03:15:30.0493 0x1a50  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
03:15:30.0493 0x1a50  i8042prt - ok
03:15:30.0555 0x1a50  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
03:15:30.0571 0x1a50  iaStorV - ok
03:15:31.0200 0x1a50  [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
03:15:31.0496 0x1a50  igfx - ok
03:15:31.0528 0x1a50  Scan was interrupted by user!
03:15:31.0528 0x1a50  Waiting for KSN requests completion. In queue: 105
03:15:32.0542 0x1a50  Waiting for KSN requests completion. In queue: 105
03:15:33.0545 0x1a50  Waiting for KSN requests completion. In queue: 105
03:15:34.0637 0x1a50  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
03:15:34.0653 0x1a50  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
03:15:34.0668 0x1a50  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41010 ( enabled )
03:15:37.0192 0x1a50  ============================================================
03:15:37.0192 0x1a50  Scan finished
03:15:37.0192 0x1a50  ============================================================
03:15:37.0192 0x16d8  Detected object count: 0
03:15:37.0192 0x16d8  Actual detected object count: 0
03:15:57.0788 0x04b0  ============================================================
03:15:57.0788 0x04b0  Scan started
03:15:57.0788 0x04b0  Mode: Manual; SigCheck; TDLFS;
03:15:57.0788 0x04b0  ============================================================
03:15:57.0788 0x04b0  KSN ping started
03:16:00.0289 0x04b0  KSN ping finished: true
03:16:01.0557 0x04b0  ================ Scan system memory ========================
03:16:01.0557 0x04b0  System memory - ok
03:16:01.0557 0x04b0  ================ Scan services =============================
03:16:01.0682 0x04b0  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:16:01.0791 0x04b0  !SASCORE - ok
03:16:03.0029 0x04b0  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
03:16:03.0138 0x04b0  1394ohci - ok
03:16:03.0154 0x04b0  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
03:16:03.0200 0x04b0  3ware - ok
03:16:03.0263 0x04b0  [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
03:16:03.0310 0x04b0  Accelerometer - ok
03:16:03.0372 0x04b0  [ A3BDA4D1186C8F47FA1BC8E91F197537, 9E0D9E5DD562E0D28874F272929736A8669903D755A7D214DCE7385CB34DD3A6 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
03:16:03.0434 0x04b0  ACPI - ok
03:16:03.0466 0x04b0  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
03:16:03.0497 0x04b0  acpiex - ok
03:16:03.0528 0x04b0  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
03:16:03.0590 0x04b0  acpipagr - ok
03:16:03.0622 0x04b0  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
03:16:03.0653 0x04b0  AcpiPmi - ok
03:16:03.0715 0x04b0  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
03:16:03.0778 0x04b0  acpitime - ok
03:16:04.0246 0x04b0  [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:16:04.0292 0x04b0  AdobeFlashPlayerUpdateSvc - ok
03:16:04.0937 0x04b0  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
03:16:04.0999 0x04b0  adp94xx - ok
03:16:05.0062 0x04b0  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
03:16:05.0109 0x04b0  adpahci - ok
03:16:05.0155 0x04b0  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
03:16:05.0187 0x04b0  adpu320 - ok
03:16:05.0249 0x04b0  [ AB34A3211A1D2AB977DE00CD7BC5A464, B893D957718BB56E10CAFE5F393AAC62FC541B391539B06D6C684AEB37B685F1 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
03:16:05.0327 0x04b0  AeLookupSvc - ok
03:16:05.0405 0x04b0  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\Windows\system32\drivers\afd.sys
03:16:05.0467 0x04b0  AFD - ok
03:16:05.0530 0x04b0  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
03:16:05.0577 0x04b0  agp440 - ok
03:16:05.0623 0x04b0  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
03:16:05.0733 0x04b0  ALG - ok
03:16:05.0795 0x04b0  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
03:16:05.0857 0x04b0  AllUserInstallAgent - ok
03:16:05.0889 0x04b0  [ 2809D7ACA9491712AB6F328816BA1B48, A83F7C048801C2E5024CB1CC51E47DDF04CF6FB33FE344B6A2839BD255F7E9AE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:16:05.0951 0x04b0  AMD External Events Utility - ok
03:16:06.0045 0x04b0  AMD FUEL Service - ok
03:16:06.0076 0x04b0  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
03:16:06.0107 0x04b0  AmdK8 - ok
03:16:06.0762 0x04b0  [ 73053682B449256FA24F0E0CFA009911, 77723E7B5898BB3FB528B31D08FA2161CFCE2FA4446617360E2A71D68275BF9C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
03:16:07.0313 0x04b0  amdkmdag - ok
03:16:07.0422 0x04b0  [ 6EA10EC0B15CBF698E7295EA73E880D0, CCF09F357EEA70FF2D8F70A37B50AB45AF53AC1BC96D1286AA506AF0916C334A ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
03:16:07.0532 0x04b0  amdkmdap - ok
03:16:07.0579 0x04b0  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
03:16:07.0641 0x04b0  AmdPPM - ok
03:16:07.0672 0x04b0  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
03:16:07.0703 0x04b0  amdsata - ok
03:16:07.0750 0x04b0  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
03:16:07.0781 0x04b0  amdsbs - ok
03:16:07.0844 0x04b0  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
03:16:07.0890 0x04b0  amdxata - ok
03:16:07.0922 0x04b0  [ 0E6F9683928F99DF16E0E7924E4807D9, D236F8BCC233370E86F6A474F7576601E10AEC5923B9ED168FEF6303228F940E ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
03:16:07.0968 0x04b0  amd_sata - ok
03:16:08.0031 0x04b0  [ F9254DE6FA0A2782A4810726F2D677EF, C6FBDC24E48EE330D47C5A4726633207EE90B841D2A62900E1B2CDACAC7F2B58 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
03:16:08.0062 0x04b0  amd_xata - ok
03:16:08.0093 0x04b0  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
03:16:08.0124 0x04b0  AODDriver4.2 - ok
03:16:08.0218 0x04b0  [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
03:16:08.0265 0x04b0  AppHostSvc - ok
03:16:08.0312 0x04b0  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
03:16:08.0358 0x04b0  AppID - ok
03:16:08.0405 0x04b0  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
03:16:08.0452 0x04b0  AppIDSvc - ok
03:16:08.0530 0x04b0  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
03:16:08.0577 0x04b0  Appinfo - ok
03:16:08.0639 0x04b0  [ 44695679881DEB85CAD7C249B151066E, A44413ACA911DDB5757DE9F9ECC3968979C47617CF9DF81B24E7ECDE7E0D54BC ] APXACC          C:\Windows\system32\DRIVERS\appexDrv.sys
03:16:08.0670 0x04b0  APXACC - ok
03:16:08.0764 0x04b0  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
03:16:08.0800 0x04b0  arc - ok
03:16:08.0894 0x04b0  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
03:16:08.0956 0x04b0  arcsas - ok
03:16:09.0253 0x04b0  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:16:09.0284 0x04b0  aspnet_state - ok
03:16:09.0346 0x04b0  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
03:16:09.0377 0x04b0  aswHwid - ok
03:16:09.0440 0x04b0  [ EAFC6970073525E98D4D0E2B56741227, 361A4FEE9DAA30780C9C144A7285ACC23DDB6FD2DF80DBC19CFA138E6C5BEAE5 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
03:16:09.0471 0x04b0  aswKbd - ok
03:16:09.0518 0x04b0  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
03:16:09.0549 0x04b0  aswMonFlt - ok
03:16:09.0627 0x04b0  [ 8025E7521EB601207627E8B4722ACE19, E4DB4CD0BAF7F1CDF71F5C01CF44654C415AEE7FB24235D9396EDC2B4D81AD5E ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
03:16:09.0705 0x04b0  aswNdisFlt - ok
03:16:09.0768 0x04b0  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
03:16:09.0799 0x04b0  aswRdr - ok
03:16:09.0861 0x04b0  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
03:16:09.0892 0x04b0  aswRvrt - ok
03:16:10.0001 0x04b0  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
03:16:10.0095 0x04b0  aswSnx - ok
03:16:10.0157 0x04b0  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
03:16:10.0220 0x04b0  aswSP - ok
03:16:10.0282 0x04b0  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
03:16:10.0313 0x04b0  aswStm - ok
03:16:10.0376 0x04b0  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
03:16:10.0407 0x04b0  aswVmm - ok
03:16:10.0469 0x04b0  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
03:16:10.0516 0x04b0  AsyncMac - ok
03:16:10.0547 0x04b0  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
03:16:10.0579 0x04b0  atapi - ok
03:16:10.0833 0x04b0  [ 62B78165A465844CC7552F5D2E051E71, F155BB64A8FE6332E34E4DDFCD08F02CA148908E55A9E5DBEF958605FF8B9A2E ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
03:16:11.0052 0x04b0  athr - ok
03:16:11.0099 0x04b0  [ 87DAD8D354E312DB16636DC71EB39E5E, 904C874799BF30F06BFC725A59040C6E1B7D176011DA41D1ACBE4CAB20369671 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
03:16:11.0130 0x04b0  AtiHDAudioService - ok
03:16:11.0192 0x04b0  [ 8FB10919E1283FD108334FDBFB173574, EAD11C6FA884AAC9E8534C267E9B1D2EAB1F2A396EACC900525465A2AEAB84D3 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
03:16:11.0254 0x04b0  AudioEndpointBuilder - ok
03:16:11.0317 0x04b0  [ 37B2C3BFD6E259A5CBC0053100908157, BB2103C67ED00D2A6C19D97BDFC8D7695F1957910743CA406038262DB1BB9339 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
03:16:11.0379 0x04b0  Audiosrv - ok
03:16:11.0520 0x04b0  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
03:16:11.0551 0x04b0  avast! Antivirus - ok
03:16:11.0598 0x04b0  [ D25195B0A2075862E988B85161DF07FD, 4CF120D958EBD5F9F1785B5576F5E37A7F508E5694C43E8336310F2B7A278A77 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
03:16:11.0629 0x04b0  avast! Firewall - ok
03:16:11.0691 0x04b0  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
03:16:11.0769 0x04b0  AxInstSV - ok
03:16:11.0847 0x04b0  [ 45C6EC94DE3D466B4B452EA0E3870321, 2C32648B91B9824579309D64C899ADEF626E10E75EE66EE95C22CBE71ED1864D ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
03:16:11.0910 0x04b0  b06bdrv - ok
03:16:11.0925 0x04b0  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
03:16:11.0972 0x04b0  BasicDisplay - ok
03:16:11.0988 0x04b0  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
03:16:12.0034 0x04b0  BasicRender - ok
03:16:12.0097 0x04b0  [ 5BEC02F0A82187227E7457F4600DDFDA, 1B3C25D91F324FB21493C904BFA6D60DB8CB7D49A083E54CA9FFC4F3EDAE3CF4 ] BDESVC          C:\Windows\System32\bdesvc.dll
03:16:12.0144 0x04b0  BDESVC - ok
03:16:12.0175 0x04b0  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
03:16:12.0206 0x04b0  Beep - ok
03:16:12.0300 0x04b0  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\Windows\System32\bfe.dll
03:16:12.0424 0x04b0  BFE - ok
03:16:12.0518 0x04b0  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
03:16:12.0643 0x04b0  BITS - ok
03:16:12.0705 0x04b0  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
03:16:12.0752 0x04b0  bowser - ok
03:16:12.0819 0x04b0  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
03:16:12.0882 0x04b0  BrokerInfrastructure - ok
03:16:12.0960 0x04b0  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
03:16:13.0038 0x04b0  Browser - ok
03:16:13.0069 0x04b0  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
03:16:13.0116 0x04b0  BthAvrcpTg - ok
03:16:13.0178 0x04b0  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
03:16:13.0225 0x04b0  BthHFEnum - ok
03:16:13.0272 0x04b0  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
03:16:13.0303 0x04b0  bthhfhid - ok
03:16:13.0350 0x04b0  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
03:16:13.0397 0x04b0  BTHMODEM - ok
03:16:13.0475 0x04b0  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
03:16:13.0553 0x04b0  bthserv - ok
03:16:13.0584 0x04b0  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
03:16:13.0615 0x04b0  cdfs - ok
03:16:13.0693 0x04b0  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
03:16:13.0787 0x04b0  cdrom - ok
03:16:13.0880 0x04b0  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
03:16:13.0927 0x04b0  CertPropSvc - ok
03:16:13.0958 0x04b0  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
03:16:14.0005 0x04b0  circlass - ok
03:16:14.0083 0x04b0  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
03:16:14.0130 0x04b0  CLFS - ok
03:16:14.0177 0x04b0  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
03:16:14.0208 0x04b0  CmBatt - ok
03:16:14.0333 0x04b0  [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG             C:\Windows\system32\Drivers\cng.sys
03:16:14.0395 0x04b0  CNG - ok
03:16:14.0473 0x04b0  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
03:16:14.0520 0x04b0  CompositeBus - ok
03:16:14.0535 0x04b0  COMSysApp - ok
03:16:14.0551 0x04b0  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
03:16:14.0582 0x04b0  condrv - ok
03:16:14.0645 0x04b0  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
03:16:14.0676 0x04b0  CryptSvc - ok
03:16:14.0707 0x04b0  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
03:16:14.0738 0x04b0  dam - ok
03:16:14.0798 0x04b0  [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d            C:\Windows\System32\drivers\dc3d.sys
03:16:14.0829 0x04b0  dc3d - ok
03:16:14.0907 0x04b0  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
03:16:14.0985 0x04b0  DcomLaunch - ok
03:16:15.0078 0x04b0  [ FC1569B5705887D74FE7C8A39BE1C71C, 7DEB8FE472C72C439A2F54B6277C0A87AC2083869BD9AF8226071B7AA33B09FF ] defragsvc       C:\Windows\System32\defragsvc.dll
03:16:15.0125 0x04b0  defragsvc - ok
03:16:15.0188 0x04b0  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
03:16:15.0297 0x04b0  DeviceAssociationService - ok
03:16:15.0359 0x04b0  [ D7A3877D9E126E21925DA873677C1D65, 466FAB854A6F4C8B5D2B398C46131AF6683B20AB9157C5243B03E62FB35DDD74 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
03:16:15.0422 0x04b0  DeviceInstall - ok
03:16:15.0468 0x04b0  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
03:16:15.0515 0x04b0  Dfsc - ok
03:16:15.0578 0x04b0  [ 41AC348DBD378F618CB4FDEE54270692, A4080C9FF314F52C52E2207E5F7B745A003E931FA42E67E742D34477B5CC0166 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
03:16:15.0609 0x04b0  dg_ssudbus - ok
03:16:15.0718 0x04b0  [ 6DBE7FE196F8E9D212DCC34EDDF7C3C1, 3E1D63E2237476C2CB500B8B68565A43A639DBE187B79EC69D25C0B32F3494FA ] Dhcp            C:\Windows\system32\dhcpcore.dll
03:16:15.0780 0x04b0  Dhcp - ok
03:16:15.0843 0x04b0  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
03:16:15.0890 0x04b0  discache - ok
03:16:15.0936 0x04b0  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\Windows\system32\drivers\disk.sys
03:16:15.0968 0x04b0  disk - ok
03:16:16.0248 0x04b0  [ 2E279CABD74C2BD983E40210EA80B702, EE61F095D3473E47D08DEC1260F14E9DC4263D7A11BBD5C8E31C5A8A99A61BCD ] Diskeeper       C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
03:16:16.0404 0x04b0  Diskeeper - ok
03:16:16.0467 0x04b0  [ 87DF6F629C01B91AD24D64BCA6C04DD5, 3C0CEBFC77564DBA88097B74B7A4165DB02BD1B0858EC87641A3B2121B960978 ] DKDFM           C:\Windows\system32\drivers\DKDFM.sys
03:16:16.0482 0x04b0  DKDFM - ok
03:16:16.0561 0x04b0  [ 50669EA06563BE99C1786BC41F859AEA, 08FCB845DA1629A0C06C78B7ED430F2C7F1902BFD2FD93D63F0EC63BD676E48B ] DKRtWrt         C:\Windows\system32\DRIVERS\DKRtWrt.sys
03:16:16.0592 0x04b0  DKRtWrt - ok
03:16:16.0623 0x04b0  [ 15BFCEBC1E7D9C165CBEFB4D98D96262, 1807DEC1A3D0C77B906DCF4B6496E202EE51828AEB98D9AF7E8D70C969CBA840 ] DKTLFSMF        C:\Windows\system32\drivers\DKTLFSMF.sys
03:16:16.0638 0x04b0  DKTLFSMF - ok
03:16:16.0701 0x04b0  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
03:16:16.0753 0x04b0  dmvsc - ok
03:16:16.0831 0x04b0  [ B9450BC3F1820A99D010D7426BCA60E9, FC7C35A0C522E5DA52B0616CF99F4903EAC14946180A18A8D8A0FF555BAA87C5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
03:16:16.0877 0x04b0  Dnscache - ok
03:16:16.0955 0x04b0  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
03:16:17.0033 0x04b0  dot3svc - ok
03:16:17.0065 0x04b0  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
03:16:17.0158 0x04b0  DPS - ok
03:16:17.0205 0x04b0  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
03:16:17.0236 0x04b0  drmkaud - ok
03:16:17.0346 0x04b0  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
03:16:17.0392 0x04b0  DsmSvc - ok
03:16:17.0548 0x04b0  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
03:16:17.0657 0x04b0  DXGKrnl - ok
03:16:17.0751 0x04b0  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
03:16:17.0860 0x04b0  Eaphost - ok
03:16:18.0141 0x04b0  [ C815C4FAE6A816DFB58975F3D0396692, BCFB286137163C4760367F0056688D18168407CA5ED9DED95179F967FCC035DE ] ebdrv           C:\Windows\system32\drivers\evbda.sys
03:16:18.0344 0x04b0  ebdrv - ok
03:16:18.0406 0x04b0  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\Windows\System32\lsass.exe
03:16:18.0437 0x04b0  EFS - ok
03:16:18.0516 0x04b0  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
03:16:18.0547 0x04b0  EhStorClass - ok
03:16:18.0578 0x04b0  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
03:16:18.0609 0x04b0  EhStorTcgDrv - ok
03:16:18.0656 0x04b0  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
03:16:18.0687 0x04b0  ErrDev - ok
03:16:18.0770 0x04b0  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
03:16:18.0832 0x04b0  EventSystem - ok
03:16:18.0879 0x04b0  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
03:16:18.0957 0x04b0  exfat - ok
03:16:19.0020 0x04b0  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
03:16:19.0051 0x04b0  fastfat - ok
03:16:19.0160 0x04b0  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
03:16:19.0269 0x04b0  Fax - ok
03:16:19.0300 0x04b0  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
03:16:19.0332 0x04b0  fdc - ok
03:16:19.0394 0x04b0  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
03:16:19.0456 0x04b0  fdPHost - ok
03:16:19.0488 0x04b0  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
03:16:19.0534 0x04b0  FDResPub - ok
03:16:19.0597 0x04b0  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
03:16:19.0644 0x04b0  fhsvc - ok
03:16:19.0722 0x04b0  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
03:16:19.0753 0x04b0  FileInfo - ok
03:16:19.0768 0x04b0  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
03:16:19.0815 0x04b0  Filetrace - ok
03:16:19.0878 0x04b0  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
03:16:19.0940 0x04b0  flpydisk - ok
03:16:19.0971 0x04b0  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
03:16:20.0018 0x04b0  FltMgr - ok
03:16:20.0174 0x04b0  [ 305CB1E16576F436BC8797E629A3D46D, E3644AE3FA8F755D306D9C4177262CEC451B33731074508B139F3F86AC1B5AE6 ] FontCache       C:\Windows\system32\FntCache.dll
03:16:20.0283 0x04b0  FontCache - ok
03:16:20.0424 0x04b0  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:16:20.0455 0x04b0  FontCache3.0.0.0 - ok
03:16:20.0725 0x04b0  [ 3A5C8F2F3500833F614BB509A1270971, 8B48B9F7C194831FA003B7ABD34BA7ECB05417338A3CADDBAAB8BB58ADBDC396 ] FPLService      C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
03:16:20.0834 0x04b0  FPLService - ok
03:16:20.0881 0x04b0  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
03:16:20.0912 0x04b0  FsDepends - ok
03:16:20.0975 0x04b0  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
03:16:21.0006 0x04b0  Fs_Rec - ok
03:16:21.0068 0x04b0  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
03:16:21.0131 0x04b0  fvevol - ok
03:16:21.0193 0x04b0  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
03:16:21.0224 0x04b0  FxPPM - ok
03:16:21.0302 0x04b0  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
03:16:21.0349 0x04b0  gagp30kx - ok
03:16:21.0396 0x04b0  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
03:16:21.0458 0x04b0  gencounter - ok
03:16:21.0505 0x04b0  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
03:16:21.0552 0x04b0  GPIOClx0101 - ok
03:16:21.0661 0x04b0  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
03:16:21.0786 0x04b0  gpsvc - ok
03:16:21.0926 0x04b0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:16:21.0957 0x04b0  gupdate - ok
03:16:21.0957 0x04b0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:16:22.0004 0x04b0  gupdatem - ok
03:16:22.0067 0x04b0  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:16:22.0098 0x04b0  gusvc - ok
03:16:22.0176 0x04b0  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:16:22.0223 0x04b0  HdAudAddService - ok
03:16:22.0285 0x04b0  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
03:16:22.0332 0x04b0  HDAudBus - ok
03:16:22.0394 0x04b0  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
03:16:22.0457 0x04b0  HidBatt - ok
03:16:22.0504 0x04b0  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
03:16:22.0535 0x04b0  HidBth - ok
03:16:22.0566 0x04b0  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
03:16:22.0659 0x04b0  hidi2c - ok
03:16:22.0711 0x04b0  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
03:16:22.0758 0x04b0  HidIr - ok
03:16:22.0821 0x04b0  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
03:16:22.0898 0x04b0  hidserv - ok
03:16:22.0930 0x04b0  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
03:16:22.0961 0x04b0  HidUsb - ok
03:16:23.0039 0x04b0  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
03:16:23.0101 0x04b0  hkmsvc - ok
03:16:23.0164 0x04b0  [ 6CC1AD7B0E071C317B7FB8FC6AEF0EDA, 2A907E87E491F76B75F13CD921962EA4D1FF4C705E393F8FA3F48EC701E668F5 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:16:23.0210 0x04b0  HomeGroupListener - ok
03:16:23.0257 0x04b0  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:16:23.0320 0x04b0  HomeGroupProvider - ok
03:16:23.0554 0x04b0  [ 6515296E8F9D81BB6C4588C4878A9AC1, 4102FCA9CC6CDAA52E68F030034C6C15DF036D5E9B6E0A8007B72655A3D1E3DD ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
03:16:23.0585 0x04b0  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
03:16:23.0694 0x04b0  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
03:16:23.0694 0x04b0  Force sending object to P2P due to detect: HP Support Assistant Service
03:16:26.0367 0x04b0  Object send P2P result: true
03:16:28.0904 0x04b0  [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
03:16:28.0935 0x04b0  hpdskflt - ok
03:16:29.0044 0x04b0  [ 514455F6586473791C5C6B25BA4E1BAB, 0C2CAE8F35241F1B936C502AAB7C9303C643D898BAB1D060FCA1E6B3A7D9FDB9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
03:16:29.0122 0x04b0  hpqwmiex - ok
03:16:29.0185 0x04b0  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
03:16:29.0216 0x04b0  HpSAMD - ok
03:16:29.0263 0x04b0  [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv           C:\Windows\system32\Hpservice.exe
03:16:29.0294 0x04b0  hpsrv - ok
03:16:29.0388 0x04b0  [ F50912B0A861ED396F6062E79C37A4A7, 9B53EA5A03BB664EF5343B766C760BB8A96697ED4F2A0C81A4F58C443B4BC329 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
03:16:29.0434 0x04b0  HPWMISVC - ok
03:16:29.0528 0x04b0  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
03:16:29.0606 0x04b0  HTTP - ok
03:16:29.0621 0x04b0  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
03:16:29.0653 0x04b0  hwpolicy - ok
03:16:29.0700 0x04b0  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
03:16:29.0746 0x04b0  hyperkbd - ok
03:16:29.0778 0x04b0  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
03:16:29.0809 0x04b0  HyperVideo - ok
03:16:29.0840 0x04b0  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
03:16:29.0887 0x04b0  i8042prt - ok
03:16:29.0933 0x04b0  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
03:16:29.0996 0x04b0  iaStorV - ok
03:16:30.0672 0x04b0  [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
03:16:31.0155 0x04b0  igfx - ok
03:16:31.0218 0x04b0  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
03:16:31.0249 0x04b0  iirsp - ok
03:16:31.0358 0x04b0  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\Windows\System32\ikeext.dll
03:16:31.0483 0x04b0  IKEEXT - ok
03:16:31.0545 0x04b0  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
03:16:31.0576 0x04b0  intelide - ok
03:16:31.0592 0x04b0  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
03:16:31.0655 0x04b0  intelppm - ok
03:16:31.0686 0x04b0  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:16:31.0764 0x04b0  IpFilterDriver - ok
03:16:31.0857 0x04b0  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
03:16:31.0982 0x04b0  iphlpsvc - ok
03:16:32.0045 0x04b0  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
03:16:32.0076 0x04b0  IPMIDRV - ok
03:16:32.0123 0x04b0  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
03:16:32.0169 0x04b0  IPNAT - ok
03:16:32.0216 0x04b0  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
03:16:32.0247 0x04b0  IRENUM - ok
03:16:32.0279 0x04b0  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
03:16:32.0310 0x04b0  isapnp - ok
03:16:32.0388 0x04b0  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
03:16:32.0450 0x04b0  iScsiPrt - ok
03:16:32.0481 0x04b0  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
03:16:32.0513 0x04b0  kbdclass - ok
03:16:32.0575 0x04b0  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
03:16:32.0655 0x04b0  kbdhid - ok
03:16:32.0674 0x04b0  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
03:16:32.0705 0x04b0  kdnic - ok
03:16:32.0736 0x04b0  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\Windows\system32\lsass.exe
03:16:32.0767 0x04b0  KeyIso - ok
03:16:32.0814 0x04b0  [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
03:16:32.0845 0x04b0  KSecDD - ok
03:16:32.0908 0x04b0  [ 0EB535ADDC065F2D0CBFC089630A6065, F6DD544227A5B7A0C80E401EB5461963567A24834C60AF520FBABC1A9FB4E631 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
03:16:32.0939 0x04b0  KSecPkg - ok
03:16:33.0017 0x04b0  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
03:16:33.0064 0x04b0  ksthunk - ok
03:16:33.0110 0x04b0  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
03:16:33.0188 0x04b0  KtmRm - ok
03:16:33.0251 0x04b0  [ 05A5B36592BB5F371B6AB020A2691E42, 384230A10EA0394E260282509B7D8EFCBFF8814611F6EFAB2DD346B97963EC55 ] LanmanServer    C:\Windows\system32\srvsvc.dll
03:16:33.0329 0x04b0  LanmanServer - ok
03:16:33.0407 0x04b0  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:16:33.0454 0x04b0  LanmanWorkstation - ok
03:16:33.0500 0x04b0  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
03:16:33.0532 0x04b0  lltdio - ok
03:16:33.0610 0x04b0  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
03:16:33.0688 0x04b0  lltdsvc - ok
03:16:33.0719 0x04b0  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
03:16:33.0750 0x04b0  lmhosts - ok
03:16:33.0828 0x04b0  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
03:16:33.0875 0x04b0  LSI_SAS - ok
03:16:33.0906 0x04b0  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
03:16:33.0953 0x04b0  LSI_SAS2 - ok
03:16:33.0984 0x04b0  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
03:16:34.0031 0x04b0  LSI_SCSI - ok
03:16:34.0062 0x04b0  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
03:16:34.0109 0x04b0  LSI_SSS - ok
03:16:34.0218 0x04b0  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\Windows\System32\lsm.dll
03:16:34.0265 0x04b0  LSM - ok
03:16:34.0389 0x04b0  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
03:16:34.0468 0x04b0  luafv - ok
03:16:34.0499 0x04b0  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
03:16:34.0530 0x04b0  megasas - ok
03:16:34.0592 0x04b0  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
03:16:34.0660 0x04b0  MegaSR - ok
03:16:34.0738 0x04b0  [ DBD28A7997CF7303E610989C565C9B29, 4BCB9920357DDDC9433EA73B683FAAE15572EC0346ED45F61B19EC503F5A9FED ] MMCSS           C:\Windows\system32\mmcss.dll
03:16:34.0800 0x04b0  MMCSS - ok
03:16:34.0816 0x04b0  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
03:16:34.0878 0x04b0  Modem - ok
03:16:34.0894 0x04b0  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
03:16:34.0925 0x04b0  monitor - ok
03:16:34.0988 0x04b0  [ EB03D4164E7F10B601D280413655ADE4, 5C35A13962567FA6C886A8E4DD32D494294176AE5A0EE3E3E9A954C9419624F7 ] MotioninJoyXFilter C:\Windows\System32\drivers\MijXfilt.sys
03:16:35.0034 0x04b0  MotioninJoyXFilter - ok
03:16:35.0081 0x04b0  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
03:16:35.0112 0x04b0  mouclass - ok
03:16:35.0159 0x04b0  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
03:16:35.0190 0x04b0  mouhid - ok
03:16:35.0253 0x04b0  [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
03:16:35.0284 0x04b0  mountmgr - ok
03:16:35.0346 0x04b0  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
03:16:35.0377 0x04b0  mpsdrv - ok
03:16:35.0502 0x04b0  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
03:16:35.0580 0x04b0  MpsSvc - ok
03:16:35.0658 0x04b0  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
03:16:35.0705 0x04b0  MRxDAV - ok
03:16:35.0783 0x04b0  [ 14EE56050E1637926F5CFA65B1F4209B, C654280B4BB461898B43DF350B5BB76C2FDEBD6B49A19D08B2F28D92E2FA3D0D ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
03:16:35.0845 0x04b0  mrxsmb - ok
03:16:35.0892 0x04b0  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:16:35.0923 0x04b0  mrxsmb10 - ok
03:16:36.0017 0x04b0  [ 0AA400AB21745F1153ECE75E0186509A, E26696A00008BB8D88ABED6F379FFFAE21ACE9AA7108D9E89A7D99CAF2F23FEF ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:16:36.0064 0x04b0  mrxsmb20 - ok
03:16:36.0158 0x04b0  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
03:16:36.0251 0x04b0  MsBridge - ok
03:16:36.0314 0x04b0  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
03:16:36.0391 0x04b0  MSDTC - ok
03:16:36.0423 0x04b0  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
03:16:36.0485 0x04b0  Msfs - ok
03:16:36.0532 0x04b0  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
03:16:36.0563 0x04b0  msgpiowin32 - ok
03:16:36.0630 0x04b0  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
03:16:36.0662 0x04b0  mshidkmdf - ok
03:16:36.0708 0x04b0  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
03:16:36.0740 0x04b0  mshidumdf - ok
03:16:36.0818 0x04b0  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
03:16:36.0849 0x04b0  msisadrv - ok
03:16:36.0943 0x04b0  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
03:16:37.0020 0x04b0  MSiSCSI - ok
03:16:37.0020 0x04b0  msiserver - ok
03:16:37.0052 0x04b0  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
03:16:37.0114 0x04b0  MSKSSRV - ok
03:16:37.0177 0x04b0  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
03:16:37.0223 0x04b0  MsLldp - ok
03:16:37.0286 0x04b0  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
03:16:37.0317 0x04b0  MSPCLOCK - ok
03:16:37.0333 0x04b0  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
03:16:37.0364 0x04b0  MSPQM - ok
03:16:37.0442 0x04b0  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
03:16:37.0504 0x04b0  MsRPC - ok
03:16:37.0551 0x04b0  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
03:16:37.0582 0x04b0  mssmbios - ok
03:16:37.0613 0x04b0  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
03:16:37.0644 0x04b0  MSTEE - ok
03:16:37.0691 0x04b0  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
03:16:37.0738 0x04b0  MTConfig - ok
03:16:37.0769 0x04b0  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
03:16:37.0800 0x04b0  Mup - ok
03:16:37.0863 0x04b0  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
03:16:37.0894 0x04b0  mvumis - ok
03:16:37.0972 0x04b0  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
03:16:38.0050 0x04b0  napagent - ok
03:16:38.0144 0x04b0  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
03:16:38.0206 0x04b0  NativeWifiP - ok
03:16:38.0253 0x04b0  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
03:16:38.0315 0x04b0  NcaSvc - ok
03:16:38.0346 0x04b0  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
03:16:38.0378 0x04b0  NcdAutoSetup - ok
03:16:38.0502 0x04b0  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
03:16:38.0580 0x04b0  NDIS - ok
03:16:38.0632 0x04b0  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
03:16:38.0679 0x04b0  NdisCap - ok
03:16:38.0710 0x04b0  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
03:16:38.0773 0x04b0  NdisImPlatform - ok
03:16:38.0820 0x04b0  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
03:16:38.0851 0x04b0  NdisTapi - ok
03:16:38.0913 0x04b0  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
03:16:38.0944 0x04b0  Ndisuio - ok
03:16:38.0975 0x04b0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
03:16:39.0038 0x04b0  NdisWan - ok
03:16:39.0038 0x04b0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
03:16:39.0085 0x04b0  NDISWANLEGACY - ok
03:16:39.0131 0x04b0  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
03:16:39.0178 0x04b0  NDProxy - ok
03:16:39.0225 0x04b0  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
03:16:39.0272 0x04b0  Ndu - ok
03:16:39.0288 0x04b0  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
03:16:39.0334 0x04b0  NetBIOS - ok
03:16:39.0365 0x04b0  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
03:16:39.0412 0x04b0  NetBT - ok
03:16:39.0428 0x04b0  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\Windows\system32\lsass.exe
03:16:39.0459 0x04b0  Netlogon - ok
03:16:39.0553 0x04b0  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
03:16:39.0615 0x04b0  Netman - ok
03:16:39.0693 0x04b0  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
03:16:39.0802 0x04b0  netprofm - ok
03:16:40.0052 0x04b0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:16:40.0145 0x04b0  NetTcpPortSharing - ok
03:16:40.0208 0x04b0  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
03:16:40.0255 0x04b0  nfrd960 - ok
03:16:40.0333 0x04b0  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
03:16:40.0426 0x04b0  NlaSvc - ok
03:16:40.0458 0x04b0  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
03:16:40.0504 0x04b0  Npfs - ok
03:16:40.0551 0x04b0  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
03:16:40.0634 0x04b0  npsvctrig - ok
03:16:40.0681 0x04b0  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
03:16:40.0790 0x04b0  nsi - ok
03:16:40.0806 0x04b0  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
03:16:40.0868 0x04b0  nsiproxy - ok
03:16:41.0008 0x04b0  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
03:16:41.0180 0x04b0  Ntfs - ok
03:16:41.0227 0x04b0  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
03:16:41.0320 0x04b0  Null - ok
03:16:41.0336 0x04b0  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
03:16:41.0383 0x04b0  nvraid - ok
03:16:41.0414 0x04b0  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
03:16:41.0461 0x04b0  nvstor - ok
03:16:41.0492 0x04b0  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
03:16:41.0523 0x04b0  nv_agp - ok
03:16:41.0586 0x04b0  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
03:16:41.0648 0x04b0  p2pimsvc - ok
03:16:41.0726 0x04b0  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
03:16:41.0788 0x04b0  p2psvc - ok
03:16:41.0866 0x04b0  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
03:16:41.0913 0x04b0  Parport - ok
03:16:41.0960 0x04b0  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
03:16:41.0991 0x04b0  partmgr - ok
03:16:42.0054 0x04b0  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\Windows\System32\pcasvc.dll
03:16:42.0132 0x04b0  PcaSvc - ok
03:16:42.0210 0x04b0  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
03:16:42.0256 0x04b0  pci - ok
03:16:42.0272 0x04b0  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
03:16:42.0303 0x04b0  pciide - ok
03:16:42.0366 0x04b0  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
03:16:42.0397 0x04b0  pcmcia - ok
03:16:42.0428 0x04b0  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
03:16:42.0459 0x04b0  pcw - ok
03:16:42.0491 0x04b0  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
03:16:42.0522 0x04b0  pdc - ok
03:16:42.0605 0x04b0  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
03:16:42.0683 0x04b0  PEAUTH - ok
03:16:43.0260 0x04b0  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
03:16:43.0322 0x04b0  PerfHost - ok
03:16:45.0605 0x04b0  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
03:16:45.0776 0x04b0  pla - ok
03:16:45.0854 0x04b0  [ D7A3877D9E126E21925DA873677C1D65, 466FAB854A6F4C8B5D2B398C46131AF6683B20AB9157C5243B03E62FB35DDD74 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
03:16:45.0917 0x04b0  PlugPlay - ok
03:16:45.0948 0x04b0  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
03:16:46.0010 0x04b0  PNRPAutoReg - ok
03:16:46.0042 0x04b0  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
03:16:46.0088 0x04b0  PNRPsvc - ok
03:16:46.0307 0x04b0  [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64         C:\Windows\System32\drivers\point64.sys
03:16:46.0354 0x04b0  Point64 - ok
03:16:46.0416 0x04b0  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
03:16:46.0510 0x04b0  PolicyAgent - ok
03:16:46.0556 0x04b0  [ AAD0C7235F804728373026EEFFDBCA6C, 930592ED085A14A7AC48F0D889627CAB865C8DAD3274544CEAC40C1F0730FD13 ] Power           C:\Windows\system32\umpo.dll
03:16:46.0593 0x04b0  Power - ok
03:16:46.0671 0x04b0  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
03:16:46.0733 0x04b0  PptpMiniport - ok
03:16:47.0123 0x04b0  [ EE553F62E81D7F7F3718DB960A1EF2C0, 84A8C79B4F51D606F567A038280007F278D57BE06AB0F060E4D43AC1347AB459 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
03:16:47.0451 0x04b0  PrintNotify - ok
03:16:47.0513 0x04b0  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
03:16:47.0575 0x04b0  Processor - ok
03:16:47.0638 0x04b0  [ 7319B31138CF508E0C4502946657A4B4, 03C57F90F673012B983720D1477822AABA6D6D54F700AB2248CAED6451B37CA3 ] ProfSvc         C:\Windows\system32\profsvc.dll
03:16:47.0685 0x04b0  ProfSvc - ok
03:16:47.0747 0x04b0  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
03:16:47.0794 0x04b0  Psched - ok
03:16:47.0872 0x04b0  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
03:16:47.0919 0x04b0  QWAVE - ok
03:16:47.0950 0x04b0  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
03:16:47.0981 0x04b0  QWAVEdrv - ok
03:16:48.0028 0x04b0  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
03:16:48.0075 0x04b0  RasAcd - ok
03:16:48.0153 0x04b0  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
03:16:48.0199 0x04b0  RasAgileVpn - ok
03:16:48.0277 0x04b0  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
03:16:48.0356 0x04b0  RasAuto - ok
03:16:48.0387 0x04b0  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
03:16:48.0449 0x04b0  Rasl2tp - ok
03:16:48.0496 0x04b0  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
03:16:48.0579 0x04b0  RasMan - ok
03:16:48.0610 0x04b0  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
03:16:48.0657 0x04b0  RasPppoe - ok
03:16:48.0688 0x04b0  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
03:16:48.0750 0x04b0  RasSstp - ok
03:16:48.0828 0x04b0  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
03:16:48.0891 0x04b0  rdbss - ok
03:16:48.0953 0x04b0  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
03:16:49.0000 0x04b0  rdpbus - ok
03:16:49.0031 0x04b0  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
03:16:49.0062 0x04b0  RDPDR - ok
03:16:49.0125 0x04b0  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
03:16:49.0156 0x04b0  RdpVideoMiniport - ok
03:16:49.0172 0x04b0  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
03:16:49.0250 0x04b0  RDPWD - ok
03:16:49.0265 0x04b0  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
03:16:49.0312 0x04b0  rdyboost - ok
03:16:49.0484 0x04b0  [ 590DE2C0FF4E367050239BD1DDC912C1, B8D1D01C276C15EDA5B6BE5F1FD16315063D1C9BA6D22D51AED51FC93D417A17 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
03:16:49.0530 0x04b0  RealNetworks Downloader Resolver Service - ok
03:16:49.0889 0x04b0  [ AC36A47C010100B7EDFB2A70114D3E89, 3051841EB4FC8A9CDA5B1B9168D459A639F7E588E859F51D6B865CD073CFCE13 ] RealPlayer Cloud Service c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
03:16:49.0983 0x04b0  RealPlayer Cloud Service - ok
03:16:50.0077 0x04b0  [ A650FA927A4D1D71C53E317A0DDD6B7E, F1D476213CE15E0060440CDBF36806649F172408EC0977A35AEE67F30C43B15A ] RealPlayerUpdateSvc C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
03:16:50.0108 0x04b0  RealPlayerUpdateSvc - ok
03:16:50.0170 0x04b0  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
03:16:50.0248 0x04b0  RemoteAccess - ok
03:16:50.0311 0x04b0  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
03:16:50.0373 0x04b0  RemoteRegistry - ok
03:16:50.0420 0x04b0  [ 381E606B90F32E501D1E2C852D211AB9, F307DA40A376C694868EB30186EA6420705C8BFCEA74B25F988E67FE728F0A8D ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
03:16:50.0467 0x04b0  RpcEptMapper - ok
03:16:50.0529 0x04b0  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
03:16:50.0549 0x04b0  RpcLocator - ok
03:16:50.0643 0x04b0  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
03:16:50.0721 0x04b0  RpcSs - ok
03:16:50.0783 0x04b0  [ DCEBA2327CE4F5B735B80BEC9E9CEE72, 959F5DFB7126B77A29BB264C62716A77EE87D06907BE17BD0A5A253B34BC6BF9 ] RSBASTOR        C:\Windows\system32\DRIVERS\RtsBaStor.sys
03:16:50.0815 0x04b0  RSBASTOR - ok
03:16:50.0862 0x04b0  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
03:16:50.0924 0x04b0  rspndr - ok
03:16:51.0002 0x04b0  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
03:16:51.0049 0x04b0  RTL8168 - ok
03:16:51.0127 0x04b0  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
03:16:51.0158 0x04b0  s3cap - ok
03:16:51.0205 0x04b0  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\Windows\system32\lsass.exe
03:16:51.0251 0x04b0  SamSs - ok
03:16:51.0330 0x04b0  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:16:51.0361 0x04b0  SASDIFSV - ok
03:16:51.0376 0x04b0  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:16:51.0408 0x04b0  SASKUTIL - ok
03:16:51.0439 0x04b0  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
03:16:51.0485 0x04b0  sbp2port - ok
03:16:51.0548 0x04b0  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
03:16:51.0610 0x04b0  SCardSvr - ok
03:16:51.0642 0x04b0  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
03:16:51.0673 0x04b0  scfilter - ok
03:16:51.0766 0x04b0  [ 201C397A73DFEE109490F4BA1168CFC2, 74FC2A30CBF2E2197E75860A3B308CDCBEB3C28794ABED388B493505A2D84BAA ] Schedule        C:\Windows\system32\schedsvc.dll
03:16:52.0000 0x04b0  Schedule - ok
03:16:52.0063 0x04b0  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
03:16:52.0109 0x04b0  SCPolicySvc - ok
03:16:52.0203 0x04b0  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
03:16:52.0250 0x04b0  sdbus - ok
03:16:52.0312 0x04b0  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
03:16:52.0390 0x04b0  SDRSVC - ok
03:16:52.0437 0x04b0  [ 6BF842A03DAA25CBBA9A585E25731E06, A13C4AA4061B698E43A5E752188E23E7F89D3F843B9EDCBED2992B01F5F7D3D3 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
03:16:52.0468 0x04b0  sdstor - ok
03:16:52.0484 0x04b0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
03:16:52.0515 0x04b0  secdrv - ok
03:16:52.0536 0x04b0  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
03:16:52.0583 0x04b0  seclogon - ok
03:16:52.0645 0x04b0  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\System32\sens.dll
03:16:52.0723 0x04b0  SENS - ok
03:16:52.0754 0x04b0  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
03:16:52.0801 0x04b0  SensrSvc - ok
03:16:52.0832 0x04b0  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
03:16:52.0863 0x04b0  SerCx - ok
03:16:52.0895 0x04b0  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
03:16:52.0926 0x04b0  Serenum - ok
03:16:52.0972 0x04b0  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
03:16:53.0051 0x04b0  Serial - ok
03:16:53.0051 0x04b0  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
03:16:53.0082 0x04b0  sermouse - ok
03:16:53.0144 0x04b0  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
03:16:53.0206 0x04b0  SessionEnv - ok
03:16:53.0222 0x04b0  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
03:16:53.0253 0x04b0  sfloppy - ok
03:16:53.0331 0x04b0  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
03:16:53.0394 0x04b0  SharedAccess - ok
03:16:53.0487 0x04b0  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:16:53.0581 0x04b0  ShellHWDetection - ok
03:16:53.0597 0x04b0  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
03:16:53.0659 0x04b0  SiSRaid2 - ok
03:16:53.0768 0x04b0  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
03:16:53.0799 0x04b0  SiSRaid4 - ok
03:16:53.0831 0x04b0  [ 4193B29035FF31655A2A2D820FDEFCCA, 0FAAD75E170723E32705D04B5438159DF7E05E67A3D98D5D91753CA7CB270151 ] SmbDrv          C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys
03:16:53.0862 0x04b0  SmbDrv - ok
03:16:53.0909 0x04b0  [ 19555D03CB179BED8B8AAA239A36BDA4, 7B975821D52ABE077496B3CFC010B33D478CD2C36E6A74D8F72D2BF582B8C84A ] SmbDrvI         C:\Windows\System32\drivers\Smb_driver_Intel.sys
03:16:53.0955 0x04b0  SmbDrvI - ok
03:16:54.0002 0x04b0  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
03:16:54.0064 0x04b0  SNMPTRAP - ok
03:16:54.0111 0x04b0  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
03:16:54.0158 0x04b0  spaceport - ok
03:16:54.0205 0x04b0  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
03:16:54.0267 0x04b0  SpbCx - ok
03:16:54.0345 0x04b0  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
03:16:54.0439 0x04b0  Spooler - ok
03:16:54.0756 0x04b0  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
03:16:55.0005 0x04b0  sppsvc - ok
03:16:55.0052 0x04b0  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
03:16:55.0130 0x04b0  srv - ok
03:16:55.0208 0x04b0  [ B56A855B23676CCE05B626C6037FD02F, 3C0DCB16A96BD6A002A4FAF1AF939AF470D95137CB745F5DAD039B5D8C956E30 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
03:16:55.0271 0x04b0  srv2 - ok
03:16:55.0349 0x04b0  [ 78E9665C8DC59106D133CBEF0F0C3DE3, 380FD51EE00CEF3FFEF9BFB5E14538E084F1DDF8D8F8BCDF4EC23CB8C3A40D2F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
03:16:55.0396 0x04b0  srvnet - ok
03:16:55.0489 0x04b0  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
03:16:55.0551 0x04b0  SSDPSRV - ok
03:16:55.0598 0x04b0  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
03:16:55.0661 0x04b0  SstpSvc - ok
03:16:55.0708 0x04b0  [ B4C983DA20E2970E21893BF0E4EE2AD8, 473D0E5339A8914775A03F76A805DAD4727FC045E3984F85F54BB92D5214E06F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
03:16:55.0754 0x04b0  ssudmdm - ok
03:16:55.0910 0x04b0  [ 897C1273B7D74E19DDA7EBF495BF0133, CF344C0ABB11FF1D4FFE09426A42F9C320985F83FC0472E64F92EAACBFAAEFE9 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
03:16:55.0941 0x04b0  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
03:16:58.0619 0x04b0  Detect skipped due to KSN trusted
03:16:58.0619 0x04b0  STacSV - ok
03:16:58.0697 0x04b0  Steam Client Service - ok
03:16:58.0760 0x04b0  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
03:16:58.0806 0x04b0  stexstor - ok
03:16:58.0869 0x04b0  [ A883937A943DCE237B19E4A5558FCBE6, 5DC1D621CC246290CD575E394BDBDE962F1783D08ECA5411FF766406C5C4762F ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
03:16:58.0947 0x04b0  STHDA - ok
03:16:59.0025 0x04b0  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
03:16:59.0103 0x04b0  stisvc - ok
03:16:59.0134 0x04b0  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
03:16:59.0165 0x04b0  storahci - ok
03:16:59.0228 0x04b0  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
03:16:59.0259 0x04b0  storflt - ok
03:16:59.0306 0x04b0  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
03:16:59.0352 0x04b0  StorSvc - ok
03:16:59.0384 0x04b0  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
03:16:59.0399 0x04b0  storvsc - ok
03:16:59.0446 0x04b0  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
03:16:59.0524 0x04b0  svsvc - ok
03:16:59.0587 0x04b0  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
03:16:59.0618 0x04b0  swenum - ok
03:16:59.0664 0x04b0  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
03:16:59.0758 0x04b0  swprv - ok
03:16:59.0820 0x04b0  [ 0F34FE968C91D02CE30D76C257F2BDA0, 4BD7BD9B94C14D14214910EF83D5F7B62081D02F9EE80E2FC6103D385482A605 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
03:16:59.0867 0x04b0  SynTP - ok
03:16:59.0992 0x04b0  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\Windows\system32\sysmain.dll
03:17:00.0132 0x04b0  SysMain - ok
03:17:00.0226 0x04b0  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
03:17:00.0288 0x04b0  SystemEventsBroker - ok
03:17:00.0351 0x04b0  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
03:17:00.0413 0x04b0  TabletInputService - ok
03:17:00.0429 0x04b0  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
03:17:00.0512 0x04b0  TapiSrv - ok
03:17:00.0699 0x04b0  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
03:17:00.0871 0x04b0  Tcpip - ok
03:17:00.0995 0x04b0  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
03:17:01.0167 0x04b0  TCPIP6 - ok
03:17:01.0230 0x04b0  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
03:17:01.0307 0x04b0  tcpipreg - ok
03:17:01.0323 0x04b0  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
03:17:01.0370 0x04b0  tdx - ok
03:17:01.0385 0x04b0  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
03:17:01.0417 0x04b0  terminpt - ok
03:17:01.0495 0x04b0  [ 2B3D2FDF50EDABEBE0A9E6F741C81858, F0C3A1DC968C5D28EF68BE4352577B4F8D4B4FB6274268DCCCD8A5C132DEC2F9 ] TermService     C:\Windows\System32\termsrv.dll
03:17:01.0573 0x04b0  TermService - ok
03:17:01.0635 0x04b0  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
03:17:01.0713 0x04b0  Themes - ok
03:17:01.0760 0x04b0  [ DBD28A7997CF7303E610989C565C9B29, 4BCB9920357DDDC9433EA73B683FAAE15572EC0346ED45F61B19EC503F5A9FED ] THREADORDER     C:\Windows\system32\mmcss.dll
03:17:01.0791 0x04b0  THREADORDER - ok
03:17:01.0854 0x04b0  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
03:17:01.0994 0x04b0  TimeBroker - ok
03:17:02.0041 0x04b0  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
03:17:02.0119 0x04b0  TPM - ok
03:17:02.0166 0x04b0  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
03:17:02.0212 0x04b0  TrkWks - ok
03:17:02.0306 0x04b0  [ 6BFB75B76411CC57A72FCC1D0201E166, 8F3A97E7651501F58018EB6081178B2A05ADFBF48C6126E0176FE231A261893E ] TrueService     C:\Program Files\Common Files\AuthenTec\TrueService.exe
03:17:02.0353 0x04b0  TrueService - ok
03:17:02.0482 0x04b0  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:17:02.0529 0x04b0  TrustedInstaller - ok
03:17:02.0607 0x04b0  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
03:17:02.0654 0x04b0  TsUsbFlt - ok
03:17:02.0717 0x04b0  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
03:17:02.0763 0x04b0  TsUsbGD - ok
03:17:02.0810 0x04b0  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
03:17:02.0857 0x04b0  tunnel - ok
03:17:02.0919 0x04b0  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
03:17:02.0950 0x04b0  uagp35 - ok
03:17:02.0966 0x04b0  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
03:17:02.0997 0x04b0  UASPStor - ok
03:17:03.0044 0x04b0  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
03:17:03.0075 0x04b0  UCX01000 - ok
03:17:03.0138 0x04b0  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
03:17:03.0200 0x04b0  udfs - ok
03:17:03.0263 0x04b0  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
03:17:03.0309 0x04b0  UI0Detect - ok
03:17:03.0372 0x04b0  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
03:17:03.0418 0x04b0  uliagpkx - ok
03:17:03.0434 0x04b0  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
03:17:03.0481 0x04b0  umbus - ok
03:17:03.0512 0x04b0  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
03:17:03.0559 0x04b0  UmPass - ok
03:17:03.0621 0x04b0  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
03:17:03.0684 0x04b0  UmRdpService - ok
03:17:03.0715 0x04b0  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
03:17:03.0793 0x04b0  upnphost - ok
03:17:03.0855 0x04b0  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
03:17:03.0902 0x04b0  usbccgp - ok
03:17:03.0949 0x04b0  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
03:17:03.0980 0x04b0  usbcir - ok
03:17:04.0058 0x04b0  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
03:17:04.0089 0x04b0  usbehci - ok
03:17:04.0121 0x04b0  [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
03:17:04.0152 0x04b0  usbfilter - ok
03:17:04.0261 0x04b0  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
03:17:04.0339 0x04b0  usbhub - ok
03:17:04.0448 0x04b0  [ FAAB461D5AEB21EE5FC5C0DBD6648223, 187EB7AC6CDE39621C587EB1551DBC358DE2BC7C8A4265DB817C9D6F5ADE54A3 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
03:17:04.0500 0x04b0  USBHUB3 - ok
03:17:04.0578 0x04b0  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
03:17:04.0656 0x04b0  usbohci - ok
03:17:04.0687 0x04b0  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
03:17:04.0734 0x04b0  usbprint - ok
03:17:04.0781 0x04b0  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
03:17:04.0812 0x04b0  USBSTOR - ok
03:17:04.0890 0x04b0  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
03:17:04.0921 0x04b0  usbuhci - ok
03:17:04.0952 0x04b0  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
03:17:04.0999 0x04b0  usbvideo - ok
03:17:05.0061 0x04b0  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
03:17:05.0108 0x04b0  USBXHCI - ok
03:17:05.0217 0x04b0  [ 351EF9BCB5B1A5FA2ABBC644CD07E011, DA7ABAF055086ACE279B555E577235453681A39B7A735BEF46513F6377919769 ] ValBioService   C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
03:17:05.0249 0x04b0  ValBioService - detected UnsignedFile.Multi.Generic ( 1 )
03:17:07.0890 0x04b0  Detect skipped due to KSN trusted
03:17:07.0890 0x04b0  ValBioService - ok
03:17:07.0921 0x04b0  [ 49F2693BC3D821FA13AD6E7D5C5FEAFF, E0E109CAB6B19C77A870C5A0D8A99769F5B99C19C2E35A0615D91F87B25229A3 ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe
03:17:07.0952 0x04b0  valWBFPolicyService - detected UnsignedFile.Multi.Generic ( 1 )
03:17:10.0615 0x04b0  Detect skipped due to KSN trusted
03:17:10.0615 0x04b0  valWBFPolicyService - ok
03:17:10.0646 0x04b0  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\Windows\system32\lsass.exe
03:17:10.0692 0x04b0  VaultSvc - ok
03:17:10.0771 0x04b0  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
03:17:10.0817 0x04b0  vdrvroot - ok
03:17:10.0895 0x04b0  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
03:17:10.0989 0x04b0  vds - ok
03:17:11.0067 0x04b0  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
03:17:11.0098 0x04b0  VerifierExt - ok
03:17:11.0223 0x04b0  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
03:17:11.0285 0x04b0  vhdmp - ok
03:17:11.0348 0x04b0  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
03:17:11.0379 0x04b0  viaide - ok
03:17:11.0395 0x04b0  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
03:17:11.0441 0x04b0  vmbus - ok
03:17:11.0457 0x04b0  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
03:17:11.0504 0x04b0  VMBusHID - ok
03:17:11.0582 0x04b0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
03:17:11.0644 0x04b0  vmicheartbeat - ok
03:17:11.0660 0x04b0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
03:17:11.0722 0x04b0  vmickvpexchange - ok
03:17:11.0738 0x04b0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
03:17:11.0784 0x04b0  vmicrdv - ok
03:17:11.0800 0x04b0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
03:17:11.0862 0x04b0  vmicshutdown - ok
03:17:11.0894 0x04b0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
03:17:11.0940 0x04b0  vmictimesync - ok
03:17:11.0972 0x04b0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
03:17:12.0019 0x04b0  vmicvss - ok
03:17:12.0034 0x04b0  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
03:17:12.0081 0x04b0  volmgr - ok
03:17:12.0159 0x04b0  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
03:17:12.0206 0x04b0  volmgrx - ok
03:17:12.0237 0x04b0  [ AA37946941ED3805AB3A924965907147, 11BD8FA585F193EED050458E93679D730FC2C09D19237DA40B0190132D328CB2 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
03:17:12.0299 0x04b0  volsnap - ok
03:17:12.0315 0x04b0  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
03:17:12.0362 0x04b0  vpci - ok
03:17:12.0393 0x04b0  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
03:17:12.0445 0x04b0  vsmraid - ok
03:17:12.0585 0x04b0  [ FE37051171F3B90B18037FDBAC5B9D76, F220D71512E059F298F3CD958D69BE7225A8E8D492387347E75A0E615159782A ] VSS             C:\Windows\system32\vssvc.exe
03:17:12.0710 0x04b0  VSS - ok
03:17:12.0757 0x04b0  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
03:17:12.0819 0x04b0  VSTXRAID - ok
03:17:12.0850 0x04b0  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
03:17:12.0897 0x04b0  vwifibus - ok
03:17:12.0928 0x04b0  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
03:17:12.0975 0x04b0  vwififlt - ok
03:17:13.0038 0x04b0  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
03:17:13.0100 0x04b0  vwifimp - ok
03:17:13.0147 0x04b0  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
03:17:13.0225 0x04b0  W32Time - ok
03:17:13.0256 0x04b0  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
03:17:13.0303 0x04b0  WacomPen - ok
03:17:13.0318 0x04b0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
03:17:13.0381 0x04b0  Wanarp - ok
03:17:13.0381 0x04b0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
03:17:13.0427 0x04b0  Wanarpv6 - ok
03:17:13.0552 0x04b0  [ 901CC968412F8155B08D7ABE0171166A, D05A8E3D4D159546394E902C618D0583FE497B51C8F1C86D8E3B9E046819DD53 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
03:17:13.0615 0x04b0  WAS - ok
03:17:13.0771 0x04b0  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
03:17:13.0927 0x04b0  wbengine - ok
03:17:14.0020 0x04b0  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
03:17:14.0083 0x04b0  WbioSrvc - ok
03:17:14.0145 0x04b0  [ F43314B83101DEBF7D7CCD42493CFC60, F4B70372559F2FD9A74FB87422EC6EF024F925AE4D838473E04E6B48AB7255AF ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
03:17:14.0192 0x04b0  Wcmsvc - ok
03:17:14.0239 0x04b0  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
03:17:14.0317 0x04b0  wcncsvc - ok
03:17:14.0400 0x04b0  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:17:14.0447 0x04b0  WcsPlugInService - ok
03:17:14.0493 0x04b0  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
03:17:14.0540 0x04b0  Wd - ok
03:17:14.0587 0x04b0  [ B7FD627AAE8E95848BFEC437C923A87E, 26188FC7E86AD9B92FB732DD3EC5E8EAB18EB52B21E854B27798EC08C49167D8 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
03:17:14.0618 0x04b0  WdBoot - ok
03:17:14.0680 0x04b0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
03:17:14.0758 0x04b0  Wdf01000 - ok
03:17:14.0805 0x04b0  [ FAC362ED29713A535C6E2EEFFA5B4733, C4AF6C5A74389F9F51668433D4478806016C4913CB241F77513601803D532EC0 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
03:17:14.0868 0x04b0  WdFilter - ok
03:17:14.0899 0x04b0  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
03:17:14.0961 0x04b0  WdiServiceHost - ok
03:17:14.0977 0x04b0  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
03:17:15.0024 0x04b0  WdiSystemHost - ok
03:17:15.0086 0x04b0  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\Windows\System32\webclnt.dll
03:17:15.0133 0x04b0  WebClient - ok
03:17:15.0195 0x04b0  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
03:17:15.0289 0x04b0  Wecsvc - ok
03:17:15.0320 0x04b0  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
03:17:15.0367 0x04b0  wercplsupport - ok
03:17:15.0429 0x04b0  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
03:17:15.0507 0x04b0  WerSvc - ok
03:17:15.0570 0x04b0  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
03:17:15.0601 0x04b0  WFPLWFS - ok
03:17:15.0663 0x04b0  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
03:17:15.0757 0x04b0  WiaRpc - ok
03:17:15.0804 0x04b0  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
03:17:15.0835 0x04b0  WIMMount - ok
03:17:15.0897 0x04b0  WinDefend - ok
03:17:15.0975 0x04b0  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
03:17:16.0053 0x04b0  WinHttpAutoProxySvc - ok
03:17:16.0194 0x04b0  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
03:17:16.0256 0x04b0  Winmgmt - ok
03:17:16.0451 0x04b0  [ 89DA335401D956F2696E35A38817BE19, D5A8D5C0BE285564AB0DF1B4594FE612359C72BE3B64063C3460BB73AA34F413 ] WinRM           C:\Windows\system32\WsmSvc.dll
03:17:16.0732 0x04b0  WinRM - ok
03:17:16.0825 0x04b0  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\Windows\System32\drivers\WinUSB.sys
03:17:16.0903 0x04b0  WinUsb - ok
03:17:16.0950 0x04b0  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
03:17:16.0981 0x04b0  WirelessButtonDriver - ok
03:17:17.0059 0x04b0  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
03:17:17.0168 0x04b0  WlanSvc - ok
03:17:17.0309 0x04b0  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
03:17:17.0465 0x04b0  wlidsvc - ok
03:17:17.0527 0x04b0  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
03:17:17.0558 0x04b0  WmiAcpi - ok
03:17:17.0636 0x04b0  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
03:17:17.0683 0x04b0  wmiApSrv - ok
03:17:17.0730 0x04b0  WMPNetworkSvc - ok
03:17:17.0792 0x04b0  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
03:17:17.0855 0x04b0  wpcfltr - ok
03:17:17.0917 0x04b0  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
03:17:17.0980 0x04b0  WPCSvc - ok
03:17:18.0027 0x04b0  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
03:17:18.0073 0x04b0  WPDBusEnum - ok
03:17:18.0105 0x04b0  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
03:17:18.0136 0x04b0  WpdUpFltr - ok
03:17:18.0198 0x04b0  [ 58D492F986EC519ECDD54D93618758F8, 7B9FA33B6D579CEC385D3E28A97F8C8B6662D612DB6CE35C6055E72E94EBF16A ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
03:17:18.0260 0x04b0  ws2ifsl - ok
03:17:18.0307 0x04b0  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\System32\wscsvc.dll
03:17:18.0354 0x04b0  wscsvc - ok
03:17:18.0375 0x04b0  WSearch - ok
03:17:18.0546 0x04b0  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
03:17:18.0702 0x04b0  WSService - ok
03:17:18.0983 0x04b0  [ 10EA2DBD2820A504D98D19F5EDAAFC04, 5B84D7C169CBAEBCE4A03BB89426E74DBF5AFCA1F8FDE2A5BC1006A8464D7E24 ] wuauserv        C:\Windows\system32\wuaueng.dll
03:17:19.0170 0x04b0  wuauserv - ok
03:17:19.0202 0x04b0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
03:17:19.0264 0x04b0  WudfPf - ok
03:17:19.0311 0x04b0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
03:17:19.0373 0x04b0  WUDFRd - ok
03:17:19.0435 0x04b0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
03:17:19.0482 0x04b0  wudfsvc - ok
03:17:19.0513 0x04b0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
03:17:19.0560 0x04b0  WUDFWpdFs - ok
03:17:19.0576 0x04b0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
03:17:19.0607 0x04b0  WUDFWpdMtp - ok
03:17:19.0716 0x04b0  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
03:17:19.0810 0x04b0  WwanSvc - ok
03:17:19.0857 0x04b0  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\System32\drivers\xusb21.sys
03:17:19.0888 0x04b0  xusb21 - ok
03:17:19.0919 0x04b0  ================ Scan global ===============================
03:17:19.0997 0x04b0  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
03:17:20.0075 0x04b0  [ B36597EF454D4FEA2F11429A9A1424BD, B312998C6B5BE4B03803D2FACC0FBE1D025B538D6E681E99FE587941B0C7EF3A ] C:\Windows\system32\winsrv.dll
03:17:20.0153 0x04b0  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
03:17:20.0200 0x04b0  [ 754A2CC1F32107EA87CBD305ABE3E618, C5587F286397D8C398F78F738FFD402CCF5487B4415D794E8F3CB430D717C9B4 ] C:\Windows\system32\services.exe
03:17:20.0215 0x04b0  [ Global ] - ok
03:17:20.0215 0x04b0  ================ Scan MBR ==================================
03:17:20.0247 0x04b0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
03:17:20.0470 0x04b0  \Device\Harddisk0\DR0 - ok
03:17:20.0470 0x04b0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
03:17:20.0626 0x04b0  \Device\Harddisk1\DR1 - ok
03:17:20.0626 0x04b0  ================ Scan VBR ==================================
03:17:20.0642 0x04b0  [ 6233116921525681DB28603D71C3B6FC ] \Device\Harddisk0\DR0\Partition1
03:17:20.0657 0x04b0  \Device\Harddisk0\DR0\Partition1 - ok
03:17:20.0673 0x04b0  [ 4463678F9FE02F21F3A622B980925A01 ] \Device\Harddisk0\DR0\Partition2
03:17:20.0689 0x04b0  \Device\Harddisk0\DR0\Partition2 - ok
03:17:20.0720 0x04b0  [ BF761B3DD9E25783DB104BF1382F5571 ] \Device\Harddisk0\DR0\Partition3
03:17:20.0720 0x04b0  \Device\Harddisk0\DR0\Partition3 - ok
03:17:20.0720 0x04b0  [ E2B36EDC2CE369A4A6EE5B63B11E79A9 ] \Device\Harddisk0\DR0\Partition4
03:17:20.0720 0x04b0  \Device\Harddisk0\DR0\Partition4 - ok
03:17:20.0767 0x04b0  [ 84D806A2ECF1549CF61CCC59D650777D ] \Device\Harddisk0\DR0\Partition5
03:17:20.0829 0x04b0  \Device\Harddisk0\DR0\Partition5 - ok
03:17:20.0844 0x04b0  [ 9A636E339FB5895E8CD6C6FBCFD810E5 ] \Device\Harddisk1\DR1\Partition1
03:17:20.0844 0x04b0  \Device\Harddisk1\DR1\Partition1 - ok
03:17:20.0844 0x04b0  ================ Scan generic autorun ======================
03:17:21.0063 0x04b0  [ 31A85304F914C7F48B4B6C9B8078C501, CA18F2899FD5277E1460212BF41A477891169F72691F4D9624513520BEFEE868 ] C:\Program Files\IDT\WDM\sttray64.exe
03:17:21.0156 0x04b0  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
03:17:23.0970 0x04b0  Detect skipped due to KSN trusted
03:17:23.0970 0x04b0  SysTrayApp - ok
03:17:24.0110 0x04b0  [ DD79A6B15C2F28DE98DF4852AAF6B13B, 0F7E9023E0BA4B40E2DE9A9FA34E85FEAF72B93049AAB3E1D73AD046BB113E05 ] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
03:17:24.0157 0x04b0  NCPluginUpdater - ok
03:17:24.0297 0x04b0  [ EBAE9EE13F51F38B57D616CF4A420682, E27969D5F0B796C2C8DA7C46680AB6C797A8F297B105477B71B4871F8F7B62FD ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
03:17:24.0349 0x04b0  HP Quick Launch - ok
03:17:24.0489 0x04b0  [ D1C8B0DC04347B6B9B5B3B9204DF6756, DA4D1CC98DCDFDF674F83164843A6B4E8830232700BE13CC755F94638351DA8B ] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
03:17:24.0583 0x04b0  HP CoolSense - ok
03:17:24.0614 0x04b0  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
03:17:24.0661 0x04b0  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
03:17:27.0380 0x04b0  Detect skipped due to KSN trusted
03:17:27.0380 0x04b0  amd_dc_opt - ok
03:17:27.0490 0x04b0  [ 12916E0642E92561C98B18A2A2D01B14, 4C28478CFE25E1F29AEF8BA6F2FAF3E6C2B34BF18CA77052813903E10ADDCCD5 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
03:17:27.0536 0x04b0  SunJavaUpdateSched - ok
03:17:27.0723 0x04b0  [ 36AD9E2A61968783EC5F230F51C7CE1F, 8AC69E90BB9729BB389EF26EB9A2361FDC24E3BFCE40B10FE6EF3F8D0A503B0D ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
03:17:27.0770 0x04b0  StartCCC - ok
03:17:28.0129 0x04b0  [ FFB8CB731D62EC434A552680E0F8EC1A, 7738881188FF99820F6FD667E32FE73E63260289188C449D3462F8B19C48D3FA ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
03:17:28.0399 0x04b0  AvastUI.exe - ok
03:17:28.0508 0x04b0  [ 6403C8BC755EDCF90A0D1E8B20E586A3, C891801BA0E1297CCEAD46AF2E9AC4BF9CF18D7BE36F1331215C9FD997DA303C ] c:\program files (x86)\real\realplayer\Update\realsched.exe
03:17:28.0540 0x04b0  TkBellExe - ok
03:17:28.0649 0x04b0  [ 20989BBD2114539B5C21948E94F6E11E, 043557BC05A4AE274AF0D05B65F945B970E5C11A2AE8F1FDEF687596ABF3F737 ] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
03:17:28.0696 0x04b0  RealDownloader - ok
03:17:29.0242 0x04b0  [ EE9CA8192A975011FB41231330AACF73, 61E19AAFC351149AD3C24853FFCB53684D41188650F7D22D4F9D228E68742D63 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
03:17:29.0569 0x04b0  SUPERAntiSpyware - ok
03:17:30.0022 0x04b0  [ 85E6C27AA0D3EFEDF7DFCE10453497D6, 25D54B746DFBC95F9523799891D683E009721BC66A82A3F860FC60F4FBB17EC0 ] C:\Users\Marko\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
03:17:30.0193 0x04b0  Amazon Cloud Player - detected UnsignedFile.Multi.Generic ( 1 )
03:17:32.0840 0x04b0  Detect skipped due to KSN trusted
03:17:32.0840 0x04b0  Amazon Cloud Player - ok
03:17:32.0965 0x04b0  [ 5EB1ED0E3F320AF5FA3E1DB5ED5C930C, 4E3CA3AB1354E52949534EF1968AF0C0BC441070F0442580FB83513ED0EE1C27 ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
03:17:33.0011 0x04b0  RoboForm - ok
03:17:33.0136 0x04b0  [ F4BBAAC708FA033EEA88BA070E43DF51, C0A99216B05790B83BBCF10732F5F8E907ABB732FA7F90C2F7B5E0AA2D8B7920 ] C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
03:17:33.0214 0x04b0  AppEx Accelerator UI - ok
03:17:33.0230 0x04b0  Power2GoExpress8 - ok
03:17:33.0230 0x04b0  WindowsWelcomeCenter - ok
03:17:33.0230 0x04b0  Waiting for KSN requests completion. In queue: 8
03:17:34.0244 0x04b0  Waiting for KSN requests completion. In queue: 8
03:17:35.0252 0x04b0  Waiting for KSN requests completion. In queue: 8
03:17:35.0876 0x193c  Object required for P2P: [ 5EB1ED0E3F320AF5FA3E1DB5ED5C930C ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
03:17:36.0266 0x04b0  Waiting for KSN requests completion. In queue: 2
03:17:37.0270 0x04b0  Waiting for KSN requests completion. In queue: 2
03:17:38.0273 0x04b0  Waiting for KSN requests completion. In queue: 2
03:17:38.0554 0x193c  Object send P2P result: true
03:17:39.0287 0x04b0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
03:17:39.0287 0x04b0  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
03:17:39.0287 0x04b0  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41010 ( enabled )
03:17:41.0788 0x04b0  ============================================================
03:17:41.0788 0x04b0  Scan finished
03:17:41.0788 0x04b0  ============================================================
03:17:41.0788 0x0b38  Detected object count: 1
03:17:41.0788 0x0b38  Actual detected object count: 1
03:18:10.0162 0x0b38  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:18:10.0162 0x0b38  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 PM

Posted 29 November 2014 - 06:01 AM

It took longer than I expected ...

Reason for that:

EmptyTemp: => Removed 14.6 GB temporary data.

:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 29 November 2014 - 10:39 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f2ea828a6997f479d4a7254196b8e0d
# engine=21320
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-29 11:39:52
# local_time=2014-11-29 06:39:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 76680903 0 0
# scanned=283708
# found=0
# cleaned=0
# scan_time=11333
 



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 PM

Posted 29 November 2014 - 10:46 AM

:thumbup2: Very good! Please go ahead with step 4...


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 wattie17

wattie17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 29 November 2014 - 11:00 AM

Will be going out of town and will be back next Friday. I will check for any replies and follow up when I get back. Thanks so much for your help.

Here are the last frst logs. Not sure if you need the second one so I will include it.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Marko (administrator) on MARKOLAP on 29-11-2014 10:43:40
Running from C:\Users\Marko\Desktop
Loaded Profile: Marko (Available profiles: Marko & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-03] (IDT, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-11-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-24] (SUPERAntiSpyware)
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\Run: [Amazon Cloud Player] => C:\Users\Marko\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-10-22] ()
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-11-27] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3577962383-2107934119-3180764031-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3577962383-2107934119-3180764031-1002: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll (eMusic.com)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-22]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Google Search) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-30]
CHR Extension: (Website Logon) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2012-11-30]
CHR Extension: (Website Logon) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-07-25]
CHR Extension: (Norton Identity Safe) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-24]
CHR Extension: (Website Logon) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaaieiajnhcnimjgfmjpccjmmfkploci [2013-03-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-30]
CHR Extension: (Google Wallet) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (RoboForm) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-09]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-01-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-27] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-06-03] (IDT, Inc.) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [16384 2014-02-13] (Validity Sensors, Inc.) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2013-06-11] (Advanced Micro Devices)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-06-03] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 10:43 - 2014-11-29 10:44 - 00020721 _____ () C:\Users\Marko\Desktop\FRST.txt
2014-11-29 10:42 - 2014-11-29 10:42 - 00000000 ___SH () C:\DkHyperbootSync
2014-11-29 03:27 - 2014-11-29 03:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-29 03:06 - 2014-11-29 03:06 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-29 03:06 - 2014-11-29 03:06 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-28 23:39 - 2014-11-28 23:39 - 02347384 _____ (ESET) C:\Users\Marko\Desktop\esetsmartinstaller_enu.exe
2014-11-28 23:38 - 2014-11-28 23:38 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Marko\Desktop\tdsskiller.exe
2014-11-28 02:33 - 2014-11-29 04:27 - 00003127 _____ () C:\Windows\comsetup.log
2014-11-28 00:04 - 2014-11-28 00:04 - 00003424 _____ () C:\Windows\System32\Tasks\RealDownloader Update Check
2014-11-27 23:53 - 2014-11-27 23:53 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\RealNetworks
2014-11-27 23:53 - 2014-11-27 23:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-27 23:52 - 2014-11-27 23:52 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-11-27 20:39 - 2014-11-28 02:16 - 00000131 _____ () C:\Users\Marko\Desktop\When Cities Sleep – What Lies Lay Between Us (2014.url
2014-11-27 18:39 - 2014-11-27 18:50 - 00040346 _____ () C:\zoek-results.log
2014-11-27 16:32 - 2014-11-27 16:32 - 00000000 ____D () C:\zoek_backup
2014-11-27 16:21 - 2014-11-29 10:43 - 00000000 ____D () C:\FRST
2014-11-27 16:21 - 2014-11-27 16:21 - 02117632 _____ (Farbar) C:\Users\Marko\Desktop\FRST64.exe
2014-11-27 16:07 - 2014-11-27 16:08 - 00186568 _____ (ESET) C:\Users\Marko\Desktop\ESETPoweliksCleaner.exe
2014-11-27 15:57 - 2014-11-27 15:58 - 00526144 _____ () C:\Windows\Minidump\112714-113802-01.dmp
2014-11-27 15:57 - 2014-11-27 15:57 - 00292600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-27 04:10 - 2014-10-08 23:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-11-27 04:10 - 2014-10-08 23:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-11-27 04:10 - 2014-10-08 23:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2014-11-27 04:10 - 2014-10-08 22:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-11-27 04:10 - 2014-10-08 22:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2014-11-27 04:10 - 2012-09-20 01:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2014-11-27 04:10 - 2012-09-20 00:53 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2014-11-27 04:05 - 2014-10-11 02:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-27 04:05 - 2014-10-11 00:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-27 04:05 - 2014-10-08 22:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-27 04:05 - 2014-10-08 22:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-27 04:05 - 2014-10-08 22:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-27 04:05 - 2014-09-22 00:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-11-27 04:05 - 2014-09-21 22:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-11-27 03:24 - 2014-11-27 23:53 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-27 03:23 - 2014-11-27 23:53 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-27 03:21 - 2014-11-20 15:56 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 03:21 - 2014-11-20 15:56 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-27 03:17 - 2014-11-27 20:46 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-11-27 03:12 - 2014-11-27 03:12 - 00524704 _____ () C:\Windows\Minidump\112714-35708-01.dmp
2014-11-26 13:56 - 2014-11-26 13:56 - 00688992 ____R (Swearware) C:\Users\Marko\Desktop\dds.com
2014-11-26 06:08 - 2014-09-24 18:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-26 06:08 - 2014-09-24 18:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-26 06:07 - 2014-09-24 18:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-26 06:07 - 2014-09-24 18:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-26 06:05 - 2014-10-01 18:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-26 06:04 - 2014-10-11 02:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-26 06:04 - 2014-10-11 00:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-26 06:04 - 2014-10-11 00:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-26 06:04 - 2014-10-11 00:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-26 06:04 - 2014-10-11 00:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-26 06:01 - 2014-07-11 19:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-26 06:01 - 2014-07-11 19:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-11-26 06:01 - 2014-07-08 17:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-11-26 06:01 - 2014-07-08 17:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-11-26 06:01 - 2014-07-07 00:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-11-26 06:01 - 2014-07-07 00:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-11-26 06:01 - 2014-07-04 05:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-11-26 06:01 - 2014-07-02 20:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-11-26 06:01 - 2014-07-02 19:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-11-26 06:01 - 2014-06-28 02:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-11-26 06:01 - 2014-06-28 01:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-11-26 06:01 - 2014-06-28 01:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-11-26 06:01 - 2014-06-25 02:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-26 06:01 - 2014-06-17 18:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-26 06:01 - 2014-06-17 18:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-26 06:01 - 2014-06-11 09:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-11-26 06:01 - 2014-06-10 23:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-11-26 06:01 - 2014-06-10 17:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-11-26 06:01 - 2014-02-04 05:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-11-26 06:00 - 2014-07-11 23:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-26 06:00 - 2014-07-11 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-26 06:00 - 2014-07-11 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-26 06:00 - 2014-07-11 23:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-26 06:00 - 2014-07-08 17:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-11-26 06:00 - 2014-07-08 17:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-11-26 06:00 - 2014-06-25 02:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-26 05:53 - 2014-10-18 03:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-26 05:53 - 2014-10-18 02:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-26 05:51 - 2014-10-02 20:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-26 05:51 - 2014-10-02 17:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-26 05:51 - 2014-10-02 17:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-26 05:51 - 2014-10-02 17:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-26 05:51 - 2014-09-13 01:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-26 05:51 - 2014-09-05 19:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-26 05:51 - 2014-08-28 23:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-26 05:51 - 2014-08-28 23:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-26 05:51 - 2014-07-24 08:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-26 05:50 - 2014-09-02 21:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-26 05:50 - 2014-09-02 21:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-26 05:50 - 2014-08-28 23:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-26 05:50 - 2014-08-28 23:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-26 05:50 - 2014-08-28 01:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-26 05:50 - 2014-08-28 01:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-26 05:50 - 2014-08-28 00:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-26 05:50 - 2014-08-28 00:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-26 05:50 - 2014-08-28 00:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-26 05:50 - 2014-08-28 00:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-26 05:48 - 2014-07-07 00:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-26 05:48 - 2014-07-07 00:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-26 05:48 - 2014-07-07 00:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-26 05:48 - 2014-07-07 00:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-26 05:48 - 2014-07-06 23:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-26 05:48 - 2014-07-06 23:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-26 05:48 - 2014-07-06 23:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-26 05:48 - 2014-07-06 22:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-26 05:47 - 2014-10-11 02:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-26 05:47 - 2014-10-11 02:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-26 05:47 - 2014-10-11 02:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-26 05:47 - 2014-10-11 02:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-26 05:47 - 2014-10-11 00:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-26 05:47 - 2014-10-11 00:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-26 05:47 - 2014-10-11 00:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-26 05:47 - 2014-10-11 00:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-26 05:45 - 2014-09-22 00:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-26 05:45 - 2014-08-26 17:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-26 05:44 - 2014-11-19 02:29 - 00582552 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-26 05:44 - 2014-11-19 02:29 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-26 05:44 - 2014-10-21 22:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-11-26 05:44 - 2014-10-21 20:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-11-26 05:44 - 2014-10-21 20:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-26 05:44 - 2014-10-21 20:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-11-26 05:44 - 2014-10-21 20:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-11-26 05:44 - 2014-10-21 20:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-26 05:44 - 2014-10-21 20:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-11-26 05:44 - 2014-09-02 21:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-26 05:44 - 2014-09-02 21:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-26 05:43 - 2014-10-23 07:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-26 05:43 - 2014-10-23 06:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-26 05:43 - 2014-08-21 18:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-26 05:43 - 2014-08-21 18:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-26 05:43 - 2014-07-24 08:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-11-26 05:43 - 2014-07-16 18:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-11-26 05:43 - 2014-07-16 17:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-11-26 05:43 - 2014-07-16 17:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-11-26 05:43 - 2014-07-12 01:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-11-26 05:43 - 2014-07-11 23:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-11-26 05:43 - 2014-07-11 23:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-11-26 05:43 - 2014-07-11 23:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-11-26 05:43 - 2014-07-11 23:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-11-26 05:43 - 2014-06-28 01:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-26 05:43 - 2014-06-27 21:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-26 05:41 - 2014-11-08 06:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-26 05:41 - 2014-11-08 06:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-26 05:41 - 2014-11-08 01:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-26 05:41 - 2014-11-08 01:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-26 05:41 - 2014-10-11 03:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-26 05:41 - 2014-10-11 02:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-26 05:41 - 2014-10-11 02:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-26 05:41 - 2014-10-11 00:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-26 05:38 - 2014-06-12 18:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-26 05:38 - 2014-06-12 18:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-26 05:34 - 2014-10-25 20:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-26 05:34 - 2014-10-25 20:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-26 05:34 - 2014-10-25 20:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-26 05:34 - 2014-10-25 20:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-26 05:34 - 2014-10-25 19:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-26 05:33 - 2014-10-25 20:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-26 05:33 - 2014-10-25 20:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-26 05:33 - 2014-10-25 20:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-26 05:33 - 2014-10-25 20:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-26 05:33 - 2014-10-25 20:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-26 05:33 - 2014-10-25 20:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-26 05:33 - 2014-10-25 20:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-26 05:33 - 2014-10-25 20:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-26 05:33 - 2014-10-25 20:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-26 05:33 - 2014-10-25 19:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-26 05:33 - 2014-10-25 19:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-26 05:33 - 2014-10-25 19:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-26 05:33 - 2014-10-25 19:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-26 05:33 - 2014-10-25 19:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-26 05:33 - 2014-10-25 19:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-26 05:33 - 2014-10-25 16:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-25 06:45 - 2014-11-25 06:45 - 00000000 __SHD () C:\found.000
2014-11-24 14:29 - 2014-11-24 14:29 - 00280712 _____ () C:\Windows\Minidump\112414-65894-01.dmp
2014-11-24 13:28 - 2014-11-29 03:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 13:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 13:26 - 2014-11-24 13:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-24 13:26 - 2014-11-24 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 13:26 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 13:26 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 12:24 - 2014-11-24 12:30 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Marko\Documents\mbam-setup-2.0.3.1025.exe
2014-11-23 13:49 - 2014-11-23 13:53 - 32507072 _____ (Microsoft Corporation) C:\Users\Marko\Documents\Windows-KB890830-x64-V5.18.exe
2014-11-23 00:59 - 2014-11-23 00:59 - 00000000 ____D () C:\Windows\pss
2014-11-22 23:50 - 2014-11-22 23:51 - 04978536 _____ (AVAST Software) C:\Users\Marko\Documents\avast_internet_security_setup_online.exe
2014-11-22 22:53 - 2014-11-22 22:53 - 00000000 ____D () C:\Users\Marko\AppData\Roaming\AVAST Software
2014-11-22 22:50 - 2014-11-22 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-22 22:46 - 2014-11-29 03:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-22 22:45 - 2014-11-22 22:47 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-22 22:45 - 2014-11-22 22:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-22 22:44 - 2014-11-22 22:44 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-22 22:44 - 2014-11-22 22:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 22:44 - 2014-11-22 22:43 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-22 22:43 - 2014-11-22 22:43 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-22 22:31 - 2014-11-22 22:31 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-22 22:25 - 2014-11-22 22:25 - 00000000 _____ () C:\Users\Marko\Documents\License.avastlic
2014-11-22 22:08 - 2014-11-22 22:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-21 20:13 - 2014-11-23 04:24 - 00000000 ____D () C:\Users\Marko\AppData\Local\NPE
2014-11-20 02:17 - 2014-11-20 02:17 - 00280656 _____ () C:\Windows\Minidump\112014-73195-01.dmp
2014-11-17 04:03 - 2014-11-21 12:48 - 00000130 _____ () C:\Users\Marko\Desktop\http--boobslovin.com-page-137-.url
2014-11-12 15:18 - 2014-11-27 03:13 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForMarko.job
2014-11-12 15:18 - 2014-11-26 03:18 - 00003164 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMarko

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 10:40 - 2012-11-30 22:45 - 01662413 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 10:23 - 2012-11-30 23:25 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 09:57 - 2012-12-01 03:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 09:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-29 08:50 - 2012-12-16 00:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-29 08:49 - 2012-12-16 00:49 - 00000528 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2e031bde-7f3c-43d9-be41-7f13694c4ffb.job
2014-11-29 06:43 - 2012-11-30 23:17 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3577962383-2107934119-3180764031-1002
2014-11-29 05:19 - 2012-11-30 22:42 - 00081918 _____ () C:\Windows\diagwrn.xml
2014-11-29 05:19 - 2012-11-30 22:42 - 00081918 _____ () C:\Windows\diagerr.xml
2014-11-29 05:19 - 2012-07-26 02:21 - 01126337 _____ () C:\Windows\setupact.log
2014-11-29 05:17 - 2012-08-03 17:40 - 00014501 _____ () C:\Windows\iis.log
2014-11-29 05:17 - 2012-07-26 03:13 - 00005976 _____ () C:\Windows\DtcInstall.log
2014-11-29 04:24 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\Registration
2014-11-29 03:34 - 2014-09-24 10:57 - 00000000 ___HD () C:\$Windows.~BT
2014-11-29 03:05 - 2012-11-30 23:25 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 03:03 - 2012-08-03 17:23 - 01328060 _____ () C:\Windows\PFRO.log
2014-11-29 03:03 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 02:00 - 2012-12-16 00:49 - 00000528 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 298bb17d-3453-4cfa-8aed-27a927b3afe4.job
2014-11-29 00:41 - 2012-12-12 03:47 - 00000000 ____D () C:\Users\Marko\AppData\Local\CrashDumps
2014-11-28 02:39 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-28 01:38 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-11-27 23:52 - 2013-01-13 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-11-27 23:50 - 2014-03-29 02:11 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-11-27 23:50 - 2012-12-13 22:37 - 00000000 ____D () C:\ProgramData\Real
2014-11-27 23:48 - 2014-06-21 22:46 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-11-27 23:47 - 2014-06-21 22:46 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-11-27 23:47 - 2014-06-21 22:46 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-11-27 20:52 - 2012-11-30 23:35 - 00003492 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-11-27 20:52 - 2012-11-30 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-11-27 20:52 - 2012-11-30 23:30 - 00004112 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-11-27 17:20 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-11-27 15:57 - 2013-01-13 00:14 - 00000000 ____D () C:\Windows\Minidump
2014-11-27 15:56 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-11-27 15:55 - 2013-01-13 00:14 - 655683532 _____ () C:\Windows\MEMORY.DMP
2014-11-27 04:11 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-27 03:17 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-11-27 03:16 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-27 03:16 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-27 03:16 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-27 03:16 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-26 03:18 - 2012-11-30 22:42 - 00000000 ____D () C:\Users\Marko
2014-11-25 21:57 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-25 14:58 - 2012-12-01 03:10 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 22:55 - 2012-09-18 19:07 - 00000000 ____D () C:\ProgramData\Norton
2014-11-24 22:49 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-11-24 22:22 - 2012-12-12 05:12 - 00000000 ____D () C:\Users\Marko\AppData\Local\Condusiv_Technologies
2014-11-24 22:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\TAPI
2014-11-24 13:31 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-23 22:00 - 2012-12-02 22:32 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-23 21:59 - 2012-12-10 23:39 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-22 01:56 - 2012-09-18 19:12 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2014-11-13 00:18 - 2012-11-30 23:25 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 00:18 - 2012-11-30 23:25 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-02 23:53 - 2012-07-26 02:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 22:12 - 2014-05-19 11:32 - 00000000 ____D () C:\Users\Marko\Desktop\DM
2014-10-31 23:26 - 2012-12-12 05:40 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-28 03:01

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Marko at 2014-11-29 10:45:37
Running from C:\Users\Marko\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\Amazon Amazon Cloud Player) (Version: 1.7.0.344 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7545D28D-00EC-C15D-FE18-C3E3F5EC0BDD}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Angry Birds Rio (HKLM-x32\...\{0D637670-BC00-4FAC-8E00-518EB7F65091}) (Version: 1.4.4 - Rovio)
Angry Birds Seasons (HKLM-x32\...\{D4022612-B213-4B5B-A135-0E1C0DC1DD44}) (Version: 3.1.1 - Rovio)
Angry Birds Space (HKLM-x32\...\{47D2E295-28AF-4C24-9116-084D30BE9A89}) (Version: 1.3.1 - Rovio)
Angry Birds Star Wars (HKLM-x32\...\{9013721D-0440-4CCF-81FC-D60DC138D412}) (Version: 1.1.0 - Rovio)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diskeeper 12 Home (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
eMusic Download Manager 6 (HKLM-x32\...\eMusic Download Manager 6) (Version: 6.0.4 - emusic.com)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Lenovo Fingerprint Manager (HKLM\...\{7BD0897C-DE1A-4946-9138-3C8A05DA5061}) (Version: 4.5.248.0 - Validity Sensors, Inc.)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.248.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MotioninJoy DS3 driver version 0.6.0004 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0004 - www.motioninjoy.com)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E624FED-F25E-4242-83ED-51CC80674343} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {20FDFFBE-CF9E-41F3-A7CD-5E460546A3D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {25C135FF-001E-41E6-AED7-5CA62A275319} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {292E4636-B007-4126-A60F-FD0E038C25B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2E90969A-07BD-4256-A32B-C476BC3FE41B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-27] (Siber Systems)
Task: {387C74FC-26C9-469C-8733-E87FD17AF98F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {38A2489D-E5A8-4F79-A4F7-887329CE84AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)
Task: {42B32F5D-85C9-44EB-A6EC-4724F321776A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {46703AE5-ED79-4935-99A6-94446E99538C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {509CA34F-C3AD-4716-9D79-FF0AFED5BFAE} - System32\Tasks\HPCeeScheduleForMarko => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5A0731EC-437E-430D-9E64-E61D30632D32} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5C697B95-0224-4CA3-AE63-0495C31B01DE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {659D739E-3FE4-4FF3-AA1F-98AEB299CC60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {74A19467-88B6-487B-BA12-6A6264942268} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {80306E1F-80A9-49B0-9BC1-4E10791AB518} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {8B2ADCE8-2C0C-4315-95A3-57C9F7E30BD3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {97D3C9E3-FB1C-40DF-A7FC-6366778A3012} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-03] (Synaptics Incorporated)
Task: {B2C35A3E-D098-4332-95ED-186710F949D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {C8D154D0-CC2C-40EC-A2AE-DEE761A17344} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {CFCC63FC-F183-40CA-95C8-70260BDD4EA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {DAC9F057-3F87-492A-810D-17B83A73C767} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3577962383-2107934119-3180764031-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E2E28C58-8C34-44E3-B3A7-2008BDDF0863} - System32\Tasks\SUPERAntiSpyware Scheduled Task 298bb17d-3453-4cfa-8aed-27a927b3afe4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {E7628EF0-1234-44B2-AA03-6B3732701336} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {EFAFCBE7-1C5E-424D-8AF4-95601BCD595F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLJOJMJJMGMNMMJLMCNMJJJGMGMCNLMNMOMOMCNHMJMKJNMCNLJMJGMPMOMLMLMHMMJNJNJJMJNJICMIMCNGMCNOMOMFMOMPMCNPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMOMFMEKMICNJJCKFMIMNMIMJNHICMMJBJKJLIMJJNBJCMCLOJNIEJAJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMNMNMLMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {F76405B0-F9C7-4674-8DDB-061CB9FB500E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2e031bde-7f3c-43d9-be41-7f13694c4ffb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {FEFAAFC2-1F3D-4147-9175-D2CBB8B83462} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarko.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 298bb17d-3453-4cfa-8aed-27a927b3afe4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2e031bde-7f3c-43d9-be41-7f13694c4ffb.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-01-23 01:27 - 2013-01-23 01:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-09-06 01:47 - 2012-09-06 01:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2014-10-29 19:06 - 2014-10-29 19:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2013-02-07 08:19 - 2013-02-07 08:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-01-23 01:27 - 2013-01-23 01:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-28 15:55 - 2014-11-28 15:55 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14112801\algo.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2014-10-29 19:01 - 2014-10-29 19:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2014-11-22 22:44 - 2014-11-22 22:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-21 22:46 - 2014-11-27 23:48 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-06-21 22:46 - 2014-11-27 23:48 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3577962383-2107934119-3180764031-1002\...\StartupApproved\Run: => "Amazon Cloud Player"

========================= Accounts: ==========================

Administrator (S-1-5-21-3577962383-2107934119-3180764031-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3577962383-2107934119-3180764031-501 - Limited - Disabled)
Marko (S-1-5-21-3577962383-2107934119-3180764031-1002 - Administrator - Enabled) => C:\Users\Marko

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2014 10:38:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/29/2014 03:27:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/29/2014 03:27:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/29/2014 03:27:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/29/2014 03:24:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d4

Start Time: 01d00bab625e7160

Termination Time: 75

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 1372d1eb-77a1-11e4-bf35-8434971435a9

Faulting package full name:

Faulting package-relative application ID:

Error: (11/29/2014 03:05:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/29/2014 03:05:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/29/2014 00:41:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7792bda1
Faulting process id: 0x2c74
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (11/28/2014 11:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17148, time stamp: 0x544c16cd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x14041604
Faulting process id: 0x7924
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (11/28/2014 11:39:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

System errors:
=============
Error: (11/29/2014 10:40:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc190010e: English ESD Bundle Parent.

Error: (11/29/2014 06:49:50 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/29/2014 03:04:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ValBioService service failed to start due to the following error:
%%1053

Error: (11/29/2014 03:04:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ValBioService service to connect.

Error: (11/29/2014 03:01:21 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/29/2014 03:00:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: English ESD Bundle Parent.

Error: (11/28/2014 10:27:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/28/2014 10:26:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/28/2014 10:26:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/28/2014 10:26:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueAPI Service component service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/29/2014 10:38:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (11/29/2014 03:27:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Marko\Desktop\esetsmartinstaller_enu.exe

Error: (11/29/2014 03:27:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Marko\Desktop\esetsmartinstaller_enu.exe

Error: (11/29/2014 03:27:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Marko\Desktop\esetsmartinstaller_enu.exe

Error: (11/29/2014 03:24:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.1714815d401d00bab625e716075C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE1372d1eb-77a1-11e4-bf35-8434971435a9

Error: (11/29/2014 03:05:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (11/29/2014 03:05:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (11/29/2014 00:41:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17148544c16cdunknown0.0.0.000000000c00000057792bda12c7401d00b90f6d32c38C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5a76d9eb-778a-11e4-bf34-8434971435a9

Error: (11/28/2014 11:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17148544c16cdunknown0.0.0.000000000c000000514041604792401d00b906f5e9505C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown31f11c6b-7784-11e4-bf34-8434971435a9

Error: (11/28/2014 11:39:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Marko\Desktop\esetsmartinstaller_enu.exe

==================== Memory info ===========================

Processor: AMD A10-4600M APU with Radeon™ HD Graphics
Percentage of memory in use: 33%
Total physical RAM: 5596.25 MB
Available physical RAM: 3704.7 MB
Total Pagefile: 11228.25 MB
Available Pagefile: 9182.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.81 GB) (Free:334.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.06 GB) (Free:3.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
Drive g: () (Removable) (Total:14.9 GB) (Free:11.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 27345438)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 PM

Posted 29 November 2014 - 11:45 AM

This is looking very good. No more active malware or adware has been found. :)

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Java 7 Update 13
Internet Explorer Version 10

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users